I am working on an idea for using my Cobbler-Server/PuppetMaster as a CA for TLS/SSL (R)syslogging where the CA generates all the certs. That way, bi-directional cert sync in unnecessary. The PuppetMaster becomes the CertMaster.
“Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin & Hobbes) ----- Aaron Grewell <[email protected]> wrote: > In our case the ssldir is on a shared filesystem. > > On Mon, Dec 19, 2011 at 5:15 PM, Ryan Bowlby <[email protected]> wrote: > > Hi All, > > > > We are going to setup two puppet masters, each will include the full > > stack of services. Apache as the frontend on both load balancing to > > the backend services on both. We will be using keepalived and VIP > > whose A record is puppet.domain. > > > > We would like to have the CA in active/active on the two servers. The > > question then is what is the best method for synchronizing certs > > between these hosts bi-directionally? My first thought was doing > > something with inotify but then there is also unison. > > > > While we may end up doing as Pro Puppet suggests and having only one > > be active and the other CA a hot standby, it would still be best to > > sync bi-directionally. What are others doing? > > > > -Ryan > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
