Installation

Install Splunk Enterprise on EC2 (Linux) Automation from user data shell

Explorer

I am looking to fix my batch script :
download splunk package,create a new user, install,setup password for splunk,t
accept license

however it is failing at accept license and splunk edit line

code is below
<<

#!/bin/sh
#This version uses splunker as user # enterpriselist should contain the list of the two indexers
#Example:
# student@10.0.0.1 student@10.0.0.2
HOSTS_FILE="/opt/splunk/bin/scripts/enterpriselist"
WGET_CMD="wget -O splunk-6.4.2-00f5bb3fa822-Linux-x86_64.tgz https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version...;
INSTALL_FILE="splunk-7.2.6-c0bf0f679ce9-Linux-x86_64.tgz"

PASSWORD="Student1"
SPLUNK_USER="student"

REMOTE_SCRIPT="
 cd /opt
sudo $WGET_CMD
sudo tar -xvzf $INSTALL_FILE
sudo chown -R $SPLUNK_USER:$SPLUNK_USER /opt/splunk
sudo -u $SPLUNK_USER /opt/splunk/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt
sudo -u $SPLUNK_USER /opt/splunk/bin/splunk edit user admin -password $PASSWORD -auth admin:changeme
sudo -u $SPLUNK_USER /opt/splunk/bin/splunk restart
sudo /opt/splunk/bin/splunk enable boot-start -user $SPLUNK_USER
"
echo "In 5 seconds, will run the following script on each remote host:"
echo
echo "===================="
echo "$REMOTE_SCRIPT"
echo "===================="
echo
sleep 5
echo "Reading host logins from $HOSTS_FILE"
echo
echo "Starting."
for DST in `cat "$HOSTS_FILE"`; do
if [ -z "$DST" ]; then
continue;
fi
echo "---------------------------"
echo "Installing to $DST"
sudo ssh -t "$DST" "$REMOTE_SCRIPT"
done
echo "---------------------------"
echo "Done"

<<

Labels (1)
0 Karma

Explorer

I did not have an issue running your script with a few modifications.
You are downloading 6.4.2 and your install file is labeled 7.2.6. This may be your issue if that is in fact that exact script your running. However, I do not think you would make it past the tar command if that were the case.

There was no l accepting license issue that I ran into.
I tested this on 6.4.2 and 7.2.6 without issue.

My testing was two aws amazon linux boxes that I setup root ssh keys with since your running sudo ssh at the bottom.
I created the student account as well and file permissions looked fine.

Explorer

Hello Som,

I pasted the wrong line for the download. Yes, I was able to download and install Splunk Ent.
Did the edit password for you?

Thanks

0 Karma

Explorer

The password in the 6.4.2 version did work
I did notice that the password did not update for 7.2.6 however

I know splunk changed from admin:changeme to your admin password will be created when splunk is installed. I forget which version, but is that way in 7.x.

So I am thinking if you had written this script for 6.x it will not work the same in 7.x

Here is the documentation for 7.2.6 which is not using the ./splunk edit user command any longer:
https://docs.splunk.com/Documentation/Splunk/7.2.6/Security/Secureyouradminaccount

And you can see in Splunk 6.4.2 it still was:
https://docs.splunk.com/Documentation/Splunk/6.4.2/Security/Secureyouradminaccount

I would work towards adopting the new method if you are planning on using 7.x going forward.

It is getting a little late for me to spin up my AWS again, but if you are still stuck by tomorrow I could probably do that and run the commands in the 7.2.6 version to see exactly how to update it.

Explorer

Thanks and appreciate all your help

0 Karma

Esteemed Legend

You can get more detail by running it as bash -x YourScriptNameHere.sh.

SplunkTrust
SplunkTrust

What error message do you get?

---
If this reply helps you, an upvote would be appreciated.