Hi Today I tried to configure puppet for failover. I would like to have two puppet masters, one active and the other not active. Then I would migrate the IP address, and puppet would become active on the other node. Configuration I would like to put on a NAS share. Do you think this is feasible? Has anybody done that successfully? I thought to put only /etc/puppet and the ssl directory on the nas. Will that work? BR, Rene --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Thu, Oct 29, 2009 at 11:49 AM, Rene <rene.zbinden@gmail.com> wrote:> > Hi > > Today I tried to configure puppet for failover. I would like to have > two puppet masters, one active and the other not active. Then I would > migrate the IP address, and puppet would become active on the other > node. Configuration I would like to put on a NAS share. > > Do you think this is feasible? Has anybody done that successfully? I > thought to put only /etc/puppet and the ssl directory on the nas. Will > that work?Your puppet config is all in a VCS right? So why not just keep the local checkout of that in sync on both servers?> > BR, Rene > > >-- nigel --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Thu, Oct 29, 2009 at 3:27 PM, Nigel Kersten <nigelk@google.com> wrote:> > On Thu, Oct 29, 2009 at 11:49 AM, Rene <rene.zbinden@gmail.com> wrote: >> >> Hi >> >> Today I tried to configure puppet for failover. I would like to have >> two puppet masters, one active and the other not active. Then I would >> migrate the IP address, and puppet would become active on the other >> node. Configuration I would like to put on a NAS share. >> >> Do you think this is feasible? Has anybody done that successfully? I >> thought to put only /etc/puppet and the ssl directory on the nas. Will >> that work? > > Your puppet config is all in a VCS right? So why not just keep the > local checkout of that in sync on both servers? > >>I think that, in general, using NAS could be ok, but you need to consider dependency failures (e.g., the NFS server won''t start until Puppet starts, but Puppet needs the NFS server up). The straightforward answer there is to *not* have your NFS server dependent on Puppet for startup (have Puppet run *after* NFS starts, for example). Another major consideration is performance. Benchmark and watch performance carefully. This would be my biggest concern for using NAS to manage failover. Depending on your NAS, you should also carefully consider your failure modes: i.e., have you taken out the Puppet master server being a single point of failure only to insert your NAS as the new single point of failure? There are various HA NAS solutions out there, so there are plenty of solutions for this. One other item is that you probably want /var/puppet as well as /etc/puppet in NAS; i.e., the various spooled items like filebuckets are pretty important. Steven --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
This will definitely work, I have this setup : two puppetmasters, sharing a vip with heartbeat, both running nginx + mongrel. /etc/puppet is populated through subversion (automatic checkout). /var/lib/puppet is NFS mounted (SPOF, could be an iSCSI disk with ocfs2 filesystem). This works perfectly since months. Regards, Nico. ----- Mail Original ----- De: "Rene" <rene.zbinden@gmail.com> À: "Puppet Users" <puppet-users@googlegroups.com> Envoyé: Jeudi 29 Octobre 2009 19:49:52 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: [Puppet Users] puppet failover Hi Today I tried to configure puppet for failover. I would like to have two puppet masters, one active and the other not active. Then I would migrate the IP address, and puppet would become active on the other node. Configuration I would like to put on a NAS share. Do you think this is feasible? Has anybody done that successfully? I thought to put only /etc/puppet and the ssl directory on the nas. Will that work? BR, Rene --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
We just have 3 puppet masters and sync the configs from one master-master to 2 master-slaves. Works very well. We have certs setup so a client can connect to any of the masters. -- Brian Akins --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Hi, thanks for the quick answers. Did you create a link /var/lib/puppet that points to the nas share? Did you use the autosign option? BR, Rene On Oct 29, 9:38 pm, Nicolas Szalay <nsza...@qualigaz.com> wrote:> This will definitely work, I have this setup : two puppetmasters, sharing a > vip with heartbeat, both running nginx + mongrel. /etc/puppet is populated > through subversion (automatic checkout). /var/lib/puppet is NFS mounted (SPOF, > could be an iSCSI disk with ocfs2 filesystem). This works perfectly since months. > > Regards, > > Nico. > > ----- Mail Original ----- > De: "Rene" <rene.zbin...@gmail.com> > À: "Puppet Users" <puppet-users@googlegroups.com> > Envoyé: Jeudi 29 Octobre 2009 19:49:52 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne > Objet: [Puppet Users] puppetfailover > > Hi > > Today I tried to configure puppet forfailover. I would like to have > two puppet masters, one active and the other not active. Then I would > migrate the IP address, and puppet would become active on the other > node. Configuration I would like to put on a NAS share. > > Do you think this is feasible? Has anybody done that successfully? I > thought to put only /etc/puppet and the ssl directory on the nas. Will > that work? > > BR, Rene--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Le vendredi 30 octobre 2009 à 08:07 -0700, Rene a écrit :> Hi, thanks for the quick answers. > > Did you create a link /var/lib/puppet that points to the nas share?It''s a NFS share, so it is mounted in this dir : [phosphore:~] mount [snip] smaug:/data/zone3/puppet on /var/lib/puppet type nfs ......> Did you use the autosign option?I use it, before having two masters. Nico.
With active / passive i''d probably look at using drbd to sync the /var/lib/puppet dir and HA to manage the failover of drbd and the VIP. 2009/10/29 Rene <rene.zbinden@gmail.com>:> > Hi > > Today I tried to configure puppet for failover. I would like to have > two puppet masters, one active and the other not active. Then I would > migrate the IP address, and puppet would become active on the other > node. Configuration I would like to put on a NAS share. > > Do you think this is feasible? Has anybody done that successfully? I > thought to put only /etc/puppet and the ssl directory on the nas. Will > that work? > > BR, Rene > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Hi all Thanks for all the replies. I want to try to do the following: I have two servers: server1 server2. /var/lib/puppet is shared via nas and /etc/puppet is in a mercurial repository. On server1 I have an ip for puppet-server1 and on server2 an ip for puppet-server2. Those adresses will never be up at the same time. I have configured a loadbalancer alias named puppet which points eather to puppet-server1 or puppet-server2, depending on wich one is up. So if puppet-server1 is up requests go to server1 and if puppet-server2 is up requests go to server2. My biggest problem is the CA configuration. How do I create a CA for the CN puppet? Can someone point me in the right direction? BR, Rene --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
I found the solution. I think it was to easy: Just set: certname = puppet and everythink works well. BR, Rene On 2 Nov., 10:55, Rene <rene.zbin...@gmail.com> wrote:> Hi all > > Thanks for all the replies. I want to try to do the following: > > I have two servers: server1 server2. /var/lib/puppet is shared via nas > and /etc/puppet is in a mercurial repository. > On server1 I have an ip for puppet-server1 and on server2 an ip for > puppet-server2. Those adresses will never be up at the same time. > I have configured a loadbalancer alias named puppet which points > eather to puppet-server1 or puppet-server2, depending on wich > one is up. So if puppet-server1 is up requests go to server1 and if > puppet-server2 is up requests go to server2. > > My biggest problem is the CA configuration. How do I create a CA for > the CN puppet? > > Can someone point me in the right direction? > > BR, Rene--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---