Created
January 8, 2009 20:49
-
-
Save plathrop/44874 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Make sure you set these constants properly! | |
| # | |
| # Set this to true if you are autosigning your certificates | |
| AUTOSIGN = false | |
| # Set this to the commands you need to run to stop your puppetmasterd | |
| PUPPETMASTERD_STOP = [ "killall -9 puppetmasterd" ] | |
| # Set this to the commands you need to start your puppetmasterd | |
| PUPPETMASTERD_START = [ "puppetmasterd" ] | |
| # Set this to the commands you need to stop puppetd on the clients | |
| PUPPETD_STOP = [ "killall -9 puppetd" ] | |
| # Set this to the commands you need to start puppetd on the clients | |
| PUPPETD_START = [ "puppetd" ] | |
| # Set this to the location of your puppet SSL directories | |
| PUPPET_SSL_LOCATION = "/var/lib/puppet/ssl" | |
| default_run_options[:pty] = true | |
| set(:clients) do | |
| Capistrano::CLI.ui.ask "Comma Seperated list of Clients to clean: " | |
| end unless exists?(:clients) | |
| clients.split(",").each do |c| | |
| role :clients, c | |
| end | |
| # State which system the Puppet Master is | |
| set(:master) do | |
| Capistrano::CLI.ui.ask "Puppet Master FQDN:" | |
| end unless exists?(:master) | |
| role :master, master | |
| default_run_options[:pty] = true | |
| task :stop_puppetmasterd, :roles => :master do | |
| run_command(PUPPETMASTERD_STOP) | |
| end | |
| task :start_puppetmasterd, :roles => :master do | |
| run_command(PUPPETMASTERD_START) | |
| end | |
| task :stop_puppetd do | |
| run_command(PUPPETD_STOP) | |
| end | |
| task :start_puppetd do | |
| run_command(PUPPETD_START) | |
| end | |
| task :rm_certs do | |
| sudo("rm -rf #{PUPPET_SSL_LOCATION}") | |
| end | |
| # Oh, what a dirty, dirty thing this is. | |
| # If you are running mongrel, though, your puppetmasterd will never re-generate your certs | |
| # So this is going to do the right thing for you | |
| # Please forgive me. | |
| task :generate_ca_cert, :roles => :master do | |
| sudo("puppetmasterd --daemonize") | |
| logger.info("Waiting 30 seconds for the Puppetmaster to start and generate CA") | |
| sleep 30 | |
| sudo("killall -9 puppetmasterd") | |
| end | |
| task :generate_certs, :roles => :clients do | |
| run(%{ruby -e 'i = rand(60); puts "Sleeping " + i.to_s; sleep i'}) | |
| sudo("sh -c 'puppetd --onetime --debug --ignorecache --no-daemonize --server #{master}; exit 0'") | |
| end | |
| task :sign_all, :roles => :master do | |
| sudo("puppetca --sign --all") if AUTOSIGN != true | |
| end | |
| task :rebuild_certs do | |
| logger.info("Stopping Puppetmasterd") | |
| stop_puppetmasterd | |
| logger.info("Stopping Puppetd") | |
| stop_puppetd | |
| logger.info("Removing Certificates") | |
| rm_certs | |
| logger.info("Regenerating CA Certificates") | |
| generate_ca_cert | |
| logger.info("Starting Puppetmasterd") | |
| start_puppetmasterd | |
| logger.info("Running puppetd to generate certificates") | |
| generate_certs | |
| logger.info("Signing all waiting requests") | |
| sign_all | |
| logger.info("Starting Puppetd") | |
| start_puppetd | |
| logger.info("Certificates regenerated!") | |
| end | |
| def run_command(const) | |
| const.each do |cmd| | |
| sudo(cmd) | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment