puppet failover

239 views
Skip to first unread message

Rene

unread,
Oct 29, 2009, 2:49:52 PM10/29/09
to Puppet Users
Hi

Today I tried to configure puppet for failover. I would like to have
two puppet masters, one active and the other not active. Then I would
migrate the IP address, and puppet would become active on the other
node. Configuration I would like to put on a NAS share.

Do you think this is feasible? Has anybody done that successfully? I
thought to put only /etc/puppet and the ssl directory on the nas. Will
that work?

BR, Rene

Nigel Kersten

unread,
Oct 29, 2009, 3:27:25 PM10/29/09
to puppet...@googlegroups.com
Your puppet config is all in a VCS right? So why not just keep the
local checkout of that in sync on both servers?

>
> BR, Rene
> >
>



--
nigel

Steven Jenkins

unread,
Oct 29, 2009, 3:43:33 PM10/29/09
to puppet...@googlegroups.com

I think that, in general, using NAS could be ok, but you need to
consider dependency failures (e.g., the NFS server won't start until
Puppet starts, but Puppet needs the NFS server up). The
straightforward answer there is to *not* have your NFS server
dependent on Puppet for startup (have Puppet run *after* NFS starts,
for example).

Another major consideration is performance. Benchmark and watch
performance carefully. This would be my biggest concern for using NAS
to manage failover.

Depending on your NAS, you should also carefully consider your
failure modes: i.e., have you taken out the Puppet master server being
a single point of failure only to insert your NAS as the new single
point of failure? There are various HA NAS solutions out there, so
there are plenty of solutions for this.

One other item is that you probably want /var/puppet as well as
/etc/puppet in NAS; i.e., the various spooled items like filebuckets
are pretty important.

Steven

Nicolas Szalay

unread,
Oct 29, 2009, 4:38:18 PM10/29/09
to puppet...@googlegroups.com
This will definitely work, I have this setup : two puppetmasters, sharing a
vip with heartbeat, both running nginx + mongrel. /etc/puppet is populated
through subversion (automatic checkout). /var/lib/puppet is NFS mounted (SPOF,
could be an iSCSI disk with ocfs2 filesystem). This works perfectly since months.

Regards,

Nico.

----- Mail Original -----
De: "Rene" <rene.z...@gmail.com>
À: "Puppet Users" <puppet...@googlegroups.com>
Envoyé: Jeudi 29 Octobre 2009 19:49:52 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne
Objet: [Puppet Users] puppet failover

Hi

Today I tried to configure puppet for failover. I would like to have
two puppet masters, one active and the other not active. Then I would
migrate the IP address, and puppet would become active on the other
node. Configuration I would like to put on a NAS share.

Do you think this is feasible? Has anybody done that successfully? I
thought to put only /etc/puppet and the ssl directory on the nas. Will
that work?

BR, Rene

Akins, Brian

unread,
Oct 29, 2009, 4:53:50 PM10/29/09
to puppet...@googlegroups.com
We just have 3 puppet masters and sync the configs from one master-master to
2 master-slaves.

Works very well. We have certs setup so a client can connect to any of the
masters.

--
Brian Akins

Rene

unread,
Oct 30, 2009, 11:07:41 AM10/30/09
to Puppet Users
Hi, thanks for the quick answers.

Did you create a link /var/lib/puppet that points to the nas share?

Did you use the autosign option?

BR, Rene

On Oct 29, 9:38 pm, Nicolas Szalay <nsza...@qualigaz.com> wrote:
> This will definitely work, I have this setup : two puppetmasters, sharing a
> vip with heartbeat, both running nginx + mongrel. /etc/puppet is populated
> through subversion (automatic checkout). /var/lib/puppet is NFS mounted (SPOF,
> could be an iSCSI disk with ocfs2 filesystem). This works perfectly since months.
>
> Regards,
>
> Nico.
>
> ----- Mail Original -----
> De: "Rene" <rene.zbin...@gmail.com>
> À: "Puppet Users" <puppet...@googlegroups.com>
> Envoyé: Jeudi 29 Octobre 2009 19:49:52 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne
> Objet: [Puppet Users] puppetfailover
>
> Hi
>
> Today I tried to configure puppet forfailover. I would like to have

Nicolas Szalay

unread,
Oct 30, 2009, 11:49:29 AM10/30/09
to puppet...@googlegroups.com
Le vendredi 30 octobre 2009 à 08:07 -0700, Rene a écrit :
> Hi, thanks for the quick answers.
>
> Did you create a link /var/lib/puppet that points to the nas share?

It's a NFS share, so it is mounted in this dir :

[phosphore:~] mount
[snip]
smaug:/data/zone3/puppet on /var/lib/puppet type nfs ......


> Did you use the autosign option?

I use it, before having two masters.

Nico.

signature.asc

Matt

unread,
Nov 1, 2009, 3:36:31 PM11/1/09
to puppet...@googlegroups.com
With active / passive i'd probably look at using drbd to sync the
/var/lib/puppet dir and HA to manage the failover of drbd and the VIP.

2009/10/29 Rene <rene.z...@gmail.com>:

Rene

unread,
Nov 2, 2009, 4:55:41 AM11/2/09
to Puppet Users
Hi all

Thanks for all the replies. I want to try to do the following:

I have two servers: server1 server2. /var/lib/puppet is shared via nas
and /etc/puppet is in a mercurial repository.
On server1 I have an ip for puppet-server1 and on server2 an ip for
puppet-server2. Those adresses will never be up at the same time.
I have configured a loadbalancer alias named puppet which points
eather to puppet-server1 or puppet-server2, depending on wich
one is up. So if puppet-server1 is up requests go to server1 and if
puppet-server2 is up requests go to server2.

My biggest problem is the CA configuration. How do I create a CA for
the CN puppet?

Can someone point me in the right direction?

BR, Rene

Rene

unread,
Nov 2, 2009, 10:36:15 AM11/2/09
to Puppet Users
I found the solution. I think it was to easy:

Just set:
certname = puppet

and everythink works well.

BR, Rene

Malla Reddy Alakonda

unread,
Jul 22, 2015, 10:49:25 AM7/22/15
to Puppet Users


Hello Rene, 

Can you help me in setting up High availability for my puppet master, can you share any doc that will help me   
Reply all
Reply to author
Forward
0 new messages