Installation

Configuring License Master on New SH Cluster, Deployment Server?

hemantw7
Explorer

 

i have setup on prem new SH cluster and Deployment server with Splunk enterprise version 8.2.5.

I have configure new 3 SH as slave and pointed to License Master but Salve not syncing with License Master.

Note: We have three license pool in License master and I have update pool stanza in server.conf as well but no luck. Please suggest.

 

I have performed below config steps on server.conf on 3 SH and Deployment Host Separately. 

  1. Select a new passcode to fill in for pass4SymmKey.
  2. SSH to the Splunk instance.
  3. Edit the /opt/splunk/etc/system/local/server.conf file.
  4. Under the [general] stanza pass4SymmKey field, replace the hashed value with the new passcode in plain text. It will stay in plain text until Splunk services are restarted.
  5. Save the changes to the server.conf file.
  6. Restart Splunk services on that node.

 

 

Here is the server.conf on SH as License Slave.

-----------------------------------------------------------------------------------------------------------------------------------------------

[general]

serverName = SHHost123

pass4SymmKey = Same is License Master

 

[license]

master_uri = https://x.x.x.x:8089

active_group = Enterprise

 

[sslConfig]

sslPassword = 12344…

 

[lmpool:auto_generated_pool_download-trial]

description = auto_generated_pool_download-trial

quota = MAX

slaves = *

stack_id = download-trial

 

[lmpool:auto_generated_pool_forwarder]

description = auto_generated_pool_forwarder

quota = MAX

slaves = *

stack_id = forwarder

 

[lmpool:auto_generated_pool_free]

description = auto_generated_pool_free

quota = MAX

slaves = *

stack_id = free

 

[lmpool:auto_generated_pool_enterprise]

description = auto_generated_pool_enterprise1

quota = MAX

slaves = *

stack_id = enterprise

 

[replication_port://9023]

 

[shclustering]

conf_deploy_fetch_url = http://x.x.x.x:8089

disabled = 0

mgmt_uri = https://x.x.x.x:8089

pass4SymmKey = 23467….

shcluster_label = shclusterHost_1

id = D6E63C0A-234S-4F45-A995-FDDE1H71B622

Labels (1)
0 Karma
1 Solution

hemantw7
Explorer

Here i mentioned 3SH and 1 Search Head Deployer in Cluster Environment.  I have not yet connect SH to any indexer. I just wanted to connect all 3 SH and SH deployer to move from trial version to license version. 

After Connecting all hosts to license mater, i will connect 3SH to Indexer Master.

View solution in original post

0 Karma

hemantw7
Explorer

Issue has been with Passkey and i got license master passkey using below command  by decrypting license master pass4SymmKey putting plain text password in general stanza. 

[splunk@cis-splunkmgmt bin]$ ./splunk show-decrypted --value 'License pass4SymmKey hash'.

 

 

Its Resolved now

 

'

0 Karma

hemantw7
Explorer

I have plan to attached SH cluster to existing indexer cluster.

0 Karma

gcusello
Esteemed Legend

Hi @hemantw7,

as I said, it's a best practice to configure all Splunk servers (except Indexers) to forwarder their logs to the Indexers.

In this way you can configure for them the Forwarder license and you don't need to connect them to the License Master.

Ciao.

Giuseppe

0 Karma

hemantw7
Explorer

 Its SH cluster i am trying to configure as License slave with existing License master.

0 Karma

hemantw7
Explorer

@gcusello ,

I am trying to setup this after SH license configuration

 

hemantw7_0-1675451087321.png

 

0 Karma

gcusello
Esteemed Legend

Hi @hemantw7,

ok but you you can do also the contrary procedure: before forwarding, then license onfiguring.

don't need to maybe it's only a representation, but I suppose that you configured all your search Head in Indexers discovery (https://docs.splunk.com/Documentation/Splunk/9.0.3/Indexer/indexerdiscovery) and not only one directly connected to Indexers.

Ciao.

Giuseppe

0 Karma

hemantw7
Explorer

Here i mentioned 3SH and 1 Search Head Deployer in Cluster Environment.  I have not yet connect SH to any indexer. I just wanted to connect all 3 SH and SH deployer to move from trial version to license version. 

After Connecting all hosts to license mater, i will connect 3SH to Indexer Master.

0 Karma

gcusello
Esteemed Legend

Hi @hemantw7,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma

gcusello
Esteemed Legend

Hi @hemantw7,

some details please:

when you speak of Deployment Server, are you speaking of the Deployer, is it correct?

because you cannot use the Deployment Server to manage Search Heads.

Why do you speak of License Master, Search Heads and all the servers except Indexers are usually configured as forwarders so they don't need to be connected with the License Master.

Ciao.

Giuseppe

 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 1 release of new security content via the ...

There's No Place Like Chrome and the Splunk Platform

Watch On DemandMalware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...