about applying shcluster-bundle, fail with Error -...

ykwon7 · ‎06-10-2020

Dear Guys,

This is about applying shcluster-bundle, fail with Error

splunk apply shcluster-bundle -target https://xxx.xxx.xxx.62:8089 -auth admin:”<password>”

it makes the below messages.

    Error while deploying apps to first member, aborting apps deployment to all members: Error while fetching apps baseline on target=https://xxx.xxx.xxx.62:8089 Non-200/201 status_code=401; {"messages":[{"type":"WARN","text":"call not properly authenticated"}]}

So then I've checked and tried the below contents.

The pass4SymmKey under shclustering stanza is the same hash on all 3 members and the deployer
The pass4SymmKey under shclustering stanza is the same hash on all 3 members (without deployer)
Bundle size is no problem
All server uses same admin/password for web
Each search head has uniq guid(/opt/splunk/etc/instance.cfg)

In addition, when it commanded:

SearchHead Member #1 - $SPLUNK_HOME/var/log/splunk/splunkd.log

    **-**-**** **:**:37.454 +0900 ERROR DigestProcessor - Failed signature match
    **-**-**** **:**:37.454 +0900 ERROR LMHttpUtil - Failed to verify HMAC signature, uri: /services/shcluster/member/members?output_mode=json&count=-1
    **-**-**** **:**:37.457 +0900 ERROR DigestProcessor - Failed signature match
    **-**-**** **:**:37.457 +0900 ERROR LMHttpUtil - Failed to verify HMAC signature, uri: /services/apps/local?output_mode=json&count=-1&show_hidden=1

SearchHead Deployer - $SPLUNK_HOME/var/log/splunk/splunkd.log

    **-**-**** **:**:32.809 +0900 INFO  TcpOutputProc - After randomization, current is first in the list. Swapping with last item
    **-**-**** **:**:32.812 +0900 INFO  TcpOutputProc - Connected to idx= xxx.xxx.xxx.64:9997, pset=0, reuse=0.
    **-**-**** **:**:37.456 +0900 WARN  AppsDeployHandler - Error while fetching members from uri=https://xxx.xxx.xxx.62:8089: Non-200 status_code=401: Unauthorized
    **-**-**** **:**:37.459 +0900 WARN  AppsDeployHandler - Error while deploying apps to first member, aborting apps deployment to all members: Error while fetching apps baseline on target=https://xxx.xxx.xxx.62:8089 Non-200/201 status_code=401; {"messages":[{"type":"WARN","text":"call not properly authenticated"}]}

Please let me know your tips

Gregster66 · ‎12-15-2020

Had the same problem (not sure if I had the same error logs thoug) and managed to find out what was causing it.

In my case I messed up when initializing the search heads and gave them the wrong value of the conf_deploy_fetch_url.

if that value does not match with the url of the deployer it will not accept the bundle you are trying to push out.

run a:

splunk edit shcluster-config -conf_deploy_fetch_url .....

and correct the value if its also wrong in your case.

gjanders · ‎06-10-2020

"- The pass4SymmKey under shclustering stanza is the same hash on all 3 members and the deployer"

Is the splunk.secret file also the same on the deployer and all 3 search members? The members should match but the deployer would normally use it's own splunk.secret file...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

ykwon7 · ‎06-10-2020

Yes, I've tested both also.

1. matched all

2. matched search head members(not deployer)

It was same

about applying shcluster-bundle, fail with Error -"call not properly authenticated"

search head clustering

New in Observability Cloud - Explicit Bucket Histograms

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...