Hey guys just want some insight on this. So the previous Linux Engineer was using puppet for his configs and they are trash. I am going to move to Ansible but want to make sure that removing the puppet agents from the machine will not remove the configurations from the machines themselves.
In other words, I am going to nuke this puppet server and want to remove the agents as well.
I assume this is bare metal Linux hosts? Otherwise I would roll fresh VM images (or containers) and swap them out if possible.
By “the configurations” do you mean puppet configs themselves or all the stuff in /etc/ and packages that puppet is managing?
Can you go slow and start off with systemctl disable puppet && systemctl stop puppet on all the client machines, then shutdown the server and get your ansible scripts going before nuking anything?
Assuming the puppet agents are off and not restarting on the client machines, they can’t make any changes to files at that point.
Just a couple thoughts… I do personally like ansible better than salt/puppet. Containers are cool, but large scale orchestration is still wonky imo.
I’m a fan of reproducible VM images with ansible for config management. It often depends on the environment/provider/employer with whom you’re working.
So long as your stop the Puppet daemon and disable it, it won’t be able to make any changes to the system. Uninstalling it entirely will also leave the existing configuration intact.
If in doubt, and it’s a VM, make a snapshot before you start.
We’re going through a “migrate from Puppet to Ansible” dillemma right now. I was the “puppet expert” (which is laughable), but I don’t have the time to manage that infrastructure anymore. The other SA team has more Ansible experience. You can just start migrating functionality from Puppet to Ansible without too many problems (that’s what we’re doing). We still use some features of Puppet (mostly Bolt for automation/command and control, as it’s “better” than Ansible on a large scale of “do this now”), but we’re slowly replacing the components of Puppet with Ansible equivalents.
One of the hard things for people to wrap their heads around with Puppet is that it doesn’t do anything you don’t tell it to explicitly do - it won’t remove packages unless you explicitly tell it to remove a package (that bites newbies all the time), even if you no longer ensure => present.
I realize that doesn’t really answer the question - but what I can say is that we’ve created roles for a host, applied that role, and then changed the role, and the original “stuff” that came with the original “role” is still configured. Removing Puppet wouldn’t change that.