On Jan 8, 1:02 pm, trey85stang <trey85st...@gmail.com> wrote: > I'm trying to get an idea of what kind of backend setup I would need > to run puppet to manage roughly 6000 hosts.
No one else has asked, but what's the geographic/network distribution look like? > I see puppet by iteself is limited to 10-20; but with mongrel/apache > that number shoots up but I am not sure by how much? At puppet camp US I think responses were in the 300-1000 clients/ master range. A dual socket x86_64 whitebox should do at least a few hundred clients. Masters seem to be CPU bound almost all the time. Client run interval, catalog size, and storeconfigs are the biggest factors that come to mind. > 2. Should I let a high availability apache frontend manage a puppet > backend? Using a front end load balancer, Apache or hardware (F5 etc), works fine. Depending on your DNS control there's also a pending feature to support SRV records for clients to find masters. > 3. What is the best way to manage client signing and keeping the pem/ > files in sync across such a backend? I'd suggest a single/central CA. The certificate signing/creation ties easily in to the host provisioning (kickstart definition/ec2 setup/ etc) step. Signing on each master works fine, but hinders later management. The CRL/inventory becomes worthless, for example. Storeconfigs is a special issue. At puppet camp SF show of hands had only two large (1000+) sites using store configs. Three or four more wanted to, but couldnt take the performance hit, as I recall. An SQL server is required, with postgres mysql & oracle supported IIRC. The performance requirements for that machine shouldn't be too bad. The dataset should be in the MB range, easy to keep in memory. Setting thin_storeconfigs on the masters makes a very large difference in compilation time. A (very) rough estimate for compilation times of 300 resources: 6s with "full" storeconfigs, 3-4s with 'thin' storeconfigs, and 2s without. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
