Non-puppet nodes:
- Update rolemap.yaml to the new domain names
- On each host edit /etc/hosts and change the domain
- Run puppet agent twice on each host
- Drop the old hostnames from puppet db: `puppet node deactivate <node>`
- Drop old certs (if the previous step doesn't take care of that): `puppet cert clean <node>`

Renaming puppetdb server:
- Do the above
- Restart these services on the puppetdb server in some order (maybe even this one?):
  - postgresql
  - puppetdb
  - uwsgi-puppetdb-microservice
  - nginx
- Restart apache2 on puppetmaster.

Renaming puppetmaster:
- Update rolemap.yaml
- Edit /etc/hosts and set new domain
- Run puppet agent. It will fail reloading apache2
- cp /var/lib/puppet/server/ssl/ca/signed/<new fqdn>.pem /var/lib/puppet/server/ssl/certs/
- cp /var/lib/puppet/ssl/private_keys/<new fqdn>.pem /var/lib/puppet/server/ssl/private_keys/
- restart apache2