+1 for this setup for your scenario. I ended removing all of the ca functionality from all of the dev severs, it makes things much simplified.
additionally you need to sign only in one place, which makes it easy to automate it with a common build infrastructure. Cheers, Ohad On Sat, Nov 7, 2009 at 1:38 PM, Dan Bode <d...@reductivelabs.com> wrote: > Hi Paul,, > > I just want to share how I have done this before. > > 1. Production server is the only certificate authority. > 2. Development server sets ca_server = false > 3. Development server calls puppetd --server production.server > 4. Development server now gets a copy of the production servers certificate > (ca.pem) > 5. Other machines must get signed by the prod server before they can call > the dev server (there is a ca_server command line argument) > > the puppet dev server ensures that any calling machines have been signed by > the production server (its ca). > > Can you try this setup and see if it resolves your issue? > > There is another thread of people discussing passenger issues. I will go > ahead and stage the passenger config with 25.1 this weekend. I will make a > post outlining my findings. > > hope this helps, > > Dan > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
