Hi, Currently we have 3 puppet masters behind a VIP load balanced (by hardware load balancer). We have an NFS mount share across the 3 servers which stores the puppet code and certificates etc. We have some proxy balancers on the hosts for CA with the 1st puppet master being the active worker and the hot standby being the second server, because of these being balanced we also have all requests other than the certificates proxy passed to just one instance on port 18140 on each servers .
I'm wanting to ask several questions about this:- - Do you think that the CA needs to be set up master/standby since the certificate directory is shared - I'm not sure on this since techniquely I guess you could have problems when 2 or more puppet masters sign certs at the same time, because of the serial number? - If a CA master/standby is needed do the other requests really need to go via the proxy as well. We are running into some 502/503 errors when the puppet masters are loaded, I'm wandering whether that would happen less if it wasn't doing the proxy pass Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c618a0d6-317b-440f-bf62-64993e084792%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
