Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: 2 Splunk instance on Linux - passwd sync
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After setting up Load Balance on 2 mirrored Splunk instance I had 2 passwd files located locally on each instance in /opt/splunk/etc/passwd. To sync passwords among the 2 instances, I created a (Linux) symbolic link to a shared drive /opt/share/etc/passwd. However when I created a new account (on 1 instance), the symbolic link was lost and the file returned local status once more.
How do sync credentials (passwd) on all splunk instances so I don't have to create an account on each instance manually? LDAP is currently not an option as I don't have resources for that now.
Thank you in advance!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Instance 1:
rsync -av $SPLUNK_HOME/etc/passwd /sharedfolder/splunk/passwd
Instance 2/3/...:
rsync -av /sharedfolder/splunk/passwd $SPLUNK_HOME/etc/passwd
Put these both in cron every 5 minutes (or so) and you should be good to go.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Don't you need to restart the servers every time the passwd file changes?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Instance 1:
rsync -av $SPLUNK_HOME/etc/passwd /sharedfolder/splunk/passwd
Instance 2/3/...:
rsync -av /sharedfolder/splunk/passwd $SPLUNK_HOME/etc/passwd
Put these both in cron every 5 minutes (or so) and you should be good to go.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Do we need to restart the splunk instances for the passwords to work?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How about rsync?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After a quick review on rsync I found this example command:
rsync -avvr $SPLUNK_HOME/etc/system/local/ <$SPLUNK_HOME/etc/apps/>
What is the best way to rsync-ing it with existing shared folder? Is rsync both-way or one-way? My plan is to have additional instances in the future. I would still need to create an account via one instance.
The Idea would be to:
Instance 1 (Create accounts, transfer passwd to shared folder)
Instance 2 (receive copy of passwd from shared folder)
instance 3 (future - receive copy of passwd from shared folder)
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Splunk Community Badges!
How to find the worst searches in your Splunk environment and how to fix them
Share Your Feedback: On Admin Config Service (ACS)!
