Re: [Puppet Users] puppetmaster HA

2010-09-12 Thread John Ferlito
On Fri, Sep 10, 2010 at 03:09:50PM -0700, Nigel Kersten wrote: > On Fri, Sep 10, 2010 at 10:40 AM, Steven wrote: > > You need to setup a global CA infrastructure. This would be one root with > > all the puppet servers being trusted. Then any puppet server can sign certs > > and accept certs signed

Re: [Puppet Users] puppetmaster HA

2010-09-10 Thread Nigel Kersten
On Fri, Sep 10, 2010 at 4:44 PM, John Ferlito wrote: > On Fri, Sep 10, 2010 at 03:09:50PM -0700, Nigel Kersten wrote: >> On Fri, Sep 10, 2010 at 10:40 AM, Steven wrote: >> > You need to setup a global CA infrastructure. This would be one root with >> > all the puppet servers being trusted. Then a

Re: [Puppet Users] puppetmaster HA

2010-09-10 Thread Jack Johnson
On Fri, Sep 10, 2010 at 2:09 PM, Nigel Kersten wrote: > Or set up a single CA server and use the 'ca_server' directive on your > clients, removing all CA functionality from your "normal" > puppetmasters with --no-ca. Sweeet! -Jack -- You received this message because you are subscribed to the

Re: [Puppet Users] puppetmaster HA

2010-09-10 Thread Nigel Kersten
On Fri, Sep 10, 2010 at 10:40 AM, Steven wrote: > Hi Sukh, > > > > This has always been possible and it was on my list of things to do. My idea > was to make systems use the server in their data center and fail over to > another data center if it was not responding. > > > > You need to setup a glo

RE: [Puppet Users] puppetmaster HA

2010-09-10 Thread Steven
Hi Sukh, This has always been possible and it was on my list of things to do. My idea was to make systems use the server in their data center and fail over to another data center if it was not responding. You need to setup a global CA infrastructure. This would be one root with all the pupp

Re: [Puppet Users] puppetmaster HA

2010-09-10 Thread Silviu Paragina
Also you might be interested in putting a vote on this ticket ;) (DNS SRV support for puppet) http://projects.reductivelabs.com/issues/3669 Silviu On 10.09.2010 19:09, Sukh Khehra wrote: I recently lost the only puppetmaster for a datacenter. I ended up having to build a new one and then h

Re: [Puppet Users] puppetmaster HA

2010-09-10 Thread Nigel Kersten
On Fri, Sep 10, 2010 at 9:09 AM, Sukh Khehra wrote: > I recently lost the only puppetmaster for a datacenter. I ended up having to > build a new one and then hit all clients to remove /var/lib/puppet/ssl and > point them to the new one I built. That was not fun. > > > > I can start backing up the