Deployment Architecture

Is it possible to configure a SSL Splunk server to be the License Master of a non-SSL Splunk search head?

Builder

Hi All,

So I setup a stand alone Splunk Environment and the choice was made to bind it with SSL. So we have https://BoxA that has all the roles.

We now have a brand new box that we would like to use as a Search head and we do NOT want to put SSL on this box. We would like to use BoxA as BoxB's License Master but each time i try to make the connection it throws an error
"Bad request - inhandler localslave edittracker failed reason = warn: path=/masterlm/usage;invalid signature on request

from IP: X.X.X.X

Do I have to setup the 2nd Box (BoxB) with SSL in order for it to join (become a license slave/ sh) for Box A. thanks

Labels (2)
0 Karma

Builder

I can't find the existing answer to that question now, but here are some simple steps you could try:

  1. On the license slave (BoxB) edit server.conf in etc/system/local, find [general] stanza, pass4SymmKey property in it - must have some hashed security value - and change it to the default "changeme" value: pass4SymmKey = changeme.
  2. Restart Splunk on BoxB.
  3. Try setting up the license master/slave relationship now.
0 Karma

Builder

When you specify the URI for the license server are you saying https://xxx.xxx.xxx.xxx:8089 ?

Not using SSL for Splunk web on BoxB shouldn't be an issue.

0 Karma

Builder

Yes, I'm using it as you've said. I've set this up in other environments without issue. Never in mixed configuration.

I inherited this environment. it's possible that the previous person handjammed something he shouldn't into a config file.

0 Karma

Explorer

@Jarohnimo were you able to sort out this "mixed" setup. We're facing a similar issue while trying to point a non-SSL enabled client to a SSL enabled License Master. Any hints?

0 Karma

Splunk Employee
Splunk Employee

8089 uses ssl by default unless you over-ride it in server.conf

from boxb what happens if you do:

source /opt/splunk/bin/setSplunkEnv
openssl s_client -connect boxa:8089 -CAfile /opt/splunk/etc/auth/cacert.pem

There could be other issues as well, but I don't see the full picture here have you used:
https://docs.splunk.com/Documentation/Splunk/6.5.1/Admin/Configurealicensemaster

Okie

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!