Delete a node from puppet and puppetdb
When removing a node from Puppet you also want to get rid of the data in the PuppetDB. If you miss this exported resources from this node can still be collected or data can be retrieved via a PuppetDB query. Additional you don't want that a node connects with the signed certificate of the deleted node.
1. disable the node on the puppetmaster
Before you do this step stop and disable the puppet agent on the node (if the node is not already shut off because you're deleting it).
You can disable the node via
sudo puppet node deactivate $certname on the puppetmaster. This will prevent exported resources of this node from being collected.
2. revoke the the client certificate on the puppetmaster
You should also revoke the certificate
sudo puppetserver ca clean --certname $certname. Don't forget to restart the Puppetserver process after revoking the certificate.
3. delete the data of the node from your database
Information from the reports can still be retrieved even though the node is deactivated. You need to delete this data manually. Please use your brain before continuing. You're deleting Data from the PuppetDB. If your statement includes accidentally other nodes or you match everything you may run into trouble. Test it with
SELECT statements before executing the
DELETEs. Assuming you're using
PostgreSQL as PuppetDB storage you can perform the following delete statements:
puppetdb=# DELETE FROM catalog_resources WHERE certname_id = (SELECT id FROM certnames where certname = '$certname'); puppetdb=# DELETE FROM catalog_resources WHERE title LIKE '%$certname%'; puppetdb=# DELETE FROM resource_params WHERE value LIKE '%$certname%'; puppetdb=# DELETE FROM factsets WHERE certname LIKE '%$certname%';