Deployment Architecture

Is it possible to configure a SSL Splunk server to be the License Master of a non-SSL Splunk search head?

Builder

Hi All,

So I setup a stand alone Splunk Environment and the choice was made to bind it with SSL. So we have https://BoxA that has all the roles.

We now have a brand new box that we would like to use as a Search head and we do NOT want to put SSL on this box. We would like to use BoxA as BoxB's License Master but each time i try to make the connection it throws an error
"Bad request - inhandler localslave edittracker failed reason = warn: path=/masterlm/usage;invalid signature on request

from IP: X.X.X.X

Do I have to setup the 2nd Box (BoxB) with SSL in order for it to join (become a license slave/ sh) for Box A. thanks

Labels (2)
0 Karma

Builder

I can't find the existing answer to that question now, but here are some simple steps you could try:

  1. On the license slave (BoxB) edit server.conf in etc/system/local, find [general] stanza, pass4SymmKey property in it - must have some hashed security value - and change it to the default "changeme" value: pass4SymmKey = changeme.
  2. Restart Splunk on BoxB.
  3. Try setting up the license master/slave relationship now.
0 Karma

Builder

When you specify the URI for the license server are you saying https://xxx.xxx.xxx.xxx:8089 ?

Not using SSL for Splunk web on BoxB shouldn't be an issue.

0 Karma

Builder

Yes, I'm using it as you've said. I've set this up in other environments without issue. Never in mixed configuration.

I inherited this environment. it's possible that the previous person handjammed something he shouldn't into a config file.

0 Karma

New Member

@Jarohnimo were you able to sort out this "mixed" setup. We're facing a similar issue while trying to point a non-SSL enabled client to a SSL enabled License Master. Any hints?

0 Karma

Splunk Employee
Splunk Employee

8089 uses ssl by default unless you over-ride it in server.conf

from boxb what happens if you do:

source /opt/splunk/bin/setSplunkEnv
openssl s_client -connect boxa:8089 -CAfile /opt/splunk/etc/auth/cacert.pem

There could be other issues as well, but I don't see the full picture here have you used:
https://docs.splunk.com/Documentation/Splunk/6.5.1/Admin/Configurealicensemaster

Okie

0 Karma