Vipul Ramani wrote:> 1) is it possible to store client''s certificate in LDAP instead
of
> file ( on puppetmaster/etc/puppet/ssl/ca...) ? as i see schema , i
> feel it does not supported ... But Luke are you plan to do some
> enhancement on LDAP features ?
>
This is how I understand things:
In terms of authentication, puppetmasterd should not need the client''s
actual certificate as it was signed by the CA - anything signed by the
CA is inherently trusted.
So you can set up a 3rd machine as your CA server, and run multiple
puppet masters.
> 2) If i copy all files including certificates from puppetmaster-
> server1 to puppetmaster-server2..so in this case all puppet-client can
> communicate to puppetmaster-server2 ( hostname of puppetmaster-server1
> and puppetmaster-server2 are same).
> I am thinking of this reason i want minimum downtime when my
> puppetmaster server is unavailable for longer time ( crash or some
> other reasons )
There is some stuff on the wiki about it as well, search for mongrel or
something.
-scott
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---