Puppet high-availability
SyRenity
I asked this question in past on this list, and now working to set it
running.
My idea is to have 2 Puppet servers, who are also the DNS servers.
Each one would have itself as the puppet hostname.
Both of the servers will pull the manifests from external git repo.
The idea goes that each Puppet client will have the 2 Puppet serves as
it's DNS servers, and in case one of them goes down, will ask the
other for IP and start working through it.
Two things that I would like to know for this:
1) How to set 0 DNS caching in puppet client?
2) What people here think of this approach? Any suggestions?
Thanks.
Patrick
On Apr 13, 2010, at 3:26 PM, SyRenity wrote:
> Hi.
>
> I asked this question in past on this list, and now working to set it
> running.
>
> My idea is to have 2 Puppet servers, who are also the DNS servers.
> Each one would have itself as the puppet hostname.
> Both of the servers will pull the manifests from external git repo.
I've heard of people using one DNS server and then telling the DNS server to do whatever magic is needed to make both puppet servers as part of a pool. That will also give you a performance boost.
Christopher Johnston
two puppetmasters per site and I would like to see them both handle
serving puppet data at anytime from a VIP (primary/failover) type of
operation.
Sent from my iPhone
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To post to this group, send email to puppet...@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users...@googlegroups.com
> .
> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en
> .
>
Ohad Levy
I suggest you search for a post lohit asked a few days ago.
Ohad
Ohad Levy
at least one thing to note (probably not the only one) is that this will only work with 025.x masters/clients if you use multiple environments (you need restful requests which include the environment in the url path).
Ohad
Scott Smith
> Hi.
>
> I asked this question in past on this list, and now working to set it
> running.
>
> My idea is to have 2 Puppet servers, who are also the DNS servers.
> Each one would have itself as the puppet hostname.
> Both of the servers will pull the manifests from external git repo.
Just set up HAproxy and load balance them. Done.
Tony G.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
--
Tony
Bruce Richardson
And then don't forget to make your HAproxy config HA, of course. Or
whatever it is you choose to use for load balancing (e.g. LVS).
If you want to make your DNS/puppet cluster completely self-contained,
you could use Hearbeat to make them an HA pair, assign a "float" address
for your official puppetmaster service and have Heartbeat manage that
(and any services which need to be associated with it).
--
Bruce
It is impolite to tell a man who is carrying you on his shoulders that
his head smells.
Michael DeHaan
<chjo...@gmail.com> wrote:
> How to deal with ssl certs, I have a similar situation where I have two
> puppetmasters per site and I would like to see them both handle serving
> puppet data at anytime from a VIP (primary/failover) type of operation.
>
How about shared storage for the SSL dir?
--Michael
David Schmitt
Would that be race-free with regards to updating the serial number and
stuff?
Best Regards, David
--
dasz.at OG Tel: +43 (0)664 2602670 Web: http://dasz.at
Klosterneuburg UID: ATU64260999
FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg
Christopher Johnston
-Chris
Michael DeHaan
alias for ca that moved when the ca wasn't accessible (using
--certname), and load balance the puppet serving parts since there's
no race issues there.
--Michael
SyRenity
have such dependency.
Christopher Johnston
I read the puppet scalibility setup on the wiki, assuming thats a chained certificate setup?
Trevor Hemsley
Trevor
Hemsley
Infrastructure
Engineer
.................................................
C
A L Y P S O
Brighton,
UK
OFFICE
+44
(0) 1273 666 350
FAX
+44
(0) 1273 666 351
.................................................
www.calypso.com
This
electronic-mail might contain confidential information intended only
for the use by the entity named. If the reader of this message is not
the intended recipient, the reader is hereby notified that any
dissemination, distribution or copying is strictly prohibited.
P Please consider the environment before printing this e-mail
SyRenity
I actually considered this, but DRBD seems heavy for read-only
information, which puppet manifests are.
Maybe just using heartbeat both for DNS and Puppet, but as I'm
defining both DNS servers on Puppet clients anyhow, it seems
redundant.
Are there considerations against this approach?
Regards.
On Apr 14, 5:38 pm, Trevor Hemsley <trevor.hems...@codefarm.com>
wrote:
> Sounds like an ideal candidate for using DRBD and heartbeat to run
> active/standby puppet masters.
>
> On 14/04/2010 15:34, Michael DeHaan wrote:
>
>
>
> > It would do for active/passive though. How about setting up an
> > alias for ca that moved when the ca wasn't accessible (using
> > --certname), and load balance the puppet serving parts since there's
> > no race issues there.
>
> > --Michael
>
> > On Wed, Apr 14, 2010 at 10:06 AM, David Schmitt <da...@dasz.at> wrote:
>
> >> On 4/14/2010 3:42 PM, Michael DeHaan wrote:
>
> >>> On Tue, Apr 13, 2010 at 7:39 PM, Christopher Johnston
> >>> <chjoh...@gmail.com> wrote:
>
> >>>> How to deal with ssl certs, I have a similar situation where I have two
> >>>> puppetmasters per site and I would like to see them both handle serving
> >>>> puppet data at anytime from a VIP (primary/failover) type of operation.
>
> >>> How about shared storage for the SSL dir?
>
> >> Would that be race-free with regards to updating the serial number and
> >> stuff?
>
> >> Best Regards, David
> >> --
> >> dasz.at OG Tel: +43 (0)664 2602670 Web:http://dasz.at
> >> Klosterneuburg UID: ATU64260999
>
> >> FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg
>
> >> --
> >> You received this message because you are subscribed to the Google Groups
> >> "Puppet Users" group.
> >> To post to this group, send email to puppet...@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> puppet-users...@googlegroups.com.
> >> For more options, visit this group at
> >>http://groups.google.com/group/puppet-users?hl=en.
>
> --
>
> Trevor Hemsley
> Infrastructure Engineer
> .................................................
> * C A L Y P S O
> * Brighton, UK
>
> OFFICE +44 (0) 1273 666 350
> FAX +44 (0) 1273 666 351
>
> .................................................www.calypso.com
>
> This electronic-mail might contain confidential information intended
> only for the use by the entity named. If the reader of this message is
> not the intended recipient, the reader is hereby notified that any
> dissemination, distribution or copying is strictly prohibited.
>
> * P * /*/ Please consider the environment before printing this e-mail /*/
Atha Kouroussis
You can generate the generate the puppetmaster certificate using the certname and/or certdnsnames options and assign that name to the VIP in a heartbeat cluster. Once the certificate is generated on one server, copy it to the other.
Cheers,
Atha