On Thu, Nov 18, 2010 at 12:01 PM, Scott Smith <sc...@ohlol.net> wrote: > Puppetmasters (the puppetmasterds serving catalogs) don't need access to the > same SSL dir the Puppet CA (the puppetmasterd signing and revoking certs). > But, they do need to share the private key for presenting the certificate > for puppet.domain.com. And the CRL as well, if you use it. That directory > doesn't have to be shared via NFS. You could rsync the ssl directory between > your puppetmasters.
Absolutely. I just try to avoid NFS where possible. > > On Thu, Nov 18, 2010 at 9:00 AM, Nigel Kersten <ni...@puppetlabs.com> wrote: >> >> I think it's a bad idea to deal with the overhead of an NFS mount when >> you have a dedicated puppet CA, as on your non-CA servers there should >> be no need to ever write to that directory. >> >> >> On Wed, Nov 17, 2010 at 7:55 PM, Scott Smith <sc...@ohlol.net> wrote: >> > Oh, that's for sharing the puppetmaster SSL keypair between each other, >> > that's all. >> > >> > On Nov 17, 2010 3:53 PM, "Nigel Kersten" <ni...@puppetlabs.com> wrote: >> >> On Wed, Nov 17, 2010 at 1:29 PM, Scott Smith <sc...@ohlol.net> wrote: >> >>> nfs mount the puppetmaster ssl dir. seperate puppetca (set on clients) >> >>> play >> >>> with it and you'll figure it out :) >> >> >> >> Why do you need to nfs mount the puppetmaster SSL dir in this case >> >> Scott? >> >> >> >> There's no state to be shared if you're operating with a dedicated >> >> puppetca. >> >> >> >> >> >> >> >>> >> >>> On Nov 11, 2010 9:18 AM, "luke.bigum" <luke.bi...@fasthosts.co.uk> >> >>> wrote: >> >>>> Hi, >> >>>> >> >>>> Does anyone know if this document is up to date (besides the comment >> >>>> at the top saying it's not): >> >>>> >> >>>> >> >>>> >> >>>> >> >>>> http://projects.puppetlabs.com/projects/1/wiki/Multiple_Certificate_Authorities >> >>>> >> >>>> Or does anyone who has a load balanced multi puppet master with some >> >>>> kind of shared CA confirm that the procedure is accurate? >> >>>> >> >>>> -- >> >>>> You received this message because you are subscribed to the Google >> >>>> Groups >> >>>> "Puppet Users" group. >> >>>> To post to this group, send email to puppet-us...@googlegroups.com. >> >>>> To unsubscribe from this group, send email to >> >>>> puppet-users+unsubscr...@googlegroups.com. >> >>>> For more options, visit this group at >> >>>> http://groups.google.com/group/puppet-users?hl=en. >> >>>> >> >>> >> >>> -- >> >>> You received this message because you are subscribed to the Google >> >>> Groups >> >>> "Puppet Users" group. >> >>> To post to this group, send email to puppet-us...@googlegroups.com. >> >>> To unsubscribe from this group, send email to >> >>> puppet-users+unsubscr...@googlegroups.com. >> >>> For more options, visit this group at >> >>> http://groups.google.com/group/puppet-users?hl=en. >> >>> >> >> >> >> >> >> >> >> -- >> >> Nigel Kersten - Puppet Labs - http://www.puppetlabs.com >> >> >> >> -- >> >> You received this message because you are subscribed to the Google >> >> Groups >> >> "Puppet Users" group. >> >> To post to this group, send email to puppet-us...@googlegroups.com. >> >> To unsubscribe from this group, send email to >> >> puppet-users+unsubscr...@googlegroups.com. >> >> For more options, visit this group at >> >> http://groups.google.com/group/puppet-users?hl=en. >> >> >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "Puppet Users" group. >> > To post to this group, send email to puppet-us...@googlegroups.com. >> > To unsubscribe from this group, send email to >> > puppet-users+unsubscr...@googlegroups.com. >> > For more options, visit this group at >> > http://groups.google.com/group/puppet-users?hl=en. >> > >> >> >> >> -- >> Nigel Kersten - Puppet Labs - http://www.puppetlabs.com >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > > > -- > http://about.me/scoot > http://twitter.com/ohlol > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- Nigel Kersten - Puppet Labs - http://www.puppetlabs.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
