Hi Sukh,
This has always been possible and it was on my list of things to do. My idea was to make systems use the server in their data center and fail over to another data center if it was not responding. You need to setup a global CA infrastructure. This would be one root with all the puppet servers being trusted. Then any puppet server can sign certs and accept certs signed by the other servers. Once that is done the rest of the work is easy. Some people have written instructions on setting it up before. You will need to search for them. You will need to create new certs for every system to get this implemented right. So, it is not a small amount of work. But the sooner it is done the better, since your system count keeps growing. Hope you are doing well, Steven _____ From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of Sukh Khehra Sent: Friday, September 10, 2010 9:10 AM To: puppet-users@googlegroups.com Subject: [Puppet Users] puppetmaster HA I recently lost the only puppetmaster for a datacenter. I ended up having to build a new one and then hit all clients to remove /var/lib/puppet/ssl and point them to the new one I built. That was not fun. I can start backing up the CA infrastructure on the puppetmaster I suppose but I am wondering how folks out there are protecting against puppetmaster node failure. Can I have 2 physical nodes and use an F5 or another loadbalancer to send requests to both? If yes, anyone know of a HowTo doc to do that? Thanks for your time. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
