Only if all your servers use the *same* certificate and are listed as alternate DNS names in certdnsnames. (Search the group for certdnsnames for examples - including mine)
John On 30 November 2010 04:24, CraftyTech <hmmed...@gmail.com> wrote: > I'm only using one master for CA (following > http://bodepd.com/wordpress/?p=7). > But When I run puppetd -t from a client, against an alternate master > (puppetd -t --server alt_master.domain.com), I get "err: Could not > retrieve catalog from remote server: hostname not match with the > server certificate". Shouldn't I be able to run puppet against any of > the masters? > > Thanks, > > > > On Nov 18, 3:43 pm, Nigel Kersten <ni...@puppetlabs.com> wrote: > > On Thu, Nov 18, 2010 at 12:01 PM, Scott Smith <sc...@ohlol.net> wrote: > > > Puppetmasters (the puppetmasterds serving catalogs) don't need access > to the > > > same SSL dir the Puppet CA (the puppetmasterd signing and revoking > certs). > > > But, they do need to share the private key for presenting > thecertificate > > > for puppet.domain.com. And the CRL as well, if you use it. That > directory > > > doesn't have to be shared via NFS. You could rsync the ssl directory > between > > > your puppetmasters. > > > > Absolutely. I just try to avoid NFS where possible. > > > > > > > > > > > > > > > > > > > > > > > > > On Thu, Nov 18, 2010 at 9:00 AM, Nigel Kersten <ni...@puppetlabs.com> > wrote: > > > > >> I think it's a bad idea to deal with the overhead of an NFS mount when > > >> you have a dedicated puppet CA, as on your non-CA servers there should > > >> be no need to ever write to that directory. > > > > >> On Wed, Nov 17, 2010 at 7:55 PM, Scott Smith <sc...@ohlol.net> wrote: > > >> > Oh, that's for sharing the puppetmaster SSL keypair between each > other, > > >> > that's all. > > > > >> > On Nov 17, 2010 3:53 PM, "Nigel Kersten" <ni...@puppetlabs.com> > wrote: > > >> >> On Wed, Nov 17, 2010 at 1:29 PM, Scott Smith <sc...@ohlol.net> > wrote: > > >> >>> nfs mount the puppetmaster ssl dir. seperate puppetca (set on > clients) > > >> >>> play > > >> >>> with it and you'll figure it out :) > > > > >> >> Why do you need to nfs mount the puppetmaster SSL dir in this case > > >> >> Scott? > > > > >> >> There's no state to be shared if you're operating with a dedicated > > >> >> puppetca. > > > > >> >>> On Nov 11, 2010 9:18 AM, "luke.bigum" <luke.bi...@fasthosts.co.uk > > > > >> >>> wrote: > > >> >>>> Hi, > > > > >> >>>> Does anyone know if this document is up to date (besides the > comment > > >> >>>> at the top saying it's not): > > > > >> >>>> > http://projects.puppetlabs.com/projects/1/wiki/Multiple_Certificate_A... > > > > >> >>>> Or does anyone who has a load balanced multi puppet master with > some > > >> >>>> kind of shared CA confirm that the procedure is accurate? > > > > >> >>>> -- > > >> >>>> You received this message because you are subscribed to the > Google > > >> >>>> Groups > > >> >>>> "Puppet Users" group. > > >> >>>> To post to this group, send email to > puppet-us...@googlegroups.com. > > >> >>>> To unsubscribe from this group, send email to > > >> >>>> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > > >> >>>> For more options, visit this group at > > >> >>>>http://groups.google.com/group/puppet-users?hl=en. > > > > >> >>> -- > > >> >>> You received this message because you are subscribed to the Google > > >> >>> Groups > > >> >>> "Puppet Users" group. > > >> >>> To post to this group, send email to > puppet-us...@googlegroups.com. > > >> >>> To unsubscribe from this group, send email to > > >> >>> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > > >> >>> For more options, visit this group at > > >> >>>http://groups.google.com/group/puppet-users?hl=en. > > > > >> >> -- > > >> >> Nigel Kersten - Puppet Labs - http://www.puppetlabs.com > > > > >> >> -- > > >> >> You received this message because you are subscribed to the Google > > >> >> Groups > > >> >> "Puppet Users" group. > > >> >> To post to this group, send email to puppet-users@googlegroups.com > . > > >> >> To unsubscribe from this group, send email to > > >> >> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > > >> >> For more options, visit this group at > > >> >>http://groups.google.com/group/puppet-users?hl=en. > > > > >> > -- > > >> > You received this message because you are subscribed to the Google > > >> > Groups > > >> > "Puppet Users" group. > > >> > To post to this group, send email to puppet-us...@googlegroups.com. > > >> > To unsubscribe from this group, send email to > > >> > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > > >> > For more options, visit this group at > > >> >http://groups.google.com/group/puppet-users?hl=en. > > > > >> -- > > >> Nigel Kersten - Puppet Labs - http://www.puppetlabs.com > > > > >> -- > > >> You received this message because you are subscribed to the Google > Groups > > >> "Puppet Users" group. > > >> To post to this group, send email to puppet-us...@googlegroups.com. > > >> To unsubscribe from this group, send email to > > >> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > > >> For more options, visit this group at > > >>http://groups.google.com/group/puppet-users?hl=en. > > > > > -- > > >http://about.me/scoot > > >http://twitter.com/ohlol > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Puppet Users" group. > > > To post to this group, send email to puppet-us...@googlegroups.com. > > > To unsubscribe from this group, send email to > > > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > > > For more options, visit this group at > > >http://groups.google.com/group/puppet-users?hl=en. > > > > -- > > Nigel Kersten - Puppet Labs - http://www.puppetlabs.com > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
