Deployment Architecture

Recieving error "Access is denied" when trying to deploy 'splunk apply shcluster-bundle'?

frankwayne
Path Finder

I have a Windows 2012 R2 server with UAC disabled.
I've just installed Splunk Enterprise, placed an app in the $SPLUNK_HOME/etc/shcluster/apps/ directory,
and tried to deploy a bundle:

>splunk apply shcluster-bundle -target https://searchhead:8089
 Warning: Depending on the configuration changes being pushed, this command migh
t initiate a rolling restart of the cluster members.  Please refer to the docume
ntation for the details. Do you wish to continue? [y/n]: y
Your session is invalid.  Please login.
Splunk username: admin
Password:
Error while creating deployable apps: Error moving tmp_staging_area="C:\Program
Files\Splunk\var\run\splunk\deploy.9f0aa64b5fe19f35.tmp" to dst="C:\Program File
s\Splunk\var\run\splunk\deploy": Access is denied.

Has anyone else seen this behavior?

0 Karma
1 Solution

vinaypradhan
Explorer

Run the apply shcluster-bundle in 2 stages.
First run with -action stage
splunk apply shcluster-bundle -target https://xx.xx.xx.xx:8089 -auth admin:password -action stage
and then run
splunk apply shcluster-bundle -target https://xx.xx.xx.xx:8089 -auth admin:password -action send
this should fix it

this error has nothing to do with any file permissions

0 Karma

martin_hempstoc
Explorer

I had the exact same error on a linux box. The issue was a file permissions issue where the current user had read access but not write access to

$Splunk_home\var\run\splunk\deploy

Looks like this could be possibly related.

0 Karma

Sourabhv05
Communicator

did you find any solution to this? I am facing same issue as well.

0 Karma

frankwayne
Path Finder

No, I'm afraid not. I will be redeploying all my indexers, search heads and the cluster master as Redhat instead. I will put the deployer on the cluster master, instead. I guess the Windows situation must remain a Splunk mystery.

0 Karma

kundeng
Path Finder

Hi, I have the same issue. Documentation did not say the deployer has to be linux. Can anyone using windows deployer confirm it works? Maybe it's a configuration issue with windows 2012 server?

martin_mueller
SplunkTrust
SplunkTrust

The documentation is pretty clear on not supporting Windows, and it explicitly mentions the deployer: http://docs.splunk.com/Documentation/Splunk/6.2.3/DistSearch/SHCsystemrequirements#Operating_system_...

All search head cluster members and the deployer must run on the same operating system. 
If the search head cluster is connected to an indexer cluster, then the indexer cluster instances must run on the same operating system as the search head cluster members. 

Search head clustering is available on the following operating systems: 

•Linux 
•Solaris 
Splunk does not currently support search head clustering on Windows systems. 

frankwayne
Path Finder

Vielen dank, Martin. That settles it.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Update for 6.3: The docs now support SHC on all Enterprise-supported operating systems: http://docs.splunk.com/Documentation/Splunk/6.3.0/DistSearch/SHCsystemrequirements

frankwayne
Path Finder

Thank you for your reply, Martin. At first glance, your answer seemed right. However, as I look further, I'm not convinced.

The deployer in my case is not a cluster member (indeed, it cannot be a cluster member) and therefore is not subject to the restrictions on search head cluster members. You can see that the requirements for the deployer (http://docs.splunk.com/Documentation/Splunk/6.2.2/DistSearch/SHCsystemrequirements#Deployer_requirem...) include Windows. I am running the deployer on my deployment server, which I want to be a Windows server.

I was not aware that Windows search head clusters are not supported. They are certainly configurable since I have a cluster with two Windows search heads. I will have to redeploy them as Linux servers.

However, I think (based on the documentation) that the Windows deployer should work. Am I missing something else?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...