Comments (9)
Create an ansible play as a "pre-task" that does a chown on /opt/splunkforward. It'll run before the install play and set the ownership back to "splunk:splunk".
from docker-splunk.
My greatest fear was that the answer was going to involve "learn a new tool" LOL! :-)
- How do I define an ansible pre-task? Is there a folder I can simply copy a script file in?
- What user/group should I set in chown? ansible:ansible?
from docker-splunk.
You can actually copy our entire task for this:
The thing to notice is, in ansible --- in the first line signals the start of the file, and then the yaml definition will define what module to run a command on. In this case, it's ansible's file module: https://docs.ansible.com/ansible/latest/modules/file_module.html#file-module
We're going the file module to become root, but then set the directory to the splunk user. No different then doing like a "sudo chown splunk:splunk /opt/splunkforwarder". The variables are just taking place for the user / directory.
Now to use it, there's a few ways to include it, you can map it to /tmp/splunk_ansible_pre_tasks.yml or you can create the file, and host it on a webserver and set an env var "ansible_pre_tasks". You can also set to just use our actual play by setting an ansible_pre_tasks to file:///opt/ansible/roles/splunk_common/tasks/change_splunk_directory_owner.yml.
from docker-splunk.
I've given your recommendations a shot, but I don't think they are having any positive effect. I'm not certain that the /tmp/splunk_ansible_pre_tasks.yml I created is actually being executed.
The very end of the error output still says the same thing:
Exiting with failure status due to previous errors\n", "out": "", "rc": 2}, "gid": 0, "group": "root", "handler": "TgzArchive", "mode": "0755", "msg": "failed to unpack /var/tmp/ansible-tmp-1548663281.65-264095580488254/source to /opt", "owner": "root", "size": 4096, "src": "/var/tmp/ansible-tmp-1548663281.65-264095580488254/source", "state": "directory", "uid": 0}
I'm not 100% sure how to interpret this, but I believe it's still saying that the /opt directory is still owned by root. Therefore, the /tmp/splunk_ansible_pre_tasks.yml isn't enough on its own. Is there something else I need to do to get it to execute?
Out of curiosity, I've updated both the splunk and splunkforwarder images to 7.2.3, and I'm not having any issues with the splunk image. I'm able to map my app on my host maching using a volume directly into /opt/splunk/etc/apps. Is there some reason that the containers should behave differently?
from docker-splunk.
@LorenKeagle there's actually an initial task that runs that should change permissions of everything under /opt/splunk
to the splunk
user. See https://github.com/splunk/splunk-ansible/blob/develop/roles/splunk_common/tasks/change_splunk_directory_owner.yml
Also regarding your latest comment, did upgrading to 7.2.3 resolve this issue for you? Maybe I'm a bit confused, I thought the initial problem you had was with the 7.2.3 image. Nevermind, turns out I can't read. It seems like the problem is with the universalforwarder
image entirely, and not the splunk
image. I think I know the problem if that's the case, but can you confirm?
from docker-splunk.
@nwang92 That's correct!
Some background. I initially reported a startup issue for splunk forwarder in #32. Once I saw that was fixed and in Dockerhub, I updated my Dockerfile to pull from 7.2.3 to try it out, and then ran into this issue.
The splunk image works great using volumes to map apps from my host into /opt/splunk/etc/apps, but this fails in the splunk forwarder due to some permissions issue. Perhaps the ansible scripts between the two images are different? I would think the installation steps would be very similar between the two, but there's apparently a discrepancy.
If there is an official supported way to 'preload' a local app into the container, please let me know. Maybe there's a better way to go about this that utilizes your existing ansible setup tasks.
from docker-splunk.
Got it, yes I'm seeing the difference between the behavior of splunk/splunk
and splunk/universalforwarder
. I can get that fixed as part of the upcoming 7.2.4 release.
The latest Splunk image (7.2.3) does have limited app support, basically anything from Splunkbase or any http://... link. There was an issue with support https:// links, but that's resolved within the develop branch only right now.
You can create a container with something like docker run -d -e SPLUNK_PASSWORD=helloworld -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_APPS_URL=http://webserver/app.tgz splunk/universalforwarder
to automatically install an app bundle. I'm open to more feedback on how people use their apps + Splunk environments, but I imagine this would be useful amongst those running Splunk in docker because:
- It follows the model of "declarative" infrastructure - if you need a Splunk deployment with a particular app or set of apps, you should be able to define that at boot-time
- There is some flexibility in where apps come from - maybe certain teams like using Splunkbase, maybe others would prefer to host/cache/build independent apps internally. Either way, there should be a little flexibility in terms of "bringing-your-own-infrastructure" to support your stack.
But again, completely open to feedback or suggestions on this. I think your use case is valid and we should support that going forward. The only "issue" of bind-mounting apps is it may not be a very portable solution when transitioning to running these Splunk containers in a large cluster.
from docker-splunk.
@nwang92 Awesome that you found a difference! I was hoping I wasn't crazy :-D
In our case, our app is not public, as it potentially exposes IP and product capabilities to our competitors. However, my use case for this environment is intended to be a local, completely isolated demo/POV setup, with all required components already available in the repository. The app is already part of the local repo, so it would not be desired to have to upload it to an HTTP server just so the build script can access it. If there's a way to reference a local archive or mapped folder (either via a volume or through a COPY build command) that would be ideal.
from docker-splunk.
Going to close this - the code is currently in develop right now if you want to build your own images for now. But it will be released as part of 7.2.4 (expected to come out next week). I also added a test case that bind-mounts full app directories to the running container and validates that apps get registered in Splunk with this PR: #120
from docker-splunk.
Related Issues (20)
- Containers do not start for standalone and universal forward example. HOT 1
- How to find events that were sent to HEC?
- Tailing to stdout does not follow rotated/renamed files
- Validating databases (splunkd validatedb) failed with code '-1' on 9.1.2 HOT 2
- Failed to install the app 'Splunk add on for linux'
- Splunk 9.1.3 has a regression on the `SPLUNKD_SSL_ENABLE` variable HOT 3
- create-default does not work because the six module is not found. HOT 1
- Clients can't connect to splunk ds 9.2 and 9.2.0.1 HOT 1
- Index creation using default.yml is no longer working in splunk images > 9.0.7.
- libcrypto.so error on initial password hashing HOT 10
- Splunk 9.1.3 Startup Errors HOT 1
- Please include eu-stack utility into the docker image to allow performance troubleshooting within an indexer cluster
- Can't start latest/9.0.9 version HOT 2
- Python 3.7 EOL
- Launching a Forwarder licensed heavy container fails in 9.0.9, 9.1.4, and 9.2.1
- Can't download files from github inside of docker container
- Best Practices for Docker files
- UF Crashes on Container Restart (9.2 and 9.1) HOT 1
- 9.2.1 as splunk_deployment_server doesn't start HOT 2
- 9.2.1/9.1.4 hec token not created when providing env var SPLUNK_HEC_TOKEN HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-splunk.