That could get ugly, so I would have to create one CA, sign it then distribute it to all of my masters. Then also delete my certs on the clients and re-issue new ones.
Is my thinking correct here? -Chris On Wed, Jan 4, 2012 at 3:31 PM, Nan Liu <n...@puppetlabs.com> wrote: > On Wed, Jan 4, 2012 at 12:12 PM, Christopher Johnston > <chjoh...@gmail.com> wrote: > > My inventory server is a puppetmaster, but its master of itself and is > only > > being using for inventory services. If I point new clients to it will > work > > fine. > > > > So think of my setup like this: > > > > puppet1.company.com and puppet2.company.com are two dedicated servers in > > each datacenter that handle local client connectivity only. By using > > certname=puppet I can copy the same CA to puppet2.company.com and > support > > failing over if the primary server goes down. This setup is mimic'ed in > > about 20 other sites. > > > > The inventory server is a remote puppet master sitting in a backoffice > > datacenter that is setup with mysql and puppet dashboard to receive > reports > > and inventory services from all 40 of the masters. > > > > So with this current arrangement how would I go about making sure the > > inventory server has a cert that is signed by the 40 other CAs. > > Certificate chain is an outstanding bug, so at the moment one CA sign > all puppet master + inventory server cert. > > Nan > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
