Security

Is there any way to tell deployment client that the deployment server is not running ssl?

vbumgarn
Path Finder

I have splunkd configured to run without ssl. It removes some hassle with self signed certificates, and eliminating the ssl handshake should improve the performance of REST calls hitting splunkd. Everything is on a trusted network, so I feel okay about it.

Anyway, I'm trying to set up the deployment server, and I'm just getting this error on the forwarder: 05-13-2010 17:08:31.003 DEBUG DeploymentClient - PhoneHomeThread woke up 05-13-2010 17:08:31.003 WARN DeploymentClient - Unable to send handshake message to deployment server. Error status is: not_connected 05-13-2010 17:08:31.003 DEBUG DeploymentClient - Phonehome thread waiting for :12000 mecs

I believe the server and port are correct in deploymentclient.conf, and I'm assuming this error is because I have disabled SSL. I tried disabling ssl in server.conf on the forwarder, as well, to no effect.

Thanks, Vincent

hans
Splunk Employee
Splunk Employee

Are you doing cross Unix-Windows deployment? I got this error before and discovered that if my DS is Windows and my DC is a linux, for example, you have to override these configurations:

targetRepositoryLocation = $SPLUNK_HOME\etc\apps
tmpFolder = $SPLUNK_HOME\var\run\tmp 

to

targetRepositoryLocation = $SPLUNK_HOME/etc/apps
tmpFolder = $SPLUNK_HOME/var/run/tmp 

I know this is an old question and you probably have figured it out but I thought it may be useful for other people who may have come across the same problem.

0 Karma

chicodeme
Communicator

From question 2000, there is a defect around some of these messages(SPL-30820)...

I'm on 4.1.3 and everything works, yet I get a bunch of these:


08-11-2010 09:43:52.389 WARN DeploymentClient - Unable to send phonehome message to deployment server. Error status is: not_connected

08-11-2010 09:44:01.997 WARN DeploymentClient - Unable to send phonehome message to deployment server. Error status is: not_connected

08-11-2010 09:45:12.026 WARN NetUtils- Bad select for loop rv = -2

08-11-2010 09:45:12.026 WARN DeploymentClient - Unable to send phonehome message to deployment server. Error status is: not_connected

08-11-2010 09:45:22.536 WARN DeploymentClient - Unable to send phonehome message to deployment server. Error status is: not_connected

Hopefully they will go away with the upgrade to 4.1.4

0 Karma

chicodeme
Communicator

I am using ssl so I'm not in your exact boat.. just sharing info..

0 Karma

vbumgarn
Path Finder

Hmm. I still haven't managed to make it work with ssl disabled. I'll try again with 4.1.4.

0 Karma

bwooden
Splunk Employee
Splunk Employee

Q1: From the command prompt of your deployment client, are you able to connect to your deployment server via a

telnet deploymentserver.local 8089

where deploymentserver.local = your Splunk deployment server and 8089 = the port on which its splunkd is listening?

You're correct regrading SSL agreement

Note: The deployment server and its deployment clients must agree in the SSL setting for their splunkd management ports. They must all have SSL enabled, or they must all have SSL disabled. To configure SSL on a Splunk instance, set the enableSplunkdSSL attribute in server.conf to "true" or "false".

Q2: Are both your deployment client & deployment server in SSL agreement? What are the results of this command on each:

./splunk cmd btool server list | grep enableSplunkdSSL

vbumgarn
Path Finder

I have now confirmed this doesn't work between linux instances either with ssl disabled. If I enable SSL on both client and server, then everything hums along.

Any more thoughts?

0 Karma

vbumgarn
Path Finder

Yes, I can telnet to the port, which is 8090 in my case. I can give it a fake HTTP request and get a 404 as you would expect. Yes, all servers have enableSplunkdSSL = false in server.conf. The btool command confirms that.

One thing I did not mention -- the two deployment clients are on Windows, while the server is linux. I haven't tried a linux client yet. I'll give that a shot now and see if I have the same problem.

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...