about applying shcluster-bundle, fail with Error -...

ykwon7 · ‎06-10-2020

Dear Guys,

This is about applying shcluster-bundle, fail with Error

splunk apply shcluster-bundle -target https://xxx.xxx.xxx.62:8089 -auth admin:”<password>”

it makes the below messages.

    Error while deploying apps to first member, aborting apps deployment to all members: Error while fetching apps baseline on target=https://xxx.xxx.xxx.62:8089 Non-200/201 status_code=401; {"messages":[{"type":"WARN","text":"call not properly authenticated"}]}

So then I've checked and tried the below contents.

The pass4SymmKey under shclustering stanza is the same hash on all 3 members and the deployer
The pass4SymmKey under shclustering stanza is the same hash on all 3 members (without deployer)
Bundle size is no problem
All server uses same admin/password for web
Each search head has uniq guid(/opt/splunk/etc/instance.cfg)

In addition, when it commanded:

SearchHead Member #1 - $SPLUNK_HOME/var/log/splunk/splunkd.log

    **-**-**** **:**:37.454 +0900 ERROR DigestProcessor - Failed signature match
    **-**-**** **:**:37.454 +0900 ERROR LMHttpUtil - Failed to verify HMAC signature, uri: /services/shcluster/member/members?output_mode=json&count=-1
    **-**-**** **:**:37.457 +0900 ERROR DigestProcessor - Failed signature match
    **-**-**** **:**:37.457 +0900 ERROR LMHttpUtil - Failed to verify HMAC signature, uri: /services/apps/local?output_mode=json&count=-1&show_hidden=1

SearchHead Deployer - $SPLUNK_HOME/var/log/splunk/splunkd.log

    **-**-**** **:**:32.809 +0900 INFO  TcpOutputProc - After randomization, current is first in the list. Swapping with last item
    **-**-**** **:**:32.812 +0900 INFO  TcpOutputProc - Connected to idx= xxx.xxx.xxx.64:9997, pset=0, reuse=0.
    **-**-**** **:**:37.456 +0900 WARN  AppsDeployHandler - Error while fetching members from uri=https://xxx.xxx.xxx.62:8089: Non-200 status_code=401: Unauthorized
    **-**-**** **:**:37.459 +0900 WARN  AppsDeployHandler - Error while deploying apps to first member, aborting apps deployment to all members: Error while fetching apps baseline on target=https://xxx.xxx.xxx.62:8089 Non-200/201 status_code=401; {"messages":[{"type":"WARN","text":"call not properly authenticated"}]}

Please let me know your tips

Gregster66 · ‎12-15-2020

Had the same problem (not sure if I had the same error logs thoug) and managed to find out what was causing it.

In my case I messed up when initializing the search heads and gave them the wrong value of the conf_deploy_fetch_url.

if that value does not match with the url of the deployer it will not accept the bundle you are trying to push out.

run a:

splunk edit shcluster-config -conf_deploy_fetch_url .....

and correct the value if its also wrong in your case.

gjanders · ‎06-10-2020

"- The pass4SymmKey under shclustering stanza is the same hash on all 3 members and the deployer"

Is the splunk.secret file also the same on the deployer and all 3 search members? The members should match but the deployer would normally use it's own splunk.secret file...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

ykwon7 · ‎06-10-2020

Yes, I've tested both also.

1. matched all

2. matched search head members(not deployer)

It was same

about applying shcluster-bundle, fail with Error -"call not properly authenticated"

search head clustering

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!