Re: [Puppet Users] puppetmaster HA

2010-09-12 Thread John Ferlito
On Fri, Sep 10, 2010 at 03:09:50PM -0700, Nigel Kersten wrote: > On Fri, Sep 10, 2010 at 10:40 AM, Steven wrote: > > You need to setup a global CA infrastructure. This would be one root with > > all the puppet servers being trusted. Then any puppet server can sign certs > > and accept certs signed

Re: [Puppet Users] puppetmaster HA

2010-09-10 Thread Nigel Kersten
On Fri, Sep 10, 2010 at 4:44 PM, John Ferlito wrote: > On Fri, Sep 10, 2010 at 03:09:50PM -0700, Nigel Kersten wrote: >> On Fri, Sep 10, 2010 at 10:40 AM, Steven wrote: >> > You need to setup a global CA infrastructure. This would be one root with >> > all the puppet servers being trusted. Then a

Re: [Puppet Users] puppetmaster HA

2010-09-10 Thread Jack Johnson
On Fri, Sep 10, 2010 at 2:09 PM, Nigel Kersten wrote: > Or set up a single CA server and use the 'ca_server' directive on your > clients, removing all CA functionality from your "normal" > puppetmasters with --no-ca. Sweeet! -Jack -- You received this message because you are subscribed to the

Re: [Puppet Users] puppetmaster HA

2010-09-10 Thread Nigel Kersten
> > From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] > On Behalf Of Sukh Khehra > Sent: Friday, September 10, 2010 9:10 AM > To: puppet-users@googlegroups.com > Subject: [Puppet Users] puppetmaster HA > > > > I recently lost the only puppetmaster

RE: [Puppet Users] puppetmaster HA

2010-09-10 Thread Steven
Sukh Khehra Sent: Friday, September 10, 2010 9:10 AM To: puppet-users@googlegroups.com Subject: [Puppet Users] puppetmaster HA I recently lost the only puppetmaster for a datacenter. I ended up having to build a new one and then hit all clients to remove /var/lib/puppet/ssl and point them to the

Re: [Puppet Users] puppetmaster HA

2010-09-10 Thread Silviu Paragina
Also you might be interested in putting a vote on this ticket ;) (DNS SRV support for puppet) http://projects.reductivelabs.com/issues/3669 Silviu On 10.09.2010 19:09, Sukh Khehra wrote: I recently lost the only puppetmaster for a datacenter. I ended up having to build a new one and then h

Re: [Puppet Users] puppetmaster HA

2010-09-10 Thread Nigel Kersten
On Fri, Sep 10, 2010 at 9:09 AM, Sukh Khehra wrote: > I recently lost the only puppetmaster for a datacenter. I ended up having to > build a new one and then hit all clients to remove /var/lib/puppet/ssl and > point them to the new one I built. That was not fun. > > > > I can start backing up the

[Puppet Users] puppetmaster HA

2010-09-10 Thread Sukh Khehra
I recently lost the only puppetmaster for a datacenter. I ended up having to build a new one and then hit all clients to remove /var/lib/puppet/ssl and point them to the new one I built. That was not fun. I can start backing up the CA infrastructure on the puppetmaster I suppose but I am wonde