Yes it works perfectly, I run 2 puppet servers and one of them is the CA using a CNAME as well for the puppet master/ca.
After it is set and working it is wonderful, however until you figure out that you need to remove the ssldir, then run puppet with dns_alt_names, then sign with dns_alt_names in the other side, then start the apache2/passenger, then do a lot of more other tricks until you get out of the certificate error messages it is a headache :) Easy solution would be something that would be easier to setup, or maybe it is just me trying to complicate things. :) On Wednesday, May 8, 2013 4:58:21 PM UTC-7, John Warburton wrote: > > On 9 May 2013 05:57, Felipe Salum <fsa...@gmail.com <javascript:>> wrote: > >> Is Puppetlabs planning some easy solution for this ? >> > > I run 12 puppet servers around the world. They work in a multiple puppet > master solution where any client from any location can work with any puppet > server in any location with dns_alt_names. We have an easy/simple solution: > > One puppet server is designated puppet-ca.example.com. All client's > configuration files look like this: > > ca_server = puppet-ca.example.com > > A second puppet server is randomly chosen to be puppet-ca2.example.com. A > rsync job runs every minute on puppet-ca2 to only suck down the > .../etc/ssl/ca directory from puppet-ca > > If puppet-ca becomes unavailable, we move the puppet-ca CNAME to > puppet-ca2. That lag is acceptable to us. You may chose to use other load > balancing options like an F5 > > John > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
