The puppet master needs the SSL certs to sign new client certs, etc. So the SSL traffic cannot terminate at the F5. You can't offload the SSL from the puppet master.
Remove the SSL cert from the F5, and have it load balance across the nodes without altering the connection and it will work fine. On Nov 14, 2013, at 5:10 PM, Christopher Pisano <[email protected]> wrote: > Sorry to revive an old thread but i am currently trying to load balance two > puppet masters behind an F5 and am running into issues. Can you share your > configuration? I have a CA/Foreman server outside of the F5 and 2 > Puppetmasters behind the F5. The VIP on the F5 has a generic DNS name with > the certificate generated from the CA. The certificate, private key and CA > certificate are all loaded to the F5 and configured in a client ssl profile > which is applied to the VIP. Am I missing anything on the F5 configuration > side? Do I need to dig into the Apache config on the Puppetmasters? > > On Monday, January 17, 2011 12:49:29 PM UTC-5, Matt wrote: > Not sure what his issue was but in my organization we had one puppet > master with mod_passenger and puppet 2.6.3 running fine with 200 > clients in a VM. We expanded to a 2 node cluster, with the original > puppet master serving as the master for the secondaries. The > secondaries have an F5 infront of them with no session persistence > round robin and a health monitor to know if one of the masters had > gone down. > > On Jan 11, 9:44 pm, donavan <[email protected]> wrote: > > On Jan 11, 2:45 pm, DaveQB <[email protected]> wrote: > > > > > We had trouble scaling with 400+ nodes. Puppet server is a VM on an > > > ESX cluster with 3.5GB of ram and 1.5GB of swap but would regularly > > > kick in OOM which would kill off most if not all of the 10 > > > puppetmaster instances. > > > > This is very surprising to me. Is this .24 or .25 per chance serving > > large files via the File resource per chance? There were some big > > memory improvements in File handling around 2.6.0. > > > > Using 2.6.x, Ruby 1.8.7, Apache 2.2 and passenger I'd expect around > > 100-200mb usage per process. Even that seems a bit high to me, though > > I don't know what's shared and whats resident off hand. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/fe372d3a-cb01-4b36-a06b-0c2255cb2ade%40googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. Author of Instant Puppet 3 Starter: http://www.netconsonance.com/instant-puppet-3-starter-book/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/019E4C5F-6C65-4371-BC4A-E35BB9E63D09%40netconsonance.com. For more options, visit https://groups.google.com/groups/opt_out.
