* keepalived to carry the vip
* certname = puppet
* copy the cert from the primary to the secondary
* use a tool to keep /var/lib/puppet/ssl sync'd between the nodes (cron?
rsnapshot?)
Might have to get a little creative.. I think you can also do a common CA, but
that wasn't a requirement for my
environment.
So I assume you're only talking about certname = puppet on the master,
correct? The clients would still generate hostname based certs?
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
