2008/12/22 James Turnbull <ja...@lovedthanlost.net> > Eric Singer wrote: > > both servers should be Puppet Master servers as well. One server > > being primary and the other is seconday which is ready to pick up > > incase the other fails. > > > > The only documentation I know of is: > > http://reductivelabs.com/trac/puppet/wiki/PuppetScalability > > It's not really what you're after but someone on the list is bound to do > something similar. Peoples? > > Regards > > James Turnbull >
We set this up at my last job, though not in an active-standby setup (active-active-active at the core, and active-active at each site). Its not terribly difficult if you setup your CA correctly. You'll want whatever servers are responsible for issueing client certs to be all signed by the same root authority, and place all of those certs in the ca.pem on every puppet master. If you sign all of your puppet master certs with the same key, you just have to place that key in all of your clients. We ended up generating our own puppet master certs with openssl because we needed additional names in the Server Alternate Names, but you can just use the one puppetmaster creates if you're okay with the SAN it uses. You will also likely need to switch from webrick to mongrel and something that supports SSL cert chains (apache), unless that got fixed in webrick since 6 months ago. Since puppet doesn't have a concept of producers and consumers (or master and slaves) already, I would suggest against working yourself into that mindset with respect to scalability - view it as a clustered service and go from there. If you don't want to deal with all the certs and don't mind the active/standby idea, you could just copy all the certs from puppetA to puppetB, and flip an alias/cname when puppetA goes down. its not a great solution because the cert name on puppetB isn't really valid so you won't be able to easily test against that server unless you make a host entry. .r' --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
