diff options
| -rw-r--r-- | manifests/puppetmasterd.pp | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/manifests/puppetmasterd.pp b/manifests/puppetmasterd.pp index 0748613..f3d242d 100644 --- a/manifests/puppetmasterd.pp +++ b/manifests/puppetmasterd.pp @@ -17,9 +17,16 @@ class puppetmasterd { '': { $puppetmaster_port = '18140' } } - # use this option if you want puppet to manage the certificates for all + # Use this option if you want puppet to manage the certificates for all # master nodes, useful when using multiple masters as prevents issues such as # http://groups.google.com/group/puppet-users/browse_thread/thread/f24bd7500e9091bd + # + # The drawbacks are: + # + # - Such setup is more complete to manage when bootstrapping a fresh network. + # - It doesn't refresh the proxy server (eg. nginx) upon key updates. + # + # A better approach is to keep certificates at /etc/puppet/ssl (and hence at your puppet repo). if $puppetmaster_manage_ca == true { include puppetmaster::ca } |