Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: about applying shcluster-bundle, fail with Err...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
about applying shcluster-bundle, fail with Error -"call not properly authenticated"
Dear Guys,
This is about applying shcluster-bundle, fail with Error
splunk apply shcluster-bundle -target https://xxx.xxx.xxx.62:8089 -auth admin:”<password>”
it makes the below messages.
Error while deploying apps to first member, aborting apps deployment to all members: Error while fetching apps baseline on target=https://xxx.xxx.xxx.62:8089 Non-200/201 status_code=401; {"messages":[{"type":"WARN","text":"call not properly authenticated"}]}So then I've checked and tried the below contents.
- The pass4SymmKey under shclustering stanza is the same hash on all 3 members and the deployer
- The pass4SymmKey under shclustering stanza is the same hash on all 3 members (without deployer)
- Bundle size is no problem
- All server uses same admin/password for web
- Each search head has uniq guid(/opt/splunk/etc/instance.cfg)
In addition, when it commanded:
SearchHead Member #1 - $SPLUNK_HOME/var/log/splunk/splunkd.log
**-**-**** **:**:37.454 +0900 ERROR DigestProcessor - Failed signature match
**-**-**** **:**:37.454 +0900 ERROR LMHttpUtil - Failed to verify HMAC signature, uri: /services/shcluster/member/members?output_mode=json&count=-1
**-**-**** **:**:37.457 +0900 ERROR DigestProcessor - Failed signature match
**-**-**** **:**:37.457 +0900 ERROR LMHttpUtil - Failed to verify HMAC signature, uri: /services/apps/local?output_mode=json&count=-1&show_hidden=1
SearchHead Deployer - $SPLUNK_HOME/var/log/splunk/splunkd.log
**-**-**** **:**:32.809 +0900 INFO TcpOutputProc - After randomization, current is first in the list. Swapping with last item
**-**-**** **:**:32.812 +0900 INFO TcpOutputProc - Connected to idx= xxx.xxx.xxx.64:9997, pset=0, reuse=0.
**-**-**** **:**:37.456 +0900 WARN AppsDeployHandler - Error while fetching members from uri=https://xxx.xxx.xxx.62:8089: Non-200 status_code=401: Unauthorized
**-**-**** **:**:37.459 +0900 WARN AppsDeployHandler - Error while deploying apps to first member, aborting apps deployment to all members: Error while fetching apps baseline on target=https://xxx.xxx.xxx.62:8089 Non-200/201 status_code=401; {"messages":[{"type":"WARN","text":"call not properly authenticated"}]}
Please let me know your tips
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Had the same problem (not sure if I had the same error logs thoug) and managed to find out what was causing it.
In my case I messed up when initializing the search heads and gave them the wrong value of the conf_deploy_fetch_url.
if that value does not match with the url of the deployer it will not accept the bundle you are trying to push out.
run a:
splunk edit shcluster-config -conf_deploy_fetch_url .....
and correct the value if its also wrong in your case.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"- The pass4SymmKey under shclustering stanza is the same hash on all 3 members and the deployer"
Is the splunk.secret file also the same on the deployer and all 3 search members? The members should match but the deployer would normally use it's own splunk.secret file...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, I've tested both also.
1. matched all
2. matched search head members(not deployer)
It was same
Index This | What’s a riddle wrapped in an enigma?
BORE at .conf25
OpenTelemetry for Legacy Apps? Yes, You Can!
