RESOLVED The multi-puppetmaster-single-CA documentation is complete but a bit scattered. Here the short list of what I needed to do for puppetmasters running apache-passenger.
pm1 = CA pm2 = non-CA puppetmaster - needs to reference pm1 as the ca_server - disable local ca in [master] - get a cert signed by pm1 - setup passenger as non-CA - restart httpd Agents - ca_server points to pm1 pm2: puppet.conf [main] ca_server = pm1 [master] ca = false pm2: /etc/httpd/conf.d/puppetmaster.conf Follow the instructions on http://docs.puppetlabs.com/guides/passenger.html Including the part about non-CA - I missed this part because we setup passenger months ago - There's no cross-reference to it on the multi-puppetmaster page Next follow: http://docs.puppetlabs.com/guides/scaling_multiple_masters.html#before-running-puppet-agent-or-puppet-master These instructions apply to PM2, the non-CA puppetmaster And finally, restart apache-passenger (service httpd restart) > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.