projects / mirror / dsa-wiki.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
puppet agent -t
[mirror/dsa-wiki.git] / input / howto / puppet-setup.mdwn
diff --git a/input/howto/puppet-setup.mdwn b/input/howto/puppet-setup.mdwn
index 1b83186..f96c5f9 100644 (file)
--- a/input/howto/puppet-setup.mdwn
+++ b/input/howto/puppet-setup.mdwn
@@ -10,79 +10,37 @@ Make sure you have set up the IP address for the new machine in ud-ldap.
 After that run puppet on puppetmaster once, so the ferm config get
 adjusted.
 
 After that run puppet on puppetmaster once, so the ferm config get
 adjusted.
 
-        : __handel__ && puppetd -w 5 -t --factsync --environment=production
-
-        : ::client:: && echo 'deb http://mirror.netcologne.de/debian-backports/ lenny-backports main' > /etc/apt/sources.list.d/backports.org.list &&
-                apt-key add - << EOF &&
-    -----BEGIN PGP PUBLIC KEY BLOCK-----
-    Version: GnuPG v1.4.9 (GNU/Linux)
-
-    mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx
-    Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc
-    /lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz
-    onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd
-    kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex
-    Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6
-    m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq
-    bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR
-    bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz
-    Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR
-    AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S
-    cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
-    FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48
-    OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
-    FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44
-    Nv8MTPjOaeEZArQ0flg8OXwF34hGBBARAgAGBQJEeI+KAAoJEHvDNTBle/A9pDwA
-    mwVpbaoH1hebV4MgXIpRvTQiL2keAJ9ryd2LvhbPd5EZM1C3Nsar2/2CgIhGBBAR
-    AgAGBQJHE7HYAAoJEGvFvIY3KyPVlwEAoJyGuJ/SsJTlyIVbulWYp3U/uZQTAJ4l
-    40SrE/wwDeSIrhWNkmmNPbnz54hGBBARAgAGBQJHKneLAAoJEBRrPPJWJbOATcsA
-    n3I8y3pJN6jkmnhUQepfa7jJoDY2AKClHVXYuNZpc2jZKyruwgwck+jCabkCDQRD
-    CIMREAgAzXu6DGSDAz4JH+mlthtiQwNZFU8bjWanGT3DL6zubxwc3ZQmRaMOiVuv
-    JUuaJv8fdGRSvp09dP2/x5mzq2rACiEnDwZssNSK5sigxgy2W9zeO9bOtg6bhqZL
-    wlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEm
-    gFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDNStQDvTNtR6IV11KbKcY1iQ0B2bkh4zSh
-    WwloIr83V6huAhfH8GA7UW6saRJAof5DJWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG
-    8fbecwlox5BRTMqcCB5ELbQXoVZT+wADBQf/ffI9R53f9USQkhsSak+k82JjRo9h
-    qKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1
-    h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HBTY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSX
-    Vi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZrO0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjp
-    VWbepkL88rbqJnPueTATw9shjbFYaND8cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm
-    7C6hwik6agtXWkNABVXSxM6MB4hcP9QC+FEhK6y/7wC3SyNRBuFujDG1aohJBBgR
-    AgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNsVVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLd
-    AJ4v9ojJnvJu2yUl4W586soBm+wsLg==
-    =n4L0
-    -----END PGP PUBLIC KEY BLOCK-----
-    EOF
-                apt-get update &&
-                apt-get install --no-install-recommends puppet/lenny-backports &&
+        : __handel__ && puppet agent -t --environment=production
+
+        : ::client:: && me=$(hostname -f) && [ "$me" != "${me%debian.org}" ] && apt-get update &&
+                apt-get install -y --no-install-recommends puppet libaugeas-ruby1.8 augeas-lenses lsb-release &&
                 /etc/init.d/puppet stop &&
                 /etc/init.d/puppet stop &&
-                puppetd -w 5 --debug -t --factsync
+                (puppet agent -t || true ) &&
+                cd /var/lib/puppet/ssl/certificate_requests &&
+                echo sha256sum output: && echo &&
+                sha256sum $me.pem &&
+                echo && echo && cd /
 
 This will not overwrite anything yet, since handel has not signed the
 client cert.  Now is the time to abort if you are getting cold feet.
 
 Compare incoming csr request:
 
 This will not overwrite anything yet, since handel has not signed the
 client cert.  Now is the time to abort if you are getting cold feet.
 
 Compare incoming csr request:
-on handel:
-
-        : __handel__ && echo -n 'Client name: ' && read client &&
-                sha1sum /var/lib/puppet/ssl/ca/requests/$client.debian.org.pem
-on new client:
-
-        : ::client:: && sha1sum /var/lib/puppet/ssl/certificate_requests/$(hostname).debian.org.pem
-
-If you're satisfied, sign the request on handel with:
-
-        : __handel__ && puppetca --sign $client.debian.org
-
-bootstrap client knowledge of puppet ca:
-on handel:
-
-        : __handel__ && echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' &&
+on handel, paste the sha256output::
+
+        : __handel__ && echo "paste sha256sum output now:" &&
+                read sha256 filename &&
+                cd /var/lib/puppet/ssl/ca/requests &&
+                ( [ -e $filename ] || (echo "$filename does not exist."; exit 1) ) &&
+                echo -e "$sha256  $filename" | sha256sum -c &&
+                puppetca --sign $(basename "$filename" .pem) &&
+                echo && echo && echo &&
+                echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' &&
                 cat /var/lib/puppet/ssl/certs/ca.pem &&
                 echo 'EOF' &&
                 cat /var/lib/puppet/ssl/certs/ca.pem &&
                 echo 'EOF' &&
-                echo "cat > /var/lib/puppet/ssl/certs/$client.debian.org.pem << EOF " &&
-                cat /var/lib/puppet/ssl/ca/signed/$client.debian.org.pem &&
-                echo 'EOF'
+                echo "cat > /var/lib/puppet/ssl/certs/$filename << EOF " &&
+                cat /var/lib/puppet/ssl/ca/signed/$filename &&
+                echo 'EOF' &&
+                cd /
 
 and execute this on the client.
 
 
 and execute this on the client.
 
@@ -93,7 +51,7 @@ although the config files should remain identical before and after.
 
 Then run (this will change the configs in /etc):
 
 
 Then run (this will change the configs in /etc):
 
-        : ::client:: && puppetd -w 5 --debug -t --factsync
+        : ::client:: && puppet agent -t
 
 This run will start puppet after reconfiguring it, so if you are 
 unhappy with what just happened, you'll need to stop it again to do 
 
 This run will start puppet after reconfiguring it, so if you are 
 unhappy with what just happened, you'll need to stop it again to do 
Unnamed repository; edit this file 'description' to name the repository.