Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable to push shcluster bundles after upgrade- possible kvstore issue?

dtow1
Path Finder
‎12-14-2022 02:43 PM

I am unable to push shcluster bundles post an upgrade to 9.0.2 from 8.2.7. I have also completed the upgrade and migrated the KVstore without error and see the following expected settings:

serverVersion : 4.2.17

storageEngine : wiredTiger

 

The error I receive is:
"Error in pre-deploy check, uri=https://<HOST_NAME>/services/shcluster/captain/kvstore-upgrade/status, status=502, error=No error"


If I look in splunkd.log I get the following error for each attempt.
HttpClientRequest [2071959 TcpChannelThread] - Caught exception while parsing HTTP reply: Unexpected character while looking for value: '<'

The error from the actual command makes me think that there was an issue with the kvstore-upgrade that is just not showing.

Labels (1)
Labels
0 Karma
Reply

dtow1
Path Finder
‎12-16-2022 08:56 AM

Additional details:

When I attempt to do the apply shcluster-bundle, if I look on the target search head in:

In  web_access.log I can see the get requests:
GET /en-US/services/shcluster/captain/kvstore-upgrade/status?output_mode=json HTTP/1.1" 404 18843

In web_service.log I can see the error that the path is not found.

error:321 - Masking the original 404 message: 'The path '/en-US/services/shcluster/captain/kvstore-upgrade/status' was not found.' with 'Page not found!' for security reason


Is there any way to disable this check in the apply shcluster-bundle command? Any way to determine why this page does not exist?

Thanks for any help.

0 Karma
Reply

dtow1
Path Finder
‎12-16-2022 10:59 AM

One last piece of information, I've found that if I modify the url to include the port, it is accessible:
https://<HOSTNAME>:8089/services/shcluster/captain/kvstore-upgrade/status

So it looks like this check is possibly failing due to an issue with the validation script.

I attempted this because every reference to this and similar checks in the migration documentation uses this port.

https://docs.splunk.com/Documentation/Splunk/9.0.2/Admin/MigrateKVstore

Is this a bug in 9.0.2? Is it something that can be fixed?

I found that the URL is mentioned in /etc/system/static/splunkrc_cmds.xml

So I tried pre-pending the port to the relevant line:
<uri><![CDATA[/shcluster/captain/kvstore-upgrade/status]]></uri>
changed to:
<uri><![CDATA[:8089/shcluster/captain/kvstore-upgrade/status]]></uri>

Restarted splunk and retried deployment, but it didn't pick up that change. So it appears that it does not use this setting in the way I thought it did. (I've reverted since that file isn't supposed to be modified).

I'm at a loss though for how to get past this issue.

0 Karma
Reply
Get Updates on the Splunk Community!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...