The agent becomes unresponsive. When run in debug mode it becomes unresponsive after this message:
Debug: Finishing transaction 26473080 Debug: Runtime environment: puppet_version=6.21.1, ruby_version=2.5.8, run_mode=agent,
default_encoding=UTF-8 Debug: Loading CA certs
It is likely that the agent is unable to create a secure connection using a random number generator (RNG), and there isn’t enough entropy (a pool of random data) to complete a key exchange.
Version and installation information
PE version: All supported versions
OS: Any Linux
Installation type: Any
Check the entropy pool
If the available entropy pool is continuously below 1000, the node might not be producing enough RNG to complete a key exchange with the primary server or compiler.
This is more likely to happen when using one or more of the following:
FIPS-enabled Puppet Enterprise
Kernel versions prior to v3.17 (
glibcprior to v2.25)
opensslversions prior to v1.1.1d
In non-FIPS PE, our vendored OpenSSL is located at
Check the available entropy pool on the affected node. While the agent is stalled, run the following:
Increase the entropy pool
You can increase the entropy pool by doing any of the following:
Using a hardware-based, true random number, such as
rdrand, and exposing it to your guest virtual machines.
Updating your OS to a version with a newer version of the kernel and
Warning: Software RNG services can be less secure than true RNG.
If you are not able to increase the entropy pool enough to fix the issue, and are able to use alternative repositories (such as
haveged.servicein addition to using
After you make a change, check your available entropy pool again.
If you have enough available entropy and the agent is still unresponsive, please open a Support ticket.
How can we improve this article?
Please sign in to leave a comment.