On the deployer server we have the authorize.conf
under /opt/splunk/etc/shcluster/apps/key_all_authentication/local
. On the SH it ends up at /opt/splunk/etc/apps/key_all_authentication/default
. Why under default
?
Hi @ddrillic,
Please refer this https://docs.splunk.com/Documentation/Splunk/7.0.0/DistSearch/PropagateSHCconfigurationchanges#App_c... , when deployer push app configuration it merge both local
and default
directory and place the configuration in default
directory on Cluster Member.
I hope this helps.
Thanks,
Harshil
Hi @ddrillic,
Please refer this https://docs.splunk.com/Documentation/Splunk/7.0.0/DistSearch/PropagateSHCconfigurationchanges#App_c... , when deployer push app configuration it merge both local
and default
directory and place the configuration in default
directory on Cluster Member.
I hope this helps.
Thanks,
Harshil
Gorgeous @harsmarvania57 !!!
It says -
-- When it deploys apps, the deployer places the app configurations in default directories on the cluster members.
-- The deployer never deploys files to the members' local app directories, $SPLUNK_HOME/etc/apps/<app_name>/local
. Instead, it deploys both local and default settings from the configuration bundle to the members' default app directories, $SPLUNK_HOME/etc/apps/<app_name>/default
. This ensures that deployed settings never overwrite local or replicated runtime settings on the members. Otherwise, for example, app upgrades would wipe out runtime changes.