I think it's a bad idea to deal with the overhead of an NFS mount when
you have a dedicated puppet CA, as on your non-CA servers there should
be no need to ever write to that directory.
On Wed, Nov 17, 2010 at 7:55 PM, Scott Smith sc...@ohlol.net wrote:
Oh, that's for sharing the puppetmaster
Puppetmasters (the puppetmasterds serving catalogs) don't need access to the
same SSL dir the Puppet CA (the puppetmasterd signing and revoking certs).
But, they do need to share the private key for presenting the certificate
for puppet.domain.com. And the CRL as well, if you use it. That
On Thu, Nov 18, 2010 at 12:01 PM, Scott Smith sc...@ohlol.net wrote:
Puppetmasters (the puppetmasterds serving catalogs) don't need access to the
same SSL dir the Puppet CA (the puppetmasterd signing and revoking certs).
But, they do need to share the private key for presenting the certificate
nfs mount the puppetmaster ssl dir. seperate puppetca (set on clients) play
with it and you'll figure it out :)
On Nov 11, 2010 9:18 AM, luke.bigum luke.bi...@fasthosts.co.uk wrote:
Hi,
Does anyone know if this document is up to date (besides the comment
at the top saying it's not):
I rsync my ssl dir from CNAMES puppet-ca.example.com to
puppet-ca2.example.com every 5 mins
All clients configuration is set up such that ca_server =
puppet-ca.example.com
If puppet-ca goes down, I swing the pppet-ca CNAME to the puppet-ca2 server
Note that to make this work I use the same
On Wed, Nov 17, 2010 at 1:29 PM, Scott Smith sc...@ohlol.net wrote:
nfs mount the puppetmaster ssl dir. seperate puppetca (set on clients) play
with it and you'll figure it out :)
Why do you need to nfs mount the puppetmaster SSL dir in this case Scott?
There's no state to be shared if you're
Oh, that's for sharing the puppetmaster SSL keypair between each other,
that's all.
On Nov 17, 2010 3:53 PM, Nigel Kersten ni...@puppetlabs.com wrote:
On Wed, Nov 17, 2010 at 1:29 PM, Scott Smith sc...@ohlol.net wrote:
nfs mount the puppetmaster ssl dir. seperate puppetca (set on clients)
play
Hi,
On Thu, Nov 11, 2010 at 9:17 AM, luke.bigum luke.bi...@fasthosts.co.ukwrote:
Hi,
Does anyone know if this document is up to date (besides the comment
at the top saying it's not):
http://projects.puppetlabs.com/projects/1/wiki/Multiple_Certificate_Authorities
Or does anyone who has a