On Fri, Sep 10, 2010 at 10:40 AM, Steven <snem...@hotmail.com> wrote: > Hi Sukh, > > > > This has always been possible and it was on my list of things to do. My idea > was to make systems use the server in their data center and fail over to > another data center if it was not responding. > > > > You need to setup a global CA infrastructure. This would be one root with > all the puppet servers being trusted. Then any puppet server can sign certs > and accept certs signed by the other servers. Once that is done the rest of > the work is easy. Some people have written instructions on setting it up > before. You will need to search for them.
Or set up a single CA server and use the 'ca_server' directive on your clients, removing all CA functionality from your "normal" puppetmasters with --no-ca. > > You will need to create new certs for every system to get this implemented > right. So, it is not a small amount of work. But the sooner it is done the > better, since your system count keeps growing. > > > > Hope you are doing well, > > > > Steven > > > > ________________________________ > > From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] > On Behalf Of Sukh Khehra > Sent: Friday, September 10, 2010 9:10 AM > To: puppet-users@googlegroups.com > Subject: [Puppet Users] puppetmaster HA > > > > I recently lost the only puppetmaster for a datacenter. I ended up having to > build a new one and then hit all clients to remove /var/lib/puppet/ssl and > point them to the new one I built. That was not fun. > > > > I can start backing up the CA infrastructure on the puppetmaster I suppose > but I am wondering how folks out there are protecting against puppetmaster > node failure. Can I have 2 physical nodes and use an F5 or another > loadbalancer to send requests to both? If yes, anyone know of a HowTo doc to > do that? > > > > Thanks for your time. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
