On Tue, May 05, 2015 at 12:46:10PM -0700, Justin Lambert wrote: > > > I need to build a new puppet environment and was looking at using SRV > records for a multi-master setup. Having a single master and SRV records > works great, but I haven’t successfully been able to build a second master. > > https://docs.puppetlabs.com/guides/scaling_multiple_masters.html#option-4-dns-srv-records > makes > it sound like magic, just additional nodes to the record set for > _x-puppet._tcp. > > Option 1B ( > https://docs.puppetlabs.com/guides/scaling_multiple_masters.html#option-1-direct-agent-nodes-to-the-ca-master) > for > centralizing the CA is a bit more vague. Setting the _x-puppet-ca._tcp > record is easy enough, but do I also need to set the dns_alt_names on the > certificate to all of the servers that would be added to the _x-puppet._tcp > record?
Can't comment on the srv thing because I haven't done it, but the cert presented by any given puppetmaster has to match the name the agent thinks it is called or the agent run will fail. It looks like you won't need SAN (Subject Alternative Name) certs unless you have a puppetmaster which may be known by more than one hostname (in front of and behind a load balancer, for instance). > I have been trying to find a more detailed tutorial online, but so far have > been unsuccessful. > > Thanks, > > jl > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/4dcf2cea-48fb-4dc3-a2ac-b57e7976e038%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20150505203401.GA23957%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/d/optout.
