Deployment Architecture
Highlighted

pass4SymmKey for License Master and License Slaves

Communicator

Hi Team,

Here is our scenario:
We needed to update the pass4SymmKey for the License Master and License Slaves.
We will update the parameter "pass4SymmKey" in the [general] stanza of the server.conf.

However,we have a complex Splunk environment.

The Splunk servers (License Master/Slaves) needed for this update are consists of ff:
Clustered Indexers
Clustered Search Heads
Non-Clustered Search Heads
Deployment Server
Deployer
Cluster Master
Heavy Forwarders

Can you help us sort out the steps needed to update parameter "pass4SymmKey" in the [general] stanza of the server.conf?
Currently, we have the steps below:
LICENSE MASTER
1. In License Master, use btool to locate the server.conf with [general] stanza

/opt/splunk/bin/splunk btool server list --debug | grep general

  1. Update the server.conf with the new pass4SymmKey # vi /opt/splunk/etc/system/local/server.conf
  2. Restart Splunk # /opt/splunk/bin/splunk restart

What tier should we implement the update next?
Also, for Clustered Indexers and Clustered Search Heads tier, is it okay to update and simply restart splunk? Or do we need to do some maintenance mode or rolling restart instead?

I hope you can help us. Thanks.

0 Karma
Highlighted

Re: pass4SymmKey for License Master and License Slaves

Splunk Employee
Splunk Employee
  1. Select a new passcode to fill in for pass4SymmKey.
  2. SSH to the Splunk instance.
  3. Edit the /opt/splunk/etc/system/local/server.conf file.
  4. Under the [general] stanza pass4SymmKey field, replace the hashed value with the new passcode in plain text. It will stay in plain text until Splunk services are restarted.
  5. Save the changes to the server.conf file.
  6. Restart Splunk services on that node.

Perform steps 2 - 6 on the License Master, Cluster Master, and all Cluster Peers (Indexers.) The CM and LM should get a regular service restart, and the CP's can receive a rolling-restart if the pass4SymKey update is finished on all of them.

Once communications are re-established, verify CP connectivity on the LM. The various peers would appear under your license pool(s). If you need to, re-license the Cluster Peers: e.g. use the CLI command ./splunk edit licenser-localslave -master_uri 'https://my_lic_master:8089' and verify CP connectivity on the LM.

After that, move on to performing steps 2 - 6 on the standalone SH, DS, and HF nodes.

For the final SHC and Deployer portion, I liked the post "How to set a new pass4SymmKey password on a search head cluster deployer"