Ask Your Question

Does Load Balancing need Sticky Sessions?

asked 2013-03-13 21:48:17 -0600

If you are to put a bunch of puppet masters behind a load balancer, would the configuration require sticky sessions to be enabled?

From what I've read so far about load balancing, there's no mention of it, but it'd be great to have confirmation.


edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted

answered 2013-03-19 20:34:49 -0600

Adrien Thebo gravatar image

Short answer: no, you don't need sticky sessions.

Long answer: Each request from a Puppet agent to the Puppet master uses the REST API, which is entirely stateless. In fact, you can use one Puppet master as the CA server, another Puppet master for catalogs, and an additional Puppet master for file serving.

However, you should only have a single Puppet master that's the CA server; having multiple servers with a single CA cert will break things pretty badly. If you try to use a Puppet master that's not the CA, you'll get an error like ... (more)

edit flag offensive delete link more

answered 2013-03-16 04:08:52 -0600

jonn gravatar image

There's some good stuff about scaling puppet masters on - search for "scaling multiple masters"

Round-robin DNS is specifically mentioned as an option, which precludes stickiness.

There's also some useful ideas about how to deal with the certificate issue, by proxying requests for /<env>/certificate to a dedicated CA server. The example given is for mod_proxy, but this would also be achievable with an iRule on F5 LTM (or whatever facility your load balancer has for content manipulation and management).

edit flag offensive delete link more

answered 2013-03-14 02:53:25 -0600

Ancillas gravatar image

I don't think so. I don't think any session data is persisted from run to run.

If you have multiple dashboard servers, then yes, I could see using sticky sessions, but the need for persistence on puppet masters isn't really there.

I suppose if you didn't have the certificate requests, and other SSL files shared between the masters, you'd want an agent to reconnect to a single master repeatedly though out the cert signing process, but if the puppet master pool was architected that way, there wouldn't be any redundancy, and you'd be ... (more)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2013-03-13 21:48:17 -0600

Seen: 1,258 times

Last updated: Mar 19 '13