Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Unable to execute script on universal forwarder due to permission issue

damode
Motivator
‎03-05-2019 09:09 PM

I am trying to install UFs on a number of hosts using the below script got from one of the post in this forum,

#!/bin/sh  
     # This EXAMPLE script shows how to deploy the Splunk universal forwarder
     # to many remote hosts via ssh and common Unix commands.
     # For "real" use, this script needs ERROR DETECTION AND LOGGING!!
     # --Variables that you must set -----
     # Set username using by splunkd to run.
       SPLUNK_RUN_USER="splunk"
      # Populate this file with a list of hosts that this script should install to,
     # with one host per line. This must be specified in the form that should
     # be used for the ssh login, ie. username@host
     #
     # Example file contents:
     # splunkuser@10.20.13.4
     # splunkker@10.20.13.5
       HOSTS_FILE="uf_hosts"

     # This should be a WGET command that was *carefully* copied from splunk.com!!
     # Sign into splunk.com and go to the download page, then look for the wget
     # link near the top of the page (once you have selected your platform)
     # copy and paste your wget command between the ""
       WGET_INSTALL="sudo yum -y install wget"
       WGET_CMD="wget -O splunkforwarder-7.2.4-8a94541dcfac-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.2.4&product=universalforwarder&filename=splunkforwarder-7.2.4-8a94541dcfac-Linux-x86_64.tgz&wget=true'"
     # Set the install file name to the name of the file that wget downloads
     # (the second argument to wget)
       INSTALL_FILE="splunkforwarder-7.2.4-8a94541dcfac-Linux-x86_64.tgz"

     # After installation, the forwarder will become a deployment client of this
     # host.  Specify the host and management (not web) port of the deployment server
     # that will be managing these forwarder instances.
     # Example 1.2.3.4:8089
       DEPLOY_SERVER="18.207.205.49:8089"

     # Set the seed app folder name for deploymentclien.conf
       DEPLOY_APP_FOLDER_NAME="ap3_all_deploymentclient"
     # Set the new Splunk admin password
       PASSWORD="QzpU9l8T"

     REMOTE_SCRIPT_DEPLOY="
       cd /opt
       sudo $WGET_INSTALL
       sudo $WGET_CMD
       sudo tar xvzf $INSTALL_FILE
       sudo rm $INSTALL_FILE
       sudo useradd $SPLUNK_RUN_USER
       echo "
        [user_info]
        USERNAME = admin
        PASSWORD = $PASSWORD
        " > /opt/splunk/etc/system/local/user-seed.conf  
       sudo mkdir -p /opt/splunkforwarder/etc/apps/$DEPLOY_APP_FOLDER_NAME/local
       sudo echo "[target-broker:deploymentServer] targetUri = $DEPLOY_SERVER" > /opt/splunkforwarder/etc/apps/$DEPLOY_APP_FOLDER_NAME/local/deploymentclient.conf
       sudo chown -R $SPLUNK_RUN_USER:$SPLUNK_RUN_USER /opt/splunkforwarder
       sudo -u $SPLUNK_RUN_USER /opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt
       sudo /opt/splunkforwarder/bin/splunk enable boot-start -user $SPLUNK_RUN_USER

       exit
      "

     DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"

     #===============================================================================================
       echo "In 5 seconds, will run the following script on each remote host:"
       echo
       echo "===================="
       echo "$REMOTE_SCRIPT_DEPLOY"
       echo "===================="
       echo 
       sleep 5
       echo "Reading host logins from $HOSTS_FILE"
       echo
       echo "Starting."
       for DST in `cat "$DIR/$HOSTS_FILE"`; do
         if [ -z "$DST" ]; then
           continue;
         fi
         echo "---------------------------"
         echo "Installing to $DST"
         echo "Initial UF deployment"
         sudo ssh -t "$DST" "$REMOTE_SCRIPT_DEPLOY"
       done  
       echo "---------------------------"
       echo "Done"
       echo "Please use the following app folder name to override deploymentclient.conf options: $DEPLOY_APP_FOLDER_NAME"

After executing the script, I am getting the below error in the logs,

    bash: line 7: /opt/splunkforwarder/etc/system/local/user-seed.conf: Permission denied
    bash: line 9: /opt/splunkforwarder/etc/apps/ap3_all_deploymentclient/local/deploymentclient.conf: Permission denied

Already executing those commands as a sudo user, still I am getting the errors. Please advise.

0 Karma
Reply

woodcock
Esteemed Legend
‎03-05-2019 10:08 PM

This is almost certainly because the Splunk forwarder was first run as root but is no longer so. You should log on to the forwarder as user root and do:

chown -R splunk: /opt/splunk/
0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...