Rudder

How about detecting during the inventory processing, if it reports to a different policy server then known until now, and after a successful policy generation remove the old dir-tree below the old policy server?

I will work around it by a cronjob, some LDAP query, and checking all directory below the policy servers, if it's still valid.

Additional question: do the policies get deleted when I remove a node over GUI / API?

I think we should "just" add the list of node managed by the relay in some accessible way on the relay, and a post-hook after promise transfert which will diff the managed node / actual directories present. The garbage collecting can be done asynchronously to avoid long processing time.

The proposed solution may imply more work to always calculate the list of nodes for a relay, not sure we have that information at all time.

Some more context information: we are not able to just remove all directories not updated on last promise transfert, because valid nodes may not have gotten updated policies on last round.

OK, so it seems I misunderstood the root cause, and it should be in fact much easier than thought to correct.

The problem is that on the root server, we don't clean the deleted nodes, and so it is more linked to #4709 (kind of an amplificated version of it).

Nicolas, you had concerned about the following proposed solution. Does that still hold for relays ?

I put them back here:

- trigger a rm -rf ${nodeid} or something alike from rudder UI when a node is deleted;
- on each promise generation, delete all unknown files in /var/rudder/share to keep only existing nodes;
- have a cfengine (sytem) promise making the cleaning for us based on the list of all "currently valide node" (accepting that ${node_id_of_relay}/${node_id} is a valid one)