Hi, You can generate the generate the puppetmaster certificate using the certname and/or certdnsnames options and assign that name to the VIP in a heartbeat cluster. Once the certificate is generated on one server, copy it to the other.
Cheers, Atha On Apr 14, 2010, at 17:01 , SyRenity wrote: > Hi. > > I actually considered this, but DRBD seems heavy for read-only > information, which puppet manifests are. > > Maybe just using heartbeat both for DNS and Puppet, but as I'm > defining both DNS servers on Puppet clients anyhow, it seems > redundant. > > Are there considerations against this approach? > > Regards. > > On Apr 14, 5:38 pm, Trevor Hemsley <trevor.hems...@codefarm.com> > wrote: >> Sounds like an ideal candidate for using DRBD and heartbeat to run >> active/standby puppet masters. >> >> On 14/04/2010 15:34, Michael DeHaan wrote: >> >> >> >>> It would do for active/passive though. How about setting up an >>> alias for ca that moved when the ca wasn't accessible (using >>> --certname), and load balance the puppet serving parts since there's >>> no race issues there. >> >>> --Michael >> >>> On Wed, Apr 14, 2010 at 10:06 AM, David Schmitt <da...@dasz.at> wrote: >> >>>> On 4/14/2010 3:42 PM, Michael DeHaan wrote: >> >>>>> On Tue, Apr 13, 2010 at 7:39 PM, Christopher Johnston >>>>> <chjoh...@gmail.com> wrote: >> >>>>>> How to deal with ssl certs, I have a similar situation where I have two >>>>>> puppetmasters per site and I would like to see them both handle serving >>>>>> puppet data at anytime from a VIP (primary/failover) type of operation. >> >>>>> How about shared storage for the SSL dir? >> >>>> Would that be race-free with regards to updating the serial number and >>>> stuff? >> >>>> Best Regards, David >>>> -- >>>> dasz.at OG Tel: +43 (0)664 2602670 Web:http://dasz.at >>>> Klosterneuburg UID: ATU64260999 >> >>>> FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg >> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "Puppet Users" group. >>>> To post to this group, send email to puppet-us...@googlegroups.com. >>>> To unsubscribe from this group, send email to >>>> puppet-users+unsubscr...@googlegroups.com. >>>> For more options, visit this group at >>>> http://groups.google.com/group/puppet-users?hl=en. >> >> -- >> >> Trevor Hemsley >> Infrastructure Engineer >> ................................................. >> * C A L Y P S O >> * Brighton, UK >> >> OFFICE +44 (0) 1273 666 350 >> FAX +44 (0) 1273 666 351 >> >> .................................................www.calypso.com >> >> This electronic-mail might contain confidential information intended >> only for the use by the entity named. If the reader of this message is >> not the intended recipient, the reader is hereby notified that any >> dissemination, distribution or copying is strictly prohibited. >> >> * P * /*/ Please consider the environment before printing this e-mail /*/ > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
