Merge branch 'master' of git+ssh://db.debian.org/git/dsa-wiki

* 'master' of git+ssh://db.debian.org/git/dsa-wiki:
  per guest target dir for installs
  first puppetd -t will fail
  combine two blocks
  add -y to apt-get install
  when adding a new host, run puppet on draghi to update the firewall
  Update add-guest instructions
  do not wait for cert
  Update puppet howto:  automate checksum checking, make domain independent
  Copy etc/apt/preferences only if it exists
  s/ext3/ext4/

diff --combined input/howto/puppet-setup.mdwn
index 32a51e5,499b01e..1d2ec88
--- 1/input/howto/puppet-setup.mdwn
--- 2/input/howto/puppet-setup.mdwn
+++ b/input/howto/puppet-setup.mdwn
@@@ -13,35 -13,34 +13,34 @@@ adjusted
          : __handel__ && puppetd -t --environment=production
  
          : ::client:: && apt-get update &&
 -                apt-get install --no-install-recommends puppet libaugeas-ruby1.8 augeas-lenses &&
 +                apt-get install --no-install-recommends puppet libaugeas-ruby1.8 augeas-lenses lsb-release &&
                  /etc/init.d/puppet stop &&
-                 puppetd -w 5 -t
+                 (puppetd -t || true ) &&
+                 cd /var/lib/puppet/ssl/certificate_requests &&
+                 echo sha256sum output: && echo &&
+                 sha256sum $(hostname -f).pem &&
+                 echo && echo && cd /
  
  This will not overwrite anything yet, since handel has not signed the
  client cert.  Now is the time to abort if you are getting cold feet.
  
  Compare incoming csr request:
- on handel:
- 
-         : __handel__ && echo -n 'Client name: ' && read client &&
-                 sha1sum /var/lib/puppet/ssl/ca/requests/$client.debian.org.pem
- on new client:
- 
-         : ::client:: && sha1sum /var/lib/puppet/ssl/certificate_requests/$(hostname).debian.org.pem
- 
- If you're satisfied, sign the request on handel with:
- 
-         : __handel__ && puppetca --sign $client.debian.org
- 
- bootstrap client knowledge of puppet ca:
- on handel:
- 
-         : __handel__ && echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' &&
+ on handel, paste the sha256output::
+ 
+         : __handel__ && echo "paste sha256sum output now:" &&
+                 read sha256 filename &&
+                 cd /var/lib/puppet/ssl/ca/requests &&
+                 ( [ -e $filename ] || (echo "$filename does not exist."; exit 1) ) &&
+                 echo -e "$sha256  $filename" | sha256sum -c &&
+                 puppetca --sign $(basename "$filename" .pem) &&
+                 echo && echo && echo &&
+                 echo 'cat > /var/lib/puppet/ssl/certs/ca.pem << EOF ' &&
                  cat /var/lib/puppet/ssl/certs/ca.pem &&
                  echo 'EOF' &&
-                 echo "cat > /var/lib/puppet/ssl/certs/$client.debian.org.pem << EOF " &&
-                 cat /var/lib/puppet/ssl/ca/signed/$client.debian.org.pem &&
-                 echo 'EOF'
+                 echo "cat > /var/lib/puppet/ssl/certs/$filename << EOF " &&
+                 cat /var/lib/puppet/ssl/ca/signed/$filename &&
+                 echo 'EOF' &&
+                 cd /
  
  and execute this on the client.
  
@@@ -52,7 -51,7 +51,7 @@@ although the config files should remai
  
  Then run (this will change the configs in /etc):
  
-         : ::client:: && puppetd -w 5 --debug -t
+         : ::client:: && puppetd -t
  
  This run will start puppet after reconfiguring it, so if you are 
  unhappy with what just happened, you'll need to stop it again to do