Deployment Architecture

What credentials should be used when initializing the deployer when setting up a search head cluster in enterprise 6.2.2?

transtrophe
Communicator

I have tried user=splunk and the password that I changed for splunk but this throws a login failed error when using splunk init shcluster-config -secret

1 Solution

Lucas_K
Motivator

"admin" and then the admin password. The default is "changeme"

View solution in original post

Lucas_K
Motivator

"admin" and then the admin password. The default is "changeme"

transtrophe
Communicator

Thanks for both your inputs. The issue has resolved. What it looks like is that I needed to pass in the credentials for the account that I SSHd into the splunk instance, which was admin AND once on the instance to su to the account that launches splunk which is "splunk"; so the splunk account executes the $SPLUNK_HOME/bin/splunk init shcluster-config command with the -auth parameter set to admin:adminspassword.

Anyway, its all up and running now so thanks again for both your inputs.

transtrophe
Communicator

Also, tried executing the command from the admin account, and got this:

admin@:/opt/splunk/bin$ ./splunk init shcluster-config -replication_port 9997 -mgmt_uri https://:8090 -secret 
Error setting the real and effective group id:Operation not permitted(1)
configured_asPath=splunk configured_asUID=1001 rv__drop_priv_perm=-1 Failed to set effective and real user to value of env var SPLUNK_OS_USER, "splunk"; exiting.: Operation not permitted
admin@:/opt/splunk/bin$ 
0 Karma

Lucas_K
Motivator

It needs to run from the account that splunk runs under (operation not permitted errors).

I think you are confusing internal splunk accounts vs OS based accounts. Do you have a "splunk" OS account or is it "admin"? That command should be run from the OS based account but credentials provided should be the Splunk account (your actually verifying that you are the splunk admin to perform that splunk command).

Within the account that you are going to run splunk from make sure that all settings are correct for that user name. ie. permissions on the entire directory structure under which splunk is installed ie. /opt/splunk. It also need to be set correctly. Also look in /opt/splunk/etc/splunk-launch.conf do you have SPLUNK_OS_USER set?

Also make sure you havn't accidently started splunk under the root account. If you have you'll have to chown all the files back to the proper account. On a previously sucessfully running splunk install you shouldn't see any of these errors. It feels like you have a broken installation.

esix_splunk
Splunk Employee
Splunk Employee

When initializing the cluster, there are two passwords required:

1) User with admin rights
2) Password used for the SHC

Make sure you are using the correct combination of both.

transtrophe
Communicator

I tried these

root@:/opt/splunk/bin# ./splunk init shcluster-config -replication_port 9997 -mgmt_uri https://:8090 -secret 
Splunk username: admin
Password: 
Can't create directory "/root/.splunk": Permission denied

root@:/opt/splunk/bin# ./splunk init shcluster-config -replication_port 9997 -mgmt_uri https://:8090 -secret 
Splunk username: admin
Password: 
Login failed
root@:/opt/splunk/bin# 

Thought the first attempt would work, but it threw that "Can't create directory "/root/.splunk": Permission denied error.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...