Deployment Architecture

Why am I getting permission denied errors running "enable boot-start" in a Splunk 6.0.3 search head pool attached to an NFS mount?

michael_peters
Path Finder

I am preparing to upgrade to Splunk 6.3 and am setting up a dev environment.

I have three Search heads in a pool running 6.0.3 all attached to an NFS mount.

When I issue the following commands I have no issues on any of the search heads:

xx@xx:/mnt/S2HPS$ ~/splunk/bin/splunk pooling display
Search head pooling is enabled with shared storage at: /mnt/S2HPS
xx@xx:/mnt/S2HPS$ ~/splunk/bin/splunk pooling validate
Search head pooling validation passed

However when I issue:

sudo ./splunk/bin/splunk enable boot-start -user xx

I get the following errors:

ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/S2HPS/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/S2HPS/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/S2HPS/etc/users/users.ini
ERROR ConfObjectManagerDB - Cannot initialize: /mnt/S2HPS/etc/apps/learned/metadata/local.meta: Permission denied
ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/S2HPS/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/S2HPS/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/S2HPS/etc/users/users.ini
ERROR ConfObjectManagerDB - Cannot initialize: /mnt/S2HPS/etc/apps/learned/metadata/local.meta: Permission denied
ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/S2HPS/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/S2HPS/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/S2HPS/etc/users/users.ini
ERROR ConfObjectManagerDB - Cannot initialize: /mnt/S2HPS/etc/apps/learned/metadata/local.meta: Permission denied
ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/S2HPS/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/S2HPS/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/S2HPS/etc/users/users.ini
ERROR ConfObjectManagerDB - Cannot initialize: /mnt/S2HPS/etc/apps/learned/metadata/local.meta: Permission denied

I checked and I have at least read access as the user xx, and can issue a cat command to view the configuration files in the error.

Should I be concerned given that I seem to have access to the NFS without any issues, except when setting up boot-start?

0 Karma

fdi01
Motivator

run it as root user
to do it, run sudo command.
you can try like

$sudo ./splunk/bin/splunk enable boot-start
password:
or
$sudo su
password:
./splunk/bin/splunk enable boot-start

michael_peters
Path Finder

Thanks for the answer, yes that will solve the issue but I don't want to run splunk as root. I would like to run it as user xx. That user has access to all those directories on all the servers.

0 Karma

fdi01
Motivator

see this link it can help you Mr michael_peters
http://wiki.splunk.com/Community:DeployHardenedSplunk

0 Karma
Get Updates on the Splunk Community!

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...

Thank You for Celebrating CX Day with Splunk!

Yesterday the entire team at Splunk + Cisco joined the global celebration of CX Day - celebrating our ...