+++ /dev/null
-# Puppet infrastructure
-
-handel.debian.org is our current puppetmaster. Currently, it handles
-configuration of samhain, munin, apt, and exim (although more to come -
-this list is likely to get out of date quickly).
-
-To set up a new host to be a puppet client, do the following:
- : ::client:: && apt-get install puppet &&
- /etc/init.d/puppet stop &&
- puppetd -w 5 --debug -t --factsync
-
-This will not overwrite anything yet, since handel has not signed the
-client cert. Now is the time to abort if you are getting cold feet.
-
-Compare incoming csr request:
-on handel:
- : __handel__ && echo -n 'Client name: ' && read client &&
- sha1sum /var/lib/puppet/ssl/ca/requests/$client.debian.org.pem
-on new client:
- : ::client:: && sha1sum /var/lib/puppet/ssl/csr_$(hostname).debian.org.pem
-
-If you're satisfied, sign the request on handel with:
- : __handel__ && puppetca --sign $client.debian.org
-
-bootstrap client knowledge of puppet ca:
-on handel:
- : __handel__ && echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' &&
- cat /var/lib/puppet/ssl/certs/ca.pem &&
- echo 'EOF' &&
- echo "cat > /var/lib/puppet/ssl/certs/$client.debian.org.pem << EOF " &&
- cat /var/lib/puppet/ssl/ca/signed/$client.debian.org.pem &&
- echo 'EOF'
-
-and execute this on the client.
- : ::client:: copy paste the thing you just created on handel
-
-If this is a busy mail host, you might want to stop exim before proceeding
-although the config files should remain identical before and after.
-
-Then run (this will change the configs in /etc):
- : ::client:: && puppetd -w 5 --debug -t --factsync
-
-This run will start puppet after reconfiguring it, so if you are
-unhappy with what just happened, you'll need to stop it again to do
-repair.
-
-Finally, for some reason, the switch to puppet seems to heavily confuse
-samhain (possibly the config file getting changed out from under it?).
-You may need to run samhain update after getting puppet going.
-
-When you're happy with everything, add teh new host to the puppet
-hostgroup in dsa-nagios.
--- /dev/null
+# Puppet infrastructure
+
+handel.debian.org is our current puppetmaster. Currently, it handles
+configuration of samhain, munin, apt, and exim (although more to come -
+this list is likely to get out of date quickly).
+
+To set up a new host to be a puppet client, do the following:
+ : ::client:: && apt-get install puppet &&
+ /etc/init.d/puppet stop &&
+ puppetd -w 5 --debug -t --factsync
+
+This will not overwrite anything yet, since handel has not signed the
+client cert. Now is the time to abort if you are getting cold feet.
+
+Compare incoming csr request:
+on handel:
+ : __handel__ && echo -n 'Client name: ' && read client &&
+ sha1sum /var/lib/puppet/ssl/ca/requests/$client.debian.org.pem
+on new client:
+ : ::client:: && sha1sum /var/lib/puppet/ssl/csr_$(hostname).debian.org.pem
+
+If you're satisfied, sign the request on handel with:
+ : __handel__ && puppetca --sign $client.debian.org
+
+bootstrap client knowledge of puppet ca:
+on handel:
+ : __handel__ && echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' &&
+ cat /var/lib/puppet/ssl/certs/ca.pem &&
+ echo 'EOF' &&
+ echo "cat > /var/lib/puppet/ssl/certs/$client.debian.org.pem << EOF " &&
+ cat /var/lib/puppet/ssl/ca/signed/$client.debian.org.pem &&
+ echo 'EOF'
+
+and execute this on the client.
+ : ::client:: copy paste the thing you just created on handel
+
+If this is a busy mail host, you might want to stop exim before proceeding
+although the config files should remain identical before and after.
+
+Then run (this will change the configs in /etc):
+ : ::client:: && puppetd -w 5 --debug -t --factsync
+
+This run will start puppet after reconfiguring it, so if you are
+unhappy with what just happened, you'll need to stop it again to do
+repair.
+
+Finally, for some reason, the switch to puppet seems to heavily confuse
+samhain (possibly the config file getting changed out from under it?).
+You may need to run samhain update after getting puppet going.
+
+When you're happy with everything, add teh new host to the puppet
+hostgroup in dsa-nagios.
projects / mirror / dsa-wiki.git / commitdiff