Puppetmasters (the puppetmasterds serving catalogs) don't need access to the same SSL dir the Puppet CA (the puppetmasterd signing and revoking certs).
But, they do need to share the private key for presenting the certificate for puppet.domain.com. And the CRL as well, if you use it. That directory doesn't have to be shared via NFS. You could rsync the ssl directory between your puppetmasters. On Thu, Nov 18, 2010 at 9:00 AM, Nigel Kersten <ni...@puppetlabs.com> wrote: > I think it's a bad idea to deal with the overhead of an NFS mount when > you have a dedicated puppet CA, as on your non-CA servers there should > be no need to ever write to that directory. > > > On Wed, Nov 17, 2010 at 7:55 PM, Scott Smith <sc...@ohlol.net> wrote: > > Oh, that's for sharing the puppetmaster SSL keypair between each other, > > that's all. > > > > On Nov 17, 2010 3:53 PM, "Nigel Kersten" <ni...@puppetlabs.com> wrote: > >> On Wed, Nov 17, 2010 at 1:29 PM, Scott Smith <sc...@ohlol.net> wrote: > >>> nfs mount the puppetmaster ssl dir. seperate puppetca (set on clients) > >>> play > >>> with it and you'll figure it out :) > >> > >> Why do you need to nfs mount the puppetmaster SSL dir in this case > Scott? > >> > >> There's no state to be shared if you're operating with a dedicated > >> puppetca. > >> > >> > >> > >>> > >>> On Nov 11, 2010 9:18 AM, "luke.bigum" <luke.bi...@fasthosts.co.uk> > wrote: > >>>> Hi, > >>>> > >>>> Does anyone know if this document is up to date (besides the comment > >>>> at the top saying it's not): > >>>> > >>>> > >>>> > >>>> > http://projects.puppetlabs.com/projects/1/wiki/Multiple_Certificate_Authorities > >>>> > >>>> Or does anyone who has a load balanced multi puppet master with some > >>>> kind of shared CA confirm that the procedure is accurate? > >>>> > >>>> -- > >>>> You received this message because you are subscribed to the Google > >>>> Groups > >>>> "Puppet Users" group. > >>>> To post to this group, send email to puppet-us...@googlegroups.com. > >>>> To unsubscribe from this group, send email to > >>>> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > >>>> For more options, visit this group at > >>>> http://groups.google.com/group/puppet-users?hl=en. > >>>> > >>> > >>> -- > >>> You received this message because you are subscribed to the Google > Groups > >>> "Puppet Users" group. > >>> To post to this group, send email to puppet-us...@googlegroups.com. > >>> To unsubscribe from this group, send email to > >>> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > >>> For more options, visit this group at > >>> http://groups.google.com/group/puppet-users?hl=en. > >>> > >> > >> > >> > >> -- > >> Nigel Kersten - Puppet Labs - http://www.puppetlabs.com > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Puppet Users" group. > >> To post to this group, send email to puppet-us...@googlegroups.com. > >> To unsubscribe from this group, send email to > >> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > >> For more options, visit this group at > >> http://groups.google.com/group/puppet-users?hl=en. > >> > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > > > > > -- > Nigel Kersten - Puppet Labs - http://www.puppetlabs.com > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- http://about.me/scoot http://twitter.com/ohlol -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
