best practice for multiple Puppet masters and external CAs in AWS?
98 views
Skip to first unread message
Erik Kennedy
Oct 19, 2015, 4:10:14 PM10/19/15
to Puppet Users
Right now I have a single Puppet master for our EC2 instances, which exists within our VPC. Obviously this is a terrible single-point-of-failure and I want to turn it into a load-balanced autoscaling setup so I can spread them across multiple availability zones. However, I still need to either have one system serve as the certificate authority which reintroduces the SPOF or I need to sort out how best to use an external CA with Puppet. Aside from the docs on the site which I've read, are there any guides or examples of someone having done this in a production environment? Search isn't turning up too many examples online, and I missed the chance to ask about this at PuppetConf. Thanks in advance...
Poil
Oct 20, 2015, 2:23:57 AM10/20/15
to puppet...@googlegroups.com
Hi,
You can use incron+scp or a daemon like csync2 to synchronize your
certificates folder
Or if you are in US just use an EFS (you can also use s3fs but it's
unstable)
For AutoScaling, I use a generic certificate and I force the node_name
to the Tag "Name" (example : https://gist.github.com/ahpook/1182243)
Cu
You can use incron+scp or a daemon like csync2 to synchronize your
certificates folder
Or if you are in US just use an EFS (you can also use s3fs but it's
unstable)
For AutoScaling, I use a generic certificate and I force the node_name
to the Tag "Name" (example : https://gist.github.com/ahpook/1182243)
Cu
Reply all
Reply to author
Forward
0 new messages