# HG changeset patch
# User Tero Marttila <terom@fixme.fi>
# Date 1327922118 -7200
# Node ID 65301be8195913bbde195193fa1e55ea9bd0c197
# Parent  b120db777a601b184a2f9209a63ecd9977314d60
puppet: preinstall ca+host ssl certs

diff -r b120db777a60 -r 65301be81959 pkvlm-create
--- a/pkvlm-create	Mon Jan 30 13:14:46 2012 +0200
+++ b/pkvlm-create	Mon Jan 30 13:15:18 2012 +0200
@@ -136,7 +136,7 @@
 define_opt  guest_disk  /dev/vda
 define_opt  hostname    $opt_name
 define_opt  bridge      br-lan
-define_opt  dns_domain  paivola.fi
+define_opt  domain      paivola.fi
 define_opt  ip          
 define_opt  puppet      
 define_opt  puppet_master   puppet
@@ -155,13 +155,18 @@
 
 # resolve defaults
 if [ -z $opt_ip ]; then
-    define_opt  ip          $(resolve_name ${opt_name}.${opt_dns_domain})
+    define_opt  ip          $(resolve_name ${opt_name}.${opt_domain})
 fi
 
 ### Virtual machine config
+## General
+NAME=$opt_name
+DOMAIN=$opt_domain
+FQDN=${NAME}.${DOMAIN}
+
 ## libvirt guest info
 # Name
-GUEST_NAME=$opt_name
+GUEST_NAME=$NAME
 
 # Basic params
 GUEST_RAM=$opt_ram
@@ -198,8 +203,8 @@
 
 ## Network
 # Network configuration, for /etc/network/interfaces
-NET_DOMAIN=paivola.fi
-NET_HOSTNAME=$opt_hostname
+NET_DOMAIN=${DOMAIN}
+NET_HOSTNAME=${NAME}
 NET_BRIDGE=$opt_bridge
 NET_IPADDR=$opt_ip
 NET_NETMASK=255.255.255.0
@@ -246,41 +251,151 @@
 USER_SHADOW=$(user_shadow $USER)
 USER_GROUPS=( cdrom sudo adm )
 
-## Misc
-PACKAGE_INCLUDES=( sudo screen vim )
+### Installer setup
+## Installation image
+# Original Debian Installer image (iso)
+INSTALLER_NAME="debian-6.0.3-amd64"
+INSTALLER_ISO="iso-in/${INSTALLER_NAME}-netinst.iso"
+INSTALLER_TREE="iso-in/$INSTALLER_NAME"
+INSTALLER_FLAG="${INSTALLER_TREE}.unpacked"
+
+# Customized preseed image name
+INSTALL_NAME="debian-6.0.3-amd64_${GUEST_NAME}"
+
+# Customized image content
+INSTALL_TREE="images/${INSTALL_NAME}"
+INSTALL_ISO="iso-out/${INSTALL_NAME}.iso"
+
+
+### Preseed setup
+## preseed.cfg templating
+PRESEED_SOURCE_DIR="preseed"
+
+# Preseed output file in install tree
+PRESEED_NAME="preseed.cfg"
+
+# Mount path of preseed target in installer
+PRESEED_MOUNT="/cdrom"
+
+# Prefix for target files in install tree
+# XXX: not implemented
+#PRESEED_TARGET_PREFIX=""
+
+# Main preseed source template
+PRESEED_TEMPLATE="${PRESEED_SOURCE_DIR}/${PRESEED_NAME}"
+
+# Target path for preseed in install tree
+PRESEED_FILE="${INSTALL_TREE}/${PRESEED_NAME}"
+
+# Checksum of target preseed.cfg
+PRESEED_CHECKSUM= # set later
+
+
+## preseed.cfg contents
+# List of additional packages to install
+PRESEED_PACKAGES=( sudo screen vim )
+
+# Script commands to execute
 PRESEED_LATE_COMMANDS=( )
 PRESEED_LATE_COMMANDS_END=( )
+
+# Chainload preseed files
 PRESEED_INCLUDES=( 'passwords.cfg' 'host.cfg' )
 
+# Add packages to preseed install
+function preseed_packages () {
+    PRESEED_PACKAGES=( ${PRESEED_PACKAGES[@]} "$@" )
+}
+
+# Add command to execute
 function preseed_late_commands () {
     PRESEED_LATE_COMMANDS=( "${PRESEED_LATE_COMMANDS[@]:-}" "$@" )
 }
 
+# Add command to execute at end
 # XXX: ordering?
 function preseed_late_commands_end () {
     PRESEED_LATE_COMMANDS_END=( "${PRESEED_LATE_COMMANDS_END[@]:-}" "$@" )
 }
 
 
+## preseed-files
+# template source
+CONF_FILES_SOURCE='preseed/files'
+
+# template output into install tree
+CONF_FILES_TARGET_NAME='preseed-files'
+CONF_FILES_TARGET="${INSTALL_TREE}/${CONF_FILES_TARGET_NAME}"
+
+# paths within installer runtime
+CONF_FILES_CP_SRC="${PRESEED_MOUNT}/${CONF_FILES_TARGET_NAME}"
+CONF_FILES_CP_DST='/target'
+
+# Add a file to install in preseed, without templating
+# preseed_file <src> <dst>/
+#   if dst is a dir, it must end in /
+function preseed_file () {
+    local src=$1
+    local dst=$2
+    local dir=$(dirname $dst)
+    local tgt=${CONF_FILES_TARGET}
+
+    local tgt_dir="$tgt/$dir"
+
+    if [ ! -d "$tgt_dir" ]; then
+        cmd mkdir -p "$tgt_dir"
+    fi
+
+    cmd cp "$src" "$tgt/$dst"
+}
+
 ### Extra
 ## Puppet
+PUPPET=
+
 if [ $opt_puppet ]; then
     log_info "Puppetizing preseed"
+    PUPPET=yes
 
-    PUPPET_PACKAGES=( puppet )
-    PUPPET_COMMANDS=( \
-#        "in-target sed -i 's/START=no/START=yes/' /etc/default/puppet"  \
-#        "echo '[agent]\nserver = ${opt_puppet_master}\n' >> /etc/puppet/puppet.conf" \
-    )
+    # install package
+    preseed_packages puppet
 
-    # XXX: we use files in preseed/files/..., should modularize those
-
+    ## Vars for preseed-files
+    # hostname for puppetmaster (server)
     PUPPET_MASTER="${opt_puppet_master}"
 
-    PACKAGE_INCLUDES=( ${PACKAGE_INCLUDES[@]} ${PUPPET_PACKAGES[@]} )
+    # path ssl data (ssldir)
+    PUPPET_SSLDIR=/etc/puppet/ssl
+fi
 
-    [ "${PUPPET_COMMANDS[@]:-}" ] && preseed_late_commands "${PUPPET_COMMANDS[@]}"
-fi
+# Invoked during image-customizing process
+function puppet_config () {
+    ## Preseed ssl certs?
+    PUPPET_SOURCE_SSLDIR="${PRESEED_SOURCE_DIR}/puppet/ssl"
+
+    # copy file to preseed if exists
+    function puppet_preseed_ssl_file () {
+        local name=$1
+
+        local src=${PUPPET_SOURCE_SSLDIR}/$name
+        local dst=${PUPPET_SSLDIR}/$name
+
+        if [ -f $src ]; then
+            log_info "puppet: preseed ssl data: $name"
+
+            cmd preseed_file $src $dst
+        else
+            log_debug "puppet: skip ssl preseed: $name"
+        fi
+    }
+
+    # ca.pem
+    puppet_preseed_ssl_file certs/ca.pem
+
+    # guest cert/pkey
+    puppet_preseed_ssl_file certs/${FQDN}.pem
+    puppet_preseed_ssl_file private_keys/${FQDN}.pem
+}
 
 ## Configure GRUB, via preseed/files: /etc/default/grub 
 # Kernel commandline/grub terminal
@@ -304,57 +419,11 @@
 BOOT_KERNEL_ARGS_DEFAULT="quiet"
 BOOT_KERNEL_ARGS="${BOOT_KERNEL_CONSOLE}"
 
-
-### Installer setup
-## Installation image
-# Original Debian Installer image (iso)
-INSTALLER_NAME="debian-6.0.3-amd64"
-INSTALLER_ISO="iso-in/${INSTALLER_NAME}-netinst.iso"
-INSTALLER_TREE="iso-in/$INSTALLER_NAME"
-INSTALLER_FLAG="${INSTALLER_TREE}.unpacked"
-
-# Customized preseed image name
-INSTALL_NAME="debian-6.0.3-amd64_${GUEST_NAME}"
-
-# Customized image content
-INSTALL_TREE="images/${INSTALL_NAME}"
-INSTALL_ISO="iso-out/${INSTALL_NAME}.iso"
-
+### Postprocess preseed
 ## Preseed files
-# Preseed output file in install tree
-PRESEED_NAME="preseed.cfg"
-
-# Directory containing our source templates
-PRESEED_SOURCE_DIR="preseed"
+## Preseed / config files
 
-# Mount path of preseed target in installer
-PRESEED_MOUNT="/cdrom"
-
-# Prefix for target files in install tree
-# XXX: not implemented
-#PRESEED_TARGET_PREFIX=""
-
-# Main preseed source template
-PRESEED_TEMPLATE="${PRESEED_SOURCE_DIR}/${PRESEED_NAME}"
-
-# Target path for preseed in install tree
-PRESEED_FILE="${INSTALL_TREE}/${PRESEED_NAME}"
 
-# Checksum of target preseed.cfg
-PRESEED_CHECKSUM= # set later
-
-## Configs
-
-# template source
-CONF_FILES_SOURCE='preseed/files'
-
-# template output into install tree
-CONF_FILES_TARGET_NAME='preseed-files'
-CONF_FILES_TARGET="${INSTALL_TREE}/${CONF_FILES_TARGET_NAME}"
-
-# paths within installer runtime
-CONF_FILES_CP_SRC="${PRESEED_MOUNT}/${CONF_FILES_TARGET_NAME}"
-CONF_FILES_CP_DST='/target'
 
 # copy at end of install
 preseed_late_commands "cp -rd -- ${CONF_FILES_CP_SRC}/* ${CONF_FILES_CP_DST}"
@@ -487,6 +556,9 @@
     die "Installer not found: ${INSTALLER_ISO}"
 fi
 
+
+
+
 ### Prepare install
 ## Extract .iso
 if [ -f ${INSTALLER_FLAG} ]; then
@@ -498,23 +570,26 @@
     cmd touch ${INSTALLER_FLAG}
 fi
 
-# Copy to customized tree
+## Copy to customized tree
 [ -d ${INSTALL_TREE} ] && cmd rm -r ${INSTALL_TREE}
 cmd cp -rd ${INSTALLER_TREE} ${INSTALL_TREE}
 cmd chmod -R u=rwX,og=rX ${INSTALL_TREE}
 
 log_info "Installer extracted: $INSTALL_TREE"
 
-## Customize preseed
+
+
+### Customize preseed
+## preseed.cfg
 cmd expand_template ${PRESEED_TEMPLATE} ${PRESEED_FILE}
 
 # md5sum
 PRESEED_CHECKSUM=$(my_md5sum $PRESEED_FILE)
 
-# Isolinux .cfg
+## Isolinux
 cmd expand_template ${PRESEED_ISOLINUX} ${INSTALL_TREE}/isolinux/isolinux.cfg
 
-# Others
+## Includes
 for file in ${PRESEED_INCLUDE_FILES[@]}; do
     name=$(basename $file)
 
@@ -523,11 +598,19 @@
 
 log_info "Preseed generated: $PRESEED_FILE"
 
-# Files
+## Config preseed-files
 log_info "Copy preseed-files"...
 cmd expand_tree ${CONF_FILES_SOURCE} ${CONF_FILES_TARGET}
 
-## Create .iso
+## Modules
+# Puppet
+[ $PUPPET ] && puppet_config
+
+
+
+
+
+### Create .iso
 [ -f ${INSTALL_ISO} ] && cmd rm -f ${INSTALL_ISO}
 
 # generates a lot of output
@@ -535,6 +618,11 @@
 
 log_info "Install ISO generated: $INSTALL_ISO"
 
+
+
+
+
+
 ### Create virtual machine
 if [ $DO_VIRTINSTALL ]; then
     ## Check
diff -r b120db777a60 -r 65301be81959 preseed/files/etc/puppet/puppet.conf
--- a/preseed/files/etc/puppet/puppet.conf	Mon Jan 30 13:14:46 2012 +0200
+++ b/preseed/files/etc/puppet/puppet.conf	Mon Jan 30 13:15:18 2012 +0200
@@ -1,7 +1,7 @@
 [main]
 logdir=/var/log/puppet
 vardir=/var/lib/puppet
-ssldir=/var/lib/puppet/ssl
+ssldir={PUPPET_SSLDIR}
 rundir=/var/run/puppet
 factpath=$vardir/lib/facter
 templatedir=$confdir/templates
diff -r b120db777a60 -r 65301be81959 preseed/preseed.cfg
--- a/preseed/preseed.cfg	Mon Jan 30 13:14:46 2012 +0200
+++ b/preseed/preseed.cfg	Mon Jan 30 13:15:18 2012 +0200
@@ -319,7 +319,7 @@
 
 # Individual additional packages to install
 d-i pkgsel/include              string \
-    {PACKAGE_INCLUDES[*]}
+    {PRESEED_PACKAGES[*]}
 
 
 # Whether to upgrade packages after debootstrap.