Puppet Decom

Hey guys just want some insight on this. So the previous Linux Engineer was using puppet for his configs and they are trash. I am going to move to Ansible but want to make sure that removing the puppet agents from the machine will not remove the configurations from the machines themselves.

In other words, I am going to nuke this puppet server and want to remove the agents as well.

Thanks

YAML > Ruby

hah, this makes me chuckle for some reason… i’ve used ansible, salt, and a little puppet way back in the day…

If there are some files you don’t want to change, use my fav trick that confuses everyone:

sudo chattr +i <filename>

lol… probably not best practice if you have coworkers, but in a pinch… :wink:

I’ve definitely used it to prevent stuff from dynamically rewriting my /etc/hosts file…

don’t tell anyone about it though, its strong magick… lol

1 Like

Slightly more serious considerations:

  1. I assume this is bare metal Linux hosts? Otherwise I would roll fresh VM images (or containers) and swap them out if possible.
  2. By “the configurations” do you mean puppet configs themselves or all the stuff in /etc/ and packages that puppet is managing?
  3. Can you go slow and start off with systemctl disable puppet && systemctl stop puppet on all the client machines, then shutdown the server and get your ansible scripts going before nuking anything?
  4. Assuming the puppet agents are off and not restarting on the client machines, they can’t make any changes to files at that point.

Just a couple thoughts… I do personally like ansible better than salt/puppet. Containers are cool, but large scale orchestration is still wonky imo.

I’m a fan of reproducible VM images with ansible for config management. It often depends on the environment/provider/employer with whom you’re working.

Keep us posted how it goes!

1 Like

Thank you for your response but to better hone in my question. I just need to know does the puppet agent take it’s OS configs with it.

Removing puppet won’t remove the OS configs when its removed.

I get mad at puppet and disable it all the time. The only way puppet will remove configs is if you tell it too.

2 Likes

So long as your stop the Puppet daemon and disable it, it won’t be able to make any changes to the system. Uninstalling it entirely will also leave the existing configuration intact.

If in doubt, and it’s a VM, make a snapshot before you start.

4 Likes

Thanks guys

We’re going through a “migrate from Puppet to Ansible” dillemma right now. I was the “puppet expert” (which is laughable), but I don’t have the time to manage that infrastructure anymore. The other SA team has more Ansible experience. You can just start migrating functionality from Puppet to Ansible without too many problems (that’s what we’re doing). We still use some features of Puppet (mostly Bolt for automation/command and control, as it’s “better” than Ansible on a large scale of “do this now”), but we’re slowly replacing the components of Puppet with Ansible equivalents.

One of the hard things for people to wrap their heads around with Puppet is that it doesn’t do anything you don’t tell it to explicitly do - it won’t remove packages unless you explicitly tell it to remove a package (that bites newbies all the time), even if you no longer ensure => present.

I realize that doesn’t really answer the question - but what I can say is that we’ve created roles for a host, applied that role, and then changed the role, and the original “stuff” that came with the original “role” is still configured. Removing Puppet wouldn’t change that.

1 Like