On Fri, Sep 10, 2010 at 03:09:50PM -0700, Nigel Kersten wrote: > On Fri, Sep 10, 2010 at 10:40 AM, Steven <snem...@hotmail.com> wrote: > > You need to setup a global CA infrastructure. This would be one root with > > all the puppet servers being trusted. Then any puppet server can sign certs > > and accept certs signed by the other servers. Once that is done the rest of > > the work is easy. Some people have written instructions on setting it up > > before. You will need to search for them. > > Or set up a single CA server and use the 'ca_server' directive on your > clients, removing all CA functionality from your "normal" > puppetmasters with --no-ca.
In that type of set up, If you lose your CA does that only prevent signing new clients or is the CA used in the normal course of a puppet run as well? Cheers, John -- John Blog http://www.inodes.org LCA2011 http://www.lca2011.org.au -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
