I'm only using one master for CA (following http://bodepd.com/wordpress/?p=7). But When I run puppetd -t from a client, against an alternate master (puppetd -t --server alt_master.domain.com), I get "err: Could not retrieve catalog from remote server: hostname not match with the server certificate". Shouldn't I be able to run puppet against any of the masters?
Thanks, On Nov 18, 3:43 pm, Nigel Kersten <ni...@puppetlabs.com> wrote: > On Thu, Nov 18, 2010 at 12:01 PM, Scott Smith <sc...@ohlol.net> wrote: > > Puppetmasters (the puppetmasterds serving catalogs) don't need access to the > > same SSL dir the Puppet CA (the puppetmasterd signing and revoking certs). > > But, they do need to share the private key for presenting thecertificate > > for puppet.domain.com. And the CRL as well, if you use it. That directory > > doesn't have to be shared via NFS. You could rsync the ssl directory between > > your puppetmasters. > > Absolutely. I just try to avoid NFS where possible. > > > > > > > > > > > > > On Thu, Nov 18, 2010 at 9:00 AM, Nigel Kersten <ni...@puppetlabs.com> wrote: > > >> I think it's a bad idea to deal with the overhead of an NFS mount when > >> you have a dedicated puppet CA, as on your non-CA servers there should > >> be no need to ever write to that directory. > > >> On Wed, Nov 17, 2010 at 7:55 PM, Scott Smith <sc...@ohlol.net> wrote: > >> > Oh, that's for sharing the puppetmaster SSL keypair between each other, > >> > that's all. > > >> > On Nov 17, 2010 3:53 PM, "Nigel Kersten" <ni...@puppetlabs.com> wrote: > >> >> On Wed, Nov 17, 2010 at 1:29 PM, Scott Smith <sc...@ohlol.net> wrote: > >> >>> nfs mount the puppetmaster ssl dir. seperate puppetca (set on clients) > >> >>> play > >> >>> with it and you'll figure it out :) > > >> >> Why do you need to nfs mount the puppetmaster SSL dir in this case > >> >> Scott? > > >> >> There's no state to be shared if you're operating with a dedicated > >> >> puppetca. > > >> >>> On Nov 11, 2010 9:18 AM, "luke.bigum" <luke.bi...@fasthosts.co.uk> > >> >>> wrote: > >> >>>> Hi, > > >> >>>> Does anyone know if this document is up to date (besides the comment > >> >>>> at the top saying it's not): > > >> >>>>http://projects.puppetlabs.com/projects/1/wiki/Multiple_Certificate_A... > > >> >>>> Or does anyone who has a load balanced multi puppet master with some > >> >>>> kind of shared CA confirm that the procedure is accurate? > > >> >>>> -- > >> >>>> You received this message because you are subscribed to the Google > >> >>>> Groups > >> >>>> "Puppet Users" group. > >> >>>> To post to this group, send email to puppet-us...@googlegroups.com. > >> >>>> To unsubscribe from this group, send email to > >> >>>> puppet-users+unsubscr...@googlegroups.com. > >> >>>> For more options, visit this group at > >> >>>>http://groups.google.com/group/puppet-users?hl=en. > > >> >>> -- > >> >>> You received this message because you are subscribed to the Google > >> >>> Groups > >> >>> "Puppet Users" group. > >> >>> To post to this group, send email to puppet-us...@googlegroups.com. > >> >>> To unsubscribe from this group, send email to > >> >>> puppet-users+unsubscr...@googlegroups.com. > >> >>> For more options, visit this group at > >> >>>http://groups.google.com/group/puppet-users?hl=en. > > >> >> -- > >> >> Nigel Kersten - Puppet Labs - http://www.puppetlabs.com > > >> >> -- > >> >> You received this message because you are subscribed to the Google > >> >> Groups > >> >> "Puppet Users" group. > >> >> To post to this group, send email to puppet-us...@googlegroups.com. > >> >> To unsubscribe from this group, send email to > >> >> puppet-users+unsubscr...@googlegroups.com. > >> >> For more options, visit this group at > >> >>http://groups.google.com/group/puppet-users?hl=en. > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Puppet Users" group. > >> > To post to this group, send email to puppet-us...@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > puppet-users+unsubscr...@googlegroups.com. > >> > For more options, visit this group at > >> >http://groups.google.com/group/puppet-users?hl=en. > > >> -- > >> Nigel Kersten - Puppet Labs - http://www.puppetlabs.com > > >> -- > >> You received this message because you are subscribed to the Google Groups > >> "Puppet Users" group. > >> To post to this group, send email to puppet-us...@googlegroups.com. > >> To unsubscribe from this group, send email to > >> puppet-users+unsubscr...@googlegroups.com. > >> For more options, visit this group at > >>http://groups.google.com/group/puppet-users?hl=en. > > > -- > >http://about.me/scoot > >http://twitter.com/ohlol > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > >http://groups.google.com/group/puppet-users?hl=en. > > -- > Nigel Kersten - Puppet Labs - http://www.puppetlabs.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
