You can use a task to clean or purge nodes by installing a module. Using a task is easier and takes less time than completing the manual steps. You can run the tasks from the command line directly, from the console, or using Bolt.
Version and installation information
PE version: All supported versions
OS: RedHat, CentOS, OracleLinux, Scientific, SLES, Ubuntu
Installation type: All supported installations
Note: If you’re using a version of the puppetlabs-support_tasks module older than 1.1.1, please update it. We renumbered all of the tasks in that version.
Solution
To run the task, download and install the puppetlabs-support_tasks module which includes the tasks for this solution.
Prerequisites
To run tasks, orchestration services must be configured. If they’re not configured, follow these steps.
-
Set RBAC permissions for an orchestrator user to view nodes and run tasks.
-
Use those credentials to set up token authentication for the orchestrator user.
Run tasks on the command line
To clean the cert:
-
On the primary server, run:
puppet task run support_tasks::st0317a_clean_cert agent_certnames=<COMMA SEPARATED LIST OF CERTNAMES> -n <PRIMARY SERVER HOSTNAME>For example:
puppet task run support_tasks::st0317a_clean_cert agent_certnames=pe-agent.platform9.puppet.net -n pe-primary-server.puppetdebug.vlan -
If you have compilers, prevent cleaned nodes from checking in again by refreshing the certificate revocation list (CRL) on your compilers.
Run Puppet on all of your compilers. On the primary server, run:
puppet job run -q 'resources { type = "Class" and title = "Puppet_enterprise::Profile::Master" and !(certname = "<FQDN OF YOUR PRIMARY SERVER>") }'
To purge a node:
-
On the primary server, run:
puppet task run support_tasks::st0317b_purge_node agent_certnames=<COMMA SEPARATED LIST OF CERTNAMES> -n <PRIMARY SERVER HOSTNAME>For example:
puppet task run support_tasks::st0317b_purge_node agent_certnames=pe-agent.platform9.puppet.net -n pe-primary-server.puppetdebug.vlanYour output should look similar to the following:
[nate@workstation]$ puppet task run support_tasks::st0317b_purge_node agent_certnames=agent1,agent2,agent3 -n primaryserver.corp.netStarting job ... New job ID: 24 Nodes: 1 Started on primaryserver.corp.net ... Finished on node primaryserver.corp.net agent2 : result : Node purged agent3 : result : Node purged agent1 : result : Node purged Job completed. 1/1 nodes succeeded. Duration: 6 sec -
If you have compilers, prevent purged nodes from checking in again by refreshing the certificate revocation list (CRL) on your compilers.
Run Puppet on all of your compilers. On the primary server, run:
puppet job run -q 'resources { type = "Class" and title = "Puppet_enterprise::Profile::Master" and !(certname = "<FQDN OF YOUR PRIMARY SERVER>") }'
Learn more about running tasks from the command line.
Run tasks in the console
-
Follow the steps in our documentation to run tasks in the console on a node list, choosing either task st0317a (to clean certs) or st0317b (to purge nodes). Run the task on your primary server and add the cert names of your nodes under
agent_certnamesas a comma separated list of parameter values. -
If you have compilers, prevent those nodes from checking in again by refreshing the CRL. Follow the steps in our documentation to run Puppet in the console on each compiler.
Run tasks using Bolt
To clean the cert:
-
On the primary server, run:
bolt task run support_tasks::st0317a_clean_cert agent_certnames=< COMMA SEPARATED LIST OF CERTNAMES> --targets <PRIMARY SERVER HOSTNAME>For example:
bolt task run support_tasks::st0317a_clean_cert agent_certnames=pe-agent.platform9.puppet.net --targets pe-primary-server.puppetdebug.vlan -
If you have compilers, prevent cleaned nodes from checking in again by refreshing the certificate revocation list (CRL) on your compilers.
Run Puppet on all of your compilers. On the primary server, run:
puppet job run -q 'resources { type = "Class" and title = "Puppet_enterprise::Profile::Master" and !(certname = "<FQDN OF YOUR PRIMARY SERVER>") }'
To purge a node:
-
On the primary server, run:
bolt task run support_tasks::st0317b_purge_node agent_certnames=<COMMA SEPARATED LIST OF CERTNAMES> --targets <PRIMARY SERVER HOSTNAME>For example:
bolt task run support_tasks::st0317b_purge_node agent_certnames=pe-agent.platform9.puppet.net --targets pe-primary-server.puppetdebug.vlan -
If you have compilers, prevent purged nodes from checking in again by refreshing the certificate revocation list (CRL) on your compilers.
On each compiler, run:
puppet job run -q 'resources { type = "Class" and title = "Puppet_enterprise::Profile::Master" and !(certname = "<FQDN OF YOUR PRIMARY SERVER>") }'
How can we improve this article?
2 comments
I tried following this procedure because I have a need to purge and delete nodes on the command line. I discovered I must enable orchestration and set various roles and permissions in order to fully implement the command line solution.
It would be helpful if this document also described the process for completing all the orchestration requirements or lined to another appropriate document.
Hi, thank you. I appreciate you letting us know. I'll pass this on to the person you're working with right now. Based on what comes up during that process, we'll improve this.
Please sign in to leave a comment.
Related articles