ssl has nothing to do with mongrel or passenger, as ssl is handled in apache (or ngnix).
as far as it goes for SSL, you have two options: 1. a single CA 2. CA chain hierarchy. the first option is simple, one of your puppetmasters will be your CA, and every sign will run on it, you would require it for any new certs that are introduced to your setup. the second option works as well, and is described at http://projects.reductivelabs.com/projects/puppet/wiki/Puppet_Scalabilityunder Centralised_Puppet_Infrastructure if you can afford using a single machine for signing your certs, I would recommend you going to option 1 (as someone using option 2 for a few years now). Cheers, Ohad On Mon, Mar 15, 2010 at 11:10 PM, Christopher Johnston <[email protected]>wrote: > I will keep that in mind, ideally I would like to keep SSL in place for > security purposes I was really looking for a quick hack/slash to disable SSL > for the time being just to get past some auth issues. > > Longer term though from a scalability POV, I will in the end have over > 24-30 puppetmasters across my environment in various datacenters so SSL > management, redundancy and performance are some big concerns. > > What is the preferred approach to handling this? Seems mongrel is the > preferred setup? or passenger? > > -Chris > > > On Sun, Mar 14, 2010 at 8:16 PM, Trevor Vaughan <[email protected]>wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> If you front Puppet with Apache per the Mongrel instructions and set the >> SSLCipherSuite to 'NULL' in Apache, then it will turn off all encryption. >> >> Trevor >> >> On 03/12/2010 05:57 PM, Dan Bode wrote: >> > >> > >> > On Fri, Mar 12, 2010 at 2:53 PM, Christopher Johnston >> > <[email protected] <mailto:[email protected]>> wrote: >> > >> > Is there a way to disable SSL all together for testing? >> > >> > >> > I would use the puppet executable for testing/evaluation. It removes the >> > need to even have a server. >> > >> > >> > -Chris >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups "Puppet Users" group. >> > To post to this group, send email to [email protected] >> > <mailto:[email protected]>. >> > To unsubscribe from this group, send email to >> > >> > [email protected]<puppet-users%[email protected]> >> > >> > <mailto:puppet-users%[email protected]<puppet-users%[email protected]> >> >. >> > For more options, visit this group at >> > http://groups.google.com/group/puppet-users?hl=en. >> > >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups "Puppet Users" group. >> > To post to this group, send email to [email protected]. >> > To unsubscribe from this group, send email to >> > [email protected]<puppet-users%[email protected]> >> . >> > For more options, visit this group at >> > http://groups.google.com/group/puppet-users?hl=en. >> >> - -- >> Trevor Vaughan >> Vice President, Onyx Point, Inc. >> email: [email protected] >> phone: 410-541-ONYX (6699) >> >> - -- This account not approved for unencrypted sensitive information -- >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.9 (GNU/Linux) >> >> iEYEARECAAYFAkudfGEACgkQyWMIJmxwHpRC1ACg2Bz+PgFGW5JAXb5xL1TG7eHD >> 6FUAnigOX+2aMYlenFxSDnNAPvfqlDD7 >> =qTaN >> -----END PGP SIGNATURE----- >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<puppet-users%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<puppet-users%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
