Deployment Architecture

Why am I getting permission denied errors running "enable boot-start" in a Splunk 6.0.3 search head pool attached to an NFS mount?

michael_peters
Path Finder

I am preparing to upgrade to Splunk 6.3 and am setting up a dev environment.

I have three Search heads in a pool running 6.0.3 all attached to an NFS mount.

When I issue the following commands I have no issues on any of the search heads:

xx@xx:/mnt/S2HPS$ ~/splunk/bin/splunk pooling display
Search head pooling is enabled with shared storage at: /mnt/S2HPS
xx@xx:/mnt/S2HPS$ ~/splunk/bin/splunk pooling validate
Search head pooling validation passed

However when I issue:

sudo ./splunk/bin/splunk enable boot-start -user xx

I get the following errors:

ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/S2HPS/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/S2HPS/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/S2HPS/etc/users/users.ini
ERROR ConfObjectManagerDB - Cannot initialize: /mnt/S2HPS/etc/apps/learned/metadata/local.meta: Permission denied
ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/S2HPS/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/S2HPS/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/S2HPS/etc/users/users.ini
ERROR ConfObjectManagerDB - Cannot initialize: /mnt/S2HPS/etc/apps/learned/metadata/local.meta: Permission denied
ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/S2HPS/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/S2HPS/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/S2HPS/etc/users/users.ini
ERROR ConfObjectManagerDB - Cannot initialize: /mnt/S2HPS/etc/apps/learned/metadata/local.meta: Permission denied
ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/S2HPS/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/S2HPS/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/S2HPS/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/S2HPS/etc/users/users.ini
ERROR ConfObjectManagerDB - Cannot initialize: /mnt/S2HPS/etc/apps/learned/metadata/local.meta: Permission denied

I checked and I have at least read access as the user xx, and can issue a cat command to view the configuration files in the error.

Should I be concerned given that I seem to have access to the NFS without any issues, except when setting up boot-start?

0 Karma

fdi01
Motivator

run it as root user
to do it, run sudo command.
you can try like

$sudo ./splunk/bin/splunk enable boot-start
password:
or
$sudo su
password:
./splunk/bin/splunk enable boot-start

michael_peters
Path Finder

Thanks for the answer, yes that will solve the issue but I don't want to run splunk as root. I would like to run it as user xx. That user has access to all those directories on all the servers.

0 Karma

fdi01
Motivator

see this link it can help you Mr michael_peters
http://wiki.splunk.com/Community:DeployHardenedSplunk

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...