The reply was very helpful. Thank you very much.
Regarding a separate puppetmaster for test-environments: I thought I'd do
something like the following, and add one or more puppetmasters to the
"puppet-test1" pool:
server {
listen 8150;
ssl_verify_client on;
root /var/empty;
access_log on;
rewrite_log on;
location / {
proxy_pass http://puppet-test1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 65;
}
}
This was what you proposed, and seems like a good solution.
Btw, are there any guidelines as to how many puppetmaster instances there
should be in a pool? I figure I'd maybe start out with 4 instances and add
more if performance degrades.
On 10/15/08, Brice Figureau <[EMAIL PROTECTED]> wrote:
>
>
> Hi,
>
> Although I don't run puppet behind nginx, I know well nginx (for using
> it as a proxy for several years, and for contributing a module).
>
> On Wed, 2008-10-15 at 11:12 +0200, Kenneth Holter wrote:
> > I have a simple question about running multiple puppetmasters with
> > nginx/mongrel. The sample nginx config file found on the puppet web
> > site defines something like this:
> > [snipped config]
>
> >
> > This configuration means that I can run multiple puppetmasters, one
> > for each of the ports defined under "upstream" in the above config
> > file. As far as I can understand, all of these puppetmasters must use
> > the same manifests. I mean, when puppet nodes connects to port 8140,
> > they will be redirected to one of the puppetmasters determined by
> > nginx. Therefor, all these puppetmasters must run the same manifests.
> > Is this correct?
>
> Yes, because you don't know which master your client will be connected
> to. This will be one of the "upstream" puppet-production pool.
>
> > Furthermore, if I want a separate puppetmaster (but running the same
> > manifests) for our test-environments, I can simply add a new port (for
> > example 8150), have to nodes connect to this port, and make sure there
> > is a puppetmaster running to connect to. True?
>
> Yes. Or you can add a new server {} block in your nginx configuration,
> bound to another port, that directs communication to another "upstream"
> block that knows your development master's port.
>
> Hope that helps,
> --
> Brice Figureau <[EMAIL PROTECTED]>
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
