I ask this because I just spent a while trying to debug why installing the "Microsoft Supporting Add-on for Active Directory" would not work when I deployed it using the deployment server. I determined that it is using the REST api to encrypt the password for the LDAP account being configured. This however uses the current server (Master Nodes) private key... and therefore when deployed to the other servers, they cannot perform a successful BIND as they cannot successfully decrypt the LDAP account password. I understand the challenges of secure credentials when deploying however this wouldn't be an issue if two things happened:
Web GUI works after deployment.
This add-on's web GUI also appears broken when deployed into the slave-apps directory... but I am still troubleshooting this... If anyone has any idea where to start that would be help. I am assuming some sort of static reference (/opt/splunk/etc/apps/SA_ldapsearch) to directories has been made instead of a relative reference ($SPLUNK_DIR/SA_ldapsearch), but its just a guess.
The deployment server as per the documentation can deploy to forwarders, non-clustered indexers, and non-clustered search heads.
Generally I find the only reason you want to use the deployment server is to have an application consistently configured on universal forwarders, it's effectively appears to be a zip/unzip process when using the deployment server so you should not for example deploy to a heavy forwarder where the app is getting configured locally on the heavy forwarder via REST or the GUI interface.
Furthermore the directories you mention(slave-apps) imply that your deploying to indexer cluster peer nodes which is not supported from the deployment server, are you referring to a cluster master?
I recommend you sync the splunk.secret file among the cluster master & indexers/peer nodes post-installation, if you do this after starting up the Splunk instance it will involve more work, this way you can use an encrypted password when deploying from the cluster master.
If you put an unencrypted password into the master-apps in the cluster master, it will end up in the slave-apps on the indexer peers and since slave-apps is read only the encrypted password will appear in /opt/splunk/etc/apps//local/...
The deployment server as per the documentation can deploy to forwarders, non-clustered indexers, and non-clustered search heads.
Generally I find the only reason you want to use the deployment server is to have an application consistently configured on universal forwarders, it's effectively appears to be a zip/unzip process when using the deployment server so you should not for example deploy to a heavy forwarder where the app is getting configured locally on the heavy forwarder via REST or the GUI interface.
Furthermore the directories you mention(slave-apps) imply that your deploying to indexer cluster peer nodes which is not supported from the deployment server, are you referring to a cluster master?
I recommend you sync the splunk.secret file among the cluster master & indexers/peer nodes post-installation, if you do this after starting up the Splunk instance it will involve more work, this way you can use an encrypted password when deploying from the cluster master.
If you put an unencrypted password into the master-apps in the cluster master, it will end up in the slave-apps on the indexer peers and since slave-apps is read only the encrypted password will appear in /opt/splunk/etc/apps//local/...
Garethatiag, I greatly appreciate your response, I did use incorrect terminology in my question.
Deployment server is for forwarders, Deployer server is for Search Head Clusters, and Master Node is for indexers.
My questions concerns the deploying the addon above using the Master Node. I Re-built the cluster yesterday and shared the secret key among the servers to solve this issue however it still seems apps could be better developed to support the deployment methodology.
I agree, the different methods of deployment are also quite confusing when you first start with Splunk...