Rajul Vora
2013-Apr-18 19:19 UTC
[Puppet Users] How to remove a node from Puppet CA, Puppet DB from a remote host
I need to programmatically remove cert from Puppet master and remove all information in Puppet DB for a node from another machine which is neither Puppet Master or PuppetDB. It does have a Puppet signed cert since it is also provisioned using Puppet. I can''t find any decent documentation on this. I am using the Community Edition. Any pointers / help is appreciated. Rajul -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Kubes
2013-Apr-19 13:14 UTC
[Puppet Users] Re: How to remove a node from Puppet CA, Puppet DB from a remote host
To remove the certificate you can use the REST api http://docs.puppetlabs.com/guides/rest_api.html DELETE /{environment}/certificate_status/{hostname} As for removing the node, I dont have an answer, I have posted the question here prior and have yet to obtain a response. For now I an using ssh and "puppet node clean <nodename>" On Thursday, April 18, 2013 3:19:46 PM UTC-4, Rajul Vora wrote:> > > I need to programmatically remove cert from Puppet master and remove all > information in Puppet DB for a node from another machine which is neither > Puppet Master or PuppetDB. It does have a Puppet signed cert since it is > also provisioned using Puppet. > > I can''t find any decent documentation on this. I am using the Community > Edition. > > Any pointers / help is appreciated. > > Rajul >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Ken Barber
2013-Apr-19 13:40 UTC
Re: [Puppet Users] How to remove a node from Puppet CA, Puppet DB from a remote host
You can deactivate nodes with the instructions here on your Puppet master: http://docs.puppetlabs.com/puppetdb/1.2/maintain_and_tune.html#deactivate-decommissioned-nodes This will deactivate them, which means they should no longer be used during exported resource collection. You can do this from a remote node that is not a puppet master or puppetdb server by making sure it has been setup just like a puppetmaster with respect to Puppetdb integration (see http://docs.puppetlabs.com/puppetdb/1.2/connect_puppet_master.html): * It requires the correct settings in puppet.conf * It requires a populated puppetdb.conf * The local certificates must be signed by the same CA that PuppetDB has registered * The certificate must be in the certificate-whitelist in the PuppetDB, if a whitelist is used. Of course all of this is available via API if you wish to construct your own tooling: http://docs.puppetlabs.com/puppetdb/1.2/api/commands.html To delete nodes permenantly you can use the node-purge-ttl setting documented here: http://docs.puppetlabs.com/puppetdb/1.2/configure.html#node-purge-ttl Which will remove deactivated nodes after a certain amount of time after being deactivated. ken. On Thu, Apr 18, 2013 at 8:19 PM, Rajul Vora <rajulvora@gmail.com> wrote:> > I need to programmatically remove cert from Puppet master and remove all > information in Puppet DB for a node from another machine which is neither > Puppet Master or PuppetDB. It does have a Puppet signed cert since it is > also provisioned using Puppet. > > I can''t find any decent documentation on this. I am using the Community > Edition. > > Any pointers / help is appreciated. > > Rajul > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscribe@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Maybe Matching Threads
- Can I create virtual resources with create_resources function
- The Foreman: Query facts from ENC PuppetDB?
- puppet dashboard inventory
- PuppetDb Query Help/Problems
- Puppet ssl errors " SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed"