diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2010-09-25 15:28:04 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2010-09-25 15:28:04 -0300 |
| commit | 877a7d69be30ddd9fa84592d11677f878009c2ae (patch) | |
| tree | ea6bcdd60029446b163b37de12d6fe54bd381922 | |
| parent | 0efb5acacc17c9410eee28a1d182384b67af9ac2 (diff) | |
| download | puppet-puppet-877a7d69be30ddd9fa84592d11677f878009c2ae.tar.gz puppet-puppet-877a7d69be30ddd9fa84592d11677f878009c2ae.tar.bz2 | |
Note about $puppetmaster_manage_ca
| -rw-r--r-- | manifests/puppetmasterd.pp | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/manifests/puppetmasterd.pp b/manifests/puppetmasterd.pp index 0748613..f3d242d 100644 --- a/manifests/puppetmasterd.pp +++ b/manifests/puppetmasterd.pp @@ -17,9 +17,16 @@ class puppetmasterd { '': { $puppetmaster_port = '18140' } } - # use this option if you want puppet to manage the certificates for all + # Use this option if you want puppet to manage the certificates for all # master nodes, useful when using multiple masters as prevents issues such as # http://groups.google.com/group/puppet-users/browse_thread/thread/f24bd7500e9091bd + # + # The drawbacks are: + # + # - Such setup is more complete to manage when bootstrapping a fresh network. + # - It doesn't refresh the proxy server (eg. nginx) upon key updates. + # + # A better approach is to keep certificates at /etc/puppet/ssl (and hence at your puppet repo). if $puppetmaster_manage_ca == true { include puppetmaster::ca } |