This may be a crazy question, but do we have to keep the generated client certs 
on the puppetca? What would be the harm in deleting them?

I ask because we have our puppetca geographically redundant, and we keep the 
certs synced with our old friend rsync.

If we didn't even try to store the certs, we wouldn't have to keep them in 
sync. We could run the CAs active-active. I'm pretty sure puppet-agent and 
server will continue to work just fine, right?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.


Reply via email to