Deployment Architecture

Errors running enable boot-start with specific user on a Search Head with pooling config

theunf
Communicator

Hi all,

I´m running a Lab with two Search Heads on a pool using a third server as NFS mount point.

Everything is working fine, users e apps being synchronized almost instantaneously but when I used the splunk enable boot-start -user splunk it returned a lot of errors :

splunk@SearchHead01:/opt/splunk/bin$ sudo ./splunk enable boot-start -user splunk
ERROR IniFile - Cannot open file=/mnt/pooling/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/pooling/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create directory: /mnt/pooling/etc/users: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/pooling/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/pooling/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/pooling/etc/users/users.ini
ERROR IniFile - Cannot open file=/mnt/pooling/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/pooling/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create directory: /mnt/pooling/etc/users: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/pooling/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/pooling/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/pooling/etc/users/users.ini
ERROR IniFile - Cannot open file=/mnt/pooling/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/pooling/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create directory: /mnt/pooling/etc/users: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/pooling/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/pooling/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/pooling/etc/users/users.ini
ERROR IniFile - Cannot open file=/mnt/pooling/etc/pooling/pooling.ini for parsing: Permission denied
ERROR UsernameMapper - Cannot create directory: /mnt/pooling/etc/users: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/pooling/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/pooling/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/pooling/etc/users/users.ini
 Adding system startup for /etc/init.d/splunk ...
   /etc/rc0.d/K20splunk -> ../init.d/splunk
   /etc/rc1.d/K20splunk -> ../init.d/splunk
   /etc/rc6.d/K20splunk -> ../init.d/splunk
   /etc/rc2.d/S20splunk -> ../init.d/splunk
   /etc/rc3.d/S20splunk -> ../init.d/splunk
   /etc/rc4.d/S20splunk -> ../init.d/splunk
   /etc/rc5.d/S20splunk -> ../init.d/splunk
Init script installed at /etc/init.d/splunk.

The weird solution was to set 777 on folder permissions at NFS server or add root to splunk group.

After that, the command runs normally but a lot of files were created under /mnt/pooling/etc/.

Those errors and the need of extra permissions is a limitation of a bug ?
Which files should reside on the mouting point ?

0 Karma

theunf
Communicator

Boot-start scripts from newest buils start splunk directy and sub-processes follow SPLUNK_OS_USER directive at $SPLUNK_HOME/etc/splunk-launch.conf but it does not bind a GroupID to the process.

So any file that´s created or changed will be saved and owned by :root .

To solve it I start using old Splunk startup script which starts splunk using su command :

RUNAS=splunk
SPLUNK_HOME=/splunk_bin/splunk

splunk_start() {
echo Starting Splunk...
if [ "$RUNAS" = "" ]; then
"$SPLUNK_HOME/bin/splunk start" --no-prompt --answer-yes
RETVAL=$?
else
su -c "$SPLUNK_HOME/bin/splunk start --no-prompt --answer-yes" $RUNAS
RETVAL=$?
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/splunk
}

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...