Hi Pete, I was thinking of doing that since all the entries in the wiki addressing Puppet Scalability deal with multiple CAs which in my opinion overly complicates things. I am also waiting on a resolution for #2848 which arose from this kind of setup.
Cheers, Atha On Nov 23, 2009, at 18:05 , Peter Meier wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi > >> 1. Start the production puppet master as usual. This will be your CA. >> 2. In your development puppet master, set ca = false and ca_server = >> production.hostname in puppet.conf in the puppetmasterd section. Also >> set server = production.hostname in the puppetd section. >> 3. In your development puppet master, run puppetd first! This is >> needed to generate the certificates and request the CA to sign them. >> If you start puppetmasterd first it will fail. >> 4. Sign the development puppet master certificate on your production >> puppet master or set autosign. >> 5. Once the certificate is signed, re-run puppetd to verify. >> 6. Start the development puppet master. >> 7. In your development clients, set ca_server = production.hostname to >> have the production puppet master sign their certificates since its >> your only CA. > > would be awesome if you could document that on the wiki. > > cheers pete > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAksK+QAACgkQbwltcAfKi3/qiACgioznQvrbmf6jbhJKajqaaLOx > p9kAnjLvuFNhG5jbcEShnjUiCjCuINyt > =Jf/T > -----END PGP SIGNATURE----- > > -- > > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=.
