number steps in new-machine proc so we can refer to individual steps

tsa/howto/new-machine.mdwn

@@ -41,14 +41,14 @@ Post-install configuration
 
 All commands to be run as root unless otherwise noted.
 
-* set a hostname - pick an unused one from the [[doc/naming-scheme]]
+ 1. set a hostname - pick an unused one from the [[doc/naming-scheme]]
 
-* allocate and document the machine in the [Nextcloud spreadsheet](https://nc.torproject.net/apps/onlyoffice/5395), and the
-  [services page](https://trac.torproject.org/projects/tor/wiki/org/operations/services), if it's a new service
+ 2. allocate and document the machine in the [Nextcloud
+   spreadsheet](https://nc.torproject.net/apps/onlyoffice/5395), and the [services page](https://trac.torproject.org/projects/tor/wiki/org/operations/services), if it's a new service
 
-* set new root password, and document it
+ 3. set new root password, and document it
 
-* swap and tmp
+ 3. swap and tmp
 
         grep -q tmpfs /etc/fstab || echo 'tmpfs /tmp tmpfs defaults 0 0' >> /etc/fstab
 
@@ -59,85 +59,85 @@ All commands to be run as root unless otherwise noted.
         echo '/swapfile none swap sw 0 0' >> /etc/fstab && \
         swapon -a
 
-* sanitize DNS configuration:
+ 4. sanitize DNS configuration:
 
         # grep torproject.org /etc/resolv.conf || echo 'domain torproject.org' >>  /etc/resolv.conf
         grep torproject.org /etc/resolv.conf || ( echo 'domain torproject.org'; echo 'nameserver 8.8.8.8' ) > /etc/resolv.conf
         vi /etc/hosts # make sure the local host is there with both FQDN and just hostname
 
-* add to ldap on `alberti` using:
+ 5. add to ldap on `alberti` using:
 
         ldapvi -ZZ --encoding=ASCII --ldap-conf -h db.torproject.org -D "uid=$USER,ou=users,dc=torproject,dc=org"
 
-  To generate the LDAP block, you can use the
-  `tor-install-generate-ldap` script in `tsa-misc`. Make sure you
-  review all fields, in particular `location` (`l`), `physicalHost`,
-  `description` and `purpose` which do not have good defaults.
+    To generate the LDAP block, you can use the
+    `tor-install-generate-ldap` script in `tsa-misc`. Make sure you
+    review all fields, in particular `location` (`l`), `physicalHost`,
+    `description` and `purpose` which do not have good defaults.
 
-  See the [[upgrades]] section for information about the
-  `rebootPolicy` field.
+    See the [[upgrades]] section for information about the
+    `rebootPolicy` field.
 
-  See also the [ldapvi manual](http://www.lichteblau.com/ldapvi/manual/) for more
-  information.
+    See also the [ldapvi manual](http://www.lichteblau.com/ldapvi/manual/) for more information.
 
-* then:
-  * on alberti:
+ 6. generate host snippets for the new node, on alberti:
 
         sudo -u sshdist ud-generate && sudo -H ud-replicate && sudo puppet agent -t
 
-  * on nevii (optional):
+ 7. generate DNS entries, on nevii:
 
         sudo -H ud-replicate
 
-* set up puppet:
-  * on the Puppetmaster (currently `pauli`), run the
-    `tpa-puppet-sign-client` script, which will stop to prompt you for
-    a checksum. it is generated in the next step
+ 8. bootstrap puppet:
 
-  * on the new machine run the `installer/puppet-bootstrap-client`
-    from the `tsa-misc` git repo cloned earlier. copy-paste the
-    generated checksum literally (including the filename) into the
-    script waiting on the Puppetmaster above.
+    * on the Puppetmaster (currently `pauli`), run the
+      `tpa-puppet-sign-client` script, which will stop to prompt you
+      for a checksum. it is generated in the next step
 
-  * Note that those scripts are new and haven't been thoroughly
+    * on the new machine run the `installer/puppet-bootstrap-client`
+      from the `tsa-misc` git repo cloned earlier. copy-paste the
+      generated checksum literally (including the filename) into the
+      script waiting on the Puppetmaster above.
+
+    Note that those scripts are new and haven't been thoroughly
     tested, see [ticket #32914](https://trac.torproject.org/projects/tor/ticket/32914) for details
 
-* do more puppet runs, and run a ud-replicate to get ldap users, then
-  more puppet runs since we now have more users:
+ 9. do more puppet runs, and run a ud-replicate to get ldap users,
+    then more puppet runs since we now have more users:
 
         puppet agent -t
         ud-replicate
         puppet agent -t
         puppet agent -t
 
-* follow security upgrades:
+ 10. perform security upgrades:
 
         apt update && apt dist-upgrade && apt clean
 
-* get rid of unneeded network services (only needed if we did not install this
-  from a minbase but from somebody else's install/image):
+ 11. get rid of unneeded network services (only needed if we did not
+     install this from a minbase but from somebody else's
+     install/image):
 
         dpkg --purge portmap nfs-common exim4 exim4-base exim4-config exim4-daemon-light
         userdel -r Debian-exim
 
-  TODO: remove the above once we figure out it's obsolete. It's not
-  necessary with the folowing procedures:
+     TODO: remove the above once we figure out it's obsolete. It's not
+     necessary with the folowing procedures:
 
-    * [[new-machine-hetzner-robot]]
+     * [[new-machine-hetzner-robot]]
 
-* fix `/etc/aliases` (TODO: #32283):
+ 12. fix `/etc/aliases` (TODO: #32283):
 
         ( ! grep '^root:' /etc/aliases && echo 'root: torproject-admin@torproject.org' >> /etc/aliases ) &&
         sed -i -e 's/^root:.*/root: torproject-admin@torproject.org/' /etc/aliases && newaliases
 
-* reboot to make sure *that* still works:
+ 13. reboot to make sure *that* still works:
 
         reboot
 
-* add to [[nagios]], in `tor-nagios/config/nagios-master.cfg`
+ 14. add to [[nagios]], in `tor-nagios/config/nagios-master.cfg`
 
-* if the machine is handling mail, add it to [dnswl.org](https://www.dnswl.org/) (password
-  in tor-passwords, `hosts-extra-info`)
+ 15. if the machine is handling mail, add it to [dnswl.org](https://www.dnswl.org/)
+     (password in tor-passwords, `hosts-extra-info`)
 
 # Reference