Hi Luke, thanks a lot for this information, it will be very useful. Sorry I didn't reply earlier...
I was particularly interested in this bit as it seems it would back up my preference to tell the boss we need to make each DC independent with it's own CA master :) Much simpler in my opinion. Cheers Chris > Intermediate Certs looks a bit fiddly but might be an option. >> Just to clarify, using these would mean we could also standup new >> client-servers in the other DCs if the main DC goes down? >> > > No, if you've got one CA / Signing Master, any new agent (fresh install) > would send it's CA signing requests to your Signing Master, also sometimes > called a Master of Masters. If you had a critical need you could turn one > of your existing masters in a DC into a CA, and then fix up the certs later > - basically destroy and re-add all the Agents once the main DC was back > online. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3db23025-14d3-47fb-830b-edab6f0f028a%40googlegroups.com.
