LOhit writes: > Hi, > > Since puppet doesn't have HA/fail over capabilities as of now. How does one > mitigate a puppet master failure( Ex. Hardware). When you replace the server > and configure the Puppet masterd, the clients may no longer be able to > communicate with the server, since the server's SSL certificates would have > changed.
Back up your puppetmaster SSL keys and certificates and reinstall them if you should ever have to resurrect your puppetmaster for the dead. There is absolutely no reason you should have to create a new puppetmaster certificate if you already have one. But you shouldn't have to totally reinstall your puppetmaster if you back it up properly, why reinstall when you could just restore the backup? You can perfectly well use standard HA techniques to make your puppetmaster a high-availability service. You could have a standby node with a duplicate puppetmaster installation ready to activate, or even use standard load-balancing to have multiple puppetmasters. > BTW, I am using puppet to manage about 700+ hosts, I am beginning to worry > about the scenario as mentioned above. I definitely don't want to login to > each host to clear the "ssl" directory to make it request new certificate. > > Thanks, > -- > LOhit -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
