When installing latest version on Linux, with a splunk OS user set (SPLUNK_OS_USER=splunk) in etc/splunk-launch.conf, I get "unable to write 'random state'" when it's generating the keys. This means the ssh keys have been generated with inadequate randomisation.
Is there a workaround?
What's happening is OpenSSL is trying to create/modify ~splunk/.rnd
and can't.
To resolve, check /etc/passwd
to see where the system thinks the home directory, and then make sure it exists with the correct permissions. In theory you could set splunk's home directory to your install location, but there may or may not be security implications of having the .rnd in $SPLUNK_HOME
.
I'm still working on grocking the full Splunk security model, but I'm sure the ultimate solution is to not user the self signed certificates and install real certificates.
In practice, the most common reason for this happening seems to be that the .rnd file in your home directory is owned by root rather than your account.
Easiest solution:
As Splunk user
sudo rm ~/.rnd
~/
is equivalent of "the current users home directory" which as @dslife suggested, is also shown in /etc/passwd.
grep splunk /etc/passwd
The splunk users home directory is typically one of the following:
/home/splunk
/opt/splunk
/opt/splunkforwarder
/applications/splunk
/applications/splunkforwarder
Therefore you could delete the .rnd file like this:
rm /home/splunk/.rnd
Or you could change ownership of it like this:
chown -f splunk. /home/splunk/.rnd