On Tue, 2011-12-20 at 07:14 -0800, ollies...@googlemail.com wrote: > Thanks. > > I assume that the section in this:- > http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Scalability > > Stating that is doesn't work for 0.25 & 2.6 also applies to the 2.7.9 > release that is the latest ?
Yes, I believe chained CA are still not working in 2.7.x, if that's what you meant. > Sharing an area via NFS/iSCSI/rsync'ing or whatever is potentially > viable does anyone know how this would be possible with different > hostnames serving the certs and the traffic being directed via a load- > balancer ? That's easy: dedicate two host to be CAs only. One is the hot standby of the first one. You can either manually bring it up when the first one fails, or use something like drbd+pacemaker to do it automatically. Then have all your other masters run in "no ca" mode. Each can have a different server CN, or they can share the same server certificate. This is explained in length in the Pro puppet [1] book if you need. > Maybe it's just not possible right now and I am flogging a dead horse > and should accept a SPOF for a CA but can easily scale out the > puppetmasters fine. The simplest architecture for load balanced puppet is the single CA one, of course that means you can live with the SPOF. BTW, the SPOF is only at certificate signing. In the event your CA becomes unresponsive, it won't prevent your actual nodes to get a catalog. I highly recommend you to get a copy of the "Pro Puppet" book. It contains an extensive chapter on load balancing puppet master (both with the SPOF and without it). [1]: http://www.apress.com/9781430230571 -- Brice Figureau Follow the latest Puppet Community evolutions on www.planetpuppet.org! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
