Configure Hunk to run reports as a different user
By default, Hunk runs and spawns MapReduce jobs as the OS user used to install and run the search head server. If you install a Hunk license on an existing Splunk installation that has already been configured, or if your MapReduce user changes, you may need to reconfigure your Hunk user in order to run MapReduce jobs.
To run MapReduce jobs as a different user, you spawn the Splunk MapReduce process in the search head as that user. To do this you:
- Give your MapReduce user permissions to Splunk.
- Assign your MapReduce user as the Hunk user.
We do the rest by providing a script that changes the user before running the ERP process
Reconfigure your user for Hunk:
1. Create a *nix user on the machine your search head resides on and give it the name of the user you want to use to run MapReduce jobs. For this example, let's call this *nix user "NewUser".
2. Set the umask
for the *nix account that was originally used to install Splunk. For this example, let's call this original user "SplunkUser".
umask [-S ] [SplunkUser]
This makes the files created by "SplunkUser" readable to the "NewUser" *nix user account you just created. If you want to learn more about the umask
command, check out the following article: http://en.wikipedia.org/wiki/Umask.
3. Set Splunk's internal umask
so that files Splunk creates are readable to NewUser. You do this in launch.conf
like so.
Example : SPLUNKD_MINIMUM_UMASK=0002
4. Give "SplunkUser" Passwordless sudo permissions, so they can run as "NewUser" for bin bash by adding the following line via visudo
:
SplunkUser ALL=(NewUser) NOPASSWD: /bin/bash
5. Disable requiretty
for "SplunkUser". Via visudo
add the following line (otherwise the virtual index search and you will see something like this: "sudo: sorry, you must have a tty to run sudo.")
6. Update indexes.conf
to tell Hunk to run MapReduce jobs as "NewUser". This can be updated in the provider or the virtual index stanza.
7. Make sure the following are executable by both "SplunkUser" and "NewUser":
- The
hadoop
script in your$HADOOP_HOME/bin
directory exists.
- The
Hadoop CLI
script in your$HADOOP_HOME
directory is executable.
- The
SplunkMR
jars in$SPLUNK_HOME/bin/jars
exist.
- Any Splunk jars in the "NewUser" home directory must also be executable by "SplunkUser".
- Any Splunk jars in the "HunkUser" home directory, must be executable by "NewUser".
8. Restart Hunk to propagate your changes.
PREVIOUS Configure Kerberos authentication |
NEXT Configure Hunk to read Hadoop Archive (HAR) files |
This documentation applies to the following versions of Hunk®(Legacy): 6.0, 6.0.1, 6.0.2, 6.0.3
Feedback submitted, thanks!