brettswift · June 11, 2015 14:08
diff --git a/pe_migration_3-3_to_3-8.sh b/pe_migration_3-3_to_3-8.sh
 #Note: those with a gap between, run them individually (ie you may not want to copy multiple lines if there are spaces. Prompts will prevent subsequent lines from being pasted)

 #Part 1 - Allow remote ssh commands to old puppet master

 # comment out "Defaults requiretty" in /etc/sudoers on the 'old' puppet master to enable remote scripting. :)

 #Part 2 follow this walkthrough: http://docs.puppetlabs.com/pe/latest/trouble_regenerate_certs_monolithic.html
 #Walkthrough Step 1: Shut down all PE-related services
 puppet resource service pe-puppet ensure=stopped
 puppet resource service pe-puppetserver ensure=stopped
 puppet resource service pe-activemq ensure=stopped
 puppet resource service pe-mcollective ensure=stopped
 puppet resource service pe-puppetdb ensure=stopped
 puppet resource service pe-postgresql ensure=stopped
 puppet resource service pe-console-services ensure=stopped
 puppet resource service pe-httpd ensure=stopped

 #Walkthrough Step 2: Delete and recreate the CA (modified to copy 'old' puppet master instead of creating a new CA)
 rm -rf /etc/puppetlabs/puppet/ssl/*

 rm -f /var/opt/lib/pe-puppet/client_data/catalog/`hostname -f`.json

 # scp CA from other master
 # !!EDIT THIS!!  Should be the old puppet master fqdn
 ssh [email protected] "cd /etc/puppetlabs/puppet; sudo tar cvpzf  ~/ssl_export.tar ssl"

 scp [email protected]:~/ssl_export.tar ~/ssl_export.tar

 cd /etc/puppetlabs/puppet;  tar -xvf ~/ssl_export.tar ssl

 # Delete old master certs, and internal certs (not in walkthrough)
 # puppet cert clean pe-internal-classifier #not required for puppet 3.3
 puppet cert clean pe-internal-dashboard
 puppet cert clean pe-internal-mcollective-servers
 puppet cert clean pe-internal-peadmin-mcollective-client
 puppet cert clean pe-internal-puppet-console-mcollective-client
 # !!EDIT THIS!!  This is the cert name that came from the other server.
 puppet cert clean puppet.domain.ca

 perl -p -i -e 'tr/A-Z/a-z/' /etc/hosts #because our domain is upper case.. d'oh.

 #continuing with step 2.5 from the guide
 puppet cert generate `hostname -f` --dns_alt_names==puppet,`hostname -f`

 #step 6 on walkthrough
 puppet cert generate pe-internal-classifier
 puppet cert generate pe-internal-dashboard
 puppet cert generate pe-internal-mcollective-servers
 puppet cert generate pe-internal-peadmin-mcollective-client
 puppet cert generate pe-internal-puppet-console-mcollective-client

 unalias cp #root aliases it to 'cp -i' forcing interactive mode.  lets disable that for this session!
 yes | cp /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem /etc/puppetlabs/puppet/ssl/crl.pem

 chown -R pe-puppet:pe-puppet /etc/puppetlabs/puppet/ssl

 #Walkthrough Step 3: Clear and Regenerate Certs for PuppetDB
 rm -rf /etc/puppetlabs/puppetdb/ssl/*

 yes | cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /etc/puppetlabs/puppetdb/ssl/`hostname -f`.cert.pem
 yes | cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /etc/puppetlabs/puppetdb/ssl/`hostname -f`.public_key.pem
 yes | cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /etc/puppetlabs/puppetdb/ssl/`hostname -f`.private_key.pem

 chown -R pe-puppetdb:pe-puppetdb /etc/puppetlabs/puppetdb/ssl

 rm -rf /opt/puppet/var/lib/pgsql/9.2/data/certs/*

 yes | cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/`hostname -f`.cert.pem
 yes | cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/`hostname -f`.public_key.pem
 yes | cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/`hostname -f`.private_key.pem
 chmod 400 /opt/puppet/var/lib/pgsql/9.2/data/certs/*
 chown pe-postgres:pe-postgres /opt/puppet/var/lib/pgsql/9.2/data/certs/*

 #Walkthrough Step 4: Clear and Regenerate Certs for the PE Console
 rm -rf /opt/puppet/share/puppet-dashboard/certs/*
 rm -rf /opt/puppet/share/console-services/certs/*

 yes | cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.cert.pem
 yes | cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.public_key.pem
 yes | cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.private_key.pem

 yes | cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /opt/puppet/share/console-services/certs/`hostname -f`.cert.pem
 yes | cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /opt/puppet/share/console-services/certs/`hostname -f`.public_key.pem
 yes | cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /opt/puppet/share/console-services/certs/`hostname -f`.private_key.pem

 yes | cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.cert.pem
 yes | cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.public_key.pem
 yes | cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.private_key.pem
 chown -R pe-console-services:pe-console-services /opt/puppet/share/console-services/certs

 yes | cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /opt/puppet/share/puppet-dashboard/certs/`hostname -f`.cert.pem
 yes | cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /opt/puppet/share/puppet-dashboard/certs/`hostname -f`.public_key.pem
 yes | cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /opt/puppet/share/puppet-dashboard/certs/`hostname -f`.private_key.pem

 yes | cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.cert.pem
 yes | cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.public_key.pem
 yes | cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.private_key.pem
 chown -R puppet-dashboard:puppet-dashboard /opt/puppet/share/puppet-dashboard/certs

 # Walkthrough Step 5: Restart PE Services
 puppet resource service pe-puppetserver ensure=running
 puppet resource service pe-postgresql ensure=running
 puppet resource service pe-puppetdb ensure=running
 puppet resource service pe-console-services ensure=running
 puppet resource service pe-httpd ensure=running
 puppet resource service pe-activemq ensure=running
 puppet resource service pe-mcollective ensure=running
 puppet resource service pe-puppet ensure=running
	#Note: those with a gap between, run them individually (ie you may not want to copy multiple lines if there are spaces. Prompts will prevent subsequent lines from being pasted)

	#Part 1 - Allow remote ssh commands to old puppet master

	# comment out "Defaults requiretty" in /etc/sudoers on the 'old' puppet master to enable remote scripting. :)

	#Part 2 follow this walkthrough: http://docs.puppetlabs.com/pe/latest/trouble_regenerate_certs_monolithic.html
	#Walkthrough Step 1: Shut down all PE-related services
	puppet resource service pe-puppet ensure=stopped
	puppet resource service pe-puppetserver ensure=stopped
	puppet resource service pe-activemq ensure=stopped
	puppet resource service pe-mcollective ensure=stopped
	puppet resource service pe-puppetdb ensure=stopped
	puppet resource service pe-postgresql ensure=stopped
	puppet resource service pe-console-services ensure=stopped
	puppet resource service pe-httpd ensure=stopped

	#Walkthrough Step 2: Delete and recreate the CA (modified to copy 'old' puppet master instead of creating a new CA)
	rm -rf /etc/puppetlabs/puppet/ssl/*

	rm -f /var/opt/lib/pe-puppet/client_data/catalog/`hostname -f`.json

	# scp CA from other master
	# !!EDIT THIS!! Should be the old puppet master fqdn
	ssh [email protected] "cd /etc/puppetlabs/puppet; sudo tar cvpzf ~/ssl_export.tar ssl"

	scp [email protected]:~/ssl_export.tar ~/ssl_export.tar

	cd /etc/puppetlabs/puppet; tar -xvf ~/ssl_export.tar ssl

	# Delete old master certs, and internal certs (not in walkthrough)
	# puppet cert clean pe-internal-classifier #not required for puppet 3.3
	puppet cert clean pe-internal-dashboard
	puppet cert clean pe-internal-mcollective-servers
	puppet cert clean pe-internal-peadmin-mcollective-client
	puppet cert clean pe-internal-puppet-console-mcollective-client
	# !!EDIT THIS!! This is the cert name that came from the other server.
	puppet cert clean puppet.domain.ca

	perl -p -i -e 'tr/A-Z/a-z/' /etc/hosts #because our domain is upper case.. d'oh.

	#continuing with step 2.5 from the guide
	puppet cert generate `hostname -f` --dns_alt_names==puppet,`hostname -f`

	#step 6 on walkthrough
	puppet cert generate pe-internal-classifier
	puppet cert generate pe-internal-dashboard
	puppet cert generate pe-internal-mcollective-servers
	puppet cert generate pe-internal-peadmin-mcollective-client
	puppet cert generate pe-internal-puppet-console-mcollective-client

	unalias cp #root aliases it to 'cp -i' forcing interactive mode. lets disable that for this session!
	yes \| cp /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem /etc/puppetlabs/puppet/ssl/crl.pem

	chown -R pe-puppet:pe-puppet /etc/puppetlabs/puppet/ssl

	#Walkthrough Step 3: Clear and Regenerate Certs for PuppetDB
	rm -rf /etc/puppetlabs/puppetdb/ssl/*

	yes \| cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /etc/puppetlabs/puppetdb/ssl/`hostname -f`.cert.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /etc/puppetlabs/puppetdb/ssl/`hostname -f`.public_key.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /etc/puppetlabs/puppetdb/ssl/`hostname -f`.private_key.pem

	chown -R pe-puppetdb:pe-puppetdb /etc/puppetlabs/puppetdb/ssl

	rm -rf /opt/puppet/var/lib/pgsql/9.2/data/certs/*

	yes \| cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/`hostname -f`.cert.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/`hostname -f`.public_key.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/`hostname -f`.private_key.pem
	chmod 400 /opt/puppet/var/lib/pgsql/9.2/data/certs/*
	chown pe-postgres:pe-postgres /opt/puppet/var/lib/pgsql/9.2/data/certs/*

	#Walkthrough Step 4: Clear and Regenerate Certs for the PE Console
	rm -rf /opt/puppet/share/puppet-dashboard/certs/*
	rm -rf /opt/puppet/share/console-services/certs/*

	yes \| cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.cert.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.public_key.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.private_key.pem

	yes \| cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /opt/puppet/share/console-services/certs/`hostname -f`.cert.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /opt/puppet/share/console-services/certs/`hostname -f`.public_key.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /opt/puppet/share/console-services/certs/`hostname -f`.private_key.pem

	yes \| cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.cert.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.public_key.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.private_key.pem
	chown -R pe-console-services:pe-console-services /opt/puppet/share/console-services/certs

	yes \| cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /opt/puppet/share/puppet-dashboard/certs/`hostname -f`.cert.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /opt/puppet/share/puppet-dashboard/certs/`hostname -f`.public_key.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /opt/puppet/share/puppet-dashboard/certs/`hostname -f`.private_key.pem

	yes \| cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.cert.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.public_key.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.private_key.pem
	chown -R puppet-dashboard:puppet-dashboard /opt/puppet/share/puppet-dashboard/certs

	# Walkthrough Step 5: Restart PE Services
	puppet resource service pe-puppetserver ensure=running
	puppet resource service pe-postgresql ensure=running
	puppet resource service pe-puppetdb ensure=running
	puppet resource service pe-console-services ensure=running
	puppet resource service pe-httpd ensure=running
	puppet resource service pe-activemq ensure=running
	puppet resource service pe-mcollective ensure=running
	puppet resource service pe-puppet ensure=running