Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

pass4SymmKey for License Master and License Slaves

jaracan
Communicator
‎11-04-2018 10:06 PM

Hi Team,

Here is our scenario:
We needed to update the pass4SymmKey for the License Master and License Slaves.
We will update the parameter "pass4SymmKey" in the [general] stanza of the server.conf.

However,we have a complex Splunk environment.

The Splunk servers (License Master/Slaves) needed for this update are consists of ff:
Clustered Indexers
Clustered Search Heads
Non-Clustered Search Heads
Deployment Server
Deployer
Cluster Master
Heavy Forwarders

Can you help us sort out the steps needed to update parameter "pass4SymmKey" in the [general] stanza of the server.conf?
Currently, we have the steps below:
LICENSE MASTER
1. In License Master, use btool to locate the server.conf with [general] stanza

/opt/splunk/bin/splunk btool server list --debug | grep general

  1. Update the server.conf with the new pass4SymmKey # vi /opt/splunk/etc/system/local/server.conf
  2. Restart Splunk # /opt/splunk/bin/splunk restart

What tier should we implement the update next?
Also, for Clustered Indexers and Clustered Search Heads tier, is it okay to update and simply restart splunk? Or do we need to do some maintenance mode or rolling restart instead?

I hope you can help us. Thanks.

0 Karma
Reply

ekost
Splunk Employee
Splunk Employee
‎11-27-2018 01:25 PM
  1. Select a new passcode to fill in for pass4SymmKey.
  2. SSH to the Splunk instance.
  3. Edit the /opt/splunk/etc/system/local/server.conf file.
  4. Under the [general] stanza pass4SymmKey field, replace the hashed value with the new passcode in plain text. It will stay in plain text until Splunk services are restarted.
  5. Save the changes to the server.conf file.
  6. Restart Splunk services on that node.

Perform steps 2 - 6 on the License Master, Cluster Master, and all Cluster Peers (Indexers.) The CM and LM should get a regular service restart, and the CP's can receive a rolling-restart if the pass4SymKey update is finished on all of them.

Once communications are re-established, verify CP connectivity on the LM. The various peers would appear under your license pool(s). If you need to, re-license the Cluster Peers: e.g. use the CLI command ./splunk edit licenser-localslave -master_uri 'https://my_lic_master:8089' and verify CP connectivity on the LM.

After that, move on to performing steps 2 - 6 on the standalone SH, DS, and HF nodes.

For the final SHC and Deployer portion, I liked the post "How to set a new pass4SymmKey password on a search head cluster deployer"

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...