Which option did you take? I picked the load balancer option with a single CA
(worked for me), so I needed:
0) configure puppet.conf on the agent hosts
server = lbname.me.com
ca_server = capm.me.com
1) Subject Alternative Name certs on the puppetmasters
First agent run (on pm1.me.com) using:
puppet agent --no-daemonize --onetime --dns_alt_names=lbname.me.com
Then on the CA puppetmaster:
puppet cert sign --allow-dns-alt-names pm.me.com
In your situation I would probably have my provisioning system (razor, cobbler,
etc.) provision /etc/puppet/puppet.conf with "dns-alt-names = host-eth1.me.com"
and use a shell script wrapper to always include the --allow-dns-alt-names so
that I didn't have to remember it when signing certs.
Now obviously nobody asked you about this infrastructure, but have you
explained that connecting to the correct interface is more about routing and
dns than ssl? And since you're asking for thoughts, you could pass on my
opinion that somebody is making this into far more work than it has to be.
("Some guy on the internet who claims to do puppet things for work thinks this
is daft.")
On Thu, Apr 16, 2015 at 03:13:26PM +0000, Peter Berghold wrote:
> Is there a more up to date process for this process than this page?
> [1]https://docs.puppetlabs.com/guides/scaling_multiple_masters.html
> I followed this process and now have a dead puppet. Glad I made backups
> of the SSL directory.
> What I'm trying to accomplish is due to a architecture that was forced
> upon me I have to have two names for each of the masters I'm running in my
> environment such that
> host.domain.tld
> host-eth1.domain.tld
> will work.. The second entry is needed to make sure agents connect to the
> correct interface on the puppet master.
> Thoughts anybody?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [2]puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
>
> [3]https://groups.google.com/d/msgid/puppet-users/CAArvnv04afhj6w90jJoYN3idzT42Aw5ZkSocH_Uh%2B_4MzQj3WA%40mail.gmail.com.
> For more options, visit [4]https://groups.google.com/d/optout.
>
> References
>
> Visible links
> 1. https://docs.puppetlabs.com/guides/scaling_multiple_masters.html
> 2. mailto:puppet-users+unsubscr...@googlegroups.com
> 3.
> https://groups.google.com/d/msgid/puppet-users/CAArvnv04afhj6w90jJoYN3idzT42Aw5ZkSocH_Uh%2B_4MzQj3WA%40mail.gmail.com?utm_medium=email&utm_source=footer
> 4. https://groups.google.com/d/optout
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/20150416155859.GA14145%40iniquitous.heresiarch.ca.
For more options, visit https://groups.google.com/d/optout.
