After setting up Load Balance on 2 mirrored Splunk instance I had 2 passwd files located locally on each instance in /opt/splunk/etc/passwd. To sync passwords among the 2 instances, I created a (Linux) symbolic link to a shared drive /opt/share/etc/passwd. However when I created a new account (on 1 instance), the symbolic link was lost and the file returned local status once more.
How do sync credentials (passwd) on all splunk instances so I don't have to create an account on each instance manually? LDAP is currently not an option as I don't have resources for that now.
Thank you in advance!
Instance 1:
rsync -av $SPLUNK_HOME/etc/passwd /sharedfolder/splunk/passwd
Instance 2/3/...:
rsync -av /sharedfolder/splunk/passwd $SPLUNK_HOME/etc/passwd
Put these both in cron every 5 minutes (or so) and you should be good to go.
Don't you need to restart the servers every time the passwd file changes?
Instance 1:
rsync -av $SPLUNK_HOME/etc/passwd /sharedfolder/splunk/passwd
Instance 2/3/...:
rsync -av /sharedfolder/splunk/passwd $SPLUNK_HOME/etc/passwd
Put these both in cron every 5 minutes (or so) and you should be good to go.
Hi,
Do we need to restart the splunk instances for the passwords to work?
How about rsync?
After a quick review on rsync I found this example command:
rsync -avvr $SPLUNK_HOME/etc/system/local/ <$SPLUNK_HOME/etc/apps/>
What is the best way to rsync-ing it with existing shared folder? Is rsync both-way or one-way? My plan is to have additional instances in the future. I would still need to create an account via one instance.
The Idea would be to:
Instance 1 (Create accounts, transfer passwd to shared folder)
Instance 2 (receive copy of passwd from shared folder)
instance 3 (future - receive copy of passwd from shared folder)