Run make_cluster_node.pyc
Use the make_cluster_node.pyc
script to configure an installed Splunk Phantom instance into a node of a cluster. This script stores the bulk of required configuration information from the PostgreSQL database.
Before running make_cluster_node
, make sure that all the required services are working, either as external services or as a Shared Services server.
Collect the required information
You need this information to answer prompts for make_cluster_node.
- IP addresses or hostnames for:
- PostgreSQL 9.5 server
- HAProxy server and the port that the HAProxy server uses to accept HTTPS connections
- GlusterFS server
- Splunk Enterprise instance REST port
- Splunk Enterprise instance HTTP Event Collector port
- User names, passwords, tokens, or SSH key information for:
- pgbouncer PostgreSQL database user
- postgres PostgreSQL database user
- login password for the HAProxy server, unless it uses an ssh key
- Splunk Phantom username and password for the install being converted
- Splunk Enterprise user with
phantomsearch
permissions - Splunk Enterprise user with
phantomdelete
permissions - Splunk Enterprise HTTP Event Collector token
Create a Splunk Phantom node
Once you have either a Shared Services server or external services established, you convert installations of Splunk Phantom into cluster nodes.
Privileged installation
On a privileged installation, such as a virtual machine image, or an RPM installation, run the make_cluster_node.pyc
script as root
or a user with sudo
permissions.
- Run the
make_cluster_node.pyc
script./opt/phantom/bin/phenv python /opt/phantom/bin/make_cluster_node.pyc --responses /path/to/mcn_responses.json
You don't have to use mcn_responses.json. If you do not supply a JSON file, the script prompts you for the information it needs. The
mcn_responses.json
file contains secrets such as usernames and passwords in plain text. Store it in a secure location or delete it after the cluster configuration is complete. - For each other node, run the script without arguments.
/opt/phantom/bin/phenv python /opt/phantom/bin/make_cluster_node.pyc
Unprivileged installation
On an unprivileged installation you must first change to the directory where Splunk Phantom is installed.
- Change to the Splunk Phantom home directory.
cd <phantom_install_dir>/bin/
- Run
make_cluster_node.pyc
using python.phenv python ./make_cluster_node.pyc --responses /path/to/mcn_responses.jsonYou don't have to use
mcn_responses.json
. If you do not supply a JSON file, the script prompts you for the information it needs. Themcn_responses.json
file contains secrets such as usernames and passwords in plain text. Store it in a secure location or delete it after the cluster configuration is complete.
Run make_server_node.pyc | Set up an external PostgreSQL server |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7
Feedback submitted, thanks!