1. Introduction to organization and location context in Foreman

Context in Foreman consists of Organizations and Locations.

Most resources in Foreman are associated with at least one organization and location context. Since resources and users can generally only access resources within their own context, organizations and locations are an integral part of Foreman’s user management.

You can structure locations hierarchically by providing a parent location. Unless otherwise specified, sub locations inherit the settings from their parent location.

Caution

If you use host groups to bundle provisioning and configuration information, ensure to not mismatch resources from mutually exclusive contexts. For example, setting a subnet from one organization or location and a compute resource from a different organization or location creates an invalid host group.

Some resources in Foreman, such as Ansible roles and operating systems, are not part of any organization or location context.

2. Managing organizations

Organizations divide Foreman resources into logical groups based on ownership, purpose, content, security level, or other divisions. You can create and manage multiple organizations through Foreman, then divide and assign subscriptions to each individual organization. This provides a method of managing the content of several individual organizations under one management system.

2.1. Examples of using organizations in Foreman

Single Organization

Using a single organization is well suited for a small business with a simple system administration chain.

In this case, you create a single organization for the business and assign content to it. You can also use the Default Organization for this purpose.

Multiple Organizations

Using multiple organizations is well suited for a large company that owns several smaller business units. For example, a company with separate system administration and software development groups.

In this case, you create one organization for the company and then an organization for each of the business units it owns. You then assign content to each organization based on its needs.

External Organizations

Using external organizations is well suited for a company that manages external systems for other organizations. For example, a company offering cloud computing and web hosting resources to customers.

In this case, you create an organization for the company’s own system infrastructure and then an organization for each external business. You then assign content to each organization where necessary.

2.2. Creating an organization

Use this procedure to create an organization. To use the CLI instead of the Foreman web UI, see the CLI procedure.

Procedure
  1. In the Foreman web UI, navigate to Administer > Organizations.

  2. Click New Organization.

  3. In the Name field, enter a name for the organization.

  4. In the Label field, enter a unique identifier for the organization. This is used for creating and mapping certain assets, such as directories for content storage. Use letters, numbers, underscores, and dashes, but no spaces.

  5. Optional: If you do not wish to enable Simple Content Access (SCA), uncheck the Simple Content Access checkbox. For more information on SCA, see Simple Content Access.

    Note

    Foreman community does not recommend disabling SCA as entitlement mode is deprecated.

  6. Optional: In the Description field, enter a description for the organization.

  7. Click Submit.

  8. If you have hosts with no organization assigned, select the hosts that you want to add to the organization, then click Proceed to Edit.

  9. In the Edit page, assign the infrastructure resources that you want to add to the organization. This includes networking resources, installation media, kickstart templates, and other parameters. You can return to this page at any time by navigating to Administer > Organizations and then selecting an organization to edit.

  10. Click Submit.

CLI procedure
  1. To create an organization, enter the following command:

    # hammer organization create \
    --name "My_Organization" \
    --label "My_Organization_Label" \
    --description "My_Organization_Description"
    Note

    Organizations created this way have Simple Content Access (SCA) enabled by default. If you wish to disable SCA, add the --simple-content-access false parameter to the command. Foreman community does not advise you to disable SCA because entitlement mode (not using SCA) is deprecated.

  2. Optional: To edit an organization, enter the hammer organization update command. For example, the following command assigns a compute resource to the organization:

    # hammer organization update \
    --name "My_Organization" \
    --compute-resource-ids 1

2.3. Creating an organization debug certificate

If you require a debug certificate for your organization, use the following procedure.

Procedure
  1. In the Foreman web UI, navigate to Administer > Organizations.

  2. Select an organization that you want to generate a debug certificate for.

  3. Click Generate and Download.

  4. Save the certificate file in a secure location.

Debug certificates for provisioning templates

Debug Certificates are automatically generated for provisioning template downloads if they do not already exist in the organization for which they are being downloaded.

2.4. Browsing repository content using an organization debug certificate

You can view an organization’s repository content using a web browser or using the API if you have a debug certificate for that organization.

Prerequisites
Procedure
  1. Split the private and public keys from the certificate into two files.

    1. Open the X.509 certificate, for example, for the default organization:

      $ vi 'Default Organization-key-cert.pem'
    2. Copy the contents of the file from -----BEGIN RSA PRIVATE KEY----- to -----END RSA PRIVATE KEY-----, into a key.pem file.

    3. Copy the contents of the file from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----, into a cert.pem file.

  2. To use a browser, you must first convert the X.509 certificate to a format your browser supports and then import the certificate.

For Firefox users
  1. Convert the certificate into the PKCS12 format using the following command:

    $ openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in cert.pem -inkey key.pem -out My_Organization_Label.pfx -name My_Organization
  2. In the Firefox browser, navigate to Edit > Preferences > Advanced Tab.

  3. Select View Certificates and click the Your Certificates tab.

  4. Click Import and select the .pfx file to load.

  5. Enter the following URL in the address bar to browse the accessible paths for all the repositories and check their contents:

    https://foreman.example.com/pulp/content/
For CURL users
  • To use the organization debug certificate with CURL, enter the following command:

    $ curl -k --cert cert.pem --key key.pem \
    https://foreman.example.com/pulp/content/My_Organization_Label/Library/content/dist/rhel/server/7/7Server/x86_64/os/

    Ensure that the paths to cert.pem and key.pem are the correct absolute paths otherwise the command fails silently. Pulp uses the organization label, therefore, you must enter the organization label into the URL.

2.5. Deleting an organization

You can delete an organization if the organization is not associated with any lifecycle environments or host groups. If there are any lifecycle environments or host groups associated with the organization you are about to delete, remove them by navigating to Administer > Organizations and clicking the relevant organization.

Important

Do not delete Default Organization created during installation because the default organization is a placeholder for any unassociated hosts in your Foreman environment. There must be at least one organization in the environment at any given time.

Procedure
  1. In the Foreman web UI, navigate to Administer > Organizations.

  2. From the list to the right of the name of the organization you want to delete, select Delete.

  3. Click OK to delete the organization.

CLI procedure
  1. Enter the following command to retrieve the ID of the organization that you want to delete:

    # hammer organization list

    From the output, note the ID of the organization that you want to delete.

  2. Enter the following command to delete an organization:

    # hammer organization delete --id Organization_ID

3. Managing locations

Locations function similar to organizations: they provide a method to group resources and assign hosts. Organizations and locations have the following conceptual differences:

  • Locations are based on physical or geographical settings.

  • Locations have a hierarchical structure.

3.1. Creating a location

Use this procedure to create a location so that you can manage your hosts and resources by location. To use the CLI instead of the Foreman web UI, see the CLI procedure.

Procedure
  1. In the Foreman web UI, navigate to Administer > Locations.

  2. Click New Location.

  3. Optional: From the Parent list, select a parent location. This creates a location hierarchy.

  4. In the Name field, enter a name for the location.

  5. Optional: In the Description field, enter a description for the location.

  6. Click Submit.

  7. If you have hosts with no location assigned, add any hosts that you want to assign to the new location, then click Proceed to Edit.

  8. Assign any infrastructure resources that you want to add to the location. This includes networking resources, installation media, kickstart templates, and other parameters. You can return to this page at any time by navigating to Administer > Locations and then selecting a location to edit.

  9. Click Submit to save your changes.

CLI procedure
  • Enter the following command to create a location:

    # hammer location create \
    --description "My_Location_Description" \
    --name "My_Location" \
    --parent-id "My_Location_Parent_ID"

3.2. Creating multiple locations

The following example Bash script creates three locations – London, Munich, Boston – and assigns them to the Example Organization.

ORG="Example Organization"
LOCATIONS="London Munich Boston"

for LOC in ${LOCATIONS}
do
  hammer location create --name "${LOC}"
  hammer location add-organization --name "${LOC}" --organization "${ORG}"
done

3.3. Setting the location context

A location context defines the location to use for a host and its associated resources.

Procedure

The location menu is the second menu item in the menu bar, on the upper left of the Foreman web UI. If you have not selected a current location, the menu displays Any Location. Click Any location and select the location to use.

CLI procedure

While using the CLI, include either --location "My_Location" or --location-id "My_Location_ID" as an option. For example:

# hammer host list --location "My_Location"

This command lists hosts associated with the My_Location location.

3.4. Deleting a location

You can delete a location if the location is not associated with any lifecycle environments or host groups. If there are any lifecycle environments or host groups associated with the location you are about to delete, remove them by navigating to Administer > Locations and clicking the relevant location. Do not delete the default location created during installation because the default location is a placeholder for any unassociated hosts in the Foreman environment. There must be at least one location in the environment at any given time.

Procedure
  1. In the Foreman web UI, navigate to Administer > Locations.

  2. Select Delete from the list to the right of the name of the location you want to delete.

  3. Click OK to delete the location.

CLI procedure
  1. Enter the following command to retrieve the ID of the location that you want to delete:

    # hammer location list

    From the output, note the ID of the location that you want to delete.

  2. Enter the following command to delete the location:

    # hammer location delete --id Location ID