Deployment Architecture

2 Splunk instance on Linux - passwd sync

Benomran
Explorer

After setting up Load Balance on 2 mirrored Splunk instance I had 2 passwd files located locally on each instance in /opt/splunk/etc/passwd. To sync passwords among the 2 instances, I created a (Linux) symbolic link to a shared drive /opt/share/etc/passwd. However when I created a new account (on 1 instance), the symbolic link was lost and the file returned local status once more.

How do sync credentials (passwd) on all splunk instances so I don't have to create an account on each instance manually? LDAP is currently not an option as I don't have resources for that now.

Thank you in advance!

0 Karma
1 Solution

adamw
Communicator

Instance 1:
rsync -av $SPLUNK_HOME/etc/passwd /sharedfolder/splunk/passwd

Instance 2/3/...:
rsync -av /sharedfolder/splunk/passwd $SPLUNK_HOME/etc/passwd

Put these both in cron every 5 minutes (or so) and you should be good to go.

View solution in original post

OL
Communicator

Don't you need to restart the servers every time the passwd file changes?

0 Karma

adamw
Communicator

Instance 1:
rsync -av $SPLUNK_HOME/etc/passwd /sharedfolder/splunk/passwd

Instance 2/3/...:
rsync -av /sharedfolder/splunk/passwd $SPLUNK_HOME/etc/passwd

Put these both in cron every 5 minutes (or so) and you should be good to go.

premg
Engager

Hi,

Do we need to restart the splunk instances for the passwords to work?

0 Karma

MHibbin
Influencer

How about rsync?

0 Karma

Benomran
Explorer

After a quick review on rsync I found this example command:
rsync -avvr $SPLUNK_HOME/etc/system/local/ <$SPLUNK_HOME/etc/apps/> :/$SPLUNK_HOME/etc/

What is the best way to rsync-ing it with existing shared folder? Is rsync both-way or one-way? My plan is to have additional instances in the future. I would still need to create an account via one instance.

The Idea would be to:
Instance 1 (Create accounts, transfer passwd to shared folder)
Instance 2 (receive copy of passwd from shared folder)
instance 3 (future - receive copy of passwd from shared folder)

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...