I configured the app however it keeps returning to the setup page. Easy fix. Also, I have the ssl_check3.py script work fine and its pulling cert info as expected however the manual (ssl_checker2.py) is failing. I deployed the app via the Deployment server so there is no "local" folder, so no local/ssl.conf either. I looked at the ssl_check2.py and it looks like its also looking for defaul/ssl.conf however when I manually run the script it returns the error " No such file or directory: '/opt/splunk/etc/apps/ssl_checker/bin/../local/ssl.conf' ". I tried, just for testing, to create a local/ssl.conf and it returned this error " 'str' object has no attribute 'decode' ". It also created an empty ssl.conf_tmp in local which I assume is a result of the above error?
That is the approached I used. Installed the app on the Deployment server proper, configured, then copied to the shcluster/apps directory to push out to the SH's. I also moved this configured copy of the app to the DS and CM servers to push to the indexers in the IDX cluster as well the deployment clients respectively. I am using our Deployment Server to manage a single Heavy Forwarder per splunk best practices. Not sure what you mean by "not always the best practice"? There are no UF's in this scenario.
I am using all 3. Deployer for SHC, Deployment for HF and CM for indexers. The architecture here is sound and being used appropriately. Not sure where this line of questioning is going? The issue seems to stem from the python code in ssl_checker2.py not seeing a configured version of ssl.conf in default and not handling a ssl.conf file in local if one exists there as well?
Architecture aside. When I installed the app on a standalone box, configured it, it still was producing the " 'str' object has no attribute 'decode' " error and creating an empty ssl.conf_tmp.
This is a Splunk 8.2.0 instance using python 3.7.10
certPaths = /opt/splunk/etc/apps/appname/fd_certs/, /opt/splunk/etc/slave_apps/appname/fd_certs/
This is to cover SH's and indexers as this app is being deployed via the Deployer and the CM.
I updated ssl.conf with the path to the pem file instead of just the directory.
SH's output this error.....
No such file or directory: '/opt/splunk/etc/apps/ssl_checker/bin/../local/ssl.conf'
SH's, obviously, since they are getting the app from the Deployer, do not have a local directory. The ssl.conf file is in default.
Indexers output this error still......
'str' object has no attribute 'decode'
The indexers are getting the app from the CM and do have a local/ssl.conf.
Ok, in the example ssl.conf you shared, it was directories, not paths to pem files.
Can you share ssl.conf, the version of ssl checker you're using and the version of splunk you are using so that I may try to replicate on my end?
certPaths = /opt/splunk/etc/apps/appname/fd_certs/cert.pem, /opt/splunk/etc/slave_apps/appname/fd_certs/cert.pem
I don't currently have webtools installed. I didn't see that anywhere as a requirement for the ssl checker app?
Splunk Version: 8.2.0
Pythong Version: 3.7.10
If you're deploying via deployment server, then you'll want to treat this like we do dbconnect inputs.
Install and configure on a standalone, then copy the configured app to your deployment server and push.
BTW, it requires python so this suggests you're using your DS to manage HFs which is not always the best practice. If you're deploying to UFs, then it just wont work unless you have a way to make it use the UFs OS level python interpreter.