Created
January 9, 2014 23:26
-
-
Save adamcrews/8344110 to your computer and use it in GitHub Desktop.
crappy, crappy, crappy kickstart
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
CERTNAME='foo.adam.vm' | |
CONFDIR='/tmp/ssl_keys' | |
SSLDIR=`puppet config print ssldir` | |
PUPPETMASTER=`puppet config print server` | |
FQDN=`facter fqdn` | |
CURL_ARGS="--cert $SSLDIR/certs/$FQDN.pem --key $SSLDIR/private_keys/$FQDN.pem -k --silent" | |
mkdir -p $CONFDIR >/dev/null 2>&1 | |
# let's create a certificate | |
if [ ! -f "$CONFDIR/$CERTNAME.key" ]; then | |
openssl req -new -newkey rsa -nodes -keyout $CONFDIR/$CERTNAME.key -subj /CN=$CERTNAME -out $CONFDIR/$CERTNAME.csr >/dev/null 2>&1 | |
fi | |
# upload the cert to the master | |
curl $CURL_ARGS -X PUT -H "Content-Type: text/plain" --data-binary \@$CONFDIR/$CERTNAME.csr https://$PUPPETMASTER:8140/production/certificate_request/$CERTNAME -o /dev/null | |
# sign the cert | |
curl $CURL_ARGS -X PUT -H "Content-Type: text/pson" --data '{"desired_state":"signed"}' https://$PUPPETMASTER:8140/production/certificate_status/$CERTNAME -o /dev/null | |
# fetch the newly signed cert | |
curl $CURL_ARGS -H "Accept: s" https://$PUPPETMASTER:8140/production/certificate/$CERTNAME -o $CONFDIR/$CERTNAME.pem | |
KEY=`cat $CONFDIR/$CERTNAME.key` | |
CERT=`cat $CONFDIR/$CERTNAME.pem` | |
echo " | |
install | |
url --url=http://10.0.1.2/centos/6/os/x86_64/ | |
lang en_US.UTF-8 | |
keyboard us | |
network --onboot yes --device eth0 --bootproto dhcp --noipv6 | |
rootpw --plaintext vagrant | |
firewall --enabled --service=ssh | |
authconfig --enableshadow --passalgo=sha512 | |
selinux --disabled | |
timezone --utc America/Los_Angeles | |
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet" | |
text | |
skipx | |
zerombr | |
clearpart --all --initlabel | |
autopart | |
auth --useshadow --enablemd5 | |
firstboot --disabled | |
repo --name=updates --baseurl=http://10.0.1.2/centos/6/updates/x86_64 | |
reboot | |
%packages | |
@core | |
wget | |
%end | |
%post | |
echo 10.0.1.3 puppet >> /etc/hosts | |
wget -q -O /tmp/puppet-enterprise-3.1.0-el-6-x86_64.tar.gz http://10.0.1.2/3.1.0/puppet-enterprise-3.1.0-el-6-x86_64.tar.gz | |
wget -q -O /tmp/answers http://10.0.1.2/answers.ks | |
tar -C /tmp -zxf /tmp/puppet-enterprise-3.1.0-el-6-x86_64.tar.gz | |
( | |
cd /tmp/puppet-enterprise* | |
./puppet-enterprise-intaller -a /tmp/answers | |
) | |
echo \"$KEY\" > /etc/puppetlabs/puppet/ssl/private_keys/$CERTNAME.pem | |
echo \"$CERT\" > /etc/puppetlabs/puppet/ssl/certs/$CERTNAME.pem | |
%end | |
" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment