hieradata: Migrate primary Puppet server to puppet-04

supertassu · supertassu · commit b3dd49556e67 · 2024-06-13T21:21:56.000+03:00
diff --git a/bin/provision-instance.sh b/bin/provision-instance.sh
@@ -31,7 +31,7 @@ ssh root@"$INSTANCE" "$PUPPET" config --section agent set environment "$ENVIRONM
 ssh root@"$INSTANCE" "$PUPPET" agent -t || true
 
 REAL_CSR_FINGERPRINT=$(ssh root@"$INSTANCE" openssl req -in "$SSL_PATH"/certificate_requests/"$INSTANCE".pem -outform der | sha256sum | awk '{ print $1 }' | sed 's/\(..\)/\1:/g; s/:$//; s/./\U&/g;')
-SERVER_CSR_FINGERPRINT=$(ssh "$PUPPET_SERVER" sudo openssl req -in /etc/puppetlabs/puppet/ssl/ca/requests/"$INSTANCE".pem -outform der | sha256sum | awk '{ print $1 }' | sed 's/\(..\)/\1:/g; s/:$//; s/./\U&/g;')
+SERVER_CSR_FINGERPRINT=$(ssh "$PUPPET_SERVER" sudo openssl req -in /etc/puppet/puppetserver/ca/requests/"$INSTANCE".pem -outform der | sha256sum | awk '{ print $1 }' | sed 's/\(..\)/\1:/g; s/:$//; s/./\U&/g;')
 if [ "$REAL_CSR_FINGERPRINT" != "$SERVER_CSR_FINGERPRINT" ]; then
   echo "CSR fingerprint does not match!"
   exit 1
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
@@ -504,7 +504,7 @@ profile::base::groups:
 
 profile::notifier::version: v4.0.1
 
-profile::puppet::agent::ca_server: puppet-03.ops.jquery.net
+profile::puppet::agent::ca_server: puppet-04.ops.jquery.net
 
 # https://github.com/wp-cli/wp-cli/releases
 profile::wordpress::base::wordpress_cli_version: "2.8.1"
diff --git a/hieradata/environments/production/common.yaml b/hieradata/environments/production/common.yaml
@@ -1,3 +1,3 @@
-profile::puppet::agent::puppet_server: puppet-03.ops.jquery.net
+profile::puppet::agent::puppet_server: puppet-04.ops.jquery.net
 
 profile::certbot::email: infrastructure-team@jquery.com
diff --git a/modules/profile/manifests/puppet/server.pp b/modules/profile/manifests/puppet/server.pp
@@ -277,7 +277,7 @@
     user        => 'root',
     description => 'rsync Puppet CA files from the primary server',
     # TODO: stop hardcoding path once fully on Debian 12
-    command     => "/usr/bin/rsync -avp --delete --chown puppet:puppet -e \"/usr/bin/ssh -i /etc/ssh/local_keys.d/puppet-sync\" ${primary_host}:/etc/puppetlabs/puppetserver/ca/ ${server_config_path}/ca/",
+    command     => "/usr/bin/rsync -avp --delete --chown puppet:puppet -e \"/usr/bin/ssh -i /etc/ssh/local_keys.d/puppet-sync\" ${primary_host}:/etc/puppet/puppetserver/ca/ ${server_config_path}/ca/",
     interval    => ['OnCalendar=*-*-* *:4/5:00'],
   }
 

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`		`-profile::puppet::agent::puppet_server: puppet-03.ops.jquery.net`
	`1`	`+profile::puppet::agent::puppet_server: puppet-04.ops.jquery.net`
`2`	`2`
`3`	`3`	`profile::certbot::email: [email protected]`
Original file line number	Diff line number	Diff line change
`@@ -277,7 +277,7 @@`
`277`	`277`	`user => 'root',`
`278`	`278`	`description => 'rsync Puppet CA files from the primary server',`
`279`	`279`	`# TODO: stop hardcoding path once fully on Debian 12`
`280`		`- command => "/usr/bin/rsync -avp --delete --chown puppet:puppet -e \"/usr/bin/ssh -i /etc/ssh/local_keys.d/puppet-sync\" ${primary_host}:/etc/puppetlabs/puppetserver/ca/ ${server_config_path}/ca/",`
	`280`	`+ command => "/usr/bin/rsync -avp --delete --chown puppet:puppet -e \"/usr/bin/ssh -i /etc/ssh/local_keys.d/puppet-sync\" ${primary_host}:/etc/puppet/puppetserver/ca/ ${server_config_path}/ca/",`
`281`	`281`	`interval => ['OnCalendar=--* *:4/5:00'],`
`282`	`282`	`}`
`283`	`283`