"4) Failover: What are people doing these days for puppet failover? My gut says to keep the configs in SVN, and always have another host on stand by. However, there's an issue with that: the puppet nodes wouldn't be able to just be re-pointed, because the client SSL certificates would be validated by the failover server (and therefore, there would be certificate validation errors)."
* keepalived to carry the vip * certname = puppet * copy the cert from the primary to the secondary * use a tool to keep /var/lib/puppet/ssl sync'd between the nodes (cron? rsnapshot?) Might have to get a little creative.. I think you can also do a common CA, but that wasn't a requirement for my environment. -Chris On Wed, May 19, 2010 at 11:22 AM, Dean Wilson <dwil...@unixdaemon.net>wrote: > On Wed, May 19, 2010 at 11:14:41AM -0400, Matt Juszczak wrote: > > That makes sense, but do you then manage your puppetmaster via puppet as > > a normal client from then on? It would make me nervous. > > I do. Although rather than use environments we have a number of different > puppetmasters, one per location (which is a logical collection of > servers for us) and puppet changes get pushed from staging to live in > the same way as everything else does in our workflow. But with even more > scrutiny ;) > > In theory that catches any puppet issues in my personal dev environment or > early staging and way before they could break production. Anything that > slips through is my own fault for not testing it enough. > > Dean > -- > Dean Wilson http://www.unixdaemon.net > Profanity is the one language all programmers understand > --- Anon > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
