Installation

Splunk UF installation issue in rhel6 and amazon2018 after upgrade?

siladitya
Loves-to-Learn Lots

I am upgrading splunk UF from 8.0.5 to V 9.0.0 in my all linux flavours (rhel,6,7,8 ,amz 2018,2 and cent7).It got installed properly except rhel6 and amazon-2018. When I am trying to execute below command through automated script it got hung but surprisingly when I execute same command from tty ,its working fine. I used both shell (sh and bash) in my shebang.  

I found few hung child  processes when I did ps -eaf | grep splunk

"/opt/splunkforwarder/bin/splunk start --accept-license --no-prompt"

Labels (2)
0 Karma

77
Explorer

Finally figured this one out thanks to a similar issue someone had 8 years ago lol. you will need to bypass the first-time run script by doing a few things.
1. rm -rf $splunkforwarder_home/ftr

2. cp $splunkforwarder_home/etc/auth/cacert.pem.default $splunkforwarder_home/etc/auth/cacert.pem
3. cp $splunkforwarder_home/etc/auth/ca.pem.default $splunkforwarder_home/etc/auth/ca.pem
4. cp $splunkforwarder_home/etc/myinstall/splunkd.xml.cfg-default $splunkforwarder_home/etc/myinstall/splunkd.xml

5. create a user-seed.conf file for the default admin user.

6. $splunkforwarder_home/bin/splunk start

This should start the UF then just proceed to stop, enable boot-start, and finally start the UF service for the final time.

0 Karma

77
Explorer

So our install/upgrade script is getting stuck at the accept license prompt, but when you login to the machine and enter the same accept license command it runs albeit with some errors .

 

77
Explorer

Same issue for OL6 this is def a splunk 9 bug.

brdr
Contributor

We have noticed the UF upgrades took a long time as well. If you look at the UF upgrade log it complains about kvstore which is something totally new in v9.  We noticed when we disabled the kvstore and performed an upgrade that the upgrade was wicked' quick. The kvstore message is confusing and very likely cause our customers to question it.

Amksa86
Explorer

How did you disable the kvstore, is that during the installation/upgrade? 

do you run a command to disable it before the start --accept-license command? 

thanks! 

0 Karma

Amksa86
Explorer

Hello,

We're having this same exact issue. We contacted support and they say no it's not splunk issue. we're still looking for a solution for this.

thanks!

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...