000032639 - Puppet re-provisioning error: "Could not request certificate: getaddrinfo: Temporary failure in name resolution" in RSA NetWitness Platform

Document created by RSA Customer Support Employee on Jun 30, 2016Last modified by RSA Customer Support on Sep 2, 2019
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000032639
Applies ToRSA Product Set: RSA NetWitness Logs & Network, Security Analytics
RSA Product/Service Type: Puppet, Head Unit / NetWitness Server, NetWitness Appliances, NetWitness Virtual Machines
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x
Platform: CentOS
O/S Version: 6
 
IssueWhen running `puppet agent -t`, the puppet agent produces the following error (which can also be found in /var/log/messages):

Error: Could not request certificate: getaddrinfo: Temporary failure in name resolution
CauseThis error is produced on hosts where the puppetmaster server has not been correctly defined in either /etc/puppet/puppet.conf or /etc/hosts.
Note: This issue is most likely to occur when attempting to reprovision a host to re-add it to the puppet-based trust model.
  • In /etc/puppet/puppet.conf, the line is in the 'agent' section and starts with 'server':


[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster.local


 


  • In /etc/hosts, ensure that puppetmaster.local is defined.
  • On the NetWitness Server which hosts the puppetmaster service, /etc/hosts should start with the following lines where the puppetmaster.local is defined in the IPv4 loopback (shown in green)


# cat /etc/hosts
# Created by NetWitness Installer on Mon Dec 28 23:14:57 UTC 2015
127.0.0.1 <nw_server_hostname> localhost localhost.localdomain localhost4 localhost4.localdomain4 puppetmaster.local
::1 <nw_server_hostname> localhost localhost.localdomain localhost6 localhost6.localdomain6



  • On the other NetWitness Hosts (whether appliances or virtual), a static entry needs to be present in /etc/hosts to resolve puppetmaster.local



<IP_of_nw_server>    puppetmaster.local
ResolutionTo resolve the issue, follow the steps below.
  • SSH to the host where the issue is being seen.
  • Determine if puppetmaster.local is missing from /etc/puppet/puppet.conf or /etc/hosts. Run the following commands to examine these files:


cat /etc/hosts
cat /etc/puppet/puppet.conf



  • If puppetmaster.local is not present in /etc/hosts, add an entry.  
  • If /etc/puppet/puppet.conf is missing the server line, edit the file using: vi /etc/puppet/puppet.conf
  • Add "server = puppetmaster.local" as per below screenshot if this is missing (doesn't need to be the last line but does need to be under the [agent] section)
              User-added image
  • Run puppet agent -t 

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
NotesThis issue does not occur in RSA NetWitness Platform v11.x (as puppet has been replaced by salt and chef).

Attachments

    Outcomes