Deployment Architecture

Is it possible to configure a SSL Splunk server to be the License Master of a non-SSL Splunk search head?

Jarohnimo
Builder

Hi All,

So I setup a stand alone Splunk Environment and the choice was made to bind it with SSL. So we have https://BoxA that has all the roles.

We now have a brand new box that we would like to use as a Search head and we do NOT want to put SSL on this box. We would like to use BoxA as BoxB's License Master but each time i try to make the connection it throws an error
"Bad request - inhandler localslave edittracker failed reason = warn: path=/masterlm/usage;invalid signature on request

from IP: X.X.X.X

Do I have to setup the 2nd Box (BoxB) with SSL in order for it to join (become a license slave/ sh) for Box A. thanks

Labels (2)
0 Karma

arkadyz1
Builder

I can't find the existing answer to that question now, but here are some simple steps you could try:

  1. On the license slave (BoxB) edit server.conf in etc/system/local, find [general] stanza, pass4SymmKey property in it - must have some hashed security value - and change it to the default "changeme" value: pass4SymmKey = changeme.
  2. Restart Splunk on BoxB.
  3. Try setting up the license master/slave relationship now.
0 Karma

dflodstrom
Builder

When you specify the URI for the license server are you saying https://xxx.xxx.xxx.xxx:8089 ?

Not using SSL for Splunk web on BoxB shouldn't be an issue.

0 Karma

Jarohnimo
Builder

Yes, I'm using it as you've said. I've set this up in other environments without issue. Never in mixed configuration.

I inherited this environment. it's possible that the previous person handjammed something he shouldn't into a config file.

0 Karma

ptcrusher
Explorer

@Jarohnimo were you able to sort out this "mixed" setup. We're facing a similar issue while trying to point a non-SSL enabled client to a SSL enabled License Master. Any hints?

0 Karma

jwelch_splunk
Splunk Employee
Splunk Employee

8089 uses ssl by default unless you over-ride it in server.conf

from boxb what happens if you do:

source /opt/splunk/bin/setSplunkEnv
openssl s_client -connect boxa:8089 -CAfile /opt/splunk/etc/auth/cacert.pem

There could be other issues as well, but I don't see the full picture here have you used:
https://docs.splunk.com/Documentation/Splunk/6.5.1/Admin/Configurealicensemaster

Okie

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...