From: Peter Palfrader Date: Thu, 12 Mar 2009 18:25:34 +0000 (+0100) Subject: name file correctly X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=73e69cf296d9aeaa0bf9c037844d35cd4ff1fd59;p=mirror%2Fdsa-wiki.git name file correctly --- diff --git a/input/howto/puppet-setup b/input/howto/puppet-setup deleted file mode 100644 index ba948a7..0000000 --- a/input/howto/puppet-setup +++ /dev/null @@ -1,52 +0,0 @@ -# Puppet infrastructure - -handel.debian.org is our current puppetmaster. Currently, it handles -configuration of samhain, munin, apt, and exim (although more to come - -this list is likely to get out of date quickly). - -To set up a new host to be a puppet client, do the following: - : ::client:: && apt-get install puppet && - /etc/init.d/puppet stop && - puppetd -w 5 --debug -t --factsync - -This will not overwrite anything yet, since handel has not signed the -client cert. Now is the time to abort if you are getting cold feet. - -Compare incoming csr request: -on handel: - : __handel__ && echo -n 'Client name: ' && read client && - sha1sum /var/lib/puppet/ssl/ca/requests/$client.debian.org.pem -on new client: - : ::client:: && sha1sum /var/lib/puppet/ssl/csr_$(hostname).debian.org.pem - -If you're satisfied, sign the request on handel with: - : __handel__ && puppetca --sign $client.debian.org - -bootstrap client knowledge of puppet ca: -on handel: - : __handel__ && echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' && - cat /var/lib/puppet/ssl/certs/ca.pem && - echo 'EOF' && - echo "cat > /var/lib/puppet/ssl/certs/$client.debian.org.pem << EOF " && - cat /var/lib/puppet/ssl/ca/signed/$client.debian.org.pem && - echo 'EOF' - -and execute this on the client. - : ::client:: copy paste the thing you just created on handel - -If this is a busy mail host, you might want to stop exim before proceeding -although the config files should remain identical before and after. - -Then run (this will change the configs in /etc): - : ::client:: && puppetd -w 5 --debug -t --factsync - -This run will start puppet after reconfiguring it, so if you are -unhappy with what just happened, you'll need to stop it again to do -repair. - -Finally, for some reason, the switch to puppet seems to heavily confuse -samhain (possibly the config file getting changed out from under it?). -You may need to run samhain update after getting puppet going. - -When you're happy with everything, add teh new host to the puppet -hostgroup in dsa-nagios. diff --git a/input/howto/puppet-setup.mdwn b/input/howto/puppet-setup.mdwn new file mode 100644 index 0000000..ba948a7 --- /dev/null +++ b/input/howto/puppet-setup.mdwn @@ -0,0 +1,52 @@ +# Puppet infrastructure + +handel.debian.org is our current puppetmaster. Currently, it handles +configuration of samhain, munin, apt, and exim (although more to come - +this list is likely to get out of date quickly). + +To set up a new host to be a puppet client, do the following: + : ::client:: && apt-get install puppet && + /etc/init.d/puppet stop && + puppetd -w 5 --debug -t --factsync + +This will not overwrite anything yet, since handel has not signed the +client cert. Now is the time to abort if you are getting cold feet. + +Compare incoming csr request: +on handel: + : __handel__ && echo -n 'Client name: ' && read client && + sha1sum /var/lib/puppet/ssl/ca/requests/$client.debian.org.pem +on new client: + : ::client:: && sha1sum /var/lib/puppet/ssl/csr_$(hostname).debian.org.pem + +If you're satisfied, sign the request on handel with: + : __handel__ && puppetca --sign $client.debian.org + +bootstrap client knowledge of puppet ca: +on handel: + : __handel__ && echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' && + cat /var/lib/puppet/ssl/certs/ca.pem && + echo 'EOF' && + echo "cat > /var/lib/puppet/ssl/certs/$client.debian.org.pem << EOF " && + cat /var/lib/puppet/ssl/ca/signed/$client.debian.org.pem && + echo 'EOF' + +and execute this on the client. + : ::client:: copy paste the thing you just created on handel + +If this is a busy mail host, you might want to stop exim before proceeding +although the config files should remain identical before and after. + +Then run (this will change the configs in /etc): + : ::client:: && puppetd -w 5 --debug -t --factsync + +This run will start puppet after reconfiguring it, so if you are +unhappy with what just happened, you'll need to stop it again to do +repair. + +Finally, for some reason, the switch to puppet seems to heavily confuse +samhain (possibly the config file getting changed out from under it?). +You may need to run samhain update after getting puppet going. + +When you're happy with everything, add teh new host to the puppet +hostgroup in dsa-nagios.