Klavs Klavsen
2013-Jul-10 14:03 UTC
[Puppet Users] multiple masters and CA''s - what''s the issue?
Hi, I''ve just setup a new secondary master - following http://docs.puppetlabs.com/guides/scaling_multiple_masters.html Nice docu. Much easier than when I first did it (with 0.24 :) One thing I''m wondering about, is why there can be ONLY 1 CA ? is it because of the CRL ? I was thinking of copying the ssl/ca folder to the other masters.. (with a regular sync of CRL) - so it should be a simple matter of appointing another CA - if the CA goes down - instead of needing to recover that puppetmaster, before I can sign any new servers. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Trevor Vaughan
2013-Jul-10 14:42 UTC
Re: [Puppet Users] multiple masters and CA''s - what''s the issue?
It''s generally easier to just back up that one directory to your backup system (you have one, right?). Recovery then becomes a breeze in general. The only thing to watch out for is to keep a good handle on when your CA cert expires and give yourself a good two weeks to get everything rolled over to a new CA. Trevor On Wed, Jul 10, 2013 at 10:03 AM, Klavs Klavsen <klavs@enableit.dk> wrote:> Hi, > > I''ve just setup a new secondary master - following > http://docs.puppetlabs.com/guides/scaling_multiple_masters.html > > Nice docu. Much easier than when I first did it (with 0.24 :) > > One thing I''m wondering about, is why there can be ONLY 1 CA ? > > is it because of the CRL ? > > I was thinking of copying the ssl/ca folder to the other masters.. (with a > regular sync of CRL) - so it should be a simple matter of appointing > another CA - if the CA goes down - instead of needing to recover that > puppetmaster, before I can sign any new servers. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscribe@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users. > For more options, visit https://groups.google.com/groups/opt_out. > > >-- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaughan@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.