On Apr 21, 2010, at 7:34 PM, Ohad Levy wrote: > Brian, > > Login to your second puppetmaster and try the following: > backup your /var/lib/puppet and /etc/puppet dirs > stop your puppetmaster and puppetd processes > rm -rf /var/lib/puppet/ssl > edit your /etc/puppet.conf > under the [main] section add: > ca = false > ca_server = <fqdn of your first puppetmaster> > on your first puppet master do puppetca --clean <fqdn of second puppetmaster> > run puppetd on this machine - e.g. > puppetd -t --server <fqdn of your first puppetmaster> > sign the certificate on the first puppetmaster > start puppetmaster > Hope this helps, > Ohad
Cool. Will this passthrough CA requests? Here's an example: Lets call the first puppetmaster CA. Call the second puppetmaster Backup. A client with a default puppet.conf that doesn't have a valid cert connects to Backup. Will the client get a valid cert that will work on both masters? -Patrick -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
