From 877a7d69be30ddd9fa84592d11677f878009c2ae Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 25 Sep 2010 15:28:04 -0300
Subject: Note about $puppetmaster_manage_ca

---
 manifests/puppetmasterd.pp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/manifests/puppetmasterd.pp b/manifests/puppetmasterd.pp
index 0748613..f3d242d 100644
--- a/manifests/puppetmasterd.pp
+++ b/manifests/puppetmasterd.pp
@@ -17,9 +17,16 @@ class puppetmasterd {
     '': { $puppetmaster_port = '18140' }
   }
 
-  # use this option if you want puppet to manage the certificates for all
+  # Use this option if you want puppet to manage the certificates for all
   # master nodes, useful when using multiple masters as prevents issues such as
   # http://groups.google.com/group/puppet-users/browse_thread/thread/f24bd7500e9091bd
+  #
+  # The drawbacks are: 
+  #
+  #   - Such setup is more complete to manage when bootstrapping a fresh network.
+  #   - It doesn't refresh the proxy server (eg. nginx) upon key updates.
+  #
+  # A better approach is to keep certificates at /etc/puppet/ssl (and hence at your puppet repo).
   if $puppetmaster_manage_ca == true {
     include puppetmaster::ca
   }
-- 
cgit v1.2.3