In that diagram can you have a HA Master CA setup and HA Agent CA setup where there is a master and agent CA in each datacenter, but served by a VIP/Proxy/SRV record? Not exactly sure how CAs work when it comes to redundancy.
Corey On Tuesday, June 9, 2015 at 12:07:17 AM UTC-4, Trevor Vaughan wrote: > > Hi Corey, > > That setup should work just fine and be even easier now that everything > has a solid set of certs that don't cross over at all. > > If you're using PE, be sure to properly generate your role certificates > that are used by the Console, ActiveMQ, etc... > > Trevor > > On Mon, Jun 8, 2015 at 10:25 PM, Corey Osman <co...@logicminds.biz > <javascript:>> wrote: > >> Has anybody used this setup before? Any caveats? >> >> >> https://docs.puppetlabs.com/puppet/3.8/reference/config_ssl_external_ca.html#option-3-two-intermediate-cas-issued-by-one-root-ca >> >> Does this still apply when using puppet server 2.1? >> >> >> Corey >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users...@googlegroups.com <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/7E32D1B6-A700-4643-B210-BD0F28738B9C%40logicminds.biz >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 > tvau...@onyxpoint.com <javascript:> > > -- This account not approved for unencrypted proprietary information -- > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/fb2bcf99-43ed-447d-8bc5-1f2b8db2e81f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
