Multiple Puppet masters with single CA server
I'm transitioning my Puppet setup from a single master to a master+PuppetDB per datacenter and one master that will only do CA.
The new masters will be configured with ca=false and ca_server=the-ca-master to centralise the CA activities on a single machine. I realise this creates a SPOF but that is not the issue.
What I'm running into is that every nginx server on the 'functional' masters needs to have the SSL stuff configured including CRL etc. meaning that for now the only solution I can find is to sync the necessary files like crl.pem ... (more)