Ask Your Question

puppet node deactivate

asked 2014-04-15 11:53:55 -0600

nicoX gravatar image

I didn't seem to be able to deactivate a node, after I did some changes to them. I have 39 nodes with one puppet master. It totals 40 nodes in the console. Yet 41 licenses are being used. How do I find out which node it is that I once again should puppet cert clean and puppet node deactivate?

edit retag flag offensive close merge delete

2 Answers

Sort by » oldest newest most voted

answered 2014-04-15 15:02:45 -0600

ffrank gravatar image

updated 2014-04-16 04:26:15 -0600

Find your master log file using puppet master --configprint masterlog. Extract enough lines from the end to cover about two agent cycles (usually agents check in twice an hour, so consider an hour's worth of logs).

You will find a log entry for each compilation. Your unused certificate should be the only one that does not appear.

Assuming you need X lines, try

tail -n X `puppet master --configprint masterlog` | grep Compiled | sed 's/.*for \(.*\) in env.*/\1/' | sort -u

With PE, you ought to be able to identify nodes that do not check in via the Web Console ... (more)

edit flag offensive delete link more


I don't seem to have a puppetmaster.log. The only thing I have in /var/log/pe-puppet/ is two log files that are empty. I actually need to find ...(more)

nicoX gravatar imagenicoX ( 2014-04-16 04:12:38 -0600 )edit

I updated my answer to account for PE.

ffrank gravatar imageffrank ( 2014-04-16 04:26:29 -0600 )edit

The same node that is licensed have checked in with a new hostname. It didn't seem to deactivate prior I changed the hostname on that node and checked it ...(more)

nicoX gravatar imagenicoX ( 2014-04-16 04:51:54 -0600 )edit

It should be safe to just remove the old fqdn from your database via whatever means PE provides for this.

ffrank gravatar imageffrank ( 2014-04-16 06:29:49 -0600 )edit

I'm trying to figure out which old fqdn it is. Because I changed the hostname for 39 nodes, and don't keep track of which nodes fqdn I didn't revoke.

nicoX gravatar imagenicoX ( 2014-04-16 06:32:48 -0600 )edit

answered 2014-04-16 09:44:29 -0600

nicoX gravatar image

updated 2014-04-17 03:52:13 -0600

I managed to find the node going through these steps:

Puppet master:

curl "http://localhost:8080/v3/nodes" # will list all nodes including they that are not active yet still not deactivated

Compare that list with the list of active nodes from mcollective.

su - peadmin # switch to peadmin user

mco puppet status # lists all active nodes

Once you find the node, clean it’s cert and deactivate it.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2014-04-15 11:53:55 -0600

Seen: 849 times

Last updated: Apr 17 '14