Kevin Bridges cyberswat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # switch to the jenkins user | |
| [root@li220-252:~] su jenkins | |
| jenkins@li220-252:/root$ | |
| # Move into the jenkins directory | |
| jenkins@li220-252:~$ cd /var/lib/jenkins/ | |
| # Intialize a git repository | |
| jenkins@li220-252:~$ git init | |
| Initialized empty Git repository in /var/lib/jenkins/.git/ |
cyberswat
/ cat-rsa-pub.sh
Created
February 28, 2012 16:17
You can quickly display the contents of your public key with the cat command
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jenkins@li220-252:~$ cat ~/.ssh/id_rsa.pub | |
| ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtqqYyeKldKj3lCh6sQ1sKHUNiKQigZx2kmT2+mRKvsZJdZHg/qmGKvhtJRf90DOPklvU1z1/x+ey0hCzP7qOfNNNZLadz9ZLAhR6Dk4jlerAMtS9zMoPZL/yEeQE24gUKAKrcXSpxUrCpAJw2Za1OdyEEoBiPSp+PIiYS/Hm4KrQC5Sj4KOr9cu6bWClmWNCXPFQDFBiEt1MxJ0P9lLTlejMrFlbc4iCeDXXT1P7WCtX/3UCcvsm92ZwgoNfBPqVADC1VytH0X6WsMLgdDiF67ZmDXxT4LTnl6ACbaMw6IZyafyQs4sWC4ecgDa2pDlFKzw9a2/yywtZME3V/6Qlsw== [email protected] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # switch to the jenkins user | |
| [root@li220-252:~] su jenkins | |
| jenkins@li220-252:/root$ | |
| # Generate the key | |
| jenkins@li220-252:~$ ssh-keygen -t rsa -C "[email protected]" | |
| Generating public/private rsa key pair. | |
| Enter file in which to save the key (/root/.ssh/id_rsa): | |
| Enter passphrase (empty for no passphrase): | |
| Enter same passphrase again: |
cyberswat
/ puppetd-second-run.sh
Created
February 28, 2012 05:14
First puppetd run after certificate signed on puppetmaster with puppetca
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| proot@li220-252:~] puppetd -t --server puppet.cyberswat.com | |
| warning: peer certificate won't be verified in this SSL session | |
| info: Caching certificate for li220-252.members.linode.com | |
| pcilib: Cannot open /proc/bus/pci | |
| lspci: Cannot find any working access method. | |
| info: Caching certificate_revocation_list for ca | |
| info: Caching catalog for li220-252.members.linode.com | |
| info: Applying configuration version '1330405985' | |
| info: Creating state file /var/lib/puppet/state/state.yaml | |
| notice: Finished catalog run in 0.05 seconds |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is the base node definition that all additional nodes should inherit. | |
| node base { | |
| include puppet | |
| } | |
| # regex is used to match the client fqdn | |
| node /^li220-252.members.linode.com$/ inherits base { | |
| include jenkins | |
| } |
cyberswat
/ puppet-master-sign.sh
Created
February 28, 2012 04:00
Sign the certificate request on the puppet master
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@puppet ~] puppetca --list | |
| li220-252.members.linode.com (52:32:81:19:B1:E4:89:83:13:CC:70:ED:C1:80:7A:5B) | |
| [root@puppet ~] puppetca --sign li220-252.members.linode.com | |
| notice: Signed certificate request for li220-252.members.linode.com | |
| notice: Removing file Puppet::SSL::CertificateRequest li220-252.members.linode.com at '/var/lib/puppet/ssl/ca/requests/li220-252.members.linode.com.pem' |
cyberswat
/ puppet-sign-request.sh
Created
February 28, 2012 03:58
Generate a puppet signing request
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@li220-252:~] puppetd -t --server puppet.cyberswat.com | |
| info: Creating a new SSL key for li220-252.members.linode.com | |
| warning: peer certificate won't be verified in this SSL session | |
| info: Caching certificate for ca | |
| warning: peer certificate won't be verified in this SSL session | |
| warning: peer certificate won't be verified in this SSL session | |
| info: Creating a new SSL certificate request for li220-252.members.linode.com | |
| info: Certificate Request fingerprint (md5): 52:32:81:19:B1:E4:89:83:13:CC:70:ED:C1:80:7A:5B | |
| warning: peer certificate won't be verified in this SSL session | |
| warning: peer certificate won't be verified in this SSL session |
cyberswat
/ puppetca-list-clean.sh
Created
February 28, 2012 03:44
Use puppetca to list and remove certificates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # You can use puppetca --list fqdn for a specific fqdn or puppetca --list --all to show all | |
| # This example shows that li220-252.members.linode.com exists | |
| [root@puppet ~] puppetca --list li220-252.members.linode.com | |
| + li220-252.members.linode.com (88:80:14:7A:67:F6:A3:B8:F3:AB:7F:59:FC:8A:29:31) | |
| # This example shows that li220-252.members.linode.com does not exist | |
| [root@puppet ~] puppetca --list li220-252.members.linode.com | |
| err: Could not call list: Could not find a certificate for li220-252.members.linode.com | |
| # If the certificate already exists you should remove it before requesting a new connection |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Log into the puppet client and execute facter | |
| [root@li220-252 ~] facter | grep fqdn | |
| fqdn => li220-252.members.linode.com |
cyberswat
/ ubuntu-puppetlabs-repo.sh
Created
February 28, 2012 02:10
Install Puppet Repo on Ubuntu 10.04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add puppetlabs to /etc/apt/sources.list.d | |
| echo -e "deb http://apt.puppetlabs.com/ubuntu lucid main\ndeb-src http://apt.puppetlabs.com/ubuntu lucid main" >> /etc/apt/sources.list.d/puppet.list | |
| # Download the public key | |
| apt-key adv --keyserver keyserver.ubuntu.com --recv 4BD6EC30 | |
| #Update apt | |
| apt-get update | |
| #Install puppet |