Feature #1886
Add node cleanup capability
| Status: | Accepted | Start: | 01/23/2009 | |
|---|---|---|---|---|
| Priority: | Low | Due date: | ||
| Assignee: |  Brice Figureau |
% Done: | 0% |
|
| Category: | newfeature | |||
| Target version: | unplanned | |||
| Affected version: | 0.25.0 | Branch: | ||
| Keywords: | ||||
| Votes: | 1 |
Description
There really isn’t a good mechanism to clean up when a node no longer exits. You can remove it from your node definition, but there is a lot of junk hanging around that should be cleaned up too. It would be really cool if the ability to wipe a node was built into puppetmaster so you could just simply do something like:
puppetmaster --clean node puppetmaster --clean node.domain.name
and this would clean up everything that puppet can find on that node. The things that I can think of that need to get cleaned up are:
- Signed certificates ($vardir/ssl/ca/signed/node.domain.pem)
- Cached facts ($vardir/yaml/facts/node.domain.yaml)
- Cached node stuff ($vardir/yaml/node/node.domain.yaml)
- Reports ($vardir/reports/node.domain)
- Stored configs. I found a script on the wiki that takes care of this:
#!/usr/bin/env ruby ## Usage: sudo ./kill_node_in_storeconfigs_db.rbrequire 'puppet/rails' Puppet[:config] = "/etc/puppet/puppet.conf" Puppet.parse_config pm_conf = Puppet.settings.instance_variable_get(:@values)[:puppetmasterd] adapter = pm_conf[:dbadapter] args = {:adapter => adapter, :log_level => pm_conf[:rails_loglevel]} case adapter when "sqlite3": args[:dbfile] = pm_conf[:dblocation] when "mysql", "postgresql": args[:host] = pm_conf[:dbserver] unless pm_conf[:dbserver].empty? args[:username] = pm_conf[:dbuser] unless pm_conf[:dbuser].empty? args[:password] = pm_conf[:dbpassword] unless pm_conf[:dbpassword].empty? args[:database] = pm_conf[:dbname] else raise ArgumentError, "Invalid db adapter %s" % adapter end ActiveRecord::Base.establish_connection(args) if @host = Puppet::Rails::Host.find_by_name(ARGV[0].strip) print "Killing #{ARGV[0]}..." $stdout.flush @host.destroy puts "done." else puts "Can't find host #{ARGV[0]}." end Sure, I can do all this manually, but this is a feature request because its a little annoying and you forget all the pieces.
Related issues
| duplicated by Puppet - Feature #4539: Puppet should have the capability to "clean" nodes like c... | Duplicate | 08/15/2010 |
History
Updated by James Turnbull over 1 year ago
- Status changed from Unreviewed to Accepted
- Assignee set to Brice Figureau
Updated by Udo Waechter over 1 year ago
micah wrote:
- Stored configs. I found a script on the wiki that takes care of this: It would be really great if exported resources will be unexported. I am sure that this will not work for most of the resources, but those that have a “ensure” parameter should be set to their opposite:
so:
@@file{“/bla/bla”: ensure => present, }
should become
@@file{“/bla/bla”: ensure => absent, }
I guess this increases the complexity of this ticket, but I think that it definetly should be there.
Updated by Luke Kanies over 1 year ago
do wrote:
micah wrote:
- Stored configs. I found a script on the wiki that takes care of this: It would be really great if exported resources will be unexported. I am sure that this will not work for most of the resources, but those that have a “ensure” parameter should be set to their opposite:
so:
@@file{“/bla/bla”: ensure => present, }
should become
@@file{“/bla/bla”: ensure => absent, }
I guess this increases the complexity of this ticket, but I think that it definetly should be there.
Yeah, this is a pretty significant change; while I can see why you want this, I’d say that most cases that use exported resources should also use resource purging.
Updated by Udo Waechter over 1 year ago
luke wrote:
do wrote:
micah wrote:
- Stored configs. I found a script on the wiki that takes care of this: It would be really great if exported resources will be unexported. I am sure that this will not work for most of the resources, but those that have a “ensure” parameter should be set to their opposite:
so:
@@file{“/bla/bla”: ensure => present, }
should become
@@file{“/bla/bla”: ensure => absent, }
I guess this increases the complexity of this ticket, but I think that it definetly should be there.
Yeah, this is a pretty significant change; while I can see why you want this, I’d say that most cases that use exported resources should also use resource purging.
Yes, we have that in our modules (we have anticlasses for all classes that we do define). Unfortunately the day comes when a node dies without having the last chance to be put into such a class and run puppet for the last time.
We have this with about 4 hosts now, and their exported resources are spread over 4 or 5 other hosts. Now, I need to delete the stored configs, afterwards I need to log in to all of those machines and delete the resources by hand. Long tme since I did such things, thanks to puppet :)
Updated by micah - over 1 year ago
- Affected version changed from 0.24.7 to 0.25.0
Updated by R.I. Pienaar aka Volcane over 1 year ago
It would be great – at least for stored procs – if we could just have a setting in puppet.conf that defines a max age for a node in the exported resources database.
So if I feel in my environmnet it is ok if I dont hear from a node for 2 days that probably its been retired so I am happy to purge it then the exported resource database should just get cleared.
I wouldnt think a default policy of always clear older than n days would be acceptable, by default no auto aging should happen. But as an optional setting I think it would simplify things a lot and make the whole system more self managing.
In a larger context if a node{} had some property that you could set analogous to ensure => absent the master should then clean certs, nuke exported resources and everything else mentioned.
Updated by James Turnbull about 1 year ago
- Target version set to unplanned
Updated by Ohad Levy 12 months ago
volcane volcane wrote:
It would be great – at least for stored procs – if we could just have a setting in puppet.conf that defines a max age for a node in the exported resources database.
So if I feel in my environmnet it is ok if I dont hear from a node for 2 days that probably its been retired so I am happy to purge it then the exported resource database should just get cleared.
I wouldnt think a default policy of always clear older than n days would be acceptable, by default no auto aging should happen. But as an optional setting I think it would simplify things a lot and make the whole system more self managing.
In a larger context if a node{} had some property that you could set analogous to ensure => absent the master should then clean certs, nuke exported resources and everything else mentioned.
I would add a disable functionality, this will not erase the data, but will not include it either.