From 125cec6e8686cd8f72e5ebf6904c8808b0c7533d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
Date: Tue, 12 May 2020 17:01:11 -0400
Subject: [PATCH] we need to run puppet on all ganeti nodes

Otherwise ipsec doesn't get up and verify fails.
---
 tsa/howto/ganeti.mdwn | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/tsa/howto/ganeti.mdwn b/tsa/howto/ganeti.mdwn
index e5c5d726..64238d93 100644
--- a/tsa/howto/ganeti.mdwn
+++ b/tsa/howto/ganeti.mdwn
@@ -845,14 +845,18 @@ catastrophic data loss bug in Ganeti or [[drbd]].
 
         rm /etc/no_modules_disabled
 
- 10. reboot again:
+ 10. run puppet across the ganeti cluster to ensure ipsec tunnels are
+     up:
+
+        cumin -p 0 'C:roles::ganeti::fsn' 'puppet agent -t'
+
+ 11. reboot again:
  
         reboot
 
- 11. Then the node is ready to be added to the cluster, by running
+ 12. Then the node is ready to be added to the cluster, by running
      this on the master node:
 
-        puppet agent -t
         gnt-node add \
           --secondary-ip 172.30.135.2 \
           --no-ssh-key-check \
-- 
GitLab