Garethatiag, I greatly appreciate your response, I did use incorrect terminology in my question.
Deployment server is for forwarders, Deployer server is for Search Head Clusters, and Master Node is for indexers.
My questions concerns the deploying the addon above using the Master Node. I Re-built the cluster yesterday and shared the secret key among the servers to solve this issue however it still seems apps could be better developed to support the deployment methodology.
... View more
I ask this because I just spent a while trying to debug why installing the "Microsoft Supporting Add-on for Active Directory" would not work when I deployed it using the deployment server. I determined that it is using the REST api to encrypt the password for the LDAP account being configured. This however uses the current server (Master Nodes) private key... and therefore when deployed to the other servers, they cannot perform a successful BIND as they cannot successfully decrypt the LDAP account password. I understand the challenges of secure credentials when deploying however this wouldn't be an issue if two things happened:
Check for running directory and notify the user if the App is being run for the first time from the slave-apps directory to allow them to re-enter the credentials.
Web GUI works after deployment.
This add-on's web GUI also appears broken when deployed into the slave-apps directory... but I am still troubleshooting this... If anyone has any idea where to start that would be help. I am assuming some sort of static reference (/opt/splunk/etc/apps/SA_ldapsearch) to directories has been made instead of a relative reference ($SPLUNK_DIR/SA_ldapsearch), but its just a guess.
... View more