From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 25 Sep 2010 18:28:04 +0000 (-0300)
Subject: Note about $puppetmaster_manage_ca
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=877a7d69be30ddd9fa84592d11677f878009c2ae;p=puppet-puppet.git

Note about $puppetmaster_manage_ca
---

diff --git a/manifests/puppetmasterd.pp b/manifests/puppetmasterd.pp
index 0748613..f3d242d 100644
--- a/manifests/puppetmasterd.pp
+++ b/manifests/puppetmasterd.pp
@@ -17,9 +17,16 @@ class puppetmasterd {
     '': { $puppetmaster_port = '18140' }
   }
 
-  # use this option if you want puppet to manage the certificates for all
+  # Use this option if you want puppet to manage the certificates for all
   # master nodes, useful when using multiple masters as prevents issues such as
   # http://groups.google.com/group/puppet-users/browse_thread/thread/f24bd7500e9091bd
+  #
+  # The drawbacks are: 
+  #
+  #   - Such setup is more complete to manage when bootstrapping a fresh network.
+  #   - It doesn't refresh the proxy server (eg. nginx) upon key updates.
+  #
+  # A better approach is to keep certificates at /etc/puppet/ssl (and hence at your puppet repo).
   if $puppetmaster_manage_ca == true {
     include puppetmaster::ca
   }