>From what I can tell there is no need to use alternate names. You can make the F5 appear to the clients to be the puppetmaster by leveraging the F5 to do SSL offloading and part of the certificate verification taking some load off your puppet masters. Even more though, since the puppet environments and other calls use pretty consistently organized URI paths, you can do some really neat stuff with F5 HTTP Class profiles to delegate certain requests to certain servers.
For example we have one server that acts as a CA, all signing requests go there. Then for normal puppetmaster tasks requests are assigned to a pool of several servers. Further as part of our development setup we have separate environments for our main puppet module developers but these only exist on one puppetmaster so we use the F5 to pick out those requests and direct them to the correct server. In general its a lot like configuring a reverse proxy (Apache, Nginx, etc) in front of puppet. Our setup is quite extensive but I didn't do most of it so I don't want to lead anyone astray with an incomplete explanation. Let me see if I can get some of the details together and make a new wiki page on projects.puppetlabs.com or perhaps expand on the existing page. (linked below) Here's a starting point. http://projects.puppetlabs.com/projects/puppet/wiki/Load_Balancing_F5 Some examples for reverse proxy w/ Apache http://www.puppetmanaged.org/documentation/Reference_Guide-Appendices-Example_SSL_Frontend_Reverse_Proxy_Load_Balancer_Configuration.html http://www.masterzen.fr/2010/03/21/more-puppet-offloading/ -Alan On Sun, Jul 8, 2012 at 12:07 AM, Matthew Black <mjbl...@gmail.com> wrote: > The best I was able to do is when you generate the certificate for the > puppet master you use dns alt names flag to specify the alternative > names for the puppet master. That is the only way I was able to make > it work in my environment with the F5. > > On Sat, Jul 7, 2012 at 6:17 PM, Hai Tao <ehai...@gmail.com> wrote: >> How can I configure F5 load balancer to be infront of multiple puppet >> masters? >> >> The SSL will break as the server name if different, hostname of the >> VIP on the LB vs hostnames of each masters, right? >> >> Can you shed some light? >> >> Thanks. >> >> -- >> Hai Tao >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
