000034148 - RSA Netwitness not able to enable VLC/ Host appliance after changing it's IP Address

Document created by RSA Customer Support Employee on Oct 24, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034148
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition: and higher releases
Platform: CentOS
Issue- Unable to re-enable/re-provision a host that was provisioned before and got it's IP changed.
- When a host is removed an re-added. 
- Host is discovered but failed to be enabled. 
Resolution1- Remove an re-purpose the VLC/host from SA UI.
2- Stop puppet service on VLC, using command: service puppet stop
3- Remove SSL folder under /var/lib/puppet.
4- Remove the old node_id file under /var/lib/puppet.
5- Run ./node_id.py script  under /etc/puppet/scripts/node_id.py for creating a new node id. 
6- Edit /etc/puppet/puppet.conf file to include the new node_id  in "certname" field using the "vi" command.
[root@ldecoder ~]# cat /etc/puppet/puppet.conf
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
certname = new node_id
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster.local

7- On SA-head server "puppet Master", remove the  VLC certificate under:

As an example:
[root@sa-server vars]# cd /var/lib/puppet/ssl/ca/signed
[root@sa-server signed]# ls
13ba7876-5cfe-4de8-9b28-261c5f510e01.pem  bd4527ef-b6ea-4d1a-80d4-30c8b1b36d11.pem
4c163d36-600c-4196-9ee3-65c5a91e71de.pem  cba7d187-c986-4427-94c0-5ab532468c2a.pem
60547245-3ac3-40c4-8dc6-64f73aee8055.pem  ed65d3eb-51fa-489d-8329-a49f322e92ee.pem
8f2aba18-0442-4cc2-97a8-4e50d4be96f0.pem  facc4daa-f52d-47b1-9f2b-f74a627ae63f.pem
Search by the host node id to find it's old certificate:
[root@sa-server signed]# ll | grep -i 13ba7876-5cfe-4de8-9b28-261c5f510e01
-rw-r--r--. 1 puppet puppet 2009 Mar  1  2016 13ba7876-5cfe-4de8-9b28-261c5f510e01.pem
Then remove it:
[root@sa-server signed]#rm -f 13ba7876-5cfe-4de8-9b28-261c5f510e01.pem

8- Remove the old VLC node_ID from inventory.txt under 

Use the vi command to edit the file and remove the entry that has the node_id:
[root@sa-server ca]# cat inventory.txt
0x0001 2016-02-22T12:05:56GMT 2021-02-21T12:05:56GMT /CN=Puppet CA: facc4daa-f52d-47b1-9f2b-f74a627ae63f
0x0002 2016-02-22T12:06:00GMT 2021-02-21T12:06:00GMT /CN=facc4daa-f52d-47b1-9f2b-f74a627ae63f
0x0003 2016-02-22T14:51:14GMT 2021-02-21T14:51:14GMT /CN=ed65d3eb-51fa-489d-8329-a49f322e92ee
0x0004 2016-02-23T11:06:36GMT 2021-02-22T11:06:36GMT /CN=60547245-3ac3-40c4-8dc6-64f73aee8055
0x0006 2016-02-29T11:28:56GMT 2021-02-28T11:28:56GMT /CN=4c163d36-600c-4196-9ee3-65c5a91e71de
0x0007 2016-02-29T14:21:30GMT 2021-02-28T14:21:30GMT /CN=8f2aba18-0442-4cc2-97a8-4e50d4be96f0
0x0008 2016-02-29T14:37:49GMT 2021-02-28T14:37:49GMT /CN=bd4527ef-b6ea-4d1a-80d4-30c8b1b36d11
0x0009 2016-02-29T15:16:19GMT 2021-02-28T15:16:19GMT /CN=13ba7876-5cfe-4de8-9b28-261c5f510e01
0x000a 2016-03-08T12:19:46GMT 2021-03-08T12:19:46GMT /CN=cba7d187-c986-4427-94c0-5ab532468c2a
0x000c 2016-07-11T12:58:47GMT 2021-07-11T12:58:47GMT /CN=a4b06090-f50e-4085-a536-97628b00d074

9- On VLC, run "puppet agent -t"  for creating a new SSL certs.
10- On SA UI, re-discover the VLC and enable the puppet service on VLC to complete the provisioning.