Also I think Nigel posted a load balanced solution using entirely Apache that's floating around on the list, configs and all. Was a few months ago now if you want to go searching.
On Aug 16, 4:12 pm, Luke Bigum <[email protected]> wrote: > Sean, > > Previously I've set up a cluster of Puppet Masters with one machine > acting as the software load balancer (IPVS) as well as the Puppet > Certificate Authority. The relevant puppet.conf options are ca_port > and ca_server to specify where your CA is. The Puppet Master service > on the CA server listened on the ca_port and signed CA requests. The > default puppet port 8140 was load balanced to a pool of "slave" Puppet > Masters and these masters all NFS mounted the ssl/ca/ directory so > they knew about all signed puppet agents. You could then go even > further and make your CA server resilient with Pacemaker / Heartbeat > or other HA techniques. I didn't bother to go that far though ;) > > Hope that helps, > > -Luke > > On Aug 16, 3:25 pm, Sean Carolan <[email protected]> wrote: > > > How do you all handle load balancing and certificate management? Is > > there a way to have a master authority cert server, that all the other > > nodes turn to for all things SSL? > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
