|Applies To||RSA Product Set: NetWitness Logs and Network|
RSA Product/Service Type: Orchestration/Chef
RSA Version/Condition: 11.3
O/S Version: 7
|Issue||While updating/installing a device to version 11.3, the following error can occur and be found in /var/log/netwitness/config-management/chef-solo.log:|
Thus, the install/upgrade fails.
|Cause||The reason can be because the target host is unable to communicate to the Admin Server on port 53 as it is attempting to use the dnsmasq service on the Admin Server to resolve, in this case, 889e5752-6ae3-4286-a944-c182 33f4ccbc. This is the salt minion id of the admin server. You can see this by running "cat /etc/salt/minion" on the Admin Server to compare.|
|Resolution||If possible, configure any firewalls between the target host and the Admin Server host to be able to communicate on port 53.|
If this is not possible, the workaround is to include the minion id in the /etc/host file on the component hosts.
|Workaround||Take the example /etc/hosts file from an Endpoint Hybrid host.|
Edit /etc/hosts and add the node id, just like you saw in the error, next to nw-node-zero
Then, you may attempt to the upgrade once more while tailing the /var/log/netwitness/config-management/chef-solo.log and see if you bypass this error.
A Very Special Note about resolv.conf:
In the 11.3 Release, we are making the /etc/resolv.conf an immutable file. If you are unable to reach the Admin Server on port 53 or your component host uses a different DNS Server from your Admin Server, you will need to edit the local resolv.conf on the component host. To be able to edit the file to change what DNS Servers you query, you must undo this change.
Once this is done, you can restore your DNS server settings by vi-ing the file. If you are unsure what they were prior to your upgrade, you can check the backup files that chef creates as it goes through it's upgrade run. They will be date-stamped in the file name
Please also note that the Admin Server is different. The options in /etc/resolv.conf are being overwritten by what is defined in /etc/netwitness/platform/resolv.dnsmasq. If you want to change the Admin Server's DNS Servers, you will need to modify it there.
|Notes||If this solution does not work for you and you are still experiencing issues with the /var/log directory filling up, please open a case with RSA Technical Support quoting this KB article.|