adamcrews/gist:8344110

## gistfile1.txt
#!/bin/bash
#

CERTNAME='foo.adam.vm'

CONFDIR='/tmp/ssl_keys'
SSLDIR=`puppet config print ssldir`
PUPPETMASTER=`puppet config print server`
FQDN=`facter fqdn`

CURL_ARGS="--cert $SSLDIR/certs/$FQDN.pem --key $SSLDIR/private_keys/$FQDN.pem -k --silent"

mkdir -p $CONFDIR >/dev/null 2>&1

# let's create a certificate
if [ ! -f "$CONFDIR/$CERTNAME.key" ]; then
  openssl req -new -newkey rsa -nodes -keyout $CONFDIR/$CERTNAME.key -subj /CN=$CERTNAME -out $CONFDIR/$CERTNAME.csr >/dev/null 2>&1
fi

# upload the cert to the master
curl $CURL_ARGS -X PUT -H "Content-Type: text/plain" --data-binary \@$CONFDIR/$CERTNAME.csr https://$PUPPETMASTER:8140/production/certificate_request/$CERTNAME -o /dev/null

# sign the cert
curl $CURL_ARGS -X PUT -H "Content-Type: text/pson" --data '{"desired_state":"signed"}' https://$PUPPETMASTER:8140/production/certificate_status/$CERTNAME -o /dev/null

# fetch the newly signed cert
curl $CURL_ARGS -H "Accept: s" https://$PUPPETMASTER:8140/production/certificate/$CERTNAME -o $CONFDIR/$CERTNAME.pem

KEY=`cat $CONFDIR/$CERTNAME.key`
CERT=`cat $CONFDIR/$CERTNAME.pem`

echo "
install
url --url=http://10.0.1.2/centos/6/os/x86_64/
lang en_US.UTF-8
keyboard us
network --onboot yes --device eth0 --bootproto dhcp --noipv6
rootpw --plaintext vagrant
firewall --enabled --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --disabled
timezone --utc America/Los_Angeles
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"

text
skipx
zerombr

clearpart --all --initlabel
autopart

auth  --useshadow  --enablemd5
firstboot --disabled

repo --name=updates --baseurl=http://10.0.1.2/centos/6/updates/x86_64

reboot

%packages
@core
wget
%end

%post
echo 10.0.1.3 puppet >> /etc/hosts
wget -q -O /tmp/puppet-enterprise-3.1.0-el-6-x86_64.tar.gz http://10.0.1.2/3.1.0/puppet-enterprise-3.1.0-el-6-x86_64.tar.gz
wget -q -O /tmp/answers http://10.0.1.2/answers.ks
tar -C /tmp -zxf /tmp/puppet-enterprise-3.1.0-el-6-x86_64.tar.gz
(
  cd /tmp/puppet-enterprise*
  ./puppet-enterprise-intaller -a /tmp/answers
)

echo \"$KEY\" > /etc/puppetlabs/puppet/ssl/private_keys/$CERTNAME.pem
echo \"$CERT\" > /etc/puppetlabs/puppet/ssl/certs/$CERTNAME.pem

%end
"
	#!/bin/bash
	#

	CERTNAME='foo.adam.vm'

	CONFDIR='/tmp/ssl_keys'
	SSLDIR=`puppet config print ssldir`
	PUPPETMASTER=`puppet config print server`
	FQDN=`facter fqdn`

	CURL_ARGS="--cert $SSLDIR/certs/$FQDN.pem --key $SSLDIR/private_keys/$FQDN.pem -k --silent"

	mkdir -p $CONFDIR >/dev/null 2>&1

	# let's create a certificate
	if [ ! -f "$CONFDIR/$CERTNAME.key" ]; then
	openssl req -new -newkey rsa -nodes -keyout $CONFDIR/$CERTNAME.key -subj /CN=$CERTNAME -out $CONFDIR/$CERTNAME.csr >/dev/null 2>&1
	fi

	# upload the cert to the master
	curl $CURL_ARGS -X PUT -H "Content-Type: text/plain" --data-binary \@$CONFDIR/$CERTNAME.csr https://$PUPPETMASTER:8140/production/certificate_request/$CERTNAME -o /dev/null

	# sign the cert
	curl $CURL_ARGS -X PUT -H "Content-Type: text/pson" --data '{"desired_state":"signed"}' https://$PUPPETMASTER:8140/production/certificate_status/$CERTNAME -o /dev/null

	# fetch the newly signed cert
	curl $CURL_ARGS -H "Accept: s" https://$PUPPETMASTER:8140/production/certificate/$CERTNAME -o $CONFDIR/$CERTNAME.pem

	KEY=`cat $CONFDIR/$CERTNAME.key`
	CERT=`cat $CONFDIR/$CERTNAME.pem`

	echo "
	install
	url --url=http://10.0.1.2/centos/6/os/x86_64/
	lang en_US.UTF-8
	keyboard us
	network --onboot yes --device eth0 --bootproto dhcp --noipv6
	rootpw --plaintext vagrant
	firewall --enabled --service=ssh
	authconfig --enableshadow --passalgo=sha512
	selinux --disabled
	timezone --utc America/Los_Angeles
	bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"

	text
	skipx
	zerombr

	clearpart --all --initlabel
	autopart

	auth --useshadow --enablemd5
	firstboot --disabled

	repo --name=updates --baseurl=http://10.0.1.2/centos/6/updates/x86_64

	reboot

	%packages
	@core
	wget
	%end

	%post
	echo 10.0.1.3 puppet >> /etc/hosts
	wget -q -O /tmp/puppet-enterprise-3.1.0-el-6-x86_64.tar.gz http://10.0.1.2/3.1.0/puppet-enterprise-3.1.0-el-6-x86_64.tar.gz
	wget -q -O /tmp/answers http://10.0.1.2/answers.ks
	tar -C /tmp -zxf /tmp/puppet-enterprise-3.1.0-el-6-x86_64.tar.gz
	(
	cd /tmp/puppet-enterprise*
	./puppet-enterprise-intaller -a /tmp/answers
	)

	echo \"$KEY\" > /etc/puppetlabs/puppet/ssl/private_keys/$CERTNAME.pem
	echo \"$CERT\" > /etc/puppetlabs/puppet/ssl/certs/$CERTNAME.pem

	%end
	"