X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=input%2Fhowto%2Fpuppet-setup.mdwn;h=25b7c493af6e230fc861d6d53d45778cb68736af;hb=b0b091134d88398845e8bc7fe0698a92fdf816c3;hp=ba948a7a73cd16b044b3b6cc00574d82420757db;hpb=73e69cf296d9aeaa0bf9c037844d35cd4ff1fd59;p=mirror%2Fdsa-wiki.git diff --git a/input/howto/puppet-setup.mdwn b/input/howto/puppet-setup.mdwn index ba948a7..25b7c49 100644 --- a/input/howto/puppet-setup.mdwn +++ b/input/howto/puppet-setup.mdwn @@ -5,7 +5,8 @@ configuration of samhain, munin, apt, and exim (although more to come - this list is likely to get out of date quickly). To set up a new host to be a puppet client, do the following: - : ::client:: && apt-get install puppet && + + : ::client:: && apt-get install --no-install-recommends puppet && /etc/init.d/puppet stop && puppetd -w 5 --debug -t --factsync @@ -14,16 +15,20 @@ client cert. Now is the time to abort if you are getting cold feet. Compare incoming csr request: on handel: + : __handel__ && echo -n 'Client name: ' && read client && sha1sum /var/lib/puppet/ssl/ca/requests/$client.debian.org.pem on new client: + : ::client:: && sha1sum /var/lib/puppet/ssl/csr_$(hostname).debian.org.pem If you're satisfied, sign the request on handel with: + : __handel__ && puppetca --sign $client.debian.org bootstrap client knowledge of puppet ca: on handel: + : __handel__ && echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' && cat /var/lib/puppet/ssl/certs/ca.pem && echo 'EOF' && @@ -32,21 +37,25 @@ on handel: echo 'EOF' and execute this on the client. + : ::client:: copy paste the thing you just created on handel If this is a busy mail host, you might want to stop exim before proceeding although the config files should remain identical before and after. Then run (this will change the configs in /etc): + : ::client:: && puppetd -w 5 --debug -t --factsync This run will start puppet after reconfiguring it, so if you are unhappy with what just happened, you'll need to stop it again to do repair. -Finally, for some reason, the switch to puppet seems to heavily confuse -samhain (possibly the config file getting changed out from under it?). -You may need to run samhain update after getting puppet going. +Double check apt - the puppet setup usually results in duplicate apt +sources, since we ship a few under sources.list.d. Remove any unnecessary +entries from sources.list. -When you're happy with everything, add teh new host to the puppet -hostgroup in dsa-nagios. +We ship a samhain config file that includes /lib and /usr/lib. This will +almost certainly be different than the config file on the machine, so it +will result in 1000s of files changed. +You may need to run samhain update after getting puppet going.