How many nodes is your puppetmaster currently servicing? I have one servicing about 700 nodes, splayed over an hour check-in interval, and any new nodes I add (that fall into my autosign subdomain) get signed immediately on their first puppet run.
-- Peter Bukowinski On Aug 29, 2012, at 8:50 PM, John Warburton <jwarbur...@gmail.com> wrote: > Hi Puppet Gurus > > I am running puppet 2.6.16, ruby 1.8.7-p249, on puppet server with passenger > on Apache. These are my gems: > builder (2.1.2) > fastthread (1.0.7) > mysql (2.8.1) > passenger (2.2.14) > rack (1.1.0) > rake (0.8.7) > > We manually manage autosign.conf to allow new builds to continue so > certificates can be signed automatically. This has been working well for a > couple of years, but I've always wondered what triggers the puppet master to > sign the certificate. We can wait 5-10 minutes for a signing request to be > fulfilled. > > We made a change last week to now use short names as the certificate names > (not FQDN) and now we're looking closer to 30 minutes for a request to be > signed :-( > > The only correlation I can see in the logs is that just before a request is > signed, a new puppetmasterd is spawned by passenger: > > Aug 28 22:15:09 engnadm010 puppet-master[26047]: [ID 702911 daemon.notice] > labcsvr004 has a waiting certificate request > Aug 28 22:24:06 engnadm010 puppet-master[26031]: [ID 702911 daemon.notice] > Compiled catalog for engnadm010.bfm.com in environment lab in 19.65 seconds > Aug 28 22:37:11 engnadm010 puppet-master[26031]: [ID 702911 daemon.notice] > labcsvr004 has a waiting certificate request > Aug 28 22:39:47 engnadm010 puppet-master[27717]: [ID 702911 daemon.notice] > Starting Puppet master version 2.6.16 > Aug 28 22:40:52 engnadm010 puppet-master[26047]: [ID 702911 daemon.notice] > Signed certificate request for labcsvr004 > > Here are my passenger Apache config entries: > PassengerHighPerformance on > PassengerMaxPoolSize 15 > PassengerPoolIdleTime 300 > PassengerUseGlobalQueue on > PassengerStatThrottleRate 120 > RackAutoDetect Off > RailsAutoDetect Off > > Is there any way I can speed up things so that puppet signs the request > immediately? > > Thanks > > John > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
