splunk installation is failing to generate cert.pem
Splunk> Now with more code!
Checking http port : open
Checking mgmt port : open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port : open
Checking configuration... Done.
Checking critical directories... Done
Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary
Checking filesystem compatibility... Done
Checking conf files for problems...
Checking default conf files for edits...
Validating installed files against hashes from '/home/suk/opt/splunk/splunk-7.2.1-be11b2c46e23-linux-2.6-x86_64-manifest'
All installed files intact.
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Generating a 2048 bit RSA private key
/home/suk/opt/splunk/$SPLUNK_HOME/etc/auth/splunkweb/cert.pem: No such file or directory
Command failed (ret=1), exiting.
I know this is old but while setting up a lab to do some clustering I ran into this issue after making some of the "appropriate settings". To get around this for the sake of getting the lab stood up I just removed that part of the line in the:
splunk_dir/etc/system/local/web.conf (have to copy this from /default or you can hand type everything out)
for the privKeyPath and serverCert, I basically removed the $SPLUNK_HOME part so that it was just
(running a cmaster, dserver and fwdr on one server, an indexer cluster on one server, and search heads on another)
Would I do this for a single install or enterprise installation - heck no. This is only for personal labbing.
In your case:
File causing error and where you should fix - /home/suk/opt/splunk/etc/system/default/web.conf
copy that to
imagine in that web.conf file you have
privKeyPath = $SPLUNK_HOME/etc/auth/splunkweb/privkey.pe,
serverCert = $SPLUNK_HOME/etc/auth/splunkweb/cert.pem
you would want (if you are just trying to get it to work)
privKeyPath = etc/auth/splunkweb/privkey.pem
serverCert = etc/auth/splunkweb/cert.pem
Previous comment is right, you want to install in the /opt/splunk - for me I wanted to "mock up" the lab environment for cluster admin so...
do you execute everything in context of user
suk? Usually you have a seperate user and you kind of want to install splunk in
/opt/splunk. To do this automagically (and also set
SPLUNK_HOME) you can install splunk using your package manager (DEB/RPM):
To your problem: This directory seems broken:
It should be:
$SPLUNK_HOME being set.
/home/suk/opt/splunk/etc/auth/splunkweb/ as absolute path.