Deployment Architecture

How do you configure a distributed instance as a license slave?

splkmika1
Explorer

I have a distributed Splunk environment (1 Search Head, 2 peer Indexers in a cluster, 1 Cluster master, 1 deployment server). I am in the process of trying to link these devices into a license master.

Just to make things interesting, the central license master is part of a separate pre-existing Splunk distributed Environment. The only connection between the two environments will be that the servers in the environment that I am setting up will act as License slaves and will connect back into the pre-existing central license master.

I have followed the instructions [http://docs.splunk.com/Documentation/Splunk/7.2.0/Admin/Configurealicenseslave] and I can see that my server is indeed communicating with the remote central license master, however I get the following error message.

> Bad Request - EditTracker failed, reason='WARN: path=/masterIm/usage: Invalid signature on request from IP=192.168.1.50'

A preliminary search online seems to indicate that this may relate back to the pass4symmkey value configured on my Splunk instances. Now, I configured a pass4symmkey value when I was setting up my Splunk Environment, and I'm assuming that the other Splunk environment (including their Central License Master) would have done the same (but that it would be different to the key value I set).

I guess the questions that I have are:

  1. Confirmation that an invalid signature error is likely a pass4symmkey mismatch between the license slave and license master
  2. If it is a pass4symmkey error, is it possible for a Splunk node to have multiple pass4symmkey values (1 value for all of the communications between the nodes in my Splunk environment and a second one for communication back to the license master)?

Thanks

1 Solution

vishaltaneja070
Motivator

Hello @splkmika1

The issue is with pass4symmkey values only. There should you be only one pass4symmkey for communication between license slaves and license master.

So please try to have same key for both the environment, that will solve you issue.
And we can't have multiple pass4symmkey for communication between License slaves and master.

View solution in original post

0 Karma

splkmika1
Explorer

Turns out originally that had been given some incorrect information. The server that i was trying to point to as a License Master wasn't configured as a License Master 😕 . Once this had been corrected and i was pointing at the correct License Master I did the following:
- update $SPLUNK_HOME\etc\system\local\server.conf.
- In the General stanza of the server.conf file, update the pass4SymmKey value.
- restart splunkd
- relog into server and then go to settings>system>licensing, click "change to slave" and then enter in the URI of the license master and click save. should get a message saying change successful.
- restart splunkd

0 Karma

mstjohn_splunk
Splunk Employee
Splunk Employee

hi @splkmika1

Did the answer below solve your problem? If so, please resolve this post by approving it! If your problem is still not solved, keep us updated so that someone else can help ya. Thanks for posting!

0 Karma

vishaltaneja070
Motivator

Hello @splkmika1

The issue is with pass4symmkey values only. There should you be only one pass4symmkey for communication between license slaves and license master.

So please try to have same key for both the environment, that will solve you issue.
And we can't have multiple pass4symmkey for communication between License slaves and master.

0 Karma

splkmika1
Explorer

Thanks for that comment.
I'm currently waiting on the person who controls the other environment to get back to me so I can find out what pass4symmkey value they have been using.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...