000034607 - Puppet agent failure alarm seen on the Health and Wellness module in RSA Security Analytics

Document created by RSA Customer Support Employee on Dec 29, 2016Last modified by RSA Customer Support Employee on Jul 1, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000034607
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics UI, Health and Wellness
IssueIn health and wellness the Puppet Agent Failure alarm is seen.
User-added image
 
CauseThere can be several reasons for this alarm.
Issuing the command below on the affected node will give more information on the error.
puppet agent -t


However, due to a known issue with a slow memory leak in the puppetmaster module, when puppet agent -t is run on the node then the following message may be seen:
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on Server: Cannot allocate memory - fork(2)

User-added image
Resolution
  1. Check that puppet service is running on the node by running the following command:
    service puppet status

  2. If necessary, restart the service on the node using the following command:

  3. service puppet restart

  4. Check that the puppet master service is running on the Security Analytics Server by running the following command:

  5. service puppetmaster status

  6. If necessary, restart the service on the Security Analytics Server using the following command:

  7. service puppetmaster restart

WorkaroundThe workaround  for the puppetmaster memory leak is to schedule a cron job to restart puppetmaster on a regular basis. 
Edit the /etc/crontab file to add a weekly restart for the puppetmaster service on the Security Analytics Server.
vi /etc/crontab

Copy and past the following line at the bottom of the /etc/crontab file:
57 23 ? * SAT * service puppetmaster stop && service puppetmaster start

The above line restarts the puppetmaster service every Saturday at 23:57.
Write and exit from the vi editor.
Once back to the command prompt, execute the command below to reload the crond daemon and put the scheduled job into effect.
service crond restart

Attachments

    Outcomes