Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Indexer registering with Manager, assuming managers IP address

mike1002
Engager
‎12-16-2024 10:38 AM

I am developing a splunk setup using docker image and Podman.  I am trying to setup 2 indexers along with an indexer manager.  Each container will run on separate rhel vm.  I successfully set up the Manager.  I then go to register the indexer as a peer and enter in the vm host IP of the manager and successfully register the indexer as a peer.  

When I reboot and check the indexer manager, it shows the indexer peer is up and up but shows the ip address of the manager container for the indexer peer?  When I try to add another indexer it does the same thing and will not let me add another indexer.  I have tried statically assigning IPs and confirmed all IPs are different etc.  I wasn't sure If anyone has ran into this issue.

All vm hosts are on the same subnet and can communicate.  Firewall off and selinux off. Using 9887 as rep port and 8089 as manager comms port. 

I am running as rootless outside and root inside.  It has to be a permission or file that I am missing.  I set it up as root:root and it works perfect.  Any ideas I appreciate it. 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mike1002
Engager
‎12-17-2024 04:47 AM

For unspecified reasons I cannot use K8 yet.  For this build I was attempting to utilize Splunk docker image with Podman in a rootless mode.  Didn't know if anyone had any experience with this.  It seems to be a privilege issue since root:root registers fine with vm host IP of the indexer peer.  For some reason rootless:root does not and assumes the container IP of the manager container. 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎12-16-2024 01:12 PM
Hi
Why you don’t use e.g. Splunk Operator for Kubernetes or Splunk’s docker version?
https://splunk.github.io/splunk-operator/ and https://github.com/splunk/docker-splunk
r. Ismo
0 Karma
Reply
Solved! Jump to solution
Solution

mike1002
Engager
‎12-17-2024 04:47 AM

For unspecified reasons I cannot use K8 yet.  For this build I was attempting to utilize Splunk docker image with Podman in a rootless mode.  Didn't know if anyone had any experience with this.  It seems to be a privilege issue since root:root registers fine with vm host IP of the indexer peer.  For some reason rootless:root does not and assumes the container IP of the manager container. 

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...