On Thu, Nov 18, 2010 at 12:01 PM, Scott Smith wrote:
> Puppetmasters (the puppetmasterds serving catalogs) don't need access to the
> same SSL dir the Puppet CA (the puppetmasterd signing and revoking certs).
> But, they do need to share the private key for presenting the certificate
> for puppet.
Puppetmasters (the puppetmasterds serving catalogs) don't need access to the
same SSL dir the Puppet CA (the puppetmasterd signing and revoking certs).
But, they do need to share the private key for presenting the certificate
for puppet.domain.com. And the CRL as well, if you use it. That director
I think it's a bad idea to deal with the overhead of an NFS mount when
you have a dedicated puppet CA, as on your non-CA servers there should
be no need to ever write to that directory.
On Wed, Nov 17, 2010 at 7:55 PM, Scott Smith wrote:
> Oh, that's for sharing the puppetmaster SSL keypair betw
Oh, that's for sharing the puppetmaster SSL keypair between each other,
that's all.
On Nov 17, 2010 3:53 PM, "Nigel Kersten" wrote:
> On Wed, Nov 17, 2010 at 1:29 PM, Scott Smith wrote:
>> nfs mount the puppetmaster ssl dir. seperate puppetca (set on clients)
play
>> with it and you'll figure it
On Wed, Nov 17, 2010 at 1:29 PM, Scott Smith wrote:
> nfs mount the puppetmaster ssl dir. seperate puppetca (set on clients) play
> with it and you'll figure it out :)
Why do you need to nfs mount the puppetmaster SSL dir in this case Scott?
There's no state to be shared if you're operating with
I rsync my ssl dir from CNAMES puppet-ca.example.com to
puppet-ca2.example.com every 5 mins
All clients configuration is set up such that ca_server =
puppet-ca.example.com
If puppet-ca goes down, I swing the pppet-ca CNAME to the puppet-ca2 server
Note that to make this work I use the same singl
nfs mount the puppetmaster ssl dir. seperate puppetca (set on clients) play
with it and you'll figure it out :)
On Nov 11, 2010 9:18 AM, "luke.bigum" wrote:
> Hi,
>
> Does anyone know if this document is up to date (besides the comment
> at the top saying it's not):
>
>
http://projects.puppetlabs.
Hi,
On Thu, Nov 11, 2010 at 9:17 AM, luke.bigum wrote:
> Hi,
>
> Does anyone know if this document is up to date (besides the comment
> at the top saying it's not):
>
>
> http://projects.puppetlabs.com/projects/1/wiki/Multiple_Certificate_Authorities
>
> Or does anyone who has a load balanced mul
Hi,
Does anyone know if this document is up to date (besides the comment
at the top saying it's not):
http://projects.puppetlabs.com/projects/1/wiki/Multiple_Certificate_Authorities
Or does anyone who has a load balanced multi puppet master with some
kind of shared CA confirm that the procedure
