This guide is not ready yet.

Foreman is a community project. The source is maintained in foreman-documentation on GitHub where you can create issues and pull requests. Thanks for your contribution.

Appendix A: Glossary of Terms

This glossary documents various terms used in relation to Foreman.

Activation Key

A token for host registration and subscription attachment. Activation keys define subscriptions, products, content views, and other parameters to be associated with a newly created host.

Answer File

A configuration file that defines settings for an installation scenario. Answer files are defined in the YAML format and stored in the /etc/foreman-installer/scenarios.d/ directory.

ARF Report

The result of an OpenSCAP audit. Summarizes the security compliance of hosts managed by Foreman.


Provide a report on changes made by a specific user. Audits can be viewed in the Foreman web UI under Monitor > Audits.

Baseboard Management Controller (BMC)

Enables remote power management of bare-metal hosts. In Foreman, you can create a BMC interface to manage selected hosts.

Boot Disk

An ISO image used for PXE-less provisioning. This ISO enables the host to connect to Foreman server, boot the installation media, and install the operating system. There are several kinds of boot disks: host image, full host image, generic image, and subnet image.

Smart Proxy (Smart Proxy server)

An additional server that can be used in a Foreman deployment to facilitate content federation and distribution (act as a Pulp mirror), and to run other localized services (Puppet server, DHCP, DNS, TFTP, and more). Smart Proxies are useful for Foreman deployment across various geographical locations.


A document that describes the desired system state for one specific host managed by Puppet. It lists all of the resources that need to be managed, as well as any dependencies between those resources. Catalogs are compiled by a Puppet server from Puppet Manifests and data from Puppet Agents.


A service within Katello responsible for subscription management.

Compliance Policy

Refers to a scheduled task executed on Foreman server that checks the specified hosts for compliance against SCAP content.

Compute Profile

Specifies default attributes for new virtual machines on a compute resource.

Compute Resource

A virtual or cloud infrastructure, which Foreman uses for deployment of hosts and systems. Examples include oVirt, OpenStack, EC2, and VMWare.

Container (Docker Container)

An isolated application sandbox that contains all runtime dependencies required by an application. Foreman supports container provisioning on a dedicated compute resource.

Container Image

A static snapshot of the container’s configuration. Foreman supports various methods of importing container images as well as distributing images to hosts through content views.


A general term for everything Foreman distributes to hosts. Includes software packages (RPM files), or Docker images. Content is synchronized into the Library and then promoted into lifecycle environments using content views so that they can be consumed by hosts.

Content Delivery Network (CDN)

The mechanism used to deliver Red Hat content to Foreman server.

Content Host

The part of a host that manages tasks related to content and subscriptions.

Content View

A subset of Library content created by intelligent filtering. Once a content view is published, it can be promoted through the lifecycle environment path, or modified using incremental upgrades.

Discovered Host

A bare-metal host detected on the provisioning network by the Discovery plug-in.

Discovery Image

Refers to the minimal operating system based on Enterprise Linux that is PXE-booted on hosts to acquire initial hardware information and to communicate with Foreman server before starting the provisioning process.

Discovery Plug-in

Enables automatic bare-metal discovery of unknown hosts on the provisioning network. The plug-in consists of three components: services running on Foreman server and Smart Proxy server, and the Discovery image running on host.

Discovery Rule

A set of predefined provisioning rules which assigns a host group to discovered hosts and triggers provisioning automatically.

Docker Tag

A mark used to differentiate container images, typically by the version of the application stored in the image. In the Foreman web UI, you can filter images by tag under Content > Docker Tags.

Enterprise Linux

An umbrella term for the following Red Hat Enterprise Linux-like operating systems:

  • AlmaLinux

  • CentOS Linux

  • CentOS Stream

  • Oracle Linux

  • Red Hat Enterprise Linux

  • Rocky Linux

Foreman is tested on AlmaLinux and CentOS Stream.


Embedded Ruby (ERB) is a template syntax used in provisioning and job templates.


Updated RPM packages containing security fixes, bug fixes, and enhancements. In relationship to a host, erratum is applicable if it updates a package installed on the host and installable if it is present in the host’s content view (which means it is accessible for installation on the host).

External Node Classifier

A construct that provides additional data for a server to use when configuring hosts. Foreman acts as an External Node Classifier to Puppet servers in a Foreman deployment.

Note that the External Node Classifier will be removed in the next Foreman version.


A program that provides information (facts) about the system on which it is run; for example, Facter can report total memory, operating system version, architecture, and more. Puppet modules enable specific configurations based on host data gathered by Facter.


Host parameters such as total memory, operating system version, or architecture. Facts are reported by Facter and used by Puppet.


The component mainly responsible for provisioning and content lifecycle management.

Foreman services

A set of services that Foreman server and Smart Proxy servers use for operation. You can use the foreman-maintain tool to manage these services. To see the full list of services, enter the foreman-maintain service list command on the machine where Foreman or Smart Proxy server is installed.

Foreman Hook

An executable that is automatically triggered when an orchestration event occurs, such as when a host is created or when provisioning of a host has completed.

Full Host Image

A boot disk used for PXE-less provisioning of a specific host. The full host image contains an embedded Linux kernel and init RAM disk of the associated operating system installer.

Generic Image

A boot disk for PXE-less provisioning that is not tied to a specific host. The generic image sends the host’s MAC address to Foreman server, which matches it against the host entry.


A command line tool for managing Foreman. You can execute Hammer commands from the command line or utilize them in scripts. Hammer also provides an interactive shell.


Refers to any system, either physical or virtual, that Foreman manages.

Host Collection

A user defined group of one or more Hosts used for bulk actions such as errata installation.

Host Group

A template for building a host. Host groups hold shared parameters, such as subnet or lifecycle environment, that are inherited by host group members. Host groups can be nested to create a hierarchical structure.

Host Image

A boot disk used for PXE-less provisioning of a specific host. The host image only contains the boot files necessary to access the installation media on Foreman server.

Incremental Upgrade (of a Content View)

The act of creating a new (minor) content view version in a lifecycle environment. Incremental upgrades provide a way to make in-place modification of an already published content view. Useful for rapid updates, for example when applying security errata.


A command executed remotely on a host from Foreman server. Every job is defined in a job template.

Job Template

Defines properties of a job.


A Foreman plug-in responsible for subscription and repository management.

Lazy Sync

The ability to change the default download policy of a repository from Immediate to On Demand. The On Demand setting saves storage space and synchronization time by only downloading the packages when requested by a host.


A collection of default settings that represent a physical place.


A container for content from all synchronized repositories on Foreman server. Libraries exist by default for each organization as the root of every lifecycle environment path and the source of content for every content view.

Lifecycle Environment

A container for content view versions consumed by the content hosts. A Lifecycle Environment represents a step in the lifecycle environment path. Content moves through lifecycle environments by publishing and promoting content views.

Lifecycle Environment Path

A sequence of lifecycle environments through which the content views are promoted. You can promote a content view through a typical promotion path; for example, from development to test to production.

Manifest (Red Hat Subscription Manifest)

A mechanism for transferring subscriptions from the Red Hat Customer Portal to Foreman. Do not confuse with Puppet Manifest.

Migrating Foreman

The process of moving an existing Foreman installation to a new instance.


A project implementing security compliance auditing according to the Security Content Automation Protocol (SCAP). OpenSCAP is integrated in Foreman to provide compliance auditing for hosts.


An isolated collection of systems, content, and other functionality within a Foreman deployment.


Defines the behavior of Foreman components during provisioning. Depending on the parameter scope, we distinguish between global, domain, host group, and host parameters. Depending on the parameter complexity, we distinguish between simple parameters (key-value pair) and smart parameters (conditional arguments, validation, overrides).

Parametrized Class (Smart Class Parameter)

A parameter created by importing a class from Puppet server.


Defines an action related to a selected part of Foreman infrastructure (resource type). Each resource type is associated with a set of permissions, for example the Architecture resource type has the following permissions: view_architectures, create_architectures, edit_architectures, and destroy_architectures. You can group permissions into roles and associate them with users or user groups.


A collection of content repositories. Products are either provided by Red Hat CDN or created by the Foreman administrator to group custom repositories.

Promote (a Content View)

The act of moving a content view from one lifecycle environment to another.

Provisioning Template

Defines host provisioning settings. Provisioning templates can be associated with host groups, lifecycle environments, or operating systems.

Publish (a Content View)

The act of making a content view version available in a lifecycle environment and usable by hosts.


A service within Katello responsible for repository and content management.

Pulp Mirror

A Smart Proxy server component that mirrors content.


The configuration management component of Foreman.

Puppet Agent

A service running on a host that applies configuration changes to that host.

Puppet Environment

An isolated set of Puppet Agent nodes that can be associated with a specific set of Puppet Modules.

Puppet Manifest

Refers to Puppet scripts, which are files with the .pp extension. The files contain code to define a set of necessary resources, such as packages, services, files, users and groups, and so on, using a set of key-value pairs for their attributes.

Puppet Server

A Smart Proxy server component that provides Puppet Manifests to hosts for execution by the Puppet Agent.

Puppet Module

A self-contained bundle of code (Puppet Manifests) and data (facts) that you can use to manage resources such as users, files, and services.

Recurring Logic

A job executed automatically according to a schedule. In the Foreman web UI, you can view those jobs under Monitor > Recurring logics.


An archive of container images. Foreman supports importing images from local and external registries. Foreman itself can act as an image registry for hosts. However, hosts cannot push changes back to the registry.


Provides storage for a collection of content.

Resource Type

Refers to a part of Foreman infrastructure, for example host, capsule, or architecture. Used in permission filtering.


Specifies a collection of permissions that are applied to a set of resources, such as hosts. Roles can be assigned to users and user groups. Foreman provides a number of predefined roles.

SCAP content

A file containing the configuration and security baseline against which hosts are checked. Used in compliance policies.


A set of predefined settings for the Foreman CLI installer. Scenario defines the type of installation, for example to install Smart Proxy server execute foreman-installer --no-enable-foreman --no-enable-foreman-plugin-puppet --no-enable-foreman-cli --no-enable-foreman-cli-puppet. Every scenario has its own answer file to store the scenario settings.

Smart Proxy

A Smart Proxy server component that can integrate with external services, such as DNS or DHCP. In upstream Foreman terminology, Smart Proxy is a synonym of Smart Proxy.

Standard Operating Environment (SOE)

A controlled version of the operating system on which applications are deployed.

Subnet Image

A type of generic image for PXE-less provisioning that communicates through Smart Proxy server.


An entitlement for receiving content and service from Red Hat.


Refers to mirroring content from external resources into the Foreman Library.

Synchronization Plan

Provides scheduled execution of content synchronization.


A background process executed on the Foreman or Smart Proxy server, such as repository synchronization or content view publishing. You can monitor the task status in the Foreman web UI under Monitor > Foreman Tasks > Tasks.


A means of tracking changes in specific parts of Foreman infrastructure. Configure trends in Foreman web UI under Monitor > Trends.

Updating Foreman

The process of advancing your Foreman server and Smart Proxy server installations from a z-stream release to the next, for example Foreman nightly.0 to Foreman nightly.1.

Upgrading Foreman

The process of advancing your Foreman server and Smart Proxy server installations from a y-stream release to the next, for example Foreman 3.10 to Foreman nightly.

User Group

A collection of roles which can be assigned to a collection of users.


Anyone registered to use Foreman. Authentication and authorization is possible through built-in logic, through external resources (LDAP, Identity Management, or Active Directory), or with Kerberos.


An agent for retrieving IDs of virtual machines from the hypervisor. When used with Foreman, virt-who reports those IDs to Foreman server so that it can provide subscriptions for hosts provisioned on virtual machines.