Hi,
first things first: Thanks for this very useful puppet module! :-)
I am having a very hard time figuring out how to get my license server and slaves to trust each other. This is what I see in splunkd.log on my license master (which is also the indexer cluster master):
10-30-2020 19:32:38.391 +0100 ERROR LMMasterRestHandler - path=/masterlm/usage: Signature mismatch between license slave=172.27.42.1 and this License Master. Please make sure that the pass4SymmKey setting in server.conf, under [general], is the same for the License Master and all its slaves from ip=172.27.42.1
My configuration looks similar to example 4 in README.md.
This is the configuration all my splunk machines get:
splunk::service:
ensure: 'running'
enable: 'true'
splunk::admin:
hash: '$6$tRxxxxxxsecret'
fn: 'Splunk Admin'
email: '[email protected]'
splunk::lm: 'cluster-and-license-master-fqdn:8089'
This is what my cluster master gets:
splunk::httpport: 8000
splunk::tcpout: 'indexer_discovery'
splunk::clustering:
mode: 'master'
indexer_discovery: 'true'
replication_factor: 2
search_factor: 2
site_replication_factor: 'origin:1,total:2'
site_search_factor: 'origin:1,total:2'
thissite: 'site1'
available_sites: 'site1,site2'
pass4symmkey: 'plaintextsecret'
This is what my cluster indexers get:
splunk::clustering:
thissite: 'site1'
forwarder_site_failover: 'site1:site2'
splunk::inputport: 9997
splunk::httpport: 8000
splunk::replication_port: 8080
splunk::clustering:
mode: 'slave'
cm: 'cluster-and-license-master-fqdn:8089'
pass4symmkey: 'plaintextsecret'
I set merge settings for splunk::clustering like this because indexer configuration is kept in two different hiera levels:
splunk::clustering:
merge: deep
I am running out of ideas how to debug this further. I can see that from time to time on puppetruns that pass4SymmKey is set back to changeme or plaintextsecret. I am afraid I don't understand closely enough when plaintextsecret is exchanged with a real hashed key. Does splunk do that or does the puppet module do that?
Maybe you could point me in a direction?
Thanks again for this module! Configuring my splunk setup without it would be impossible I guess! :-)
all the best
Jojo