Did i figure out something new here, because I've been digging at this for a week and don't see anyone doing it like this.
What i'm doing is running multiple puppetmasters behind haproxy. Each puppetmaster is an active ca server and share a common certificate. It works like a charm, in a lab. Step 1. created a common certificate that all the puppetservers will share. Step 2. point webserver.conf to the shared certs. Not a step 3. hit the masters through haproxy I posted this up on ask.puppet.com a few days ago and nobody seems interest in it. Either it's a stale forum, which i believe is true, or they think i'm crazy. Maybe you do to, ugg.... Here is the orig. post with details on the setup. Puppet CA Shared Certificate Guide: Scalable Puppet? <https://ask.puppet.com/question/27876/puppet-ca-shared-certificate-guide-scalable-puppet/> I'm looking to put this into production on an infra. with around 200 nodes. I think it's a good idea, but can't figure out why I don't see anyone doing it like this yet. Million dollar question: Why must i use a centralized the ca server? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6dcd4a20-909c-4373-892f-0f7a3e69d19d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
