Install the Remote Upgrader for Linux Universal Forwarders
Before you install, review the the prerequisites described in https://docs.splunk.com/Documentation/Forwarder/1.0.0/ForwarderRemoteUpgradeLinux/Prerequisites.
Note that the remote upgrader for Linux universal forwarder is not a Splunk add-on. It's a mechanism you use to deliver the universal forwarder package and/or the remote upgrader package to remote universal forwarder boxes. It runs as a separate Linux service outside of the Splunk home directory. It always requires ROOT to install, so the universal forwarder and deployment server cannot install the remote upgrader
You can install the Remote Upgrader for Linux Universal Forwarders in one of two ways:
- Install the Remote Upgrader for Linux Universal Forwarders and run it as an existing user and group.
- Install the Remote Upgrader for Linux Universal Forwarders and create new users and groups with permissions.
Install with the default user
With the default users and groups, the remote upgrader creates its own user group with minimum permissions to complete the remote upgrade.
sudo ./bin/install.sh --accept-license --create-user
Install with specific users and groups
Specify a user and group using the configuration file
To customize the user and group names using the configuration file, do the following before installing the remote upgrader:
-
Make a copy of
./config/default_configand place it in the./config/local_configdirectory. - In the ./config/local_config file and update the following fields with your user and group names:
- SPLUNK_UPDATER_USER=splunkupgrader
- SPLUNK_UPDATER_GROUP=splunkupgrader
Specify a user in the command line
The installer for the remote upgrader for Linux universal forwarders must run as root or sudo. This is because the remote upgrader requires system administrator permissions to set up the daemon configurations. Once remote upgrader installation is complete, the daemon can run as another user and group that you specify during the installation, provided that said user has appropriate permissions.
To specify the user or group that will run the Remote Upgrader for Linux Universal Forwarders installation script:
- To use an existing user and group, run
--user <user> --group <group>. The following is an example of how to install the remote upgrader for Linux universal forwarders and run it as a predefined user and group:sudo ./bin/install.sh --accept-license --user <user> --group <group>
- Any user or group your configure must also be a sudo user. If any of the following commands cannot run as passwordless sudo, the installation will fail.
| sudo command | Why |
|---|---|
| systemctl | To operate the upgrader daemon as a systemd service. |
| pkill | To kill splunkd or the upgrade process when the process is hanging. |
| chmod | To set the file or directory permissions to make them available to Splunk apps to deliver the universal forwarder package |
| chown | To set SPLUNK_HOME ownership after upgrade. |
| cp | To copy files to or from SPLUNK_HOME. |
| rm | To remove SPLUNK_HOME when rolling back an upgrade, for example, in the case of upgrade failure. |
| find | To find SPLUNK_HOME globally before upgrading. |
| mkdir | To create directories in the SPLUNK_HOME directory. |
| cat | To read files to SPLUNK_HOME. |
| stat | To get previous Splunk users from the SPLUNK_HOME/bin/splunk file owner.
|
| ps | To get the Splunk process owner. |
| test | To test file directory presence in SPLUNK_HOME. |
| sed | To update the remote upgrader for Linux universal forwarders configurations. |
| tar | To unpack Splunk packages to SPLUNK_HOME that might be owned by root. |
| Download your remote upgrader | Start or stop the upgrader daemon |
This documentation applies to the following versions of Splunk® Universal Forwarder: 1.0.0, 1.0.1, 8.2.11, 8.2.12, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.4.0, 9.4.1
Download manual
Feedback submitted, thanks!