Cleaning out cert requests
Occasionally systems with incorrect hostnames will generate a certificate signing request on the puppet servers. Periodically clear these out on pupserver01-ec2-va with:
puppetserver ca list | awk '{print $1'} | xargs -n1 puppetserver ca clean --certname
Be careful to not specify --all which includes SIGNED certificates.
Host Decommissioning
On the puppet CA server (currently pupserver01-ec2-va.apache.org) run
puppet node deactivate ooo-forums4-dev-vm puppet node clean ooo-forums4-dev-vm # remove node from ASF DNS
Cleaning up old node resources
puppet node deactivate <hostname>- This will deactive the node and make it eligible for garbage collection from puppetdb.
- This will cause it to be removed from ssh-keys and exported resources (for backuppc amongst other things)
puppet node clean <hostname>- This removes all of the cached facts associated with the VM under the old hostname. Removes:
Signed certificates - ($vardir/ssl/ca/signed/node.domain.pem)
Cached facts - ($vardir/yaml/facts/node.domain.yaml)
Cached node objects - ($vardir/yaml/node/node.domain.yaml)
Reports - (puppetdb, datadog_reports)
- This removes all of the cached facts associated with the VM under the old hostname. Removes:
- Additionally, check PuppetDB for node resources:
on pupdb01-ec2-va run:
curl -X POST http://localhost:8080/pdb/query/v4/resources -H 'Content-Type:application/json' -d '{"query":["=","certname","iotdb-vm.apache.org"]}' | python3 -m json.tool | less- this queries the puppetdb service directly.
Client Setup
Overview
Content Tools
Apps
email users@infra.apache.org
for any queries or suggestions.