Sorry for the late response. That feature looks attractive, but not feasible at this state. I am still running .24 version of puppet which is working great (although performance could be slightly better!) and I wasn't looking to do an upgrade to .25 for at least a month or two as bugs iron out.
Essentially my setup consists of a central git server and a puppetmaster in our main site. In my remote locations I have two puppetmasters running in a cluster using a VIP for its IP address. Since the physical hostname could potentially change during a failover situation along with the keys not being there (I could put the ssl certs on shared storage or sync them from hostA to hostB via rsnapshot via cron) I will end up running into issues with the certs. The question I have is what is the best way to manage SSL certs in a more distributed fashion by using a shared certificate. I don't want to rely on a single instance of puppetmasterd to provide certs as that is a SPOF to me and since my remote sites are distant on the network my preference is to use the local hostA and hostB servers as puppetmasters and ssl servers with direct git clones (git pull when a major commit is tested in development/lab). I also use autosign so certs get created on demand. -Chris On Sat, Mar 13, 2010 at 5:50 AM, Alan Barrett <a...@cequrux.com> wrote: > On Fri, 12 Mar 2010, Christopher Johnston wrote: > > Reason I am asking is I am having a bunch of SSL issues in production > right > > now, I need to disable SSL until I get things fixed. > > As a workaround, perhaps you could use the > standalone compile/apply feature (new in 0.25); see > < > http://reductivelabs.com/trac/puppet/wiki/ReleaseNotes#command-line-compile-apply > >. > > --apb (Alan Barrett) > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
