Problem:
I want to delete a host from foreman.
Tried selecting it from Hosts -> All Hosts -> Edit -> Delete
Are you sure you want to delete host myhost.mydomain.com? This action is irreversible. -> OK
Displayed: Failed to delete myhost.mydomain.com:
Expected outcome:
Host should be deleted, but still remains in the list.
Foreman and Proxy versions:
foreman 1.20.1
puppet 5.5.10
katello 3.10.0
Other relevant data:
Found this in /var/log/foreman/production.log
2019-03-08T08:07:46 [I|app|] Deactivating node in PuppetDB: myhost.mydomain.com
2019-03-08T08:07:46 [W|app|] Failed to deactivate node myhost.mydomain.com in PuppetDB: Failed to open TCP connection to localhost:8081 (Connection refused - connect(2) for "localhost" port 8081)
Errno::ECONNREFUSED: Failed to open TCP connection to localhost:8081 (Connection refused - connect(2) for "localhost" port 8081)
(...)
2019-03-08T08:11:31 [W|app|e8629] Rolling back due to a problem: [#<Orchestration::Task:0x000000000f883448 @name="Deactivating node myhost.mydomain.com in PuppetDB", @status="failed",
Is it as simple as a firewall rule change to allow port 8081 on the localhost?
Never mind, that did it. I set puppetdb_enabled to No, and I was then able to delete the host.
I still needed to remove the certificates and known_hosts entries manually before being able
to successfully integrate the same host.
[root@myhost ~]# puppet agent --test
Error: Could not request certificate: The certificate retrieved from the master does not match the agent’s private key. Did you forget to run as root?
Certificate fingerprint: 62:6B:C5:(…):12:49:1E
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.
On the master:
puppet cert clean myhost.mydomain.com
On the agent:
1a. On most platforms: find /etc/puppetlabs/puppet/ssl -name myhost.mydomain.com.pem -delete
1b. On Windows: del “\etc\puppetlabs\puppet\ssl\certs\myhost.mydomain.com.pem” /f
2. puppet agent -t
Exiting; failed to retrieve certificate and waitforcert is disabled
[root@myhost ~]#
But at least the hint was there.
This was a little more obscure to find:
/usr/share/foreman-proxy/.ssh/known_hosts
Have no idea you can probably use foreman-rake console and edit the host removing its puppet master and ca fields then Foreman will not orchestrate PuppetDB deletion step. Not sure, @ekohl ?
