[foreman-users] Re: Foreman with separate puppet in HA
i don't see this post, i read and implementing this. Thanks! Em segunda-feira, 18 de julho de 2016 16:01:51 UTC-3, Christopher Pisano escreveu: > > You can have 2 CA servers behind a load balancer if you make them active > passive and set up shared storage for all the certs. . . or some type of > replication. If you do not want two CA servers you still should move your > CA off of your Puppet master if you plan on load balancing your Puppet > masters and have them talk to Foreman. I am not sure what you mean by can't > put 1 puppet in 2 foreman simultaneously. > > Have you read the Foreman blog post on HA or watched the case study? I'll > put the link below just in case. > > https://theforeman.org/2015/12/journey_to_high_availability.html > > On Monday, July 18, 2016 at 2:57:49 PM UTC-4, Kelvyn Tomaz wrote: >> >> Sorry if i don't explain very well, has a long time without speaking or >> writing in english >> >> But if i put 2 CA in my infrastructure, my clients has to generate certs >> in 2 CA? >> >> My goal is just replicate my infrastructure, and i stuck in 2 questions: >> >> - I cannot put 1 puppet in 2 foreman simultaneously >> - I cannot have 2 CA for one virtual IP (In Load Balancer). >> >> And i don't know to resolve this >> >> Tks to reply Christopher! >> >> Em segunda-feira, 18 de julho de 2016 13:49:13 UTC-3, Christopher Pisano >> escreveu: >>> >>> If I am understanding this correctly you also need to load balance the >>> foreman smart-proxy on each of the puppet masters. But in your current >>> architecture I think that poses a risk of CA requests going to a non-CA >>> puppet master. My suggestion is to always run a completely separate CA from >>> your masters. >>> >>> >>> On Monday, July 18, 2016 at 10:01:17 AM UTC-4, Kelvyn Tomaz wrote: HI, I'm Kelvyn and i implementing puppet in my office, but my foreman server today not supporting all of my puppet nodes (in total 26 nodes) because this machine is very old and slow. And i like to migrate to a strong infrastructure to supporting +500 nodes, and i like to put in HA The infrastructure purpose is that [Load Balancer] / \ /\ / \ /\ [Puppetmaster and CA][Puppetmaster] | \ /| | \/ | | \ / | [Foreman] [Foreman] \ / \/ \ / [Postgresql] But my problem is, the 2 machines with puppet will not connected to 2 foreman machines with foreman-proxy How i change this to a complete HA? PS: the Postgresql is in a master-slave machine. Tks! >>> -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Re: Foreman with separate puppet in HA
You can have 2 CA servers behind a load balancer if you make them active passive and set up shared storage for all the certs. . . or some type of replication. If you do not want two CA servers you still should move your CA off of your Puppet master if you plan on load balancing your Puppet masters and have them talk to Foreman. I am not sure what you mean by can't put 1 puppet in 2 foreman simultaneously. Have you read the Foreman blog post on HA or watched the case study? I'll put the link below just in case. https://theforeman.org/2015/12/journey_to_high_availability.html On Monday, July 18, 2016 at 2:57:49 PM UTC-4, Kelvyn Tomaz wrote: > > Sorry if i don't explain very well, has a long time without speaking or > writing in english > > But if i put 2 CA in my infrastructure, my clients has to generate certs > in 2 CA? > > My goal is just replicate my infrastructure, and i stuck in 2 questions: > > - I cannot put 1 puppet in 2 foreman simultaneously > - I cannot have 2 CA for one virtual IP (In Load Balancer). > > And i don't know to resolve this > > Tks to reply Christopher! > > Em segunda-feira, 18 de julho de 2016 13:49:13 UTC-3, Christopher Pisano > escreveu: >> >> If I am understanding this correctly you also need to load balance the >> foreman smart-proxy on each of the puppet masters. But in your current >> architecture I think that poses a risk of CA requests going to a non-CA >> puppet master. My suggestion is to always run a completely separate CA from >> your masters. >> >> >> On Monday, July 18, 2016 at 10:01:17 AM UTC-4, Kelvyn Tomaz wrote: >>> >>> HI, >>> >>> I'm Kelvyn and i implementing puppet in my office, but my foreman server >>> today not supporting all of my puppet nodes (in total 26 nodes) because >>> this machine is very old and slow. >>> >>> And i like to migrate to a strong infrastructure to supporting +500 >>> nodes, and i like to put in HA >>> >>> >>> The infrastructure purpose is that >>> >>> >>>[Load Balancer] >>> / \ >>>/\ >>> / \ >>> /\ >>> [Puppetmaster and CA][Puppetmaster] >>> | \ /| >>> | \/ | >>> | \ / | >>> [Foreman] [Foreman] >>> \ / >>>\/ >>> \ / >>> [Postgresql] >>> >>> >>> But my problem is, the 2 machines with puppet will not connected to 2 >>> foreman machines with foreman-proxy >>> >>> How i change this to a complete HA? >>> >>> PS: the Postgresql is in a master-slave machine. >>> >>> >>> Tks! >>> >> -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Re: Foreman with separate puppet in HA
Sorry if i don't explain very well, has a long time without speaking or writing in english But if i put 2 CA in my infrastructure, my clients has to generate certs in 2 CA? My goal is just replicate my infrastructure, and i stuck in 2 questions: - I cannot put 1 puppet in 2 foreman simultaneously - I cannot have 2 CA for one virtual IP (In Load Balancer). And i don't know to resolve this Tks to reply Christopher! Em segunda-feira, 18 de julho de 2016 13:49:13 UTC-3, Christopher Pisano escreveu: > > If I am understanding this correctly you also need to load balance the > foreman smart-proxy on each of the puppet masters. But in your current > architecture I think that poses a risk of CA requests going to a non-CA > puppet master. My suggestion is to always run a completely separate CA from > your masters. > > > On Monday, July 18, 2016 at 10:01:17 AM UTC-4, Kelvyn Tomaz wrote: >> >> HI, >> >> I'm Kelvyn and i implementing puppet in my office, but my foreman server >> today not supporting all of my puppet nodes (in total 26 nodes) because >> this machine is very old and slow. >> >> And i like to migrate to a strong infrastructure to supporting +500 >> nodes, and i like to put in HA >> >> >> The infrastructure purpose is that >> >> >>[Load Balancer] >> / \ >>/\ >> / \ >> /\ >> [Puppetmaster and CA][Puppetmaster] >> | \ /| >> | \/ | >> | \ / | >> [Foreman] [Foreman] >> \ / >>\/ >> \ / >> [Postgresql] >> >> >> But my problem is, the 2 machines with puppet will not connected to 2 >> foreman machines with foreman-proxy >> >> How i change this to a complete HA? >> >> PS: the Postgresql is in a master-slave machine. >> >> >> Tks! >> > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
[foreman-users] Re: Foreman with separate puppet in HA
If I am understanding this correctly you also need to load balance the foreman smart-proxy on each of the puppet masters. But in your current architecture I think that poses a risk of CA requests going to a non-CA puppet master. My suggestion is to always run a completely separate CA from your masters. On Monday, July 18, 2016 at 10:01:17 AM UTC-4, Kelvyn Tomaz wrote: > > HI, > > I'm Kelvyn and i implementing puppet in my office, but my foreman server > today not supporting all of my puppet nodes (in total 26 nodes) because > this machine is very old and slow. > > And i like to migrate to a strong infrastructure to supporting +500 nodes, > and i like to put in HA > > > The infrastructure purpose is that > > >[Load Balancer] > / \ >/\ > / \ > /\ > [Puppetmaster and CA][Puppetmaster] > | \ /| > | \/ | > | \ / | > [Foreman] [Foreman] > \ / >\/ > \ / > [Postgresql] > > > But my problem is, the 2 machines with puppet will not connected to 2 > foreman machines with foreman-proxy > > How i change this to a complete HA? > > PS: the Postgresql is in a master-slave machine. > > > Tks! > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
