Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000034305 - How to change the puppet node_id on RSA NetWitness Host

Document created by RSA Customer Support

on Nov 2, 2016•Last modified by RSA Customer Support

on May 30, 2017

Version 5Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000034305
Applies To	RSA Product Set: NetWitness Logs and Packets, Security Analytics RSA Product/Service Type: Appliances and Virtual Machines RSA Version/Condition: 10.4.X, 10.5.X, 10.6.X Component: Puppet Agent, Puppet Master Platform: CentOS O/S Version: 6
Issue	Occasionally you need to change the puppet node_id which is used to uniquely identify a host in a NetWitness Logs or Packets Server. This is a common activity if you are cloning a Virtual Log Collector (VLC) Virtual Machine (VM). Warning: Caution needs to be exercised when performing this on a server which runs the puppet master service as this will likely require that the puppet trust be re-established on all hosts which are managed by the puppet master. Hosts Affected: NetWitness/SA Server (NetWitness/SA Broker headunit appliance or NetWitness/SA Server VM) All-In-One for Packets (AIO-P) appliances; and All-In-One for Logs (AIO-L) appliances
Tasks	Change the basic networking (hostname and IP, if necessary) and reboot operating system Generate a new puppet node_id Re-trust the service which is typically done in the NetWitness/SA UI (Administration \ Appliances in SA 10.4.X and Administration \ Hosts in SA 10.5.X and later)
Resolution	1. Change the basic networking (hostname and IP, if necessary) and reboot operating system If you are running SA 10.6.0 and the puppet trust model is established (i.e. this host appears when you run 'mco ping' on puppetermaster.local) then you can SSH to the SA Server and use /etc/puppet/scripts/sysSetRPC/changePuppetMaster.py - https://community.rsa.com/docs/DOC-43221 this will update the mongo asg db correctly. Warning: If changing IP of host then script will reboot OS, if changing IP of server hosting puppetmaster.local, all hosts with trusted services will have their OS rebooted. Otherwise: Run the following script to change basic networking i.e. hostname and IP which will update /etc/hosts, /etc/sysconfig/network and /etc/sysconfig/network-scripts/ifcfg-e* /usr/sbin/netconfig.sh Edit the line containing HWADDR in either /etc/sysconfig/network-scripts/ifcfg-em1 or / ifcfg-eth0 to match the MAC address of the current interface as seen in the following command: *ifconfig em1\| grep -o "HWaddr ." \| awk '{ print $2 }' Note: If the command produces the following error message (which is common in the case of virtual machines), em1: error fetching interface information: Device not found Then the command should be: ifconfig eth0 \| grep -o "HWaddr ." \| awk '{ print $2 }'* Edit /etc/puppet/csr_attributes.yaml to update the fqdn and ipaddress values. If you have changed the IP of server hosting puppetmaster.local (and not used changePuppetMaster.py), then the static hostname entry in /etc/hosts for puppetmaster.local may need to be updated. (optional) For cloned VLCs remove the trustpeers for the Log Collector service to avoid issues in creating rabbitmq queues find /etc/netwitness/ng/logcollector -type d -name trustpeers -exec rm -f {} \; Reboot the operating system (using either `shutdown -r now` or simply `reboot`) to use the new networking values 2. Generate a new puppet node_id mv /var/lib/puppet/node_id /var/log/node_id.old.`date +"%Y%m%d_%H%M"` /etc/puppet/scripts/node_id.py This should output new node_id to screen and saves this to /var/lib/puppet/node_id new_node_id=$(/etc/puppet/scripts/node_id.py) Use the following command to check that new node_id was generated cat /var/lib/puppet/node_id If this was not successful (file either doesn't exist or is empty) you can run the following: echo "$new_node_id" \| tr -d '\r\n' > /var/lib/puppet/node_id Run the following to make sure puppet.conf is updated correctly: sed -ri "s/^certname = [a-z0-9\-]+/certname = $new_node_id/" /etc/puppet/puppet.conf 3. Re-trust the service For the puppet agent run the following: puppet agent -t --waitforcert 10 Wait until you see the message: Notice: Did not receive certificate Navigate to Administration \ Hosts and (if necessary use the Discover button) and Enable the new host.

Attachments

Outcomes

0 Comments

Recommended Content