Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: Why deployment of updated app through deployme...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why deployment of updated app through deployment server is not working?
I am trying to deploy updated apps through deployment server. Except one app all other apps are deployed, I checked logs there is checksum mismatch and client downloaded the app to a .bundle file but it is not installing. But when I deleted the old version of that app in clients app folder(etc/apps) then tried to deploy the new one, it worked! It happens with only one app there is no problems with others. Can anyone explain why this is happening?
Also saved_searches, macros and lookups are packaged in that app, does it causing problems?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK, so if you are using search head clustering (SHC), you cannot use the deployment server to distribute your apps, but need to use the SHC deployer instead.
Please review the documentation here, it clearly states at the top that:
Caution: You must use the deployer, not the deployment server, to distribute apps to cluster members. Use of the deployer eliminates the possibility of conflict with the run-time updates that the cluster replicates automatically by means of the mechanism described in "Configuration updates that the cluster replicates."
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actually I am using SHC deployer to deploy apps to search heads not deployment server! but still getting the same warning in logs. But there is no problem with another app deployed through same SHC deployer to SHs.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @manjunathmeti
I'm going to edit your post for clarity, but to make sure everything is clear for other users, you were actually using the SHC Deployer to update apps on the SHC Members this entire time, correct? Did you ever use the Deployment Server accidentally? You mentioned clients in your question which usually refers to deployment clients when talking about updating apps via deployment server.
SHC Deployer -> SHC Members (search heads)
Deployment Sever -> Deployment Clients (forwarders)
The warning you received sounds like you tried using the deployment server to override an app on SHC members.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What log messages exactly do you see in splunkd.log on the deployment client? Are there no other messages that indicate why the the app may not have been installed?
Could be a problem with file permissions.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is the warning I got: mysplunkapp was already installed via search head cluster deployer, UI, CLI, or REST API; it may not be overridden via deployment server; remove existing app=mysplunkapp via search head cluster deployer, UI, CLI, or REST API if you wish to install it via deployment server.
Leveraging Automated Threat Analysis Across the Splunk Ecosystem
Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain
Splunk Lantern’s Guide to The Most Popular .conf25 Sessions
