I'm testing search head pooling and I noticed, that when I add new user on first search head, second search head does not see that user and it cannot log in. I see directory of that user in the SHARED_PATH/etc/users/, but it is only visible on the user list by that search head, where I have created it. The same happen when I create user on the second search head - the first one does not see that user on the user list.
Is this a bug? Feature? How to fix it?
I don't think that we should call this a feature 🙂
We have been using search head pooling in the past with local authentication and the issue was the same. We have agreed to define new users only on one of the search heads and replicated the files with the users and roles by cron job once per day:
$SPLUNK_HOME/etc /passwd (User, passwords, role assignment)
$SPLUNK_HOME/etc/system/local/authorize.conf (role definition)
But this is just kind of work around. Later on we switched to a scripted authentication system.
I don't think that we should call this a feature 🙂
We have been using search head pooling in the past with local authentication and the issue was the same. We have agreed to define new users only on one of the search heads and replicated the files with the users and roles by cron job once per day:
$SPLUNK_HOME/etc /passwd (User, passwords, role assignment)
$SPLUNK_HOME/etc/system/local/authorize.conf (role definition)
But this is just kind of work around. Later on we switched to a scripted authentication system.
It´s still happening on 6.1.1 but i could see that everything was being written on the nfs folder, not on the /opt/splunk folder.
Re-starting splunk does not solve it.
App instalation is automatic on the other search head, i mean, the one that was not installing the App.
If obects like reports/alerts/dashboards are available across all search-heads in a pool, isn't it logical to assume that so would be the users? But they are not! (On 6.2.2)