Puppet users - Apr 2013 - How to remove a node from Puppet CA, Puppet DB from a remote host

I need to programmatically remove cert from Puppet master and remove all 
information in Puppet DB for a node from another machine which is neither 
Puppet Master or PuppetDB. It does have a Puppet signed cert since it is 
also provisioned using Puppet.

I can''t find any decent documentation on this. I am using the Community
Edition.

Any pointers / help is appreciated.

Rajul

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

To remove the certificate you can use the REST api
http://docs.puppetlabs.com/guides/rest_api.html
DELETE /{environment}/certificate_status/{hostname}

As for removing the node, I dont have an answer, I have posted the question 
here prior and have yet to obtain a response.  For now I an using ssh and 
"puppet node clean <nodename>"




On Thursday, April 18, 2013 3:19:46 PM UTC-4, Rajul Vora
wrote:
>
>
> I need to programmatically remove cert from Puppet master and remove all 
> information in Puppet DB for a node from another machine which is neither 
> Puppet Master or PuppetDB. It does have a Puppet signed cert since it is 
> also provisioned using Puppet.
>
> I can''t find any decent documentation on this. I am using the
Community
> Edition.
>
> Any pointers / help is appreciated.
>
> Rajul
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

You can deactivate nodes with the instructions here on your Puppet master:

http://docs.puppetlabs.com/puppetdb/1.2/maintain_and_tune.html#deactivate-decommissioned-nodes

This will deactivate them, which means they should no longer be used
during exported resource collection. You can do this from a remote
node that is not a puppet master or puppetdb server by making sure it
has been setup just like a puppetmaster with respect to Puppetdb
integration (see
http://docs.puppetlabs.com/puppetdb/1.2/connect_puppet_master.html):

* It requires the correct settings in puppet.conf
* It requires a populated puppetdb.conf
* The local certificates must be signed by the same CA that PuppetDB
has registered
* The certificate must be in the certificate-whitelist in the
PuppetDB, if a whitelist is used.

Of course all of this is available via API if you wish to construct
your own tooling:

http://docs.puppetlabs.com/puppetdb/1.2/api/commands.html

To delete nodes permenantly you can use the node-purge-ttl setting
documented here:

http://docs.puppetlabs.com/puppetdb/1.2/configure.html#node-purge-ttl

Which will remove deactivated nodes after a certain amount of time
after being deactivated.

ken.

On Thu, Apr 18, 2013 at 8:19 PM, Rajul Vora <rajulvora@gmail.com>
wrote:
>
> I need to programmatically remove cert from Puppet master and remove all
> information in Puppet DB for a node from another machine which is neither
> Puppet Master or PuppetDB. It does have a Puppet signed cert since it is
> also provisioned using Puppet.
>
> I can''t find any decent documentation on this. I am using the
Community
> Edition.
>
> Any pointers / help is appreciated.
>
> Rajul
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscribe@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.