When you have multiple foreman servers that are clustered for load
balancing/scaling purposes, you want local_secret_token and encryption_key
to be the same between all servers. For reference, see the documentation I
added here: https://www.theforeman.org/manuals/1.14/index.html#5.8MultipleForemaninstances
which talks about local_secret_token.rb; encryption_key is used the encrypt
passwords in the DB.
With that in mind, I noticed that the puppet-foreman module doesn't touch
either of those files. Is that on purpose, or just omission? If it's an
omission, I'm happy to provide a PR with that addition. If it's on purpose,
I'm curios about the reasoning behind it.
I don't think it ever came up so I'd call it an omission. A PR would be
very welcome.
To make upgrading easier I think it'd be best if the parameters were
optional. An undef value should be keep the current behaviour where it
doesn't touch the files.
ยทยทยท
On Fri, Jan 20, 2017 at 09:36:34AM -0800, Chris Baldwin wrote:
> When you have multiple foreman servers that are clustered for load
> balancing/scaling purposes, you want local_secret_token and encryption_key
> to be the same between all servers. For reference, see the documentation I
> added here:
> https://www.theforeman.org/manuals/1.14/index.html#5.8MultipleForemaninstances
> which talks about local_secret_token.rb; encryption_key is used the encrypt
> passwords in the DB.
>
> With that in mind, I noticed that the puppet-foreman module doesn't touch
> either of those files. Is that on purpose, or just omission? If it's an
> omission, I'm happy to provide a PR with that addition. If it's on purpose,
> I'm curios about the reasoning behind it.
