Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Distribute authorization.conf in an App?

Steve_Litras
Path Finder
‎12-13-2011 03:39 PM

I'm trying to set up some roles for a number of distributed search "users" on my indexing farm, using local authentication. I am trying to set up the role via deployment server as part of an app I call "IDX" that is the core app for all of my index servers. I've done that, but now when I try and change a local users role (via the CLI), it appears that the role is not being recognized.

So, my question is this - can authorization.conf be deployed in an App, or do I need to have it be in $SPLUNK_HOME/etc/system/local on each of the indexers?

Thanks
Steve

Reply
1 Solution
Solved! Jump to solution
Solution

MHibbin
Influencer
‎12-14-2011 05:48 AM

No, the authorize.conf file will need to be at the system level, when you check the docs (here) it tells you where you can place a file.

"rsync" would be a good alternative as it will only transfer files which are changed and you can be quite granular with the transfers. If not you could just have a simple script which backs up the remote files via ssh and then scp's the new copy over.

Hope this helps answer you question.

If it does help please mark the answer as accepted.

Regards,

MHibbin

View solution in original post

Reply
Solved! Jump to solution

lmyrefelt
Builder
‎04-03-2012 02:29 AM

Hi, It seems like you can add a metadata dir containing a file called local.meta which should / could contain the following;

[default]
export = system

Works for me ... so far at least 😛

Reply
Solved! Jump to solution

sowings
Splunk Employee
Splunk Employee
‎09-23-2013 05:29 AM

I've successfully distributed authorize.conf without issues. Authentication.conf is a bit trickier with the LDAP bind password needing to be encrypted per-host, but authorize? No worries.

The point about exporting the rules outside of the app is valid, as well as removing any existing one from system/local. The latter acts as an override to anything in your apps, so no matter what you might ship by deployment server / chef / puppet / whatever, system/local would still win.

0 Karma
Reply
Solved! Jump to solution

watsm10
Communicator
‎09-23-2013 02:57 AM

It works for me too. I had to remove the authorize.conf file that was already in system/local, but it worked in the end.

0 Karma
Reply
Solved! Jump to solution
Solution

MHibbin
Influencer
‎12-14-2011 05:48 AM

No, the authorize.conf file will need to be at the system level, when you check the docs (here) it tells you where you can place a file.

"rsync" would be a good alternative as it will only transfer files which are changed and you can be quite granular with the transfers. If not you could just have a simple script which backs up the remote files via ssh and then scp's the new copy over.

Hope this helps answer you question.

If it does help please mark the answer as accepted.

Regards,

MHibbin

Reply
Solved! Jump to solution

MHibbin
Influencer
‎12-14-2011 08:52 AM

apologies for that... I guess it's "one of those things".

0 Karma
Reply
Solved! Jump to solution

Steve_Litras
Path Finder
‎12-14-2011 08:40 AM

Not the answer I wanted :), but definitely answered the q. Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...