Someone from Puppetlabs should reach out to F5 and have them create a deployment guide.
http://www.f5.com/solutions/resources/deployment-guides.html (selfishly interested in seeing this as well). On Wed, Jul 18, 2012 at 1:41 AM, ollies...@googlemail.com < paul.seym...@barcap.com> wrote: > > On Tuesday, 17 July 2012 16:14:05 UTC+1, Matt wrote: >> >> Is there no one who has done this that can provide examples of how they >> did it? > > > I would if I could. Company policy and all that. > > Generated the SSL certificate with the single F5 DNS address that all the > clients globally will hit puppet.<domain> using puppet cert generate... > > Put these on the F5 and have SSL terminate there and pass on anything > /certificate/ to the pool of CA servers so they can be revoked/stored and > what not - although we never will. The same certs are installed on these. > > Anything without the /certificate/ regex will be passed from the F5 down > to the puppet master pool which will contact a central ENC and do whatever > it needs to do. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/cAYOzqHDhNAJ. > > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.