Puppet users - Sep 2013 - Setting up an HA Puppet console using HAProxy

Hi all,

I''m trying to set up an HA Puppet 3 (PE3) console. My goal is to use 
HAProxy to present the puppet VIP, and have two load balance Puppet Masters 
in behind.

My plan goes along the following lines. The first PM would be the active CA 
*and* console. Port 443 and 8140 will need to be handled by HAProxy, but 
I''m not certain how this should be set up.

Database and MCollective aside, I understand the process for setting up the 
2nd server is similar to the first, but we need a ca_server => false in the 
puppet.conf as we should only have one CA active.

If I load balance 8140 to both boxes, that will mean that regular Puppet 
traffic may be OK, but the agent CSR will be round robin distributed to the 
2ndary which is not running an active CA...hmmm. Not good.

Maybe update the apache code to make SSL certificate magic run on a 
different port, or?

Does anybody have any advice on what to do with regards to the secondary 
console, which I''m assuming must be passive whilst the first is
running?

I suppose my question is around how to set up a load balanced pair of 
Puppet Masters (PE3), using HAProxy. Any experiences, or guides? 

My brain is hurting.

Thanks

Steven

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.