Article Content
Article Number | 000034305 |
Applies To | RSA Product Set: NetWitness Logs and Packets, Security Analytics RSA Product/Service Type: Appliances and Virtual Machines RSA Version/Condition: 10.4.X, 10.5.X, 10.6.X Component: Puppet Agent, Puppet Master Platform: CentOS O/S Version: 6 |
Issue | Occasionally you need to change the puppet node_id which is used to uniquely identify a host in a NetWitness Logs or Packets Server. This is a common activity if you are cloning a Virtual Log Collector (VLC) Virtual Machine (VM). Warning: Caution needs to be exercised when performing this on a server which runs the puppet master service as this will likely require that the puppet trust be re-established on all hosts which are managed by the puppet master. Hosts Affected:
|
Tasks |
|
Resolution | 1. Change the basic networking (hostname and IP, if necessary) and reboot operating system
mv /var/lib/puppet/node_id /var/log/node_id.old.`date +"%Y%m%d_%H%M"` /etc/puppet/scripts/node_id.py This should output new node_id to screen and saves this to /var/lib/puppet/node_id new_node_id=$(/etc/puppet/scripts/node_id.py) Use the following command to check that new node_id was generated cat /var/lib/puppet/node_id If this was not successful (file either doesn't exist or is empty) you can run the following: echo "$new_node_id" | tr -d '\r\n' > /var/lib/puppet/node_id Run the following to make sure puppet.conf is updated correctly: sed -ri "s/^certname = [a-z0-9\-]+/certname = $new_node_id/" /etc/puppet/puppet.conf 3. Re-trust the service For the puppet agent run the following: puppet agent -t --waitforcert 10 Wait until you see the message: Notice: Did not receive certificate Navigate to Administration \ Hosts and (if necessary use the Discover button) and Enable the new host. |