Getting Data In
Highlighted

Setting allowRemoteLogin=always works only if admin PW changed

Communicator

Based on the documentation and answer 8519, it is unclear that both the admin password has to have been changed, and allowRemoteLogin=always must be set in order to execute CLI commands remotely. However, experimentation with Splunk 4.1.4 shows that both must be true. All forwarders are lightweight and using the forwarder license. They simply need to have the deploy client set:

"c:\program files\Splunk\bin\splunk" Set deploy-poll splunk:8089 -auth admin:changeme

I have 274 servers that need to be upgraded, and with this new limitation it appears that I will have to logon to each to complete the install. Any suggestions for a workaround would be appreciated.

Tags (3)
Highlighted

Re: Setting allowRemoteLogin=always works only if admin PW changed

Splunk Employee
Splunk Employee

It is a bit of a chicken-egg situation. You can't change the password via the CLI because you're using the default password, as you've discovered. The short answer is that you're going to have to issue the command to change the passwords locally. You could probably accomplish this with a tool like puppet which would allow you to download and run the script at boot time.

Highlighted

Re: Setting allowRemoteLogin=always works only if admin PW changed

Communicator

Back to the old deployment method - copy conf files. In this case only deploymentclient.conf needed to be copied.

View solution in original post

0 Karma
Highlighted

Re: Setting allowRemoteLogin=always works only if admin PW changed

Motivator

Script it! Puppet on Linux and a simple batch script + psexec on Windows. Have the script pull the correct conf file from the network and restart splunk.

0 Karma
Highlighted

Re: Setting allowRemoteLogin=always works only if admin PW changed

Communicator

PSExec is what I'm using.

0 Karma