To completely remove all traces of an agent node from your PE deployment, follow the steps described below. As an example, this workflow is useful when you have a cloud environment with ephemeral nodes that you are spinning up for a short time. The workflow achieves the following:
On the agent node, stop the agent service:
service puppet stop.
service pe-puppet stop.
Tip: You can run
puppet --versionto see which version of Puppet you’re using.
This prevents the agent node from checking in with the Puppet master and PuppetDB before you restart Puppet server.
On the Puppet master, purge the node by running
puppet node purge <CERTNAME>.
This command revokes the certificate for the agent node and deactivates the node in PuppetDB. It also removes the agent node from the list of nodes in the PE console, and decreases the number of nodes that are being used under your PE license.
Still on the Puppet master, run
puppet agent -t to kick off a Puppet run.
This Puppet run will copy the certificate revocation list (CRL) to the correct SSL directory for delivery to the node.
Restart the Puppet master with
service pe-puppetserver restart.
This completely removes the agent’s certificate from the certificate list. If you don’t run
service pe-puppetserver restart, the node will check in again on the next Puppet run and re-register with PuppetDB, which will increase the license count again.
Alternatively, for this step, you can restart the Puppet server by sending a HUP signal.
Tip: You will need to run
service pe-puppetserver restart, or send a HUP signal, on any compile masters in your system.
Note: If a purged node still exists and still has PE installed, it can still check in but its Puppet run will fail.
Note: If you have nodes pinned to node groups in the node classifier, those nodes remain in the console as an artifact, even after they have been purged. To completely remove them from the console, you must manually unpin them from individual node groups or unpin them from all node groups using the
If your nodes will continue to exist, take the following two additional steps to stop MCollective from running on the node:
On the agent node, uninstall the Puppet agent or stop the mcollective service:
service mcollective stop.
service pe-mcollective stop.
On the agent node, remove the node’s certificate in