I'm trying to set up some roles for a number of distributed search "users" on my indexing farm, using local authentication. I am trying to set up the role via deployment server as part of an app I call "IDX" that is the core app for all of my index servers. I've done that, but now when I try and change a local users role (via the CLI), it appears that the role is not being recognized.
So, my question is this - can authorization.conf be deployed in an App, or do I need to have it be in $SPLUNK_HOME/etc/system/local on each of the indexers?
Thanks
Steve
No, the authorize.conf file will need to be at the system level, when you check the docs (here) it tells you where you can place a file.
"rsync" would be a good alternative as it will only transfer files which are changed and you can be quite granular with the transfers. If not you could just have a simple script which backs up the remote files via ssh and then scp's the new copy over.
Hope this helps answer you question.
If it does help please mark the answer as accepted.
Regards,
MHibbin
Hi, It seems like you can add a metadata dir containing a file called local.meta which should / could contain the following;
[default]
export = system
Works for me ... so far at least 😛
I've successfully distributed authorize.conf without issues. Authentication.conf is a bit trickier with the LDAP bind password needing to be encrypted per-host, but authorize? No worries.
The point about exporting the rules outside of the app is valid, as well as removing any existing one from system/local. The latter acts as an override to anything in your apps, so no matter what you might ship by deployment server / chef / puppet / whatever, system/local would still win.
It works for me too. I had to remove the authorize.conf file that was already in system/local, but it worked in the end.
No, the authorize.conf file will need to be at the system level, when you check the docs (here) it tells you where you can place a file.
"rsync" would be a good alternative as it will only transfer files which are changed and you can be quite granular with the transfers. If not you could just have a simple script which backs up the remote files via ssh and then scp's the new copy over.
Hope this helps answer you question.
If it does help please mark the answer as accepted.
Regards,
MHibbin
apologies for that... I guess it's "one of those things".
Not the answer I wanted :), but definitely answered the q. Thanks