Hi all,
I've just begun to scale up Foreman as more blade servers to support. I've
leveraged an all-in-one setup for some time before and it has been a very
pleasure experience.
But when I try to scale it up now – in fact I setup a new cluster
(1.11.3) to avoid screwing up existing setup – it posts me many
challenges, one of the tough one is this:
Foreman Audits shows that settings updated too often – cluster members
steps on each other on options(values) like:
oauth consumer keys/secret, ssl_priv_keys, foreman_url,
unattended_url, etc.
I don't know how this mess came into being – My scale-out setup is like
this:
1, install an new all-in-one foreman,
2, install puppet master nodes with options like:
foreman-installer -v
–enable-foreman --enable-foreman-cli enable-foreman-proxy
–enable-puppet
–foreman-proxy-oauth-key=<1stNodesOauthKey>
–foreman-proxy-oauth-secret=<1stNodesOautSecret>
–forman-db-manage=false
–foreman-proxy-puppetca=false --foreman-proxy-tftp=false
–puppet-server=true --puppet-server-ca=false
–puppet-ca-server=<firstServer>
3, then I setup a load balance to distribute load to new puppet master
nodes, and create a smart proxy (puppet master service) out of load
balancer.
The strategy works not bad, from web UI the health of new smart proxy seems
in good shape, and I can see service (puppet master) behind it;
on new puppet masters I can also run node.rb (under puppet account) account
to get expected yaml output.
So my question is: why the audit reports so many (stepping on each other)
issues? How can I fix it? And, should I set the option
–foreman-db-manage=true?
I am not clear how the option '–foreman-db-manage' works behind the scene,
say, if two cluster members both set the option to 'true', does the second
member will overwrite the first one?
Thanks a lot.