Installation

Install Splunk Enterprise on EC2 (Linux) Automation from user data shell

splunk75044
Explorer

I am looking to fix my batch script :
download splunk package,create a new user, install,setup password for splunk,t
accept license

however it is failing at accept license and splunk edit line

code is below
<<

#!/bin/sh
#This version uses splunker as user # enterpriselist should contain the list of the two indexers
#Example:
# student@10.0.0.1 student@10.0.0.2
HOSTS_FILE="/opt/splunk/bin/scripts/enterpriselist"
WGET_CMD="wget -O splunk-6.4.2-00f5bb3fa822-Linux-x86_64.tgz https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version...;
INSTALL_FILE="splunk-7.2.6-c0bf0f679ce9-Linux-x86_64.tgz"

PASSWORD="Student1"
SPLUNK_USER="student"

REMOTE_SCRIPT="
 cd /opt
sudo $WGET_CMD
sudo tar -xvzf $INSTALL_FILE
sudo chown -R $SPLUNK_USER:$SPLUNK_USER /opt/splunk
sudo -u $SPLUNK_USER /opt/splunk/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt
sudo -u $SPLUNK_USER /opt/splunk/bin/splunk edit user admin -password $PASSWORD -auth admin:changeme
sudo -u $SPLUNK_USER /opt/splunk/bin/splunk restart
sudo /opt/splunk/bin/splunk enable boot-start -user $SPLUNK_USER
"
echo "In 5 seconds, will run the following script on each remote host:"
echo
echo "===================="
echo "$REMOTE_SCRIPT"
echo "===================="
echo
sleep 5
echo "Reading host logins from $HOSTS_FILE"
echo
echo "Starting."
for DST in `cat "$HOSTS_FILE"`; do
if [ -z "$DST" ]; then
continue;
fi
echo "---------------------------"
echo "Installing to $DST"
sudo ssh -t "$DST" "$REMOTE_SCRIPT"
done
echo "---------------------------"
echo "Done"

<<

Labels (1)
0 Karma

som3guy
Explorer

I did not have an issue running your script with a few modifications.
You are downloading 6.4.2 and your install file is labeled 7.2.6. This may be your issue if that is in fact that exact script your running. However, I do not think you would make it past the tar command if that were the case.

There was no l accepting license issue that I ran into.
I tested this on 6.4.2 and 7.2.6 without issue.

My testing was two aws amazon linux boxes that I setup root ssh keys with since your running sudo ssh at the bottom.
I created the student account as well and file permissions looked fine.

splunk75044
Explorer

Hello Som,

I pasted the wrong line for the download. Yes, I was able to download and install Splunk Ent.
Did the edit password for you?

Thanks

0 Karma

som3guy
Explorer

The password in the 6.4.2 version did work
I did notice that the password did not update for 7.2.6 however

I know splunk changed from admin:changeme to your admin password will be created when splunk is installed. I forget which version, but is that way in 7.x.

So I am thinking if you had written this script for 6.x it will not work the same in 7.x

Here is the documentation for 7.2.6 which is not using the ./splunk edit user command any longer:
https://docs.splunk.com/Documentation/Splunk/7.2.6/Security/Secureyouradminaccount

And you can see in Splunk 6.4.2 it still was:
https://docs.splunk.com/Documentation/Splunk/6.4.2/Security/Secureyouradminaccount

I would work towards adopting the new method if you are planning on using 7.x going forward.

It is getting a little late for me to spin up my AWS again, but if you are still stuck by tomorrow I could probably do that and run the commands in the 7.2.6 version to see exactly how to update it.

splunk75044
Explorer

Thanks and appreciate all your help

0 Karma

woodcock
Esteemed Legend

You can get more detail by running it as bash -x YourScriptNameHere.sh.

richgalloway
SplunkTrust
SplunkTrust

What error message do you get?

---
If this reply helps you, an upvote would be appreciated.
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!