projects
/
mirror
/
dsa-wiki.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
start upgrade-to-stretch list
[mirror/dsa-wiki.git]
/
input
/
howto
/
puppet-setup.mdwn
diff --git
a/input/howto/puppet-setup.mdwn
b/input/howto/puppet-setup.mdwn
index
2ba588d
..
243d759
100644
(file)
--- a/
input/howto/puppet-setup.mdwn
+++ b/
input/howto/puppet-setup.mdwn
@@
-10,12
+10,12
@@
Make sure you have set up the IP address for the new machine in ud-ldap.
After that run puppet on puppetmaster once, so the ferm config get
adjusted.
After that run puppet on puppetmaster once, so the ferm config get
adjusted.
- : __handel__ && puppet agent -
t
--environment=production
+ : __handel__ && puppet agent -
-no-daemonize --onetime
--environment=production
: ::client:: && me=$(hostname -f) && [ "$me" != "${me%debian.org}" ] && apt-get update &&
: ::client:: && me=$(hostname -f) && [ "$me" != "${me%debian.org}" ] && apt-get update &&
- apt-get install -y --no-install-recommends puppet
libaugeas-ruby1.8
augeas-lenses lsb-release &&
+ apt-get install -y --no-install-recommends puppet
ruby-augeas
augeas-lenses lsb-release &&
service puppet stop &&
service puppet stop &&
- (puppet agent -
t
|| true ) &&
+ (puppet agent -
-no-daemonize --onetime
|| true ) &&
cd /var/lib/puppet/ssl/certificate_requests &&
echo sha256sum output: && echo &&
sha256sum $me.pem &&
cd /var/lib/puppet/ssl/certificate_requests &&
echo sha256sum output: && echo &&
sha256sum $me.pem &&
@@
-34,7
+34,7
@@
on handel, paste the sha256output::
cd /var/lib/puppet/ssl/ca/requests &&
( [ -e $filename ] || (echo "$filename does not exist."; exit 1) ) &&
echo -e "$sha256 $filename" | sha256sum -c &&
cd /var/lib/puppet/ssl/ca/requests &&
( [ -e $filename ] || (echo "$filename does not exist."; exit 1) ) &&
echo -e "$sha256 $filename" | sha256sum -c &&
- puppet
ca --
sign $(basename "$filename" .pem) &&
+ puppet
ca
sign $(basename "$filename" .pem) &&
echo && echo && echo &&
echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' &&
cat /var/lib/puppet/ssl/certs/ca.pem &&
echo && echo && echo &&
echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' &&
cat /var/lib/puppet/ssl/certs/ca.pem &&
@@
-42,7
+42,10
@@
on handel, paste the sha256output::
echo "cat > /var/lib/puppet/ssl/certs/$filename << EOF " &&
cat /var/lib/puppet/ssl/ca/signed/$filename &&
echo 'EOF' &&
echo "cat > /var/lib/puppet/ssl/certs/$filename << EOF " &&
cat /var/lib/puppet/ssl/ca/signed/$filename &&
echo 'EOF' &&
- cd /
+ cd / &&
+ echo 'puppet agent --enable' &&
+ echo 'puppet agent --no-daemonize --onetime --pluginsync' &&
+ echo 'puppet agent --no-daemonize --onetime --pluginsync'
and execute this on the client.
and execute this on the client.
@@
-53,13
+56,13
@@
although the config files should remain identical before and after.
Try this once if you're nervous:
Try this once if you're nervous:
- : ::client:: && puppet agent -
t
--pluginsync --noop
+ : ::client:: && puppet agent -
-no-daemonize --onetime
--pluginsync --noop
It will tell you what would have changed without actually doing it.
Then run (this will change the configs in /etc):
It will tell you what would have changed without actually doing it.
Then run (this will change the configs in /etc):
- : ::client:: && puppet agent -
t
--pluginsync
+ : ::client:: && puppet agent -
-no-daemonize --onetime
--pluginsync
This run will start puppet after reconfiguring it, so if you are
unhappy with what just happened, you'll need to stop it again to do
This run will start puppet after reconfiguring it, so if you are
unhappy with what just happened, you'll need to stop it again to do