#theforeman

mhulan: good morning, are you here?

mhulan: regarding my question yesterday, I saw this post http://jtimberman.housepub.org/blog/2013/09/10/... from Jashua, see 'Add a New System'

mlev: hello, I found it yesterday as well, just didn't have time to read it thoroughly yet , from quick scan it seems that the vault has to be updated after new host is added (matching the search)

balexx++

mhulan:first, thanks a lot man for the effort here. You are very helpful as allways

mhulan: and secondly: yes. In first look it looks like a bit of an overhread, doesn't it?

mlev: yes, could be... anyway it means we wouldn't need to store anything extra in foreman, except some vault information, like the search that was used and just say which valuts should be updated

mlev: but I'll have to do some experiments, like what happens if you use different search for updating (would other nodes lose their key?)

I do not think that other nodes might be harmedmhulan:

if that's true, we could just add another parameter specifying which vaults to update and search would point just to the host that's being provisioned

mhulan: I think that somewhere should be run a `knife update vault <users> <user> -S "role:vault_able / name:*" so the keys will be updated and the access will be there for the new node

mhulan: I think that this should be right, but as far as I understand the flow, a `knife vault update` must be initiated in between. But how shall it be done?

agreed, but we'll need to use API instead of knife (I suppose knife uses some API internally)

mhulna: sound even more interesting

might there somthing be broken with validation in 1.8.2? I am getting "Validation failed: Identifier Can't add or remove `.` from identifier" when importing facts in production.log

it only brakes with new hosts (deleted an readded)

sounds like #11247

Dominic: #11247 is http://theforeman.org/issues/11247 "Bug #11247: IP address is invalid, can't add or remove `.` from identifier - Foreman"

hey thats me

:)