README.md

@@ -34,11 +34,11 @@ If the CA certificate is stored in any keystores, those will also need to be upd
 The functionality of this module is composed into two Plans:
 
 *  `ca_extend::extend_ca_cert`
-    * Extend the CA certificate and configure the Master and any Compilers to use that extended certificate.
+    * Extend the CA certificate and configure the primary Puppet server and any Compilers to use that extended certificate.
 *  `ca_extend::upload_ca_cert`
     * Distribute the CA certificate to agents using any transport supported by Puppet Bolt, such as `ssh`, `winrm`, or `pcp`.
 
-Regardless of whether the CA certificate is expired, the `extend_ca_cert` plan may be used to extend its expiration date in-place and configure the Master and any Compilers to use it.
+Regardless of whether the CA certificate is expired, the `extend_ca_cert` plan may be used to extend its expiration date in-place and configure the primary Puppet server and any Compilers to use it.
 
 After the CA certificate has been extended, there are two methods for distributing it to agents.
 
@@ -51,23 +51,27 @@ There are also two complementary tasks to check the expiration date of the CA ce
     * Checks if the CA certificate expires by a certain date. Defaults to three months from today.
 * `ca_extend::check_agent_expiry`
     * Checks if any agent certificate expires by a certain date. Defaults to three months from today.
-    
+
 ** If the CA certificate is expiring or expired, you must extend it as soon as possible. **
 
 ## Setup
 
-This module requires [Puppet Bolt](https://puppet.com/docs/bolt/latest/bolt_installing.html) >= 1.21.0 on either on the Master or an agent.
-
-The recommended procedure for installation this module is to use a [Bolt Puppetfile](https://puppet.com/docs/bolt/latest/installing_tasks_from_the_forge.html#task-8928).
-From within a [Boltdir](https://puppet.com/docs/bolt/latest/bolt_project_directories.html#embedded-project-directory), specify this module and `puppetlabs-stdlib` as dependencies and run `bolt puppetfile install`.
+This module requires [Puppet Bolt](https://puppet.com/docs/bolt/latest/bolt_installing.html) >= 1.2.0 on either on the primary Puppet server or a workstation with connectivity to the primary.
 
-For example, to install Bolt and the required modules on a Master running EL 7:
+The installation procedure will differ depending on the version of Bolt.  If possible, using Bolt >= 3.0.0 is recommended.  For example, this will install the latest Bolt version on EL 7.
 
 ```bash
 sudo rpm -Uvh https://yum.puppet.com/puppet-tools-release-el-7.noarch.rpm
 sudo yum install puppet-bolt
 ```
 
+The following two sections show how to install the module dependencies depending on the installed version of Bolt.
+
+### Bolt >= 1.2.0 < 3.0.0
+
+The recommended procedure for these versions is to use a [Bolt Puppetfile](https://puppet.com/docs/bolt/latest/installing_tasks_from_the_forge.html#task-8928).
+From within a [Boltdir](https://puppet.com/docs/bolt/latest/bolt_project_directories.html#embedded-project-directory), specify this module and `puppetlabs-stdlib` as dependencies and run `bolt puppetfile install`.  For example:
+
 ```bash
 mkdir -p ~/Boltdir
 cd !$
@@ -81,14 +85,56 @@ EOF
 bolt puppetfile install
 ```
 
-See the "Usage" section for how to run the tasks and plans remotely or locally on the master.
+### Bolt >= 3.0.0
+
+The recommended procedure for these versions is to use a Bolt Project.  When creating a [Bolt project](https://puppet.com/docs/bolt/latest/bolt_project_directories.html#embedded-project-directory), specify this module and `puppetlabs-stdlib` as dependencies and initialize the project.  For example:
+
+```bash
+sudo rpm -Uvh https://yum.puppet.com/puppet-tools-release-el-7.noarch.rpm
+sudo yum install puppet-bolt
+```
+
+If your primary Puppet server or workstation has internet access, the project can be initialized with the needed dependencies with the following:
+```bash
+mkdir ca_extend
+cd !$
+
+bolt project init expiry --modules puppetlabs-stdlib,puppetlabs-ca_extend
+```
+
+Otherwise, if your primary Puppet server or workstation operates behind a proxy, initialize the project without the `--modules` option
+```bash
+mkdir ca_extend
+cd !$
+
+bolt project init expiry
+```
+
+Then edit your `bolt-project.yaml` to use the proxy according to the [documentation](https://puppet.com/docs/bolt/latest/bolt_installing_modules.html#install-modules-using-a-proxy).  Next, add the module dependencies to `bolt-project.yaml`:
+
+```
+---
+name: expiry
+modules:
+  - name: puppetlabs-stdlib
+  - name: puppetlabs-ca_extend
+
+```
+
+Finally, install the modules.
+
+```bash
+bolt module install
+```
+
+See the "Usage" section for how to run the tasks and plans remotely or locally on the primary Puppet server.
 
 ### Dependencies
 
 *  A [Puppet Bolt](https://puppet.com/docs/bolt/latest/bolt_installing.html) >= 1.21.0
 *  [puppetlabs-stdlib](https://puppet.com/docs/bolt/latest/bolt_installing.html)
-*  A `base64` binary on the Master which supports the `-w` flag
-*  `bash` >= 4.0 on the master
+*  A `base64` binary on the primary Puppet server which supports the `-w` flag
+*  `bash` >= 4.0 on the primary Puppet server
 
 ### Configuration
 
@@ -112,13 +158,13 @@ Note that you cannot use the Bolt `pcp` transport if your CA certificate has alr
 
 ### Usage
 
-First, check the expiration of the Puppet agent certificate by running the following command as root on the Master:
+First, check the expiration of the Puppet agent certificate by running the following command as root on the primary Puppet server:
 
 ```
 /opt/puppetlabs/puppet/bin/openssl x509 -in "$(/opt/puppetlabs/bin/puppet config print hostcert)" -enddate -noout
 ```
 
-If, and only if, the `notAfter` date printed has already passed, then the Master certificate has expired and must be cleaned up before the CA can be regenerated:
+If, and only if, the `notAfter` date printed has already passed, then the primary Puppet server certificate has expired and must be cleaned up before the CA can be regenerated:
 
 ```bash
 mkdir -p -m 0700 /var/puppetlabs/backups
@@ -133,14 +179,12 @@ Once the expiration has been checked, the CA can be regenerated.
 bolt plan run ca_extend::extend_ca_cert --targets <master_fqdn> compile_masters=<comma_separated_compile_master_fqdns> --run-as root
 ```
 
-Note that if you are running `extend_ca_cert` locally on the Master, you can avoid potential Bolt transport issues by specifying `--targets local://$(hostname -f)`, e.g.
+Note that if you are running `extend_ca_cert` locally on the primary Puppet server, you can avoid potential Bolt transport issues by specifying `--targets local://$(hostname -f)`, e.g.
 
 ```
 bolt plan run ca_extend::extend_ca_cert --targets local://$(hostname -f) --run-as root
 ```
 
-(The `master` and (optional) `compile_masters` parameters are Bolt targets, not certificate data.)
-
 ```bash
 bolt plan run ca_extend::upload_ca_cert cert=<path_to_cert> --targets <TargetSpec>
 ```

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-ca_extend",
-  "version": "1.2.1",
+  "version": "1.3.0",
   "author": "Adrian Parreiras Horta",
   "summary": "A set of Bolt Plans and Tasks to extend the CA cert in Puppet Enterprise",
   "license": "GPL-2.0-only",