Afternoon,
I'm searching for documentation or hints on how to achieve a somewhat
more complex SSL setup than is provided "out of the box". I've looked
around via Google and don't see anything immediately obvious.
I guess the most logical place to start is to state my aims:
1) Run a pair of puppetmaster boxes in each security context,
with these looked after by a single and central puppetmaster.
This will configure Puppet and things like Passenger for us,
plus setup scheduled jobs to pull manifests out of VCS.
2) Have clients be able to talk to either puppetmaster within
their specific security context, and then use something to
perform IP failover for availability reasons.
I am therefore guessing we need to run a CA on the internal server
acting as the puppetmaster, and use that to build a suitable chain of
trust? Where does that leave me for using things like 'puppet cert'
and can any of the tools already shipped with Puppet assist in getting
this all operational? Conversely am I likely to encounter resistance
from Puppet tools in trying to achieve these aims?
Has anyone implemented an identical or similar solution, did you
document it anywhere publicly, what problems did you encounter, and do
you have any tips?
Many Thanks,
- Alex
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
