Sorry ... I didn't really follow that link in my setup ... just thought it would be a good reference as I don't have anything documented. Another good thing to note is that article uses NGINX.
I'm cheating and am not FULLY redundant. We have a single CA PM that is not balanced against or redundant for other 'workhorse' PMs. And I don't worry about CRLs right now. :( It's something I want to get addressed, but not a priority atm. As for doing an active/active the way I am, my haproxy looks similar to the one in the link except no lines have 'backup' in them. Again, no DRBD which is mainly for the cert stuff and that is all handled by a single node (I set ca_server to my CA PM on all nodes). But, maybe you could have a shared NFS/storage for the certificates to address it? Regards, Jake On Wednesday, June 20, 2012 10:44:19 AM UTC-5, Felix.Frank wrote: > > On 06/20/2012 05:39 PM, Jake - USPS wrote: > > I'll add that we do loadbalance across multiple puppetmasters. At first > > we were using DNS round-robin to do it, and now use haproxy which a good > > article on utilizing was written up not too long > > ago http://blog.ronvalente.net/blog/2012/05/19/puppet/. > > Fascinating. What I don't get is: This describes an active/passive setup > (note how one server is configured as 'backup' in haproxy), yet speaks > of loadbalancing. > > Would you elaborate on how you manage to go active/active (especially > seeing as DRBD is involved)? > > Thanks, > > Felix > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/3pDdbJw-s4YJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
