Common and Infra Registration

SynckHub infra deployments must register with Common and authenticate using infra tokens.

Required wiring

On SynckHub hosts:

  • SYNCK_CONTROL_PLANE_BASE_URL
  • SYNCK_CONTROL_PLANE_INFRA_TOKEN

Without valid wiring, provisioning/authz snapshot sync will fail.

Source of truth model

  • Desired infra identity is in inventory.yml (infra_region, public_hostname, status)
  • Generated infra IDs/tokens are stored in Vault maps

Normal lifecycle is driven by reconcile scripts/workflows, not manual UI data entry.

Post-freshdb recovery

If Common DB is reset, old infra tokens are invalid.

Re-mint and persist tokens through infra-ansible workflow before redeploying SynckHub nodes.

Lifecycle states

Use ACTIVE, DISABLED, RETIRED instead of deleting infra rows.

Deleting identity history makes audit and incident recovery worse.

Previous
Secrets and Rotations
Next
Operations