Found the solution, posted it on the thread I started (https://groups.google.com/forum/?fromgroups=#!topic/foreman-users/OeOvX_IBkcw):
Foreman uses a few tokens to encrypt things. There are two important ones when building a cluster of Foreman servers: - $foreman_home/config/initializers/encryption_key.rb - this is for encrypting/decrypting passwords in the DB. This wasn't my issue. - $foreman_home/tmp/secret_token.rb - this is used to sign any cookies, and this *was* my issue. Changing that to have the same key across all my servers seems to have fixed the issue. On Tuesday, May 10, 2016 at 2:10:42 AM UTC-4, Chris Baldwin wrote: > > Did you guys ever find a solution to this? > > On Friday, November 6, 2015 at 2:20:56 PM UTC-5, Christopher Pisano wrote: >> >> Hey Matt. I started seeing this when I added a third node to my Foreman >> cluster behind my load balancer. When doing further research it looks as if >> the third node doesn't get a session_id when requests are sent to it thus >> bringing you to the login screen. When trying to log back in I get the same >> error you do. I think the root problem is the third node not getting the >> session_id (in my case) but I don't know how to fix it. >> >> On Thursday, August 27, 2015 at 5:27:00 AM UTC-4, Matt Jarvis wrote: >>> >>> Hello all, >>> >>> We're trying to build out an HA Foreman platform, with two Foreman >>> servers behind HAProxy, using a shared database with an external DNS name >>> that points to the HAProxy endpoint. This is all HTTPS. I've installed the >>> Foreman memcache plugin, with a memcached instance running on each Foreman >>> server, but when I try to login using the external DNS name ie. via the >>> load balancer, I get ERF42-4995 [Foreman::Exception]: Invalid >>> authenticity token with WARNING: Can't verify CSRF token authenticity >>> in the logs. Logging in via either of the two Foreman servers directly >>> works fine. The configuration in foreman_memcache.yaml looks like : >>> >>> :memcache: >>> :hosts: >>> - foreman0.core.sal01.datacentred.co.uk >>> - foreman1.core.sal01.datacentred.co.uk >>> :options: >>> :namespace: foreman >>> :expires_in: 86400 >>> :compress: true >>> >>> Logging in via the loadbalancer works correctly without the memcache >>> plugin running. >>> >>> Any ideas what could be going wrong here ? >>> >>> -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
