Load Balancer for Puppet Master
66 views
Skip to first unread message
Braian Fabián Leiva
Jun 24, 2016, 2:17:37 AM6/24/16
to Puppet Users
I'm trying to setup a Load Balancer in front of some Compile Masters and the Puppet docs says that I can achieve that either with raw TCP proxying, or acting as its own SSL endpoint[1]. If I configure the LB with SSL and SNAT will that work? Is it better to use bridging instead?
Christopher Wood
Jun 24, 2016, 8:27:08 AM6/24/16
to puppet...@googlegroups.com
I handle ssl on the actual compile masters with SAN certs and it works just fine. Define "better"?
On Thu, Jun 23, 2016 at 12:20:44PM -0700, Braian Fabián Leiva wrote:
> I'm trying to setup a Load Balancer in front of some Compile Masters and
> the Puppet docs says that I can achieve that either with raw TCP proxying,
> or acting as its own SSL endpoint[1]. If I configure the LB with SSL and
> SNAT will that work? Is it better to use bridging instead?
> [1] [1]https://docs.puppet.com/guides/scaling_multiple_masters.html#option-3-use-a-load-balancer
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [2]puppet-users...@googlegroups.com.
> To view this discussion on the web visit
> [3]https://groups.google.com/d/msgid/puppet-users/5ddb5120-4f41-4404-9f91-c177f7651757%40googlegroups.com.
> For more options, visit [4]https://groups.google.com/d/optout.
>
> References
>
> Visible links
> 1. https://docs.puppet.com/guides/scaling_multiple_masters.html#option-3-use-a-load-balancer
> 2. mailto:puppet-users...@googlegroups.com
> 3. https://groups.google.com/d/msgid/puppet-users/5ddb5120-4f41-4404-9f91-c177f7651757%40googlegroups.com?utm_medium=email&utm_source=footer
> 4. https://groups.google.com/d/optout
On Thu, Jun 23, 2016 at 12:20:44PM -0700, Braian Fabián Leiva wrote:
> I'm trying to setup a Load Balancer in front of some Compile Masters and
> the Puppet docs says that I can achieve that either with raw TCP proxying,
> or acting as its own SSL endpoint[1]. If I configure the LB with SSL and
> SNAT will that work? Is it better to use bridging instead?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [2]puppet-users...@googlegroups.com.
> To view this discussion on the web visit
> [3]https://groups.google.com/d/msgid/puppet-users/5ddb5120-4f41-4404-9f91-c177f7651757%40googlegroups.com.
> For more options, visit [4]https://groups.google.com/d/optout.
>
> References
>
> Visible links
> 1. https://docs.puppet.com/guides/scaling_multiple_masters.html#option-3-use-a-load-balancer
> 2. mailto:puppet-users...@googlegroups.com
> 3. https://groups.google.com/d/msgid/puppet-users/5ddb5120-4f41-4404-9f91-c177f7651757%40googlegroups.com?utm_medium=email&utm_source=footer
> 4. https://groups.google.com/d/optout
Neil - Puppet List
Jun 26, 2016, 9:23:01 AM6/26/16
to PuppetList
Hello
i front puppet masters with haproxy. haproxy handles ssl and requires a valid client cert. requests for a cert go to a seperate ca master.
happy to supply config if you are interested
Neil
On 24 Jun 2016 07:17, "Braian Fabián Leiva" <ble...@edrans.com> wrote:
I'm trying to setup a Load Balancer in front of some Compile Masters and the Puppet docs says that I can achieve that either with raw TCP proxying, or acting as its own SSL endpoint[1]. If I configure the LB with SSL and SNAT will that work? Is it better to use bridging instead?
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5ddb5120-4f41-4404-9f91-c177f7651757%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
chanlinux
May 29, 2018, 11:14:38 AM5/29/18
to Puppet Users
Neil, can you share the config files
Reply all
Reply to author
Forward
0 new messages