Try Puppet 
Search Puppet.com
Why Puppet

Puppet is the industry standard for IT automation.

Manage and automate more infrastructure and complex workflows in a simple, yet powerful way.

Customers
Open source
Cloud & Hybrid Automation

Accelerate your cloud journey with an enterprise automation platform for your hybrid estate.

Continuous Compliance

Enforce compliance across hybrid infrastructure with policy as code and model-driven automation.

Scaling DevOps

Modernize faster with Puppet DevOps consulting and infrastructure as code.

Use Cases
Integrations
ProductsEcosystem
Pricing & PackagingGet Puppet Enterprise

First 10 Nodes are free!

Custom consulting services

Get you up and running quickly with a custom solution that addresses your unique business goals and easily allows for growth as your needs evolve.

Professional services
TrainingOpen source
Support
Puppet Compass Logo
Puppet Compass

Puppet Compass is your source for tools and best practices to address common business challenges.

Get Started
Resource library
State of DevOps Report

Since launching our first DevOps survey in 2012, we’ve learned a lot about the power of DevOps to transform organizations.

Puppet Events
Join us for a Puppet event

It's our community that makes Puppet great. Connect with Puppet users and employees.

Virtual events
Puppet CommunityContribute content
Connect
Puppet Events
About Us

Puppet frees you to do what robots can’t. We make automation software because you’ve got better things to do.

Company
Press & news
Our voiceWorking at Puppet

Adding and removing nodes

Puppet Enterprise2019.0
This version is out of date. For current versions, see Puppet Enterprise support lifecycle.
Sections

To manage nodes with Puppet Enterprise (PE), you must approve the node’s certificate signing request. If you no longer wish to manage a node, you can remove all traces of it from PE

Managing certificate signing requests

When you install a new PE agent, the agent automatically submits a certificate signing request (CSR) to the master.

Certificate requests can be signed from the console or the command line. If DNS altnames are set up for agent nodes, you must use the command line interface to approve and reject node requests.

After approving a node request, the node doesn’t show up in the console until the next Puppet run, which can take up to 30 minutes. You can manually trigger a Puppet run if you want the node to appear immediately.

To accept or reject CSRs in the console or on the command line, you need the permission Certificate requests: Accept and reject. To manage certificate requests in the console, you also need the permission Console: View.

Managing certificate signing requests in the console

The console displays a list of nodes on the Unsigned certs page that have submitted CSRs. You can approve or deny CSRs individually or in a batch.

If you use the Accept All or Reject All options, processing could take up to two seconds per request.

When using Accept All or Reject All, nodes are processed in batches. If you close the browser window or navigate to another website while processing is in progress, only the current batch is processed.

Managing certificate signing requests on the command line

You can view, approve, and reject node requests using the command line.

To view pending node requests on the command line: 
$ sudo puppetserver ca list
To sign a pending request: 
$ sudo puppetserver ca sign <NAME>
To sign pending requests for nodes with DNS altnames: 
$ sudo puppetserver ca sign (<HOSTNAME> or --all) --allow-dns-alt-names

Remove nodes

To completely remove a node from PE, you must purge the node and revoke its certificate so that it doesn’t continue to check in.

Removing a node:

  • Deactivates the node in PuppetDB.

  • Deletes the Puppet master’s information cache for the node.

  • Frees up the license that the node was using.

  • Allows you to re-use the hostname for a new node.

Note: Purging a node doesn't uninstall the agent from the node.
  1. On the agent node, stop the agent service.

    • Agent versions 4.0 or later: service puppet stop

    • Agent versions earlier than 4.0: service pe-puppet stop

    Note: You can run puppet --version to see which version of Puppet you’re using.
  2. On the master, purge the node: puppet node purge <CERTNAME>

    The node’s certificate is revoked, the certificate revocation list (CRL) is updated, and the node is deactivated in PuppetDB and removed from the console, increasing your license count. The node can't check in or re-register with PuppetDB on the next run.

  3. If you have compile masters, run Puppet on them: puppet agent -t

    The updated CRL is managed by Puppet and distributed to compile masters.

  4. If the node you’re removing was pinned to any node groups, you must manually unpin it from individual node groups or from all node groups using the unpin-from-all command endpoint.
See an issue? Please file a JIRA ticket in our [DOCUMENTATION] project.
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.