Last active
April 6, 2018 21:48
-
-
Save droopy4096/8df9b4604f91d1e98b3f39eaa7a61f37 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- hosts: puppetmaster | |
tasks: | |
- name: stop master puppet | |
service: name=httpd state=stopped | |
tags: | |
- master | |
- service | |
- stop | |
- name: kill remaining httpd process | |
shell: pkill httpd | |
tags: | |
- master | |
- service | |
- stop | |
- name: remove old backup | |
file: path=/var/lib/puppet/ssl-{{ backup_suffix | default('backup') }} state=absent | |
tags: | |
- master | |
- cleanup | |
- name: "backup & remove ssl master certs" | |
shell: creates=/var/lib/puppet/ssl-{{ backup_suffix | default('backup') }} mv /var/lib/puppet/ssl /var/lib/puppet/ssl-{{ backup_suffix | default('backup') }} | |
tags: | |
- master | |
- remove | |
- hosts: puppetdb | |
tasks: | |
- name: stop puppet agent | |
service: name=puppet state=stopped | |
- name: stop puppetdb | |
service: name=puppetdb state=stopped | |
tags: | |
- master | |
- service | |
- stop | |
- hosts: all,!puppetmaster,!puppetdb | |
tasks: | |
- name: "stop puppet" | |
service: name=puppet state=stopped | |
tags: | |
- client | |
- service | |
- stop | |
- name: kill remaining puppet process | |
shell: pkill puppet | |
tags: | |
- master | |
- service | |
- stop | |
- name: remove old backup | |
file: path=/var/lib/puppet/ssl-{{ backup_suffix | default('backup') }} state=absent | |
tags: | |
- client | |
- cleanup | |
- name: "backup & remove ssl stuff" | |
shell: creates=/var/lib/puppet/ssl-{{ backup_suffix | default('backup') }} mv /var/lib/puppet/ssl /var/lib/puppet/ssl-{{ backup_suffix | default('backup') }} | |
tags: | |
- client | |
- remove | |
- hosts: puppetmaster | |
gather_facts: False | |
tasks: | |
- name: re-generate certs | |
shell: puppet cert list -a | |
tags: | |
- master | |
- generate | |
- name: "generate puppet master's new cert" | |
shell: "puppet master --no-daemonize --verbose 2>&1 | grep -m 1 -F 'Notice: Starting Puppet master'" | |
tags: | |
- master | |
- generate | |
ignore_errors: True | |
- name: start master puppet | |
service: name=httpd state=started | |
tags: | |
- master | |
- service | |
- start | |
- hosts: puppetdb | |
gather_facts: False | |
tasks: | |
- name: move old SSL out of the way | |
shell: mv /etc/puppetdb/ssl /etc/puppetdb/ssl-{{ backup_suffix | default('backup') }} | |
- name: create SSL dir | |
file: path=/etc/puppetdb/ssl state=directory owner=puppetdb group=puppetdb | |
- name: run puppet once | |
puppet: | |
- name: stop puppet agent | |
service: name=puppet state=stopped | |
- name: run puppetdb-ssl-setup | |
shell: /usr/libexec/puppetdb/puppetdb-ssl-setup | |
tags: | |
- master | |
- generate | |
- name: start puppetdb | |
service: name=puppetdb state=started | |
tags: | |
- master | |
- service | |
- start | |
- hosts: all,!puppetmaster,!puppetdb | |
gather_facts: False | |
tasks: | |
- name: update puppet | |
shell: yum -y --enablerepo=irt-puppet\* --disableplugin=priorities update puppet | |
tags: | |
- client | |
- upgrade | |
- name: "start puppet" | |
service: name=puppet state=started | |
tags: | |
- client | |
- service | |
- start |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://docs.puppet.com/puppet/3.7/ssl_regenerate_certificates.html | |
- hosts: puppetmaster | |
tasks: | |
- name: stop master puppet | |
service: name=httpd state=stopped | |
- name: "remove ssl master certs" | |
file: path=/var/lib/puppet/ssl state=absent | |
- name: "restore ssl master certs" | |
shell: removes=/var/lib/puppet/ssl-{{ backup_suffix | default('backup') }} /var/lib/puppet/ssl-{{ backup_suffix | default('backup') }} /var/lib/puppet/ssl | |
- hosts: all,!puppetmaster | |
tasks: | |
- name: "stop puppet" | |
service: name=puppet state=stopped pattern="puppet agent" | |
- name: "remove ssl certs" | |
file: path=/var/lib/puppet/ssl state=absent | |
- name: "restore ssl stuff" | |
shell: removes=/var/lib/puppet/ssl-{{ backup_suffix | default('backup') }} mv /var/lib/puppet/ssl-{{ backup_suffix | default('backup') }} /var/lib/puppet/ssl | |
- hosts: puppetmaster | |
gather_facts: False | |
tasks: | |
- name: start master puppet | |
service: name=httpd state=started | |
- hosts: all,!puppetmaster,!puppetdb | |
gather_facts: False | |
tasks: | |
- name: "start puppet" | |
service: name=puppet state=started | |
# puppet: |
re-signing part was never run in one run - always split by tags/limits so no guarantees on whole playbook run, but it does reflect the steps I had to go through
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
restore part was never tested