Deployment Architecture

Search Head Deployer error message

kmugglet
Communicator

Has anyone seen this error before?

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="ERROR">Error while deploying apps to first member, aborting apps deployment to all members: Error while updating app=test1 on target=https://xx.xx.xx.xx:8089: Non-200/201 status_code=400; {"messages":[{"type":"ERROR","text":"Argument \"deploy\" is not supported by this handler."}]}</msg>
  </messages>
</response>

Running from the deployer , target address is the current cluster captain

Splunk V7.3.5 deployer talking to V7.2.7 Search heads

Labels (2)
0 Karma
1 Solution

codebuilder
SplunkTrust
SplunkTrust

Oh wait, in my previous reply I agreed with @richgalloway , and still do, but after re-reading your post I noticed the delta in versions.

The hashing algorithm for pass4SymmKey's is different. Based on that, I think you need to re-enter the pass4SymmKey in plain text on the search heads. I'm guessing they are not recognizing the deployer as a valid member of the cluster because of the version difference.

Update the key, then cycle Splunk on the SHC members and try again.

----
An upvote would be appreciated and Accept Solution if it helps!

View solution in original post

0 Karma

codebuilder
SplunkTrust
SplunkTrust

Oh wait, in my previous reply I agreed with @richgalloway , and still do, but after re-reading your post I noticed the delta in versions.

The hashing algorithm for pass4SymmKey's is different. Based on that, I think you need to re-enter the pass4SymmKey in plain text on the search heads. I'm guessing they are not recognizing the deployer as a valid member of the cluster because of the version difference.

Update the key, then cycle Splunk on the SHC members and try again.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

kmugglet
Communicator

Yeah, I think it was a version thing.
I downgraded to 7.2.7 and everything worked again properly.

Thanks for the info about the hashing algorithm, I'm building a new build for 7.3.5 so it "should" be all fresh and shiny and new and work like a charm straight out of the box ...........................................

0 Karma

codebuilder
SplunkTrust
SplunkTrust

And on the hashing, yes. As long as all the versions are the same you should not have an issue.
Also, just to note...don't copy the hashed pass4SymmKey value from one member to another. Always enter it in plain text on the member and cycle Splunk.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

kmugglet
Communicator

Update on this, I've installed 7.3.5 from scratch with new plain text pass4symmkey and sslpasswords
Still get the same error, so there's still more to this than just the hashing I think.

I shall persevere and update again if there's any solution

0 Karma

codebuilder
SplunkTrust
SplunkTrust

What output do you get from the following (obviously add your user/password) ?:

/opt/splunk/bin/splunk show shcluster-status -auth :

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

codebuilder
SplunkTrust
SplunkTrust

Awesome, glad it helped!

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

kmugglet
Communicator

This output was from a curl command to deploy.

I get the same error message body when using ./splunk apply shcluster-bundle -target=https://xx.xx.xx.xx:8089

0 Karma

anthonymelita
Contributor

I have not had this exact error, but similar ones. In my case I once had an empty app directory, and another case files with bad permissions.

p.s. I'm guessing this is just a mistake in your comment, but there should be space after target, not an equals symbol.

0 Karma

codebuilder
SplunkTrust
SplunkTrust

I second what @richgalloway recommended...

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Make sure the target is really a SHC member.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...