On Sat, Jul 30, 2011 at 10:38 PM, James Turnbull <ja...@puppetlabs.com>wrote:
> Douglas Garstang wrote: > > Well, this is frustrating. > > > > Let's say I have two puppet masters, where one is active, and the other > > is a hot stand by. Obviously each is going to have a different FQDN. > > Everything will work fine when the client talks to the server that > > signed it's certificate. However, after a failover to the secondary > > master, it's all going to fail because the FQDN of the master will not > > match. > > > > I've been searching around, reading the mailing list, and am surprised > > to find very little information on this. The new "Pro Puppet" book skims > > over this detail. You'd think they'd have some proof it before selling > it. > > > > Douglas > > Did you read the chapter carefully? The Front End Load Balancer > Configuration section explains this pretty clearly. > > Several times. Starts on page 99. Can't find any reference to it. Also, I'd like to point out, that the book talks initially about setting up a separate primary and secondary CA, but after mentioning that these should go on a separate server, only details how to do it on the puppet master. Putting the CA function on a different server is not a trivial thing and I spent a few hours yesterday reading between the lines, trying to work out how to put in on a separate server, and finally gave up about 1am this morning. Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
