Thoughts on using an F5 to provide failover support for two Puppet Servers
Posted on https://groups.google.com/forum/#!topic/puppet-users/zOTwfF4x0kY by Patrick Mohr
You'll need one or more mysql servers if you use storedconfigs. Storedconfigs can be useful, but will drastically increase the server CPU usage and will require a mysql backend. You can always turn it on later.
There are two (working) ways to setup SSL which is used for authentication and security. When last I checked, the "chained certificates" method still doesn't work due to bugs.
- Copy the same certificate authority to each server. This is easy to do, but will break certificate revocation lists (CRL).
- Dedicate one computer to be the certificate authority. Requires more client config, but allows CRLs to work.
Posted on https://groups.google.com/forum/#!topic/puppet-users/zOTwfF4x0kY by donavan
> 2. Should I let a high availability apache frontend manage a puppet > backend?
Using a front end load balancer, Apache or hardware (F5 etc), works fine. Depending on your DNS control there's also a pending feature to support SRV records for clients to find masters.
Posted on https://groups.google.com/forum/#!topic/puppet-users/zOTwfF4x0kY by DaveQB
We had trouble scaling with 400+ nodes. Puppet server is a VM on an ESX cluster with 3.5GB of ram and 1.5GB of swap but would regularly kick in OOM (Out Of Memory?) which would kill off most if not all of the 10 puppetmaster instances.
We felt scheduling a restart of the puppetmasters a few times a day was not a sustainable solution.
So we are in the midst of moving to removing the server from the equation altogether. Seeing as all nodes have a common NFS mount(s), we are testing moving to simply calling puppet with the sites.pp file as the only command line argument.
So far in testing, it has been working great.
Just thought I'd mention this as a potential option.
Parent: Puppet
