Thanks, Luke. I'm going to pipe HTTPS straight thru the BIG-IP's to the PM's for now.
Josh On Apr 23, 12:19 pm, Luke Bigum <luke.bi...@lmax.com> wrote: > Hi Josh, > > It would depend on whether an F5 can be made to write the necessary > information into an HTTP header. What I would do to is look at how > Apache populates the SSL_CLIENT_S_DN and SSL_CLIENT_VERIFY headers when > you use it as a Puppet Master front end and see if you can replicate > that on an F5. F5 iRules are quite powerful so I'd say it might be > possible but probably not straight out of the box. > > As for a health monitor I'm not sure... Puppet Masters are RESTful so > you might be able to come up with something tricky with that. > > -Luke > > On 23/04/12 16:53, Josh wrote: > > > > > > > > > > > Hi, > > > Is there anyone using BIG-IP to load balance client side connections > > to multiple puppet masters? I'm looking for advice on a > > configuration, specifically: > > > * How to handle SSL. Should I try to decrypt client side traffic at > > the BIG-IP? If so, should LB<-> BIG-IP traffic be unencrypted via > > HTTP? I have seen this scenario described in Pro Puppet. I would > > think I would run into problems verifying clients at the PM if I > > decrypt at the load balancers. > > > * How are you deploying health monitors for the PM's? > > > Thanks, > > > Josh > > -- > Luke Bigum > > Information Systems > Ph: +44 (0) 20 3192 2520 > luke.bi...@lmax.com |http://www.lmax.com > LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN > > FX and CFDs are leveraged products that can result in losses exceeding > your deposit. They are not suitable for everyone so please ensure you > fully understand the risks involved. The information in this email is not > directed at residents of the United States of America or any other > jurisdiction where trading in CFDs and/or FX is restricted or prohibited > by local laws or regulations. > > The information in this email and any attachment is confidential and is > intended only for the named recipient(s). The email may not be disclosed > or used by any person other than the addressee, nor may it be copied in > any way. If you are not the intended recipient please notify the sender > immediately and delete any copies of this message. Any unauthorised > copying, disclosure or distribution of the material in this e-mail is > strictly forbidden. > > LMAX operates a multilateral trading facility. Authorised and regulated > by the Financial Services Authority (firm registration number 509778) and > is registered in England and Wales (number 06505809). > Our registered address is Yellow Building, 1A Nicholas Road, London, W11 > 4AN. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.