From: Martin Zobel-Helas Date: Sun, 27 Nov 2011 13:43:56 +0000 (+0100) Subject: Merge branch 'master' of git+ssh://db.debian.org/git/dsa-wiki X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=83e272296d6de9197df35a610e997082bebb040b;hp=-c;p=mirror%2Fdsa-wiki.git Merge branch 'master' of git+ssh://db.debian.org/git/dsa-wiki * 'master' of git+ssh://db.debian.org/git/dsa-wiki: per guest target dir for installs first puppetd -t will fail combine two blocks add -y to apt-get install when adding a new host, run puppet on draghi to update the firewall Update add-guest instructions do not wait for cert Update puppet howto: automate checksum checking, make domain independent Copy etc/apt/preferences only if it exists s/ext3/ext4/ --- 83e272296d6de9197df35a610e997082bebb040b diff --combined input/howto/puppet-setup.mdwn index 32a51e5,499b01e..1d2ec88 --- a/input/howto/puppet-setup.mdwn +++ b/input/howto/puppet-setup.mdwn @@@ -13,35 -13,34 +13,34 @@@ adjusted : __handel__ && puppetd -t --environment=production : ::client:: && apt-get update && - apt-get install --no-install-recommends puppet libaugeas-ruby1.8 augeas-lenses && + apt-get install --no-install-recommends puppet libaugeas-ruby1.8 augeas-lenses lsb-release && /etc/init.d/puppet stop && - puppetd -w 5 -t + (puppetd -t || true ) && + cd /var/lib/puppet/ssl/certificate_requests && + echo sha256sum output: && echo && + sha256sum $(hostname -f).pem && + echo && echo && cd / This will not overwrite anything yet, since handel has not signed the client cert. Now is the time to abort if you are getting cold feet. Compare incoming csr request: - on handel: - - : __handel__ && echo -n 'Client name: ' && read client && - sha1sum /var/lib/puppet/ssl/ca/requests/$client.debian.org.pem - on new client: - - : ::client:: && sha1sum /var/lib/puppet/ssl/certificate_requests/$(hostname).debian.org.pem - - If you're satisfied, sign the request on handel with: - - : __handel__ && puppetca --sign $client.debian.org - - bootstrap client knowledge of puppet ca: - on handel: - - : __handel__ && echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' && + on handel, paste the sha256output:: + + : __handel__ && echo "paste sha256sum output now:" && + read sha256 filename && + cd /var/lib/puppet/ssl/ca/requests && + ( [ -e $filename ] || (echo "$filename does not exist."; exit 1) ) && + echo -e "$sha256 $filename" | sha256sum -c && + puppetca --sign $(basename "$filename" .pem) && + echo && echo && echo && + echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' && cat /var/lib/puppet/ssl/certs/ca.pem && echo 'EOF' && - echo "cat > /var/lib/puppet/ssl/certs/$client.debian.org.pem << EOF " && - cat /var/lib/puppet/ssl/ca/signed/$client.debian.org.pem && - echo 'EOF' + echo "cat > /var/lib/puppet/ssl/certs/$filename << EOF " && + cat /var/lib/puppet/ssl/ca/signed/$filename && + echo 'EOF' && + cd / and execute this on the client. @@@ -52,7 -51,7 +51,7 @@@ although the config files should remai Then run (this will change the configs in /etc): - : ::client:: && puppetd -w 5 --debug -t + : ::client:: && puppetd -t This run will start puppet after reconfiguring it, so if you are unhappy with what just happened, you'll need to stop it again to do