Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there a way make adding a new user/role in search head clustering more efficient so I don't have to add it on all search heads?

ronak
Path Finder
‎02-21-2015 11:40 AM

Setup

  • 3 node search head cluster which will grow to about 10 in near future
  • Multi-tenant setup having many clients on the same installbase
  • Roles (e.g. client1_role, client2_role etc) and users within those roles (e.g. client1_role_u1, client1_role_u2, client2_role_u1 etc)

Challenge

Adding a new user, role requires adding it on all search heads instead of a centrally managed within Splunk setup

Need

  • Make this user, role management efficient and less error-prone
  • Have some UI interface OR some scripting approach to make this happen

Can anyone shed some pointers , share some earlier work that can be re-used?

0 Karma
Reply

lmyrefelt
Builder
‎02-24-2015 12:05 AM

Hi ronak,

Yes you can! 😉

So what i have done previously is to gather my configuration in a/one central app, lets call it myAuth . That means i am editing the authorization and authorize files manually (well in some cases with scripts) . Then i deploy myAuth with the deployment server or what other means i have for deployment. After the app is deployed i have been using the rest-api endpoints to "force" an update on those, meaning i don't have to restart my search-heads to update the roles and what not.

With search-head clustering and the new functions in splunk 6, this method should still be valid i guess even if deployment server is not used anymore to push confs to indexers and search-heads.

You could also use something link rsync or robocopy to keep the configurations in sync between your nodes .

It is preferable to combine this with AD or LDAP. Since it will spare you some work.

Here you will find some tips on how to update / reload roles and users without the need for a restart;

http://answers.splunk.com/answers/129654/how-to-i-trigger-reload-of-authentication-configuration-pro...

Hope this helps and gives you some ideas of what you can do

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...