Critical error when defining Splunkbase variables in 8.0.8/8.1.2
bakermat opened this issue · comments
Hi team,
When running Splunk specifying any version older than 8.0.8 or 8.1.2, the following works fine when trying to automatically install an app from Splunkbase:
docker run -d -v /opt/splunk/etc/:/opt/splunk/etc/ -v /opt/splunk/var/:/opt/splunk/var/ -p 8000:8000 -e SPLUNK_APPS_URL=https://splunkbase.splunk.com/app/1724/release/3.4.6/download -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_PASSWORD=password -e SPLUNKBASE_PASSWORD=mypassword -e SPLUNKBASE_USERNAME=myusername splunk/splunk:8.1.1
However, when running it with the latest tag or using version 8.0.8,8.1.2 or edge the following error comes up preventing a successful execution:
[WARNING]: * Failed to parse /opt/ansible/inventory/environ.py with script plugin: Inventory script (/opt/ansible/inventory/environ.py) had an execution error: Traceback (most recent call last): File "/opt/ansible/inventory/environ.py", line 821, in <module> main() File "/opt/ansible/inventory/environ.py", line 807, in main getSplunkInventory(inventory) File "/opt/ansible/inventory/environ.py", line 95, in getSplunkInventory inventory["all"]["vars"] = getDefaultVars() File "/opt/ansible/inventory/environ.py", line 147, in getDefaultVars getSplunkbaseToken(defaultVars) File "/opt/ansible/inventory/environ.py", line 352, in getSplunkbaseToken raise Exception("Invalid Splunkbase credentials - will not download apps from Splunkbase") Exception: Invalid Splunkbase credentials - will not download apps from Splunkbase [WARNING]: * Failed to parse /opt/ansible/inventory/environ.py with ini plugin: /opt/ansible/inventory/environ.py:16: Expected key=value host variable assignment, got: __future__ [WARNING]: Unable to parse /opt/ansible/inventory/environ.py as an inventory source ERROR! No inventory was parsed, please check your configuration and options. splunkd.pid file is unreadable.
Did something change in these later versions that could have caused this?
line 352, in getSplunkbaseToken raise Exception("Invalid Splunkbase credentials - will not download apps from Splunkbase") Exception: Invalid Splunkbase credentials - will not download apps from Splunkbase
It looks like we're throwing an exception on the Splunkbase credentials.
-- Are the splunkbase credentials that you provided correct? Can you verify them before we investigate this further?
They are definitely correct. When I run the following command (as per above and obviously with my own credentials) it works:
docker run -d -v /opt/splunk/etc/:/opt/splunk/etc/ -v /opt/splunk/var/:/opt/splunk/var/ -p 8000:8000 -e SPLUNK_APPS_URL=https://splunkbase.splunk.com/app/1724/release/3.4.6/download -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_PASSWORD=password -e SPLUNKBASE_PASSWORD=mypassword -e SPLUNKBASE_USERNAME=myusername splunk/splunk:8.1.1
When using the same command and credentials but only changing the tag at the end, e.g. splunk/splunk:8.0.8 it does not work anymore. Same for version 8.1.2, edge or latest. I also tried 8.0.7 and 7.3: those all work without any issues.
Just noticed a similar issue with this one. Here is the error message.
│ ansible-playbook 2.10.5 │
│ config file = /opt/ansible/ansible.cfg ││ configured module search path = ['/opt/ansible/library', '/opt/ansible/apps/library', '/opt/ansible/ansible_commands'] │
│ ansible python module location = /usr/lib/python3.7/site-packages/ansible ││ executable location = /usr/bin/ansible-playbook │
│ python version = 3.7.9 (default, Feb 2 2021, 23:41:22) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] ││ Traceback (most recent call last): │
│ File "inventory/environ.py", line 821, in <module> ││ main() │
│ File "inventory/environ.py", line 807, in main ││ getSplunkInventory(inventory) │
│ File "inventory/environ.py", line 95, in getSplunkInventory ││ inventory["all"]["vars"] = getDefaultVars() │
│ File "inventory/environ.py", line 147, in getDefaultVars ││ getSplunkbaseToken(defaultVars) │
│ File "inventory/environ.py", line 354, in getSplunkbaseToken ││ splunkbase_token = re.search("<id>(.*)</id>", output, re.IGNORECASE) │
│ File "/usr/lib/python3.7/re.py", line 185, in search ││ return _compile(pattern, flags).search(string) │
│ TypeError: cannot use a string pattern on a bytes-like object ││ splunkd.pid file is unreadable. │
│ stream closed
Based on this error, it looks like something to do with parsing SplunkbaseToken .
This should be fixed in the above PR and available in splunk/splunk:edge now. I'll see if we can get this pushed early, but otherwise it'll be available in the future splunk/splunk:8.1.3 image.
@bakermat @nchowinf This fix has been included in the v8.1.3 Docker images just published to Docker Hub.
@alishamayor tried also the 8.1.3 and the latest tags - same problem. and user / pass is correct
with edge works well.