Splunk® SOAR (On-premises)

Install and Upgrade Splunk SOAR (On-premises)

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® SOAR (On-premises). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Run make_cluster_node.pyc

Use the make_cluster_node.pyc script to configure an installed instance into a node of a cluster. This script stores the bulk of required configuration information from the PostgreSQL database.

Before running make_cluster_node, make sure that all the required services are working, either as external services or as a Shared Services server. Additionally, make sure that the required ports and endpoints are opened in your firewall. See ports and endpoints.

Collect the required information

You need this information to answer prompts for make_cluster_node.

  • IP addresses or hostnames for:
    • PostgreSQL server
    • HAProxy server and the port that the HAProxy server uses to accept HTTPS connections
    • GlusterFS server
    • Splunk Enterprise instance REST port
    • Splunk Enterprise instance HTTP Event Collector port
  • User names, passwords, tokens, or SSH key information for:
    • pgbouncer PostgreSQL database user
    • postgres PostgreSQL database user
    • login password for the HAProxy server, unless it uses an ssh key
    • username and password for the install being converted
    • Splunk Enterprise user with phantomsearch permissions
    • Splunk Enterprise user with phantomdelete permissions
    • Splunk Enterprise HTTP Event Collector token

Not all SSH key formats are accepted by make_cluster_node.pyc. You can use keys generated with the ssh-keygen -m PEM -t rsa -b 4096 command.

Create a node

Once you have either a Shared Services server or external services established, you convert installations of into cluster nodes.

Privileged installation

On a privileged installation, such as an RPM installation, run the make_cluster_node.pyc script as root or a user with sudo permissions.

/opt/phantom/bin/phenv python /opt/phantom/bin/make_cluster_node.pyc --responses /path/to/mcn_responses.json

You don't have to use mcn_responses.json. However, if you don't supply an alternate JSON file, the script prompts you for the information needed to create mcn_responses.json. The mcn_responses.json file contains secrets such as usernames and passwords in plain text. Store it in a secure location or delete it after the cluster configuration is complete.

Unprivileged installation

On an unprivileged installation you must first change to the directory where is installed.

  1. Change to the home directory.
    cd <phantom_install_dir>/bin/
  2. Run make_cluster_node.pyc using python.
    phenv python ./make_cluster_node.pyc --responses /path/to/mcn_responses.json

    You don't have to use mcn_responses.json. However, if you don't supply an alternate JSON file, the script prompts you for the information needed to create mcn_responses.json. The mcn_responses.json file contains secrets such as usernames and passwords in plain text. Store it in a secure location or delete it after the cluster configuration is complete.

Last modified on 07 February, 2024
PREVIOUS
Run make_server_node.pyc
  NEXT
Set up an external PostgreSQL server

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters