This may be a crazy question, but do we have to keep the generated client certs on the puppetca? What would be the harm in deleting them?
I ask because we have our puppetca geographically redundant, and we keep the certs synced with our old friend rsync. If we didn't even try to store the certs, we wouldn't have to keep them in sync. We could run the CAs active-active. I'm pretty sure puppet-agent and server will continue to work just fine, right? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.