Hi Alex - Did your searching turn this up? http://projects.puppetlabs.com/projects/puppet/wiki/Multiple_Certificate_Authorities
That's my note from January at the top, sadly - I thought there were some fixes in 0.25.5 around this but related bugs still seem to be open: http://projects.puppetlabs.com/issues/3770 http://projects.puppetlabs.com/issues/3120 -=Eric On Jun 29, 2010, at 5:25 AM, Alex Howells wrote: > Afternoon, > > I'm searching for documentation or hints on how to achieve a somewhat > more complex SSL setup than is provided "out of the box". I've looked > around via Google and don't see anything immediately obvious. > > I guess the most logical place to start is to state my aims: > > 1) Run a pair of puppetmaster boxes in each security context, > with these looked after by a single and central puppetmaster. > This will configure Puppet and things like Passenger for us, > plus setup scheduled jobs to pull manifests out of VCS. > > 2) Have clients be able to talk to either puppetmaster within > their specific security context, and then use something to > perform IP failover for availability reasons. > > I am therefore guessing we need to run a CA on the internal server > acting as the puppetmaster, and use that to build a suitable chain of > trust? Where does that leave me for using things like 'puppet cert' > and can any of the tools already shipped with Puppet assist in getting > this all operational? Conversely am I likely to encounter resistance > from Puppet tools in trying to achieve these aims? > > Has anyone implemented an identical or similar solution, did you > document it anywhere publicly, what problems did you encounter, and do > you have any tips? > > Many Thanks, > - Alex > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > - Eric Sorenson - N37 17.255 W121 55.738 - http://twitter.com/ahpook - -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
