https://community.splunk.com/t5/Splunk-Search/Systemd-support-with-Splunk-does-not-work-on-SLES/m-p/412388#M173584 <P><STRONG>Summary of the issue:</STRONG><BR /> Splunk 6.0.0 - Splunk 7.2.1 defaults to using <STRONG>init.d</STRONG> when enabling boot start<BR /> Splunk 7.2.2 - Splunk 7.2.9 defaults to using <STRONG>systemd</STRONG> when enabling boot start<BR /> Splunk 7.3.0 - Splunk 8.x defaults to using <STRONG>init.d</STRONG> when enabling boot start</P> <P><STRONG>systemd</STRONG> defaults to prompting for root credentials upon stop/start/restart of Splunk</P> <P>Here is a simple fix if you have encountered this issue and prefer to use the traditional <STRONG>init.d</STRONG> scripts vs <STRONG>systemd</STRONG>. </P> <P><STRONG>Splunk Enterprise/Heavy Forwarder example</STRONG> (note: replace the splunk user below with the account you run splunk as):</P> <PRE><CODE>sudo /opt/splunk/bin/splunk disable boot-start sudo /opt/splunk/bin/splunk enable boot-start -user splunk -systemd-managed 0 </CODE></PRE> <P><STRONG>Splunk Universal Forwarder example</STRONG> (note: replace the splunk user below with the account you run splunk as):</P> <PRE><CODE>sudo /opt/splunkforwarder/bin/splunk disable boot-start sudo /opt/splunkforwarder/bin/splunk enable boot-start -user splunk -systemd-managed 0 </CODE></PRE> Tue, 31 Dec 2019 18:44:48 GMT bandit 2019-12-31T18:44:48Z https://community.splunk.com/t5/Splunk-Search/Systemd-support-with-Splunk-does-not-work-on-SLES/m-p/412383#M173579 <P>When we set up Splunk to start under systemd it prompts us recursively for the root password even we're running Splunk as root Or we're running under sudo.</P> <P>$SPLUNK_HOME/bin/splunk enable boot-start -user splunk<BR /> $SPLUNK_HOME/bin/splunk start</P> Tue, 29 Sep 2020 22:49:31 GMT https://community.splunk.com/t5/Splunk-Search/Systemd-support-with-Splunk-does-not-work-on-SLES/m-p/412383#M173579 dchoi_splunk 2020-09-29T22:49:31Z https://community.splunk.com/t5/Splunk-Search/Systemd-support-with-Splunk-does-not-work-on-SLES/m-p/412384#M173580 <P>After enabling auto-start under systemd : no issue here<BR /> $SPLUNK_HOME/bin/splunk enable boot-start -user splunk<BR /> $SPLUNK_HOME/bin/splunk start</P> <P>Starting splunk via systemctl from the root user works as expected<BR /> Starting splunk as per the doco ($SPLUNK_HOME/bin/splunk start) as below,<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/latest/Admin/RunSplunkassystemdservice#Configure_systemd_using_enable_boot-start" target="_blank">https://docs.splunk.com/Documentation/Splunk/latest/Admin/RunSplunkassystemdservice#Configure_systemd_using_enable_boot-start</A></P> <P>To start splunkd.<BR /> [sudo] $SPLUNK_HOME/bin/splunk start<BR /> This starts splunkd as a systemd service.</P> <P>Getting into the following:</P> <P>Stopped helpers. <BR /> Removing stale pid file... done.<BR /> Splunk&gt; The Notorious B.I.G. D.A.T.A.<BR /> Checking prerequisites... <BR /> Checking http port [8000]: open <BR /> Checking mgmt port [8089]: open <BR /> Checking appserver port [127.0.0.1:8065]: open <BR /> Checking kvstore port [8191]: open <BR /> Checking configuration... Done. <BR /> Checking critical directories... Done <BR /> Checking indexes... <BR /> Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary <BR /> Done <BR /> Checking filesystem compatibility... Done <BR /> Checking conf files for problems... <BR /> Done <BR /> Checking default conf files for edits... <BR /> Validating installed files against hashes from '/opt/splunk/splunk-7.2.3-06d57c595b80-linux-2.6-x86_64-manifest' <BR /> All installed files intact. <BR /> Done <BR /> All preliminary checks passed.<BR /> Starting splunk server daemon (splunkd)... <BR /> ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units === <BR /> Authentication is required to start 'Splunkd.service'. <BR /> Authenticating as: root <BR /> Password:</P> <P>Once you're running into the issue, you'll be able to get the Splunk started with below workaround:</P> <P>Under the path for SLES 12, /etc/polkit-1/rules.d, making a rule for Splunk user and org.freedesktop.systemd1.manage-units as below:</P> <H1>cat /etc/polkit-1/rules.d/10-splunk.rules</H1> <P>polkit.addRule(function(action, subject) {<BR /> if(action.id == "org.freedesktop.systemd1.manage-units" &amp;&amp; subject.user == "splunk") {<BR /> return polkit.Result.YES;<BR /> }<BR /> });</P> <P>It would allow the Splunk service to start as normal.<BR /> In addition, Splunk will be working further under SPL-164816, which systemd configuration on SLES prompts root password when starting for the fix. Stay tuned.</P> Tue, 29 Sep 2020 22:49:33 GMT https://community.splunk.com/t5/Splunk-Search/Systemd-support-with-Splunk-does-not-work-on-SLES/m-p/412384#M173580 dchoi_splunk 2020-09-29T22:49:33Z https://community.splunk.com/t5/Splunk-Search/Systemd-support-with-Splunk-does-not-work-on-SLES/m-p/412385#M173581 <P>Hi,<BR /> do you have an update regarding that issue? We are having the same problems and the workaround didn't work. <span class="lia-unicode-emoji" title=":confused_face:">😕</span><BR /> Alex</P> Tue, 12 Nov 2019 11:04:38 GMT https://community.splunk.com/t5/Splunk-Search/Systemd-support-with-Splunk-does-not-work-on-SLES/m-p/412385#M173581 Spranta 2019-11-12T11:04:38Z https://community.splunk.com/t5/Splunk-Search/Systemd-support-with-Splunk-does-not-work-on-SLES/m-p/412386#M173582 <P>Try <A href="https://answers.splunk.com/answers/738877/splunk-systemd-unit-file-in-versions-722-and-newer.html">Splunk systemd unit file in versions 7.2.2 and newer - how do I stop this prompting for the root password? (Q&amp;A)</A></P> Wed, 13 Nov 2019 01:51:23 GMT https://community.splunk.com/t5/Splunk-Search/Systemd-support-with-Splunk-does-not-work-on-SLES/m-p/412386#M173582 gjanders 2019-11-13T01:51:23Z https://community.splunk.com/t5/Splunk-Search/Systemd-support-with-Splunk-does-not-work-on-SLES/m-p/412387#M173583 <P>also not working on SuSe Enterprise Server 12 <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Wed, 13 Nov 2019 07:48:47 GMT https://community.splunk.com/t5/Splunk-Search/Systemd-support-with-Splunk-does-not-work-on-SLES/m-p/412387#M173583 Spranta 2019-11-13T07:48:47Z https://community.splunk.com/t5/Splunk-Search/Systemd-support-with-Splunk-does-not-work-on-SLES/m-p/412388#M173584 <P><STRONG>Summary of the issue:</STRONG><BR /> Splunk 6.0.0 - Splunk 7.2.1 defaults to using <STRONG>init.d</STRONG> when enabling boot start<BR /> Splunk 7.2.2 - Splunk 7.2.9 defaults to using <STRONG>systemd</STRONG> when enabling boot start<BR /> Splunk 7.3.0 - Splunk 8.x defaults to using <STRONG>init.d</STRONG> when enabling boot start</P> <P><STRONG>systemd</STRONG> defaults to prompting for root credentials upon stop/start/restart of Splunk</P> <P>Here is a simple fix if you have encountered this issue and prefer to use the traditional <STRONG>init.d</STRONG> scripts vs <STRONG>systemd</STRONG>. </P> <P><STRONG>Splunk Enterprise/Heavy Forwarder example</STRONG> (note: replace the splunk user below with the account you run splunk as):</P> <PRE><CODE>sudo /opt/splunk/bin/splunk disable boot-start sudo /opt/splunk/bin/splunk enable boot-start -user splunk -systemd-managed 0 </CODE></PRE> <P><STRONG>Splunk Universal Forwarder example</STRONG> (note: replace the splunk user below with the account you run splunk as):</P> <PRE><CODE>sudo /opt/splunkforwarder/bin/splunk disable boot-start sudo /opt/splunkforwarder/bin/splunk enable boot-start -user splunk -systemd-managed 0 </CODE></PRE> Tue, 31 Dec 2019 18:44:48 GMT https://community.splunk.com/t5/Splunk-Search/Systemd-support-with-Splunk-does-not-work-on-SLES/m-p/412388#M173584 bandit 2019-12-31T18:44:48Z