Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there a way make adding a new user/role in search head clustering more efficient so I don't have to add it on all search heads?

ronak
Path Finder
‎02-21-2015 11:40 AM

Setup

  • 3 node search head cluster which will grow to about 10 in near future
  • Multi-tenant setup having many clients on the same installbase
  • Roles (e.g. client1_role, client2_role etc) and users within those roles (e.g. client1_role_u1, client1_role_u2, client2_role_u1 etc)

Challenge

Adding a new user, role requires adding it on all search heads instead of a centrally managed within Splunk setup

Need

  • Make this user, role management efficient and less error-prone
  • Have some UI interface OR some scripting approach to make this happen

Can anyone shed some pointers , share some earlier work that can be re-used?

0 Karma
Reply

lmyrefelt
Builder
‎02-24-2015 12:05 AM

Hi ronak,

Yes you can! 😉

So what i have done previously is to gather my configuration in a/one central app, lets call it myAuth . That means i am editing the authorization and authorize files manually (well in some cases with scripts) . Then i deploy myAuth with the deployment server or what other means i have for deployment. After the app is deployed i have been using the rest-api endpoints to "force" an update on those, meaning i don't have to restart my search-heads to update the roles and what not.

With search-head clustering and the new functions in splunk 6, this method should still be valid i guess even if deployment server is not used anymore to push confs to indexers and search-heads.

You could also use something link rsync or robocopy to keep the configurations in sync between your nodes .

It is preferable to combine this with AD or LDAP. Since it will spare you some work.

Here you will find some tips on how to update / reload roles and users without the need for a restart;

http://answers.splunk.com/answers/129654/how-to-i-trigger-reload-of-authentication-configuration-pro...

Hope this helps and gives you some ideas of what you can do

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...