To set up a new host to be a puppet client, do the following:
- : ::client:: && apt-get install puppet &&
+Make sure you have set up the IP address for the new machine in ud-ldap.
+After that run puppet on puppetmaster once, so the ferm config get
+adjusted.
+
+ : __handel__ && puppetd -w 5 -t --factsync --environment=production
+
+ : ::client:: && echo 'deb http://mirror.netcologne.de/debian-backports/ lenny-backports main' > /etc/apt/sources.list.d/backports.org.list &&
+ apt-key add - << EOF &&
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1.4.9 (GNU/Linux)
+
+ mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx
+ Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc
+ /lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz
+ onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd
+ kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex
+ Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6
+ m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq
+ bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR
+ bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz
+ Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR
+ AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S
+ cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
+ FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48
+ OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
+ FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44
+ Nv8MTPjOaeEZArQ0flg8OXwF34hGBBARAgAGBQJEeI+KAAoJEHvDNTBle/A9pDwA
+ mwVpbaoH1hebV4MgXIpRvTQiL2keAJ9ryd2LvhbPd5EZM1C3Nsar2/2CgIhGBBAR
+ AgAGBQJHE7HYAAoJEGvFvIY3KyPVlwEAoJyGuJ/SsJTlyIVbulWYp3U/uZQTAJ4l
+ 40SrE/wwDeSIrhWNkmmNPbnz54hGBBARAgAGBQJHKneLAAoJEBRrPPJWJbOATcsA
+ n3I8y3pJN6jkmnhUQepfa7jJoDY2AKClHVXYuNZpc2jZKyruwgwck+jCabkCDQRD
+ CIMREAgAzXu6DGSDAz4JH+mlthtiQwNZFU8bjWanGT3DL6zubxwc3ZQmRaMOiVuv
+ JUuaJv8fdGRSvp09dP2/x5mzq2rACiEnDwZssNSK5sigxgy2W9zeO9bOtg6bhqZL
+ wlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEm
+ gFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDNStQDvTNtR6IV11KbKcY1iQ0B2bkh4zSh
+ WwloIr83V6huAhfH8GA7UW6saRJAof5DJWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG
+ 8fbecwlox5BRTMqcCB5ELbQXoVZT+wADBQf/ffI9R53f9USQkhsSak+k82JjRo9h
+ qKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1
+ h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HBTY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSX
+ Vi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZrO0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjp
+ VWbepkL88rbqJnPueTATw9shjbFYaND8cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm
+ 7C6hwik6agtXWkNABVXSxM6MB4hcP9QC+FEhK6y/7wC3SyNRBuFujDG1aohJBBgR
+ AgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNsVVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLd
+ AJ4v9ojJnvJu2yUl4W586soBm+wsLg==
+ =n4L0
+ -----END PGP PUBLIC KEY BLOCK-----
+ EOF
+ apt-get update &&
+ apt-get install --no-install-recommends puppet/lenny-backports &&
/etc/init.d/puppet stop &&
puppetd -w 5 --debug -t --factsync
Compare incoming csr request:
on handel:
- : __handel__ && echo -n 'Client name: ' && read client &&
+ : __handel__ && echo -n 'Client name: ' && read client &&
sha1sum /var/lib/puppet/ssl/ca/requests/$client.debian.org.pem
on new client:
- : ::client:: && sha1sum /var/lib/puppet/ssl/csr_$(hostname).debian.org.pem
+ : ::client:: && sha1sum /var/lib/puppet/ssl/certificate_requests/$(hostname).debian.org.pem
If you're satisfied, sign the request on handel with:
- : __handel__ && puppetca --sign $client.debian.org
+ : __handel__ && puppetca --sign $client.debian.org
bootstrap client knowledge of puppet ca:
on handel:
- : __handel__ && echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' &&
+ : __handel__ && echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' &&
cat /var/lib/puppet/ssl/certs/ca.pem &&
echo 'EOF' &&
echo "cat > /var/lib/puppet/ssl/certs/$client.debian.org.pem << EOF " &&
and execute this on the client.
- : ::client:: copy paste the thing you just created on handel
+ : ::client:: copy paste the thing you just created on handel
If this is a busy mail host, you might want to stop exim before proceeding
although the config files should remain identical before and after.
Then run (this will change the configs in /etc):
- : ::client:: && puppetd -w 5 --debug -t --factsync
+ : ::client:: && puppetd -w 5 --debug -t --factsync
This run will start puppet after reconfiguring it, so if you are
unhappy with what just happened, you'll need to stop it again to do
repair.
-Finally, for some reason, the switch to puppet seems to heavily confuse
-samhain (possibly the config file getting changed out from under it?).
+Double check apt - the puppet setup usually results in duplicate apt
+sources, since we ship a few under sources.list.d. Remove any unnecessary
+entries from sources.list.
+
+We ship a samhain config file that includes /lib and /usr/lib. This will
+almost certainly be different than the config file on the machine, so it
+will result in 1000s of files changed.
You may need to run samhain update after getting puppet going.
-When you're happy with everything, add teh new host to the puppet
-hostgroup in dsa-nagios.
+# vim:textwidth=72 sw=8 ts=8 et
projects / mirror / dsa-wiki.git / blobdiff