My inventory server is a puppetmaster, but its master of itself and is only being using for inventory services. If I point new clients to it will work fine.
So think of my setup like this: puppet1.company.com and puppet2.company.com are two dedicated servers in each datacenter that handle local client connectivity only. By using certname=puppet I can copy the same CA to puppet2.company.com and support failing over if the primary server goes down. This setup is mimic'ed in about 20 other sites. The inventory server is a remote puppet master sitting in a backoffice datacenter that is setup with mysql and puppet dashboard to receive reports and inventory services from all 40 of the masters. So with this current arrangement how would I go about making sure the inventory server has a cert that is signed by the 40 other CAs. On Wed, Jan 4, 2012 at 2:55 PM, Nan Liu <n...@puppetlabs.com> wrote: > On Wed, Jan 4, 2012 at 11:31 AM, Christopher Johnston > <chjoh...@gmail.com> wrote: > > If it is a requirement that I have a signed CA, that could be an issue > as I > > have two puppet masters in each datacenter that has its own shared CA > across > > those two puppet masters only (certname = puppet). I don't have one > signed > > CA that every master is using. > > You don't need a signed CA, but rather the two servers certs are > signed by the same CA, which is the reason for verifying issuer match. > If your inventory server is also a puppet master, might be easier to > get that system working first before trying a remote puppet master. > > Thanks, > > Nan > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.