You'll need one or more mysql servers if you use storedconfigs. Storedconfigs can be useful, but will drastically increase the server CPU usage and will require a mysql backend. You can always turn it on later.
There are two (working) ways to setup SSL which is used for authentication and security. When last I checked, the "chained certificates" method still doesn't work due to bugs. 1) Copy the same certificate authority to each server. This is easy to do, but will break certificate revocation lists (CRL). 2) Dedicate one computer to be the certificate authority. Requires more client config, but allows CRLs to work. On Jan 8, 2011, at 2:11 PM, trey85stang wrote: > Thanks for the reply, is there any documentation available on this > type of setup? Where would the sql servers come into play? > > On Jan 8, 4:06 pm, "Eduardo S. Scarpellini" <scarpell...@gmail.com> > wrote: >> My suggestions for big scenarios is: mod_passenger/apache22 (+ >> ruby-enterprise), subversion (or another scm you like), puppet2.6.4 + >> stored_configs_async, some stomp server (like activemq), and a couple of >> mysql servers. >> You don't need to sync the ssl keys (pem, etc) between backend servers, >> since you copy your CA to all of them. >> Mongrels + proxy_http is not a good idea for high loads scenarios and you >> should consider a hardware load balancer and separation of the puppet >> instances in manifests-server and file-server. >> >> 2011/1/8 trey85stang <trey85st...@gmail.com> >> >> >> >>> I'm trying to get an idea of what kind of backend setup I would need >>> to run puppet to manage roughly 6000 hosts. >> >>> I see puppet by iteself is limited to 10-20; but with mongrel/apache >>> that number shoots up but I am not sure by how much? >> >>> Im still new to puppet and running it in a lab but want to take it to >>> our production environment but there are some details that I need to >>> work out but thought I would pose this question first since there are >>> surely people who have already went through all this already. >> >>> 1. With a 1000mb connection, how many clients can I serve with >>> mongrel apache/setup? I'm guessing around 200-300? or can it take >>> more? >> >>> 2. Should I let a high availability apache frontend manage a puppet >>> backend? >> >>> ( i.e. load balance port 8140 from apache to multiple puppet backend >>> servers like so: >>> <Proxy balancer://puppetmaster> >>> BalancerMemberhttp://10.0.0.10:18140 >>> BalancerMemberhttp://10.0.0.10:18141 >>> BalancerMemberhttp://10.0.0.10:18142 >>> BalancerMemberhttp://10.0.0.10:18143 >>> BalancerMemberhttp://10.0.0.11:18140 >>> BalancerMemberhttp://10.0.0.11:18141 >>> BalancerMemberhttp://10.0.0.11:18142 >>> BalancerMemberhttp://10.0.0.11:18143 >>> BalancerMemberhttp://10.0.0.12:18140 >>> BalancerMemberhttp://10.0.0.12:18141 >>> BalancerMemberhttp://10.0.0.12:18142 >>> BalancerMemberhttp://10.0.0.12:18143 >>> </Proxy> >>> ) >> >>> 3. What is the best way to manage client signing and keeping the pem/ >>> files in sync across such a backend? >> >>> 4. Am I thinking about this type of setup all wrong? >> >>> Any advice appreciated >> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To post to this group, send email to puppet-us...@googlegroups.com. >>> To unsubscribe from this group, send email to >>> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> >>> . >>> For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >> >> -- >> Eduardo S. Scarpellini >> <scarpell...@gmail.com> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
