I configured the app however it keeps returning to the setup page. Easy fix. Also, I have the ssl_check3.py script work fine and its pulling cert info as expected however the manual (ssl_checker2.py) is failing. I deployed the app via the Deployment server so there is no "local" folder, so no local/ssl.conf either. I looked at the ssl_check2.py and it looks like its also looking for defaul/ssl.conf however when I manually run the script it returns the error " No such file or directory: '/opt/splunk/etc/apps/ssl_checker/bin/../local/ssl.conf' ". I tried, just for testing, to create a local/ssl.conf and it returned this error " 'str' object has no attribute 'decode' ". It also created an empty ssl.conf_tmp in local which I assume is a result of the above error?
That is the approached I used. Installed the app on the Deployment server proper, configured, then copied to the shcluster/apps directory to push out to the SH's. I also moved this configured copy of the app to the DS and CM servers to push to the indexers in the IDX cluster as well the deployment clients respectively. I am using our Deployment Server to manage a single Heavy Forwarder per splunk best practices. Not sure what you mean by "not always the best practice"? There are no UF's in this scenario.
Which is it?
Deployer = for SHC
Deployment Server = for UFs and sometimes HFs
I am using all 3. Deployer for SHC, Deployment for HF and CM for indexers. The architecture here is sound and being used appropriately. Not sure where this line of questioning is going? The issue seems to stem from the python code in ssl_checker2.py not seeing a configured version of ssl.conf in default and not handling a ssl.conf file in local if one exists there as well?
Architecture aside. When I installed the app on a standalone box, configured it, it still was producing the " 'str' object has no attribute 'decode' " error and creating an empty ssl.conf_tmp.
This is a Splunk 8.2.0 instance using python 3.7.10
What is in inputs.conf?
[script://./bin/ssl_checker2.py]
disabled = 0
interval = */60 * * * *
[script://./bin/ssl_checker3.py]
disabled = 0
interval = */60 * * * *
Ok how about ssl.conf?
[SSLConfiguration]
certPaths = /opt/splunk/etc/apps/appname/fd_certs/, /opt/splunk/etc/slave_apps/appname/fd_certs/
This is to cover SH's and indexers as this app is being deployed via the Deployer and the CM.
Ok i see the issue.
The app expects you to provide full file paths to the certs if you're using the manual mode.
You're giving it directory paths instead.
(add the file names to your paths)
I updated ssl.conf with the path to the pem file instead of just the directory.
SH's output this error.....
No such file or directory: '/opt/splunk/etc/apps/ssl_checker/bin/../local/ssl.conf'
SH's, obviously, since they are getting the app from the Deployer, do not have a local directory. The ssl.conf file is in default.
Indexers output this error still......
'str' object has no attribute 'decode'
The indexers are getting the app from the CM and do have a local/ssl.conf.
Thanks!
i see, so then you'll have to manually drop the ssl.conf file in local or log into each SH individually and configure them via the configuration page.
Tried that. Anything that has ssl.conf in the local directory spits out this error message when ssl_checker2.py runs.
'str' object has no attribute 'decode'
Did you have the full file paths in the local ssl.conf?
Ok, in the example ssl.conf you shared, it was directories, not paths to pem files.
Can you share ssl.conf, the version of ssl checker you're using and the version of splunk you are using so that I may try to replicate on my end?
[SSLConfiguration]
certPaths = /opt/splunk/etc/apps/appname/fd_certs/cert.pem, /opt/splunk/etc/slave_apps/appname/fd_certs/cert.pem
I don't currently have webtools installed. I didn't see that anywhere as a requirement for the ssl checker app?
Splunk Version: 8.2.0
Pythong Version: 3.7.10
Correct, I keep mixing up the name of the app.
Which version of ssl checker are you using?
I will test this week and let you know if I have the same issue or not.
Sounds good, thanks1
4.0.2
Does the slave-apps cert exist on the search heads? If not; that explains why the code can't find it.
I have tested on a SH just having the one cert in the ssl.conf file that exists on the search head and it still gives the error........
'str' object has no attribute 'decode'
yes i do. Full path down to the pem file.
If you're deploying via deployment server, then you'll want to treat this like we do dbconnect inputs.
Install and configure on a standalone, then copy the configured app to your deployment server and push.
BTW, it requires python so this suggests you're using your DS to manage HFs which is not always the best practice. If you're deploying to UFs, then it just wont work unless you have a way to make it use the UFs OS level python interpreter.