Passenger setup and CA
29 views
Skip to first unread message
Andrew Hibbert
Oct 30, 2015, 8:39:34 AM10/30/15
to Puppet Users
Hi,
Currently we have 3 puppet masters behind a VIP load balanced (by hardware load balancer). We have an NFS mount share across the 3 servers which stores the puppet code and certificates etc. We have some proxy balancers on the hosts for CA with the 1st puppet master being the active worker and the hot standby being the second server, because of these being balanced we also have all requests other than the certificates proxy passed to just one instance on port 18140 on each servers .
I'm wanting to ask several questions about this:-
Currently we have 3 puppet masters behind a VIP load balanced (by hardware load balancer). We have an NFS mount share across the 3 servers which stores the puppet code and certificates etc. We have some proxy balancers on the hosts for CA with the 1st puppet master being the active worker and the hot standby being the second server, because of these being balanced we also have all requests other than the certificates proxy passed to just one instance on port 18140 on each servers .
I'm wanting to ask several questions about this:-
- Do you think that the CA needs to be set up master/standby since the certificate directory is shared - I'm not sure on this since techniquely I guess you could have problems when 2 or more puppet masters sign certs at the same time, because of the serial number?
- If a CA master/standby is needed do the other requests really need to go via the proxy as well. We are running into some 502/503 errors when the puppet masters are loaded, I'm wandering whether that would happen less if it wasn't doing the proxy pass
Thanks
Andy
Dec 6, 2015, 7:53:15 AM12/6/15
to Puppet Users
In the end I went along the second stream of thinking. I.e I kept the CA master/standby passenger setup the same but all other puppet requests just go to the standard 8140 port. This has made it significantly more reliable.
Reply all
Reply to author
Forward
0 new messages