Skip to main content

Splunk To root or Not To root

Today I added some add-ons to my splunk and did some sysadmin on the server. Restarted and noted the splunkd was not running. Ahh, well, that's typical. Starting the splunk daemon is easy enough:

Start Splunk - from the people who made splunk.

There are two ways to start splunk, as you can read from above. One is to run the "splunk" process from your root shell after logging in. This will run splunk as root. The other is to use the nifty systemctl service script to daemonize the process.

Prior to today, I had the same problem and ran the splunk process as root. This was foolish. If you happen to have once started splunk as root, and then successfully started splunk as the "splunk" user, you will find that your splunk login page is empty. You get the background picture, but no input controls.

Damn. Google that, nada. Damn again.

Today, I learned alot more about selinux and permissions and labels, so I investigated the "web_service" log (/opt/splunk/var/log/splunk/web_service.log) and found:

IOError: [Errno 13] Permission denied: '/opt/splunk/var/run/splunk/session-d07528932b4314e72a9f5bccd0f85fb27e8f30bd.lock'

Double damn. So I run an "ls -lZ" on that var/run/splunk directory to see what is going on, and I find the following.

drwx------. splunk splunk unconfined_u:object_r:usr_t:s0   scheduler
-rw-------. root   root   unconfined_u:object_r:usr_t:s0   session-d07528932b4314e72a9f5bccd0f85fb27e8f30bd
-rw-------. root   root   unconfined_u:object_r:usr_t:s0   session-d07528932b4314e72a9f5bccd0f85fb27e8f30bd.lock
-rw-r-----. splunk splunk system_u:object_r:usr_t:s0       splunkd.pid

There it is, my foolishness. The lock files are owned by root and not splunk. Do a quick "chown splunk.splunk" on everything in the var/run/splunk directory, and reload your splunk login page.

You should have the login now.

I have found the splunk systemctl service to be very very (very) temperamental. Sometimes it works, sometimes not. I saw someone on my google quest suggesting a "su -c blah blah" on the service commands, but that's the wrong answer. Just keep trying to get it to work, eventually something magically gives-in and cooperates. I still don't know what that something "is." 

Don't run splunk as root. Don't run any web thing as root. Typically don't run anything as root. You can try changing the service config files in /etc/systemd/system, but remember to run "systemctl daemon-reload" otherwise, you will get the whiney message about changes not being reloaded.


Popular posts from this blog

Host Species Barrier to Influenza Virus Infections

The title of this entry was taken from a paper written by Thijs Kuiken, Edward C. Holmes, John McCauley, Guus F. Rimmelzwaan, Catherine S. Williams, and Bryan T. Grenfell. This paper appeared in SCIENCE Volume 312, pp 394 – 397. If you have the gumption to really know how viral infections cross the species barrier, then this is the paper for you. It’s written as a “perspective” rather than as a technical publication, which means there isn’t a bunch of jargon in it. You can also contact the authors of the paper at t.kuiken@erasmusmc.nl . A particularly interesting quote taken from the paper: “It is well established that, as the proportion of susceptibles in the population, s , drops (as individuals become infected, then recover), the number of secondary cases per infection, R , also drops: R = s * R0 . If R is less than 1, as is currently the case for H5N1 virus in humans, an infection will not cause a major epidemic.” (pg. 312) The value, R0 , “is the number of secondary cases produced...
Read more

UNTITLED

I like people who can talk straight and take it standing. There's not enough straight talkers in the world, and certainly not enough in the USA. It seems as though our opinions are illegal if they are not in-line with the normative line of acceptance. That truly seems Orwellian to me. That said, though, this blog is more about race and ignorance than about the Thought Police. There does not exist a more sensitive and inflammatory topic than race . You should read the Wikipedia entry on race as it pertains to humans. It may enlighten you somewhat. The USA has two presidential candidates in its 2008 Presidential race. One of them is sort of a pinkish-white color, and the other is something of a brown color. The pinkish-white one has an American heritage with clear ancestry back to Northern Europeans. The brownish colored one has an Indonesian heritage with some suspected ancestry back to Africa, although he also has European ancestry. Call them whatever race you want. Where I have ...
Read more

The Spinning Brain

Intuition is a phenomenon of the biological brain that doesn't have any physical explanation. Many people experience intuition with varying degrees of success. There are a variety of theories regarding intuition [1] and some people regard intuition with much caution [2] . Yet, I am happily in the camp that has learned to respect my intuition as it has proven time and time again to be correct. Recently, though, I'd been thinking about intuition and soothsaying . There are many cases of people who claim to see the future, whatever that might be. Maybe there is something to be said about this mystical phenomenon. Maybe there is a real physical process at work that we just haven't thought of yet. To this end, I am proposing a theory about human intuition. This theory, though requires some background in quantum mechanics . Specifically, quantum entanglement . I'm not the only person who has theorized about quantum entanglement and its role in biological congnition and th...
Read more