Note about $puppetmaster_manage_ca

author Silvio Rhatto <rhatto@riseup.net>

Sat, 25 Sep 2010 18:28:04 +0000 (15:28 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Sat, 25 Sep 2010 18:28:04 +0000 (15:28 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Sat, 25 Sep 2010 18:28:04 +0000 (15:28 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Sat, 25 Sep 2010 18:28:04 +0000 (15:28 -0300)
diff --git a/manifests/puppetmasterd.pp b/manifests/puppetmasterd.pp

index 074861339a323d010052be8a19486e1e86f143c5..f3d242d6aee4d706812607814a6361d736c02537 100644 (file)
--- a/manifests/puppetmasterd.pp
+++ b/manifests/puppetmasterd.pp
@@ -17,9 +17,16 @@ class puppetmasterd {
      '': { $puppetmaster_port = '18140' }
    }
  
-  # use this option if you want puppet to manage the certificates for all
+  # Use this option if you want puppet to manage the certificates for all
    # master nodes, useful when using multiple masters as prevents issues such as
    # http://groups.google.com/group/puppet-users/browse_thread/thread/f24bd7500e9091bd
+  #
+  # The drawbacks are: 
+  #
+  #   - Such setup is more complete to manage when bootstrapping a fresh network.
+  #   - It doesn't refresh the proxy server (eg. nginx) upon key updates.
+  #
+  # A better approach is to keep certificates at /etc/puppet/ssl (and hence at your puppet repo).
    if $puppetmaster_manage_ca == true {
      include puppetmaster::ca
    }
author	Silvio Rhatto <rhatto@riseup.net>
	Sat, 25 Sep 2010 18:28:04 +0000 (15:28 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Sat, 25 Sep 2010 18:28:04 +0000 (15:28 -0300)