Puppetmasters (the puppetmasterds serving catalogs) don't need access to the same SSL dir the Puppet CA (the puppetmasterd signing and revoking certs).
But, they do need to share the private key for presenting the certificate for puppet.domain.com. And the CRL as well, if you use it. That directory doesn't have to be shared via NFS. You could rsync the ssl directory between your puppetmasters. On Thu, Nov 18, 2010 at 9:00 AM, Nigel Kersten <[email protected]> wrote: > I think it's a bad idea to deal with the overhead of an NFS mount when > you have a dedicated puppet CA, as on your non-CA servers there should > be no need to ever write to that directory. > > > On Wed, Nov 17, 2010 at 7:55 PM, Scott Smith <[email protected]> wrote: > > Oh, that's for sharing the puppetmaster SSL keypair between each other, > > that's all. > > > > On Nov 17, 2010 3:53 PM, "Nigel Kersten" <[email protected]> wrote: > >> On Wed, Nov 17, 2010 at 1:29 PM, Scott Smith <[email protected]> wrote: > >>> nfs mount the puppetmaster ssl dir. seperate puppetca (set on clients) > >>> play > >>> with it and you'll figure it out :) > >> > >> Why do you need to nfs mount the puppetmaster SSL dir in this case > Scott? > >> > >> There's no state to be shared if you're operating with a dedicated > >> puppetca. > >> > >> > >> > >>> > >>> On Nov 11, 2010 9:18 AM, "luke.bigum" <[email protected]> > wrote: > >>>> Hi, > >>>> > >>>> Does anyone know if this document is up to date (besides the comment > >>>> at the top saying it's not): > >>>> > >>>> > >>>> > >>>> > http://projects.puppetlabs.com/projects/1/wiki/Multiple_Certificate_Authorities > >>>> > >>>> Or does anyone who has a load balanced multi puppet master with some > >>>> kind of shared CA confirm that the procedure is accurate? > >>>> > >>>> -- > >>>> You received this message because you are subscribed to the Google > >>>> Groups > >>>> "Puppet Users" group. > >>>> To post to this group, send email to [email protected]. > >>>> To unsubscribe from this group, send email to > >>>> [email protected]<puppet-users%[email protected]> > . > >>>> For more options, visit this group at > >>>> http://groups.google.com/group/puppet-users?hl=en. > >>>> > >>> > >>> -- > >>> You received this message because you are subscribed to the Google > Groups > >>> "Puppet Users" group. > >>> To post to this group, send email to [email protected]. > >>> To unsubscribe from this group, send email to > >>> [email protected]<puppet-users%[email protected]> > . > >>> For more options, visit this group at > >>> http://groups.google.com/group/puppet-users?hl=en. > >>> > >> > >> > >> > >> -- > >> Nigel Kersten - Puppet Labs - http://www.puppetlabs.com > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Puppet Users" group. > >> To post to this group, send email to [email protected]. > >> To unsubscribe from this group, send email to > >> [email protected]<puppet-users%[email protected]> > . > >> For more options, visit this group at > >> http://groups.google.com/group/puppet-users?hl=en. > >> > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<puppet-users%[email protected]> > . > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > > > > > -- > Nigel Kersten - Puppet Labs - http://www.puppetlabs.com > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<puppet-users%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- http://about.me/scoot http://twitter.com/ohlol -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
