Luke Kanies schrieb: > Hi all, > > These problems keep cropping up, and it seems like we need a more > comprehensive solution. > > The current 'master' branch has permission problems in puppetmasterd > (as implied), and it's basically a race condition that shows up again > and again. >
[...] > Anyone have any bright ideas for systematically solving this problem? No bright ideas, just a dim hunch ;-) > Should we, like we've done with filebuckets and yaml dirs, have > separate SSL directories for client and server? This is somewhat > problematic, in that we'd need to duplicate the host cert in both > locations, and really, the server host cert is the only cert that > would be in the server-side cert collection (since the CA is its own > collection). > > Or should we just special-case it all the time in the server, making > sure the cert exists and is read in before we chuser? Over the time I've got the feeling that the puppetmaster uses puppet resources to configure various aspects of its environment on startup (like creating directories). Couldn't this be made into an explicit "puppetmaster manifest" that is executed when starting the puppetmaster before chusering? I'd think that having an explicit puppetmaster.pp lying around somewhere should make it easier to avoid breaking this, as contrasted to burying in code somewhere. Regards, DavidS --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to puppet-dev@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
