Having this same issue now on a brand new Splunk setup (7.2.2). Search head cluster is (3), and (1) deployer. I got everything dialed in, but this command keeps generating the same message. I've tried against the captain, and not a captain — same result.
Running command on the Deployer:
Splunk apply shcluster-bundle -target https://SHCaptainName:8089 -auth admin:secretkey
Response:
Error while deploying apps to first member: Error while fetching apps baseline on
target=https://SHCaptainName:8089: Non-200/201 status_code=401; {"messages":[{"type":"WARN","text":"call not properly authenticated"}]}
I tried creating a new folder in /opt/splunk/etc/shcluster/apps/testing/local/outputs.conf
I tried installing an app in /opt/splunk/etc/shcluster/apps/datagovernance
... same results/error/
Splunk shcluster-status shows all the cluster members are good and "up". I can't push an app through the deployer.
Stuck. Help?
Joe
Did you resolve your issue? Experiencing the same issue myself. I tried to re-enter the passkey and shcluster label, then restart Splunk service. No luck
I had to editthe pass4SymmKey and restart on the deplyer.
[shclustering]
pass4SymmKey = yourKey
But I also had to do do that on the search heads too (and restart). There was no pass4SymmKey value under the shclustering stanza. There was in other parts of the file, but not under that stanza. I added that value and restarted, my apply shcluster bundle command worked just fine.
Put the apps in the /opt/splunk/etc/shcluster/apps directory on the Deployer and identify which search head is the current captain. Then run:
/opt/splunk/bin/splunk apply shcluster-bundle -target https://currentCaptain:8089
Hi @joesrepsolc So for admin:secretkey are you actually using admin:password ?
I just wanted to check that you were not using the secret key from the shclustering stanza but the actual admin password.
[shclustering]
pass4SymmKey = yoursecretkey
I always leave off the auth and have it prompt me. That way the password is not in the history.
I've ran this command without the -auth portion... and it doesn't even prompt me for credentials. Instead I get::
Non-200/201 status_code=401; {"messages":[{"type":"WARN","text":"call not properly authenticated"}]}
I've looked at the search head cluster status (splunk show shcluster-status) and everything is up, working great. I've even made a report and dashboard on one cluster member and it's replicating to the other members just fine. I still can't push out an app!!!! Killing me.
Any help would be much appreciated.
Correct. I am using the actual admin password (just using "secretkey" as a placeholder... 🙂 )
I am now checking with networking to see if the replication port between SH's is open. Guessing that may be the next logical step to check.