As users of puppet, occasionally we need to migrate nodes from one master to another.
In my case I’m decommissioning my old puppet server having stood up a new one, as a part of my “migrate home” project.
I ran into a couple of minor issues, but this is essentially the process for moving a node from one master to another.
First, stop puppet (this isn’t necessary, but good practice):
# /etc/init.d/puppet stop
Next, edit your puppet.conf to reflect the new change.
Now, if you start puppet again you’ll likely get errors and it won’t work.
# rm -r /var/lib/puppet/ssl/*
[warning]This is for Debian package-installed systems; if this is not your system, check your puppet.conf to determine where the SSL directory is.[/warning]
# /etc/init.d/puppet restart
Now switch back to your NEW master and look for the new certificate, and if it checks out, sign it:
# puppet cert list
“swedishchef.i-al.net” (SHA256) 05:5E:23:7E:03:A9:58:B6:F2:FE:F6:D4:A1:C3:CE:FD:8B:64:4D:F2:D5:87:02:22:7A:C1:44:8D:D8:44:8E:E8
# puppet cert sign swedishchef.i-al.net
Notice: Signed certificate request for swedishchef.i-al.net
Notice: Removing file Puppet::SSL::CertificateRequest swedishchef.i-al.net at ‘/var/lib/puppet/ssl/ca/requests/swedishchef.i-al.net.pem’
Check everything is running, and you should observe everything is in order. If not, debug as normal. As always, try this in a test environment first – I take no responsibility for broken production environments based on the above.