Dear Guys,
This is about applying shcluster-bundle, fail with Error
splunk apply shcluster-bundle -target https://xxx.xxx.xxx.62:8089 -auth admin:”<password>”
it makes the below messages.
Error while deploying apps to first member, aborting apps deployment to all members: Error while fetching apps baseline on target=https://xxx.xxx.xxx.62:8089 Non-200/201 status_code=401; {"messages":[{"type":"WARN","text":"call not properly authenticated"}]}
So then I've checked and tried the below contents.
In addition, when it commanded:
SearchHead Member #1 - $SPLUNK_HOME/var/log/splunk/splunkd.log
**-**-**** **:**:37.454 +0900 ERROR DigestProcessor - Failed signature match
**-**-**** **:**:37.454 +0900 ERROR LMHttpUtil - Failed to verify HMAC signature, uri: /services/shcluster/member/members?output_mode=json&count=-1
**-**-**** **:**:37.457 +0900 ERROR DigestProcessor - Failed signature match
**-**-**** **:**:37.457 +0900 ERROR LMHttpUtil - Failed to verify HMAC signature, uri: /services/apps/local?output_mode=json&count=-1&show_hidden=1
SearchHead Deployer - $SPLUNK_HOME/var/log/splunk/splunkd.log
**-**-**** **:**:32.809 +0900 INFO TcpOutputProc - After randomization, current is first in the list. Swapping with last item
**-**-**** **:**:32.812 +0900 INFO TcpOutputProc - Connected to idx= xxx.xxx.xxx.64:9997, pset=0, reuse=0.
**-**-**** **:**:37.456 +0900 WARN AppsDeployHandler - Error while fetching members from uri=https://xxx.xxx.xxx.62:8089: Non-200 status_code=401: Unauthorized
**-**-**** **:**:37.459 +0900 WARN AppsDeployHandler - Error while deploying apps to first member, aborting apps deployment to all members: Error while fetching apps baseline on target=https://xxx.xxx.xxx.62:8089 Non-200/201 status_code=401; {"messages":[{"type":"WARN","text":"call not properly authenticated"}]}
Please let me know your tips
Had the same problem (not sure if I had the same error logs thoug) and managed to find out what was causing it.
In my case I messed up when initializing the search heads and gave them the wrong value of the conf_deploy_fetch_url.
if that value does not match with the url of the deployer it will not accept the bundle you are trying to push out.
run a:
splunk edit shcluster-config -conf_deploy_fetch_url .....
and correct the value if its also wrong in your case.
"- The pass4SymmKey under shclustering stanza is the same hash on all 3 members and the deployer"
Is the splunk.secret file also the same on the deployer and all 3 search members? The members should match but the deployer would normally use it's own splunk.secret file...
Yes, I've tested both also.
1. matched all
2. matched search head members(not deployer)
It was same