I'm preparing to install a monolithic configuration (we have under 500 hosts). Since we have two separate environments (a redundant environment), I would like to run Puppet in a dual-master configuration. Such that either master could be consulted by any system for its catalog.

I searched through some of the docs here on puppetlabs, but didn't find anything. I found some older reference to muli-master configs, using open-source puppet.

Can someone elaborate on whether this is possible and how to accomplish it (and any caveats if applicable).

I want to add, I'm asking specifically about Puppet Enterprise, and in doing this in a way that is "officially sanctioned" (read: supported). It seems like a reasonable feature to have available. In this case, where you can separate out the PuppetDB, there are possibilities there.


You should reach out directly to Puppet Labs, especially since you are looking for an officially supported solution. This is definitely possible. We work with them on customers with these type of requirements.

nanliu gravatar imagenanliu ( 2014-07-23 11:59:32 -0600 )edit

The Puppet Enterprise documentation calls extra Puppet masters "Compile Masters"; they're documented here:

Puppet Labs originally documented Compile Masters as an add-on to a PE split installation, but they've documented a PE Monolith-plus-Compile-Masters configuration as well:

The most effective use of multiple Compile Masters is to front them with a load-balancer, registering the DNS name of the load-balancer in the Compile Masters' certificate signing request as they join the PE deployment. I'm also working on documenting the use of more than one load-balanced Compile-Master pool on a single PE deployment. This would be useful when you want to put Compile Masters close to managed nodes, but still manage node classification and reporting from a single PE deployment. It's also useful when you want to have a pre-configured Puppet Master pool at a D/R site that can take over for the normal production pool after you've recovered your PE core at the D/R site.

hi aharden, can you please elaborate me the 3rd paragraph. I implemented the same design, and now i was stuck. I dont know which servers FQDN must be provided in the agents puppet.conf file. I have one Master of Master(MoM), i'm using this MoM as a CA server to sign the certificates.

var kanduku gravatar imagevar kanduku ( 2016-04-05 16:14:19 -0600 )edit

and i have other two compile masters backed with a load balancer. I'm using the nginx load balancer to listen for the requests on 8140 and forward those requests to compile masters on 8140. Now i dont know how to tell agents to get the catalog from the load balanced compile masters

var kanduku gravatar imagevar kanduku ( 2016-04-05 16:16:22 -0600 )edit

The PE CA/Master of Masters FQDN should be configured as the puppet master for itself and the PE compile masters. An FQDN that resolves to the load-balancer should be used for all the managed nodes, and must be included in the DNS alt names that the compile masters share in their cert request.

aharden gravatar imageaharden ( 2016-04-07 07:50:25 -0600 )edit

probably you would need the latest split configuration, with one master acting as the CA for the two environments, or you can share the certificates via a shared file system. and install another master just as master only so it has to point to the first master for its CA, now for puppetdb, not sure how would you do replication at this stage? this setup up is what you will have in books and the document you mention above for open source, it is not much difference in the enterprise.

I certainly have. No meaningful response as of yet. They always tell me to first ask my question here anyway. But I think it's applicable here in a larger sense.

