On Fri, Sep 10, 2010 at 10:40 AM, Steven <[email protected]> wrote: > Hi Sukh, > > > > This has always been possible and it was on my list of things to do. My idea > was to make systems use the server in their data center and fail over to > another data center if it was not responding. > > > > You need to setup a global CA infrastructure. This would be one root with > all the puppet servers being trusted. Then any puppet server can sign certs > and accept certs signed by the other servers. Once that is done the rest of > the work is easy. Some people have written instructions on setting it up > before. You will need to search for them.
Or set up a single CA server and use the 'ca_server' directive on your clients, removing all CA functionality from your "normal" puppetmasters with --no-ca. > > You will need to create new certs for every system to get this implemented > right. So, it is not a small amount of work. But the sooner it is done the > better, since your system count keeps growing. > > > > Hope you are doing well, > > > > Steven > > > > ________________________________ > > From: [email protected] [mailto:[email protected]] > On Behalf Of Sukh Khehra > Sent: Friday, September 10, 2010 9:10 AM > To: [email protected] > Subject: [Puppet Users] puppetmaster HA > > > > I recently lost the only puppetmaster for a datacenter. I ended up having to > build a new one and then hit all clients to remove /var/lib/puppet/ssl and > point them to the new one I built. That was not fun. > > > > I can start backing up the CA infrastructure on the puppetmaster I suppose > but I am wondering how folks out there are protecting against puppetmaster > node failure. Can I have 2 physical nodes and use an F5 or another > loadbalancer to send requests to both? If yes, anyone know of a HowTo doc to > do that? > > > > Thanks for your time. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
