I wanted to automate DB Connection creation.
Wanted to create Connection via CLI in the Deployer and then push out to SHC .
Hi Burch ,
Yes I did already try that but it didnt help.
Got response from splunk support :
Support: I spoke with our DBX app engineer and they say this behavior is as per design. Editing the identity.conf file to add identities breaks the password encryption/decryption protocol. So identity won't work.
For example, if user creates an identity through UI, DBX app will encrypt the password before calling splunkd api to update/reload the identity.conf file.
If you modify the identity.conf directly and restart splunk service, DBX app will decrypt the password before UI gets the identity. However, the password actually is not encrypted, so you break the protocol and the identity doesn't work.
Support: On DBX 3.0.0, 3.0.1, 3.0.2 versions, create connections is removed on REST API and this is fixed in 3.1.0 version. So 3.0.1 version, you can not use REST API to create/manage connections. However, these REST API URL's are not officially announced.
Support: We do not have any CLI commands to create/manage DB Connections.
Support: This is a expected behavior and password is encrypted using identity.dat file.
****** I understand identity.dat file is used for password encryption. Is there a way to use this file to encrypt the password? Is there any harm in editing the Identity conf files?
We have API to CRUD (Create, Read, Update, Delete ) connections, but it's not public. Currently we do not support/encourage editing the identities.conf file manually to create identities.
Is there a solution for this now? The database connections fails after search head cluster members got restarted by searchdeployer. I can only retype passwords on SplunkDBX ui to get passwords encrypted again.
Kind of. @saranya_fmr shared their response from support. I've just accepted it as the answer for posterity.
Hi Burch ,
Yes I did already try that but it didnt help.
Got response from splunk support :
Support: I spoke with our DBX app engineer and they say this behavior is as per design. Editing the identity.conf file to add identities breaks the password encryption/decryption protocol. So identity won't work.
For example, if user creates an identity through UI, DBX app will encrypt the password before calling splunkd api to update/reload the identity.conf file.
If you modify the identity.conf directly and restart splunk service, DBX app will decrypt the password before UI gets the identity. However, the password actually is not encrypted, so you break the protocol and the identity doesn't work.
Support: On DBX 3.0.0, 3.0.1, 3.0.2 versions, create connections is removed on REST API and this is fixed in 3.1.0 version. So 3.0.1 version, you can not use REST API to create/manage connections. However, these REST API URL's are not officially announced.
Support: We do not have any CLI commands to create/manage DB Connections.
Support: This is a expected behavior and password is encrypted using identity.dat file.
****** I understand identity.dat file is used for password encryption. Is there a way to use this file to encrypt the password? Is there any harm in editing the Identity conf files?
We have API to CRUD (Create, Read, Update, Delete ) connections, but it's not public. Currently we do not support/encourage editing the identities.conf file manually to create identities.
Update: Version 3.1.4 came out Dec. 17, 2018.
I don't see specific mention of this topic in the release notes so folks chime in to let us know if you have any other info.
I can't speak to the encryption challenge and I see you have a case open on the topic.
But in terms of doing this on the deployer, I would discourage that. Assuming you don't edit the conf files directly (and therefore use splunkd through REST, CLI, or SplunkWeb) you should see less issues by generating the accounts directly on the SH members and letting them replicate to each other.
Any particular reason you thought you MUST do it on the deployer? Did you simply perceive it was the best place to generate config?
Hi Burch ,
Since the goal was automation so I thought of editing the conf files and pushing it to SHC from the deployer. No specific reason as such.
But yes , I guess REST or CLI would be a better approach , but I think they aren't supported for DBX V3 as far as I've researched.
However Awaiting a response for the enhancement case that I've submitted.
Cool. Thanks for clarifying. Alternatively, could you achieve the same automation by implementing your solution to create the needed conf files on the deployer, then have the deployer push out the config and let Splunk do the hashing once that config is applied?
Apologies if you already explored this idea and I am forgetting.
Hi Saranya,
I have found another post on answers that may be able to help you on this effort, please check the following: Splunk DB Connect V3 - Automated / Programmatic creation of connections and inputs - https://answers.splunk.com/answers/516111/splunk-db-connect-v3-automated-programmatic-creati.html