Deployment Architecture

Distribute authorization.conf in an App?

Steve_Litras
Path Finder

I'm trying to set up some roles for a number of distributed search "users" on my indexing farm, using local authentication. I am trying to set up the role via deployment server as part of an app I call "IDX" that is the core app for all of my index servers. I've done that, but now when I try and change a local users role (via the CLI), it appears that the role is not being recognized.

So, my question is this - can authorization.conf be deployed in an App, or do I need to have it be in $SPLUNK_HOME/etc/system/local on each of the indexers?

Thanks
Steve

1 Solution

MHibbin
Influencer

No, the authorize.conf file will need to be at the system level, when you check the docs (here) it tells you where you can place a file.

"rsync" would be a good alternative as it will only transfer files which are changed and you can be quite granular with the transfers. If not you could just have a simple script which backs up the remote files via ssh and then scp's the new copy over.

Hope this helps answer you question.

If it does help please mark the answer as accepted.

Regards,

MHibbin

View solution in original post

lmyrefelt
Builder

Hi, It seems like you can add a metadata dir containing a file called local.meta which should / could contain the following;

[default]
export = system

Works for me ... so far at least 😛

sowings
Splunk Employee
Splunk Employee

I've successfully distributed authorize.conf without issues. Authentication.conf is a bit trickier with the LDAP bind password needing to be encrypted per-host, but authorize? No worries.

The point about exporting the rules outside of the app is valid, as well as removing any existing one from system/local. The latter acts as an override to anything in your apps, so no matter what you might ship by deployment server / chef / puppet / whatever, system/local would still win.

0 Karma

watsm10
Contributor

It works for me too. I had to remove the authorize.conf file that was already in system/local, but it worked in the end.

0 Karma

MHibbin
Influencer

No, the authorize.conf file will need to be at the system level, when you check the docs (here) it tells you where you can place a file.

"rsync" would be a good alternative as it will only transfer files which are changed and you can be quite granular with the transfers. If not you could just have a simple script which backs up the remote files via ssh and then scp's the new copy over.

Hope this helps answer you question.

If it does help please mark the answer as accepted.

Regards,

MHibbin

View solution in original post

MHibbin
Influencer

apologies for that... I guess it's "one of those things".

0 Karma

Steve_Litras
Path Finder

Not the answer I wanted :), but definitely answered the q. Thanks

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.