Deployment Architecture

Is there a way make adding a new user/role in search head clustering more efficient so I don't have to add it on all search heads?

ronak
Path Finder

Setup

  • 3 node search head cluster which will grow to about 10 in near future
  • Multi-tenant setup having many clients on the same installbase
  • Roles (e.g. client1_role, client2_role etc) and users within those roles (e.g. client1_role_u1, client1_role_u2, client2_role_u1 etc)

Challenge

Adding a new user, role requires adding it on all search heads instead of a centrally managed within Splunk setup

Need

  • Make this user, role management efficient and less error-prone
  • Have some UI interface OR some scripting approach to make this happen

Can anyone shed some pointers , share some earlier work that can be re-used?

0 Karma

lmyrefelt
Builder

Hi ronak,

Yes you can! 😉

So what i have done previously is to gather my configuration in a/one central app, lets call it myAuth . That means i am editing the authorization and authorize files manually (well in some cases with scripts) . Then i deploy myAuth with the deployment server or what other means i have for deployment. After the app is deployed i have been using the rest-api endpoints to "force" an update on those, meaning i don't have to restart my search-heads to update the roles and what not.

With search-head clustering and the new functions in splunk 6, this method should still be valid i guess even if deployment server is not used anymore to push confs to indexers and search-heads.

You could also use something link rsync or robocopy to keep the configurations in sync between your nodes .

It is preferable to combine this with AD or LDAP. Since it will spare you some work.

Here you will find some tips on how to update / reload roles and users without the need for a restart;

http://answers.splunk.com/answers/129654/how-to-i-trigger-reload-of-authentication-configuration-pro...

Hope this helps and gives you some ideas of what you can do

0 Karma