puppet node deactivate
413 views
Skip to first unread message
David Kerr
Jun 20, 2013, 7:28:40 PM6/20/13
to puppet...@googlegroups.com
Hello,
I'm in the process of upgrading my puppet from 2x to 3.2.1.
During my testing i found that it appears that puppet node deactivate isn't removing nodes from storeconfigs.
Specifically:
On my puppet server:
> puppet node deactivate hub15.mydomain.com
Submitted 'deactivate node' for hub15.mydomain.com with UUID 3f698c7a-dd1e-49a4-8fdd-941e5bc01970
followed by:
On my haproxy:
> puppet agent --test --noop
backend b1
balance roundrobin
@@ -72,15 +65,16 @@
option httpclose
option forwardfor
server hub01 192.168.0.218:80 check
- server hub02 192.168.4.181:80 check
server hub03 192.168.0.19:80 check
server hub04 192.168.4.62:80 check
- server hub10 192.168.0.48:80 check
- server hub15 192.168.0.110:80 check
+ server hub05 192.168.0.151:80 check
+ server hub12 192.168.0.33:80 check
+ server hub14 192.168.4.27:80 check
+ server hub15 192.168.0.163:80 check
I usually do puppet node clean/puppet node deactivate.
Any ideas?
Thanks
Ken Barber
Jun 21, 2013, 8:31:20 AM6/21/13
to Puppet Users
> I'm in the process of upgrading my puppet from 2x to 3.2.1.
>
> During my testing i found that it appears that puppet node deactivate isn't
> removing nodes from storeconfigs.
So it should work and in my experience it often does. Most cases I
>
> During my testing i found that it appears that puppet node deactivate isn't
> removing nodes from storeconfigs.
hear about this failing is when the Puppet code you are using doesn't
purge or handle the removal of exported resources. Another problem is
when the node itself is not truly deactivated, any bit of noise from a
deactivated node will reactivate it (for example) or perhaps the
deactivation didn't work due to certificate naming mismatches ...
Double check your puppetdb.log to make sure the command went through
for the deactivate:
2013-06-21 13:18:11,979 INFO [command-proc-45] [puppetdb.command]
[24574550-742d-4e70-bf98-011ae049b046] [deactivate node]
puppetdbclient1.vm
Then try a query against the API, to see if it has been removed:
# curl -H "Accept: application/json"
http://localhost:8080/v2/nodes/puppetdbclient1.vm
{
"name" : "puppetdbclient1.vm",
"deactivated" : "2013-06-21T12:21:45.334Z",
"catalog_timestamp" : "2013-06-21T12:20:42.368Z",
"facts_timestamp" : "2013-06-21T12:20:42.123Z",
"report_timestamp" : "2013-06-21T12:20:17.000Z"
}
You can see the 'deactivated' field here, if it contains a date its
deactivated. Active nodes should have 'null'. When you do a full query
for the resources, you shouldn't be able to find a resource for the
certname you deactivated either:
curl -H "Accept: application/json"
"http://localhost:8080/v2/resources?query="
I'd double check all of this first, and make sure the operation on the
PuppetDB is indeed succeeding for yourself first. Btw, these
instructions are PuppetDB 1.3.x specific so if you have an older
revision the instructions may differ.
> Specifically:
> On my puppet server:
>
>> puppet node deactivate hub15.mydomain.com
> Submitted 'deactivate node' for hub15.mydomain.com with UUID
> 3f698c7a-dd1e-49a4-8fdd-941e5bc01970
>
> followed by:
> On my haproxy:
>> puppet agent --test --noop
> backend b1
> balance roundrobin
> @@ -72,15 +65,16 @@
> option httpclose
> option forwardfor
> server hub01 192.168.0.218:80 check
> - server hub02 192.168.4.181:80 check
> server hub03 192.168.0.19:80 check
> server hub04 192.168.4.62:80 check
> - server hub10 192.168.0.48:80 check
> - server hub15 192.168.0.110:80 check
> + server hub05 192.168.0.151:80 check
> + server hub12 192.168.0.33:80 check
> + server hub14 192.168.4.27:80 check
> + server hub15 192.168.0.163:80 check
>
> I usually do puppet node clean/puppet node deactivate.
conclusions here, is this a concat pattern or a query inside a
template? If you can provide code it would be helpful.
Thanks.
ken.
Nikola Petrov
Jun 21, 2013, 9:19:52 AM6/21/13
to puppet...@googlegroups.com
Hi,
What is the storage engine behind puppetdb? Can you please provide the
hostname for the machine that wasn't deactivated. I can remember that I
had some problems with hostnames that contained uppercase characters.
--
Nikola
> --
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
> To post to this group, send email to puppet...@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
What is the storage engine behind puppetdb? Can you please provide the
hostname for the machine that wasn't deactivated. I can remember that I
had some problems with hostnames that contained uppercase characters.
--
Nikola
> You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
> To post to this group, send email to puppet...@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
David Kerr
Jun 21, 2013, 11:55:06 PM6/21/13
to puppet...@googlegroups.com
On Friday, June 21, 2013 5:31:20 AM UTC-7, Ken Barber wrote:
>
> I usually do puppet node clean/puppet node deactivate.
How are you generating this file? Its hard to make any specific
conclusions here, is this a concat pattern or a query inside a
template? If you can provide code it would be helpful.
Yes that's concat.
I ended up removing the puppet directory from the client server's
and that seemed to take care of it.
Thanks!
Reply all
Reply to author
Forward
0 new messages