splunk installation is failing to generate cert.pem
./splunk start
Splunk> Now with more code!
Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/home/suk/opt/splunk/splunk-7.2.1-be11b2c46e23-linux-2.6-x86_64-manifest'
All installed files intact.
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Generating a 2048 bit RSA private key
...............................................+++++
........+++++
Signature ok
subject=/CN=localhost.localdomain/O=SplunkUser
/home/suk/opt/splunk/$SPLUNK_HOME/etc/auth/splunkweb/cert.pem: No such file or directory
Command failed (ret=1), exiting.
I know this is old but while setting up a lab to do some clustering I ran into this issue after making some of the "appropriate settings". To get around this for the sake of getting the lab stood up I just removed that part of the line in the:
splunk_dir/etc/system/local/web.conf (have to copy this from /default or you can hand type everything out)
for the privKeyPath and serverCert, I basically removed the $SPLUNK_HOME part so that it was just
etc/auth/splunkweb/privkey.pem
etc/auth/splunkweb/cert.pem
(running a cmaster, dserver and fwdr on one server, an indexer cluster on one server, and search heads on another)
Would I do this for a single install or enterprise installation - heck no. This is only for personal labbing.
In your case:
File causing error and where you should fix - /home/suk/opt/splunk/etc/system/default/web.conf
copy that to
/home/suk/opt/splunk/etc/system/local/
imagine in that web.conf file you have
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pe,
serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem
you would want (if you are just trying to get it to work)
privKeyPath = etc/auth/splunkweb/privkey.pem
serverCert = etc/auth/splunkweb/cert.pem
Previous comment is right, you want to install in the /opt/splunk - for me I wanted to "mock up" the lab environment for cluster admin so...
Hey @fearofcasanova ,
Thanks for the answer, this worked like a charm and now my splunkweb is up and running.
Thanks,
Hey,
do you execute everything in context of user suk
? Usually you have a seperate user and you kind of want to install splunk in /opt/splunk
. To do this automagically (and also set SPLUNK_HOME
) you can install splunk using your package manager (DEB/RPM):
http://docs.splunk.com/Documentation/Splunk/7.2.1/SearchTutorial/InstallSplunk#Install_the_Splunk_En...
To your problem: This directory seems broken:
/home/suk/opt/splunk/$SPLUNK_HOME/etc/auth/splunkweb/
It should be: $SPLUNK_HOME/etc/auth/splunkweb/
with $SPLUNK_HOME
being set.
or
/home/suk/opt/splunk/etc/auth/splunkweb/
as absolute path.
What does echo "$SPLUNK_HOME"
print?
Cheerz,
Björn
HI
Is it owned by the same user/group as the splunkd process? Have you used "chown -R" for your splunk home to be sure?
Kind Regards
Any luck with that?