Scenario
Upgraded from Splunk 4 to Splunk 6.
Using deployment server to distribute apps
There are a large number of clients
The target clients are placed in groups by setting common clientNames in deploymentclient.conf
eg clientName=womble
In serverclass.conf the class is defined :-
[serverClass:wombles]
[serverClass:wombles:app:myapp]
whitelist.0 = womble
restartSplunkd = true
continueMatching = false
This used to deploy on Splunk v4 but does not on Splunk v6.0
If this is added:
[global]
whitelist.0 = *
The app is deployed to everything, not just the intended nodes
I believe the above config is not compatible with the forwarder management GUI - but should still work
If I move the whitelist to serverClass level it works
Any ideas?
In the current version, you have the whitelist in the wrong location. It should be under the main server class stanza not it's child app one. As below.
[serverClass:wombles]
whitelist.0 = womble
[serverClass:wombles:app:myapp]
restartSplunkd = true
continueMatching = false
Above is the complete file.
Looking at spec file - it appears we do not support whitelist at app level only global and serverClass level
hi dshakespeare_splunk,
Please:
serverclass.conf
UPDATE: After further research, the first assumption below turns out to be incorrect: It is not necessary for each deployment client to be configured with a unique clientName.
The target clients are placed in groups by setting common clientNames in deploymentclient.conf
I think that you are breaching a basic client/server contract for this feature by giving the same clientName to more than one client. Although the spec file for deploymentclient.conf doesn't say so, I'm fairly certain that each client should have a unique clientName or all bets are off.
I'd suggest addressing that problem and seeing if things work again as you would expect.
I believe the above config is not compatible with the forwarder management GUI
That is correct. App-level directives in serverclass.conf are not supported by the Forwarder Management UI.