LOhit, The main two things to take into account are:
1. keep your manifests elsewhere, IMHO puppetmasters always gets RO copy of your puppet data (e.g. from a VCS). 2. Solve the SSL hell, then everything is simple. I've been using in my setup (with approx 15 productive puppetmasters and about 20 development puppetmasters) a chained CA. What it means is that you have one puppet master, which signs other puppet masters. in turn, the masters sign the clients, and as they are trusting each other, you can connect from any server (or client) to any other server without SSL errors. the top level CA can be shut down (even better to keep the SSL data some where offline) and use it only when you need to sign a new puppet master. I find this way relatively clean, and nothing usually happens if i end up blowing up a puppet master or killing its certificate (as currently 025.4 is doing but its already fixed for 025.5). Ohad On Wed, Mar 31, 2010 at 6:52 PM, LOhit <lohi...@gmail.com> wrote: > Hi, > > Since puppet doesn't have HA/fail over capabilities as of now. How does one > mitigate a puppet master failure( Ex. Hardware). When you replace the server > and configure the Puppet masterd, the clients may no longer be able to > communicate with the server, since the server's SSL certificates would have > changed. > > BTW, I am using puppet to manage about 700+ hosts, I am beginning to worry > about the scenario as mentioned above. I definitely don't want to login to > each host to clear the "ssl" directory to make it request new certificate. > > Thanks, > -- > LOhit > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
