Hello all, I'm trying to figure some things out with SSL and would appreciate some help or best practices here.
I'm implementing auto scaling over Amazon EC2 for some services I have, all of the instances are based on the same AMI and I'm using Puppet to configure the hosts when they come up to make sure they have the latest configuration, also I'm using some exported resources in order to configure other instances that need to use their details. My auto scaling environment is supposed to be dynamic and go up and down as needed, I also need to use host names that will differentiate one host from the other and have some ID. Currently when a host comes up it gets an ID between 1 and 25 (depends on what's available) and comes up. My problem is that sometimes a node goes down, and then a new node comes up and takes it's number (which is alright), but then puppetmaster refuses to let it come up because obviously it now has a different SSL certificate than the one that was previously up. Is there a best practice or a solution for this problem? I do need to use the same hostnames sometimes for instances that generate new certificates when they come up, I've been trying to clean the certificates once in a while for instances that are no longer responding but that didn't go very well and I also understand that I need to restart the master in order for that to take effect which I don't want to do. Once solution that I thought about is to generate a certificate for each hostname and make sure that when an instance comes up it gets the specific certificate that was already generated and signed by the master. Is this a good idea? Any other thoughts about this? Thanks, Galed. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/8bVpwxZE_-IJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.