X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=input%2Fhowto%2Fpuppet-setup.mdwn;h=20d89cb47f701ca389e81c6d56791f3ef8024148;hb=4a8ed1eb4cc71e3d86d342a4aef8a1cd9470e205;hp=9ab1ac0b2638ef7f2b9b2d26b9d5fbdf586b0112;hpb=50acc3b0315c77b531b644fbdb8c83891844794f;p=mirror%2Fdsa-wiki.git

diff --git a/input/howto/puppet-setup.mdwn b/input/howto/puppet-setup.mdwn
index 9ab1ac0..20d89cb 100644
--- a/input/howto/puppet-setup.mdwn
+++ b/input/howto/puppet-setup.mdwn
@@ -10,15 +10,15 @@ Make sure you have set up the IP address for the new machine in ud-ldap.
 After that run puppet on puppetmaster once, so the ferm config get
 adjusted.
 
-        : __handel__ && puppetd -t --environment=production
+        : __handel__ && puppet agent -t --environment=production
 
-        : ::client:: && apt-get update &&
-                apt-get install --no-install-recommends puppet libaugeas-ruby1.8 augeas-lenses &&
-                /etc/init.d/puppet stop &&
-                puppetd -t &&
+        : ::client:: && me=$(hostname -f) && [ "$me" != "${me%debian.org}" ] && apt-get update &&
+                apt-get install -y --no-install-recommends puppet libaugeas-ruby1.8 augeas-lenses lsb-release &&
+                service puppet stop &&
+                (puppet agent -t || true ) &&
                 cd /var/lib/puppet/ssl/certificate_requests &&
                 echo sha256sum output: && echo &&
-                sha256sum $(hostname -f).pem &&
+                sha256sum $me.pem &&
                 echo && echo && cd /
 
 This will not overwrite anything yet, since handel has not signed the
@@ -27,7 +27,9 @@ client cert.  Now is the time to abort if you are getting cold feet.
 Compare incoming csr request:
 on handel, paste the sha256output::
 
-        : __handel__ && echo "paste sha256sum output now:" &&
+        : __handel__ &&
+                ud-replicate && sudo -u puppet make -C /srv/puppet.debian.org/ca/ install &&
+                echo "paste sha256sum output now:" &&
                 read sha256 filename &&
                 cd /var/lib/puppet/ssl/ca/requests &&
                 ( [ -e $filename ] || (echo "$filename does not exist."; exit 1) ) &&
@@ -51,16 +53,19 @@ although the config files should remain identical before and after.
 
 Then run (this will change the configs in /etc):
 
-        : ::client:: && puppetd -t
+        : ::client:: && puppet agent -t --pluginsync
 
-This run will start puppet after reconfiguring it, so if you are 
-unhappy with what just happened, you'll need to stop it again to do 
+This run will start puppet after reconfiguring it, so if you are
+unhappy with what just happened, you'll need to stop it again to do
 repair.
 
 Double check apt - the puppet setup usually results in duplicate apt
 sources, since we ship a few under sources.list.d.  Remove any unnecessary
 entries from sources.list.
 
+On handel, make sure the certs exist for the new host
+
+
 We ship a samhain config file that includes /lib and /usr/lib.  This will
 almost certainly be different than the config file on the machine, so it
 will result in 1000s of files changed.