Update launch script and instructions

* launch/README: Correct outdated references to salt and puppet
certs. Modernize the recommended image name.

* launch/launch-node.py: When run as root, keep the puppet group on
private keys so that they're readable by puppet group members. That
way it won't break subsequent runs as non-root following the current
instructions in the README file. Modernize the default image name.

Change-Id: Ic5034121d4d0df3c096c2e474a9d3d41ec361021

launch/README

@@ -26,23 +26,23 @@ To launch a node in the OpenStack Jenkins account (slave nodes)::
   . ~root/ci-launch/openstackjenkins-rs-nova.sh
   export FQDN=slavename.slave.openstack.org
   nova image-list
-  export IMAGE='Ubuntu 12.04 LTS (Precise Pangolin)'
+  export IMAGE='Ubuntu 12.04 LTS (Precise Pangolin) (PVHVM)'
   nova flavor-list
   export FLAVOR="8 GB Performance"
   sudo puppet cert generate $FQDN
-  ./launch-node.py $FQDN --image "$IMAGE" --flavor "$FLAVOR" --salt
+  ./launch-node.py $FQDN --image "$IMAGE" --flavor "$FLAVOR"
 
-The --salt option tells the script to automatically configure and enroll
+There is also a --salt option which can be used to tell the script to
-the server as a minion on the salt master.
+automatically configure and enroll the server as a minion on the salt
+master.
 
 If you are launching a replacement server, you may skip the generate
 step and specify the name of an existing puppet cert (as long as the
 private key is on this host).
 
 The server name and cert names may be different and the latter can be
-specified with --cert if needed (older Jenkins slave types still use
+specified with --cert if needed, but launch-node.py will assume they
-shared certs), but launch-node.py will assume they are the same unless
+are the same unless specified.
-specified.
 
 Manually add the hostname to DNS (the launch script does not do so
 automatically). Note that this example assumes you've already

launch/launch-node.py

@@ -101,6 +101,7 @@ def bootstrap_server(server, admin_pass, key, cert, environment, name,
     ssh_client.ssh("mkdir -p /var/lib/puppet/ssl/private_keys")
     ssh_client.ssh("mkdir -p /var/lib/puppet/ssl/public_keys")
     ssh_client.ssh("chown -R puppet:root /var/lib/puppet/ssl")
+    ssh_client.ssh("chown -R puppet:puppet /var/lib/puppet/ssl/private_keys")
     ssh_client.ssh("chmod 0771 /var/lib/puppet/ssl")
     ssh_client.ssh("chmod 0755 /var/lib/puppet/ssl/certs")
     ssh_client.ssh("chmod 0750 /var/lib/puppet/ssl/private_keys")
@@ -188,7 +189,7 @@ def main():
     parser.add_argument("--flavor", dest="flavor", default='1GB',
                         help="name (or substring) of flavor")
     parser.add_argument("--image", dest="image",
-                        default="Ubuntu 12.04 LTS (Precise Pangolin)",
+                        default="Ubuntu 12.04 LTS (Precise Pangolin) (PVHVM)",
                         help="image name")
     parser.add_argument("--environment", dest="environment",
                         default="production",