I've been putting of on making my Puppet master redundant for quite a while now, but it's starting to become an issue now. So I'm starting to put this as a higher importance issue.
Although making the master itself highly available isn't much of a problem (I've already running it behind a load balancer in anticipation of making it HA). But the problem is the CA "part" of Puppet. I guess it would be (theoretically) possible to put the Puppet master directory on a shared filesystem and have all Puppet masters use that as their storage. This also seems to be the recommended way to do it, but something about that just puts me off! But I have need for a CA for other purposes anyway, so I've been, for the last year (on and off), looking into Hashicorps Vault. >From the documentation and the information I've seen so far about Vault, it could solve a whole bunch of problems for me, not just the distributed CA part. It can acts as a CA, but is there any way to integrate that into Puppet? As in, having Vault acts as the CA for the Puppet master(s)? Any API one could "hook into" to make this happen? I don't "speak" Ruby (or Go), so can't dig into that myself. PS. Many seems to use Puppet in a masterless capacity, and that would of course negate this CA problem, but for various reasons, I don't want to do that (respect the decision please). -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d00c8d23-c32b-4017-85a1-b86a628447d8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
