Deployment Architecture

Why can't I get the deployer to push apps to search head cluster members after a new Splunk installation?

joesrepsolc
Communicator

Having this same issue now on a brand new Splunk setup (7.2.2). Search head cluster is (3), and (1) deployer. I got everything dialed in, but this command keeps generating the same message. I've tried against the captain, and not a captain — same result.

Running command on the Deployer:

Splunk apply shcluster-bundle -target https://SHCaptainName:8089 -auth admin:secretkey

Response:

Error while deploying apps to first member: Error while fetching apps baseline on

target=https://SHCaptainName:8089: Non-200/201 status_code=401; {"messages":[{"type":"WARN","text":"call not properly authenticated"}]}

I tried creating a new folder in /opt/splunk/etc/shcluster/apps/testing/local/outputs.conf

I tried installing an app in /opt/splunk/etc/shcluster/apps/datagovernance

... same results/error/

Splunk shcluster-status shows all the cluster members are good and "up". I can't push an app through the deployer.

Stuck. Help?

Joe

0 Karma

afamuyiwa
Engager

Did you resolve your issue? Experiencing the same issue myself. I tried to re-enter the passkey and shcluster label, then restart Splunk service. No luck

0 Karma

joesrepsolc
Communicator

I had to editthe pass4SymmKey and restart on the deplyer.

[shclustering]
pass4SymmKey = yourKey

But I also had to do do that on the search heads too (and restart). There was no pass4SymmKey value under the shclustering stanza. There was in other parts of the file, but not under that stanza. I added that value and restarted, my apply shcluster bundle command worked just fine.

Put the apps in the /opt/splunk/etc/shcluster/apps directory on the Deployer and identify which search head is the current captain. Then run:

/opt/splunk/bin/splunk apply shcluster-bundle -target https://currentCaptain:8089

burwell
SplunkTrust
SplunkTrust

Hi @joesrepsolc So for admin:secretkey are you actually using admin:password ?

I just wanted to check that you were not using the secret key from the shclustering stanza but the actual admin password.

[shclustering]
pass4SymmKey = yoursecretkey

I always leave off the auth and have it prompt me. That way the password is not in the history.

0 Karma

joesrepsolc
Communicator

I've ran this command without the -auth portion... and it doesn't even prompt me for credentials. Instead I get::

Non-200/201 status_code=401; {"messages":[{"type":"WARN","text":"call not properly authenticated"}]}

I've looked at the search head cluster status (splunk show shcluster-status) and everything is up, working great. I've even made a report and dashboard on one cluster member and it's replicating to the other members just fine. I still can't push out an app!!!! Killing me.

Any help would be much appreciated.

0 Karma

joesrepsolc
Communicator

Correct. I am using the actual admin password (just using "secretkey" as a placeholder... 🙂 )

I am now checking with networking to see if the replication port between SH's is open. Guessing that may be the next logical step to check.

0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...