Installation

How do you move a licence server between sites ?

Kennym104
New Member

Can someone please shed some light on how to move a licence server between sites ?

Scenario being a new deployment need to be able to failover to a new DC from the original location.  Would additional certs and licences be needed ?

Thanks in advance

Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Kennym104,

if you are asking how to move the License Master in another site, as described at https://docs.splunk.com/Documentation/Splunk/8.2.5/Admin/Swapthelicensemaster , you should follow the below steps:

  • identify the new License Master Server,
  • open all the routes between this new License Master and the other Splunk Servers (not Universal Forwarders),
  • change the value of the License Master in each Splunk Server,
  • Restart each Splunk Server.

If instead you want, for HA, to have another License Master, remember that this role isn't clustered, so you should have a copy of this server in each site dividing your license in your sites.

Or create a copy of your License Master, usually turned off, that you can turn on when needed.

Ciao.

Giuseppe

0 Karma

Kennym104
New Member

Thanks gcusello I appreciate your help.

In /etc/auth/ there is a file named splunk.secret which is used to encrypt and decrypt the passwords in the configuration files.

In a search head cluster, the captain replicates its splunk.secret file to all other cluster members during initial deployment of the cluster however with 2 separate cluster masters we will have different splunk.secret files.


From my understanding this means we should just need to copy the splunk.secret file from the DC2 CM to the DC1 CM and recreate the hashes only on that device.

Make sense ?

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

LM is not using splunk.secret to crypt those license files or anything else than crypting secrets on e.g. server.conf. But in server.conf you already know what is pass4SymmKey in clear text. For that reason you don't need that splunk.secret for anything unless you are just copy those files as crypted to the new LM and then start it.

My proposal is use always CNAME or some other way to use alias like splunk-lm.<your>.<domain> with LM and all other relevant splunk servers. For that way it's just enough to switch this to point the new server when needed. No need to update it on all other nodes nor restart those to get the new LM (or CM,...) into use. And remember that you have 72h time to do actually LM switch before there will be start to come issues without it.

If you are talking about CM (cluster master) then you have two options. Just copy splunk.secret with crypted config files or use it's new splunk.secret and cleartext config files. Both works. If I recall right the last option is described on docs when you are swapping CM to the new one.

r. Ismo

gcusello
SplunkTrust
SplunkTrust

Hi @Kennym104,

it should be correct, but why to use conf files when you can use the GUI?

You know the secret password of the first License Master that you can use also in the second one.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...