Ok, I understood my doubts partially!
When we uninstall puppet agent from windows box, it will not delete the APP Data folder for puppet which contains the certificates, to generate new certificate request you need to uninstall puppet agent and delete this directory. Further, i understood that puppetdb will deactivate the nodes but it will not delete/purge it, to purge we need set "node-purge-ttl" in the puppetdb config. What i was not able to understand is if i have removed the agent certificates from the puppet master "puppet cert clean wintest" why the request is getting accepted by master? Can someone please help me to understand this! -Kaustubh On Wednesday, December 4, 2013 1:28:26 PM UTC-5, kaustubh chaudhari wrote: > > Hi, > > Auto sign is not configured. > > 1. installed puppet agent on a windows box. > 2. accepted the certificate > 3. uninstalled puppet agent from the windows box. > 4. puppet cert clean "wintest" > 5. puppet node clean "wintest" > 6 puppet node deactivate "wintest" > > 7. install puppet agent on windows box(did no modification to windows box > except reboot) > 8. puppet agent --test (on wintest) > > Puppet master accepts the connections without asking for certs, Puppetdb > accepts the facts and reports for this node without hesitation. > > == > 2013-12-04 13:01:17,274 INFO [command-proc-51] [puppetdb.command] > [393a2937-5df1-4972-87ca-6f5f59170911] [deactivate node] wintest > 2013-12-04 13:02:16,410 INFO [command-proc-52] [puppetdb.command] > [beb89340-2ef5-473b-9e2e-cd9defada826] [replace facts] wintest > 2013-12-04 13:02:16,770 INFO [command-proc-51] [puppetdb.command] > [7b45f94d-367a-4ccc-959c-6a3e086f0911] [replace catalog] wintest > 2013-12-04 13:02:17,340 INFO [command-proc-52] [puppetdb.command] > [31a82ba2-7ede-4252-90d2-6a45984c257b] [store report] puppet v3.3.2 - > wintest > == > > This is so weird, how is this happening? > > Did some one face this issue, can someone help me understand this behavior. > > How do i make sure that once deactivate/cleaned from puppet master certs > removed, net puppet run should ask for the cert request. > > -Kaustubh > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/26b71ede-12ac-4308-bf7e-bd938123472e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
