Ask Your Question

Passenger with CA Master

asked 2013-03-15 21:55:04 -0600

nathanlong85 gravatar image

Here's a little background info before I ask my actual question... I have a site where I have two puppet masters: one internal and one DMZ. Due to security reasons I can't let my DMZ nodes talk directly to my internal master so I'm syncing between masters to keep things identical. I'd like to be able to view both masters in the same dashboard though, and in order to properly do that I need my inventory service to be puppetdb. As far as I can understand, I need a centralized ca in order to have multiple ... (more)

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2013-03-18 10:50:19 -0600

KlavsKlavsen gravatar image

updated 2013-03-18 10:52:04 -0600

you create new certs for the new server - with an alternate name of your "common puppet server name". Before puppet 2.6 you did like this: link: // - today the commands have changed - see link // (puppet cert...) - but the idea is the same.

#puppet 2.6+ - how to gen. cert with alt names puppetca --generate --dnsaltnames puppetmaster4:puppet puppetmaster2

You still need to forward the requests to the internal puppet - for it to sign the certs (I'm guessing you don't want the dmz puppet to be able ... (more)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2013-03-15 21:55:04 -0600

Seen: 382 times

Last updated: Mar 18 '13