Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

How to manage size of inventory.txt?

What are the ways I can manage the size of the inventory.txt file? I sign and destroy a large number of certs for rapidly created and destroyed nodes every day and when systems are destroyed I remove the signed certificate. However, the serial number and tracking information for the issued certificate still exists in the inventory.txt despite the fact the signed certificate no longer exists. This means that over time this file grows exponentially in size.

How is this file created? If I remove it will Puppet Server regenerate it with only the still-valid certificates on the number request? Would it be recommended that when I remove a certificate I remove the corresponding line in inventory.txt? If it will not regenerate the inventory.txt on the next signing, could I simply restart the Puppet Server process to do the same thing?

Background: without getting too heavily into the specifics of my setup I investigated doing Certificate Revocation Lists with puppet cert clean but it seems a little unwieldy since I would then simply have an ever-expanding CRL and the same problem. If managing the inventory.txt is not an option I can look into this again but after quite a bit of discussion my setup is unusual enough that it's not likely a viable option.

How to manage size of inventory.txt?

What are the ways I can manage the size of the inventory.txt file? I sign and destroy a large number of certs for rapidly created and destroyed nodes every day and when systems are destroyed I remove the signed certificate. However, the serial number and tracking information for the issued certificate still exists in the inventory.txt despite the fact the signed certificate no longer exists. This means that over time this file grows exponentially in size.

How is this file created? If I remove it will Puppet Server regenerate it with only the still-valid certificates on the number request? Would it be recommended that when I remove a certificate I remove the corresponding line in inventory.txt? If it will not regenerate the inventory.txt on the next signing, could I simply restart the Puppet Server process to do the same thing?

Background: without getting too heavily into the specifics of my setup I investigated doing Certificate Revocation Lists with puppet cert clean but it seems a little unwieldy since I would then simply have an ever-expanding CRL and the same problem. If managing the inventory.txt is not an option I can look into this again but after quite a bit of discussion my setup is unusual enough that it's not likely a viable option.

Update: I've discovered the puppet cert reinventory command might be what I need, but it specifically references the Puppet Master. I don't have a Master, but I am running Puppet Server. If this indeed would rebuild the inventory.txt, does the puppetserver need to be restarted or does that only apply to puppetmaster?