Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Errors running enable boot-start with specific user on a Search Head with pooling config

theunf
Communicator
‎04-01-2014 01:06 PM

Hi all,

I´m running a Lab with two Search Heads on a pool using a third server as NFS mount point.

Everything is working fine, users e apps being synchronized almost instantaneously but when I used the splunk enable boot-start -user splunk it returned a lot of errors :

splunk@SearchHead01:/opt/splunk/bin$ sudo ./splunk enable boot-start -user splunk
ERROR IniFile - Cannot open file=/mnt/pooling/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/pooling/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create directory: /mnt/pooling/etc/users: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/pooling/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/pooling/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/pooling/etc/users/users.ini
ERROR IniFile - Cannot open file=/mnt/pooling/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/pooling/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create directory: /mnt/pooling/etc/users: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/pooling/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/pooling/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/pooling/etc/users/users.ini
ERROR IniFile - Cannot open file=/mnt/pooling/etc/pooling/pooling.ini for parsing: Permission denied
ERROR SearchHeadPoolInfo - Error reading search head pool info: Error reading search head pool info /mnt/pooling/etc/pooling/pooling.ini: Permission denied
ERROR UsernameMapper - Cannot create directory: /mnt/pooling/etc/users: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/pooling/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/pooling/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/pooling/etc/users/users.ini
ERROR IniFile - Cannot open file=/mnt/pooling/etc/pooling/pooling.ini for parsing: Permission denied
ERROR UsernameMapper - Cannot create directory: /mnt/pooling/etc/users: Permission denied
ERROR UsernameMapper - Cannot create username mapping file: /mnt/pooling/etc/users/users.ini: Permission denied
ERROR IniFile - Cannot open file=/mnt/pooling/etc/users/users.ini for parsing: Permission denied
ERROR UsernameMapper - Error opening username mapping file: /mnt/pooling/etc/users/users.ini
 Adding system startup for /etc/init.d/splunk ...
   /etc/rc0.d/K20splunk -> ../init.d/splunk
   /etc/rc1.d/K20splunk -> ../init.d/splunk
   /etc/rc6.d/K20splunk -> ../init.d/splunk
   /etc/rc2.d/S20splunk -> ../init.d/splunk
   /etc/rc3.d/S20splunk -> ../init.d/splunk
   /etc/rc4.d/S20splunk -> ../init.d/splunk
   /etc/rc5.d/S20splunk -> ../init.d/splunk
Init script installed at /etc/init.d/splunk.

The weird solution was to set 777 on folder permissions at NFS server or add root to splunk group.

After that, the command runs normally but a lot of files were created under /mnt/pooling/etc/.

Those errors and the need of extra permissions is a limitation of a bug ?
Which files should reside on the mouting point ?

0 Karma
Reply

theunf
Communicator
‎09-02-2014 01:46 AM

Boot-start scripts from newest buils start splunk directy and sub-processes follow SPLUNK_OS_USER directive at $SPLUNK_HOME/etc/splunk-launch.conf but it does not bind a GroupID to the process.

So any file that´s created or changed will be saved and owned by :root .

To solve it I start using old Splunk startup script which starts splunk using su command :

RUNAS=splunk
SPLUNK_HOME=/splunk_bin/splunk

splunk_start() {
echo Starting Splunk...
if [ "$RUNAS" = "" ]; then
"$SPLUNK_HOME/bin/splunk start" --no-prompt --answer-yes
RETVAL=$?
else
su -c "$SPLUNK_HOME/bin/splunk start --no-prompt --answer-yes" $RUNAS
RETVAL=$?
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/splunk
}

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...