Deployment Architecture

Errors running enable boot-start with specific user on a Search Head with pooling config

theunf
Communicator

Hi all,

I´m running a Lab with two Search Heads on a pool using a third server as NFS mount point.

Everything is working fine, users e apps being synchronized almost instantaneously but when I used the splunk enable boot-start -user splunk it returned a lot of errors :

splunk@SearchHead01:/opt/splunk/bin$ sudo ./splunk enable boot-start -user splunk
ERROR IniFile - Cannot open file=/mnt/pooling/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/pooling/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create directory: /mnt/pooling/etc/users: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/pooling/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/pooling/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/pooling/etc/users/users.ini
ERROR IniFile - Cannot open file=/mnt/pooling/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/pooling/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create directory: /mnt/pooling/etc/users: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/pooling/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/pooling/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/pooling/etc/users/users.ini
ERROR IniFile - Cannot open file=/mnt/pooling/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/pooling/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create directory: /mnt/pooling/etc/users: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/pooling/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/pooling/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/pooling/etc/users/users.ini
ERROR IniFile - Cannot open file=/mnt/pooling/etc/pooling/pooling.ini for parsing: Permission denied
ERROR UsernameMapper - Cannot create directory: /mnt/pooling/etc/users: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/pooling/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/pooling/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/pooling/etc/users/users.ini
 Adding system startup for /etc/init.d/splunk ...
   /etc/rc0.d/K20splunk -> ../init.d/splunk
   /etc/rc1.d/K20splunk -> ../init.d/splunk
   /etc/rc6.d/K20splunk -> ../init.d/splunk
   /etc/rc2.d/S20splunk -> ../init.d/splunk
   /etc/rc3.d/S20splunk -> ../init.d/splunk
   /etc/rc4.d/S20splunk -> ../init.d/splunk
   /etc/rc5.d/S20splunk -> ../init.d/splunk
Init script installed at /etc/init.d/splunk.

The weird solution was to set 777 on folder permissions at NFS server or add root to splunk group.

After that, the command runs normally but a lot of files were created under /mnt/pooling/etc/.

Those errors and the need of extra permissions is a limitation of a bug ?
Which files should reside on the mouting point ?

0 Karma

theunf
Communicator

Boot-start scripts from newest buils start splunk directy and sub-processes follow SPLUNK_OS_USER directive at $SPLUNK_HOME/etc/splunk-launch.conf but it does not bind a GroupID to the process.

So any file that´s created or changed will be saved and owned by :root .

To solve it I start using old Splunk startup script which starts splunk using su command :

RUNAS=splunk
SPLUNK_HOME=/splunk_bin/splunk

splunk_start() {
echo Starting Splunk...
if [ "$RUNAS" = "" ]; then
"$SPLUNK_HOME/bin/splunk start" --no-prompt --answer-yes
RETVAL=$?
else
su -c "$SPLUNK_HOME/bin/splunk start --no-prompt --answer-yes" $RUNAS
RETVAL=$?
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/splunk
}

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...