brettswift/pe_migration_3-3_to_3-8.sh

## pe_migration_3-3_to_3-8.sh
#Note: those with a gap between, run them individually (ie you may not want to copy multiple lines if there are spaces. Prompts will prevent subsequent lines from being pasted)

#Part 1 - Allow remote ssh commands to old puppet master

# comment out "Defaults requiretty" in /etc/sudoers on the 'old' puppet master to enable remote scripting. :)

#Part 2 follow this walkthrough: http://docs.puppetlabs.com/pe/latest/trouble_regenerate_certs_monolithic.html
#Walkthrough Step 1: Shut down all PE-related services
puppet resource service pe-puppet ensure=stopped
puppet resource service pe-puppetserver ensure=stopped
puppet resource service pe-activemq ensure=stopped
puppet resource service pe-mcollective ensure=stopped
puppet resource service pe-puppetdb ensure=stopped
puppet resource service pe-postgresql ensure=stopped
puppet resource service pe-console-services ensure=stopped
puppet resource service pe-httpd ensure=stopped

#Walkthrough Step 2: Delete and recreate the CA (modified to copy 'old' puppet master instead of creating a new CA)
rm -rf /etc/puppetlabs/puppet/ssl/*

rm -f /var/opt/lib/pe-puppet/client_data/catalog/`hostname -f`.json

# scp CA from other master
# !!EDIT THIS!!  Should be the old puppet master fqdn
ssh bswift@puppet.domain.ca "cd /etc/puppetlabs/puppet; sudo tar cvpzf  ~/ssl_export.tar ssl"

scp bswift@puppet.domain.ca:~/ssl_export.tar ~/ssl_export.tar

cd /etc/puppetlabs/puppet;  tar -xvf ~/ssl_export.tar ssl

# Delete old master certs, and internal certs (not in walkthrough)
# puppet cert clean pe-internal-classifier #not required for puppet 3.3
puppet cert clean pe-internal-dashboard
puppet cert clean pe-internal-mcollective-servers
puppet cert clean pe-internal-peadmin-mcollective-client
puppet cert clean pe-internal-puppet-console-mcollective-client
# !!EDIT THIS!!  This is the cert name that came from the other server.
puppet cert clean puppet.domain.ca

perl -p -i -e 'tr/A-Z/a-z/' /etc/hosts #because our domain is upper case.. d'oh.

#continuing with step 2.5 from the guide
puppet cert generate `hostname -f` --dns_alt_names==puppet,`hostname -f`

#step 6 on walkthrough
puppet cert generate pe-internal-classifier
puppet cert generate pe-internal-dashboard
puppet cert generate pe-internal-mcollective-servers
puppet cert generate pe-internal-peadmin-mcollective-client
puppet cert generate pe-internal-puppet-console-mcollective-client

unalias cp #root aliases it to 'cp -i' forcing interactive mode.  lets disable that for this session!
yes | cp /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem /etc/puppetlabs/puppet/ssl/crl.pem

chown -R pe-puppet:pe-puppet /etc/puppetlabs/puppet/ssl

#Walkthrough Step 3: Clear and Regenerate Certs for PuppetDB
rm -rf /etc/puppetlabs/puppetdb/ssl/*

yes | cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /etc/puppetlabs/puppetdb/ssl/`hostname -f`.cert.pem
yes | cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /etc/puppetlabs/puppetdb/ssl/`hostname -f`.public_key.pem
yes | cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /etc/puppetlabs/puppetdb/ssl/`hostname -f`.private_key.pem

chown -R pe-puppetdb:pe-puppetdb /etc/puppetlabs/puppetdb/ssl

rm -rf /opt/puppet/var/lib/pgsql/9.2/data/certs/*

yes | cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/`hostname -f`.cert.pem
yes | cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/`hostname -f`.public_key.pem
yes | cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/`hostname -f`.private_key.pem
chmod 400 /opt/puppet/var/lib/pgsql/9.2/data/certs/*
chown pe-postgres:pe-postgres /opt/puppet/var/lib/pgsql/9.2/data/certs/*

#Walkthrough Step 4: Clear and Regenerate Certs for the PE Console
rm -rf /opt/puppet/share/puppet-dashboard/certs/*
rm -rf /opt/puppet/share/console-services/certs/*

yes | cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.cert.pem
yes | cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.public_key.pem
yes | cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.private_key.pem

yes | cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /opt/puppet/share/console-services/certs/`hostname -f`.cert.pem
yes | cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /opt/puppet/share/console-services/certs/`hostname -f`.public_key.pem
yes | cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /opt/puppet/share/console-services/certs/`hostname -f`.private_key.pem

yes | cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.cert.pem
yes | cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.public_key.pem
yes | cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.private_key.pem
chown -R pe-console-services:pe-console-services /opt/puppet/share/console-services/certs

yes | cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /opt/puppet/share/puppet-dashboard/certs/`hostname -f`.cert.pem
yes | cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /opt/puppet/share/puppet-dashboard/certs/`hostname -f`.public_key.pem
yes | cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /opt/puppet/share/puppet-dashboard/certs/`hostname -f`.private_key.pem

yes | cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.cert.pem
yes | cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.public_key.pem
yes | cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.private_key.pem
chown -R puppet-dashboard:puppet-dashboard /opt/puppet/share/puppet-dashboard/certs

# Walkthrough Step 5: Restart PE Services
puppet resource service pe-puppetserver ensure=running
puppet resource service pe-postgresql ensure=running
puppet resource service pe-puppetdb ensure=running
puppet resource service pe-console-services ensure=running
puppet resource service pe-httpd ensure=running
puppet resource service pe-activemq ensure=running
puppet resource service pe-mcollective ensure=running
puppet resource service pe-puppet ensure=running
	#Note: those with a gap between, run them individually (ie you may not want to copy multiple lines if there are spaces. Prompts will prevent subsequent lines from being pasted)

	#Part 1 - Allow remote ssh commands to old puppet master

	# comment out "Defaults requiretty" in /etc/sudoers on the 'old' puppet master to enable remote scripting. :)

	#Part 2 follow this walkthrough: http://docs.puppetlabs.com/pe/latest/trouble_regenerate_certs_monolithic.html
	#Walkthrough Step 1: Shut down all PE-related services
	puppet resource service pe-puppet ensure=stopped
	puppet resource service pe-puppetserver ensure=stopped
	puppet resource service pe-activemq ensure=stopped
	puppet resource service pe-mcollective ensure=stopped
	puppet resource service pe-puppetdb ensure=stopped
	puppet resource service pe-postgresql ensure=stopped
	puppet resource service pe-console-services ensure=stopped
	puppet resource service pe-httpd ensure=stopped

	#Walkthrough Step 2: Delete and recreate the CA (modified to copy 'old' puppet master instead of creating a new CA)
	rm -rf /etc/puppetlabs/puppet/ssl/*

	rm -f /var/opt/lib/pe-puppet/client_data/catalog/`hostname -f`.json

	# scp CA from other master
	# !!EDIT THIS!! Should be the old puppet master fqdn
	ssh bswift@puppet.domain.ca "cd /etc/puppetlabs/puppet; sudo tar cvpzf ~/ssl_export.tar ssl"

	scp bswift@puppet.domain.ca:~/ssl_export.tar ~/ssl_export.tar

	cd /etc/puppetlabs/puppet; tar -xvf ~/ssl_export.tar ssl

	# Delete old master certs, and internal certs (not in walkthrough)
	# puppet cert clean pe-internal-classifier #not required for puppet 3.3
	puppet cert clean pe-internal-dashboard
	puppet cert clean pe-internal-mcollective-servers
	puppet cert clean pe-internal-peadmin-mcollective-client
	puppet cert clean pe-internal-puppet-console-mcollective-client
	# !!EDIT THIS!! This is the cert name that came from the other server.
	puppet cert clean puppet.domain.ca

	perl -p -i -e 'tr/A-Z/a-z/' /etc/hosts #because our domain is upper case.. d'oh.

	#continuing with step 2.5 from the guide
	puppet cert generate `hostname -f` --dns_alt_names==puppet,`hostname -f`

	#step 6 on walkthrough
	puppet cert generate pe-internal-classifier
	puppet cert generate pe-internal-dashboard
	puppet cert generate pe-internal-mcollective-servers
	puppet cert generate pe-internal-peadmin-mcollective-client
	puppet cert generate pe-internal-puppet-console-mcollective-client

	unalias cp #root aliases it to 'cp -i' forcing interactive mode. lets disable that for this session!
	yes \| cp /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem /etc/puppetlabs/puppet/ssl/crl.pem

	chown -R pe-puppet:pe-puppet /etc/puppetlabs/puppet/ssl

	#Walkthrough Step 3: Clear and Regenerate Certs for PuppetDB
	rm -rf /etc/puppetlabs/puppetdb/ssl/*

	yes \| cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /etc/puppetlabs/puppetdb/ssl/`hostname -f`.cert.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /etc/puppetlabs/puppetdb/ssl/`hostname -f`.public_key.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /etc/puppetlabs/puppetdb/ssl/`hostname -f`.private_key.pem

	chown -R pe-puppetdb:pe-puppetdb /etc/puppetlabs/puppetdb/ssl

	rm -rf /opt/puppet/var/lib/pgsql/9.2/data/certs/*

	yes \| cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/`hostname -f`.cert.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/`hostname -f`.public_key.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /opt/puppet/var/lib/pgsql/9.2/data/certs/`hostname -f`.private_key.pem
	chmod 400 /opt/puppet/var/lib/pgsql/9.2/data/certs/*
	chown pe-postgres:pe-postgres /opt/puppet/var/lib/pgsql/9.2/data/certs/*

	#Walkthrough Step 4: Clear and Regenerate Certs for the PE Console
	rm -rf /opt/puppet/share/puppet-dashboard/certs/*
	rm -rf /opt/puppet/share/console-services/certs/*

	yes \| cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.cert.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.public_key.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-classifier.pem /opt/puppet/share/console-services/certs/pe-internal-classifier.private_key.pem

	yes \| cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /opt/puppet/share/console-services/certs/`hostname -f`.cert.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /opt/puppet/share/console-services/certs/`hostname -f`.public_key.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /opt/puppet/share/console-services/certs/`hostname -f`.private_key.pem

	yes \| cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.cert.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.public_key.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-dashboard.pem /opt/puppet/share/console-services/certs/pe-internal-dashboard.private_key.pem
	chown -R pe-console-services:pe-console-services /opt/puppet/share/console-services/certs

	yes \| cp /etc/puppetlabs/puppet/ssl/certs/`hostname -f`.pem /opt/puppet/share/puppet-dashboard/certs/`hostname -f`.cert.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/public_keys/`hostname -f`.pem /opt/puppet/share/puppet-dashboard/certs/`hostname -f`.public_key.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/private_keys/`hostname -f`.pem /opt/puppet/share/puppet-dashboard/certs/`hostname -f`.private_key.pem

	yes \| cp /etc/puppetlabs/puppet/ssl/certs/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.cert.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/public_keys/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.public_key.pem
	yes \| cp /etc/puppetlabs/puppet/ssl/private_keys/pe-internal-dashboard.pem /opt/puppet/share/puppet-dashboard/certs/pe-internal-dashboard.private_key.pem
	chown -R puppet-dashboard:puppet-dashboard /opt/puppet/share/puppet-dashboard/certs

	# Walkthrough Step 5: Restart PE Services
	puppet resource service pe-puppetserver ensure=running
	puppet resource service pe-postgresql ensure=running
	puppet resource service pe-puppetdb ensure=running
	puppet resource service pe-console-services ensure=running
	puppet resource service pe-httpd ensure=running
	puppet resource service pe-activemq ensure=running
	puppet resource service pe-mcollective ensure=running
	puppet resource service pe-puppet ensure=running