Multisite setup task always logging a fatal error
tmaltaverne opened this issue · comments
At each run, the task "Setup SHC - Multisite" for search heads and monitoring console, is always showing a fatal error in the logs:
TASK [splunk_search_head : Setup SHC - Multisite] ******************************
fatal: [localhost]: FAILED! => {
"attempts": 1,
"changed": false,
"cmd": [
"/opt/splunk/bin/splunk",
"edit",
"cluster-config",
"-mode",
"searchhead",
"-master_uri",
"https://splunk-xxx-xxx-cluster-master-service:8089",
"-auth",
"admin:xxxxxxxxxxxxxxxxxx",
"-secret",
"xxxxxxxxxxxxxxxxxx"
],
This is not causing any issue in the rest of the install process, but it is generating noise in the logs by displaying a fatal error, and shows the admin password and secret.
We observe this (at least) in versions 9.0.0 to 9.0.4.1.
Quickly looking at the code it seems to come from here: the fail condition is always true when rc!=0, because there can't be both "cluster-master" and "cluster-manager" at the same time in the stderr. I guess the OR condition should be made an AND.
Issue seems to be at different places.
updated a patch to the path:
docker pull splunk/splunk:b985591d12fd-patch
docker run --mount type=bind,source="PATH_TO_CUSTOM_CONFIG/my_conf.yml",target=/tmp/defaults/default.yml -p 8000:8000 -p 8080:8080 -e "SPLUNK_PASSWORD=trypass@" -e "SPLUNK_START_ARGS=--accept-license" --name so1 -it splunk/splunk:b985591d12fd-patch
contents of config file
hide_password: true
splunk:
conf:
- key: authentication
value:
directory: /opt/splunk/etc/apps/ldap-password/local
content:
iissplunkldap:
bindDN: CN=app-trial,OU=Applications,OU=Special,OU=Users,OU=Sites,OU=Global,DC=iis,DC=customer,DC=net
bindDNpassword: DO_NOT_SHOW_MY_PASS
iissplunkldapsvc:
bindDN: CN=app-trial,OU=Applications,OU=Special,OU=Users,OU=Sites,OU=Global,DC=iis,DC=customer,DC=net
bindDNpassword: DO_NOT_SHOW_MY_PASS
- key: authentication
value:
directory: /opt/splunk/etc/master-apps/ldap-password/local
content:
iissplunkldap:
bindDN: CN=app-trial,OU=Applications,OU=Special,OU=Users,OU=Sites,OU=Global,DC=iis,DC=customer,DC=net
bindDNpassword: DO_NOT_SHOW_MY_PASS
iissplunkldapsvc:
bindDN: CN=app-trial,OU=Applications,OU=Special,OU=Users,OU=Sites,OU=Global,DC=iis,DC=customer,DC=net
bindDNpassword: DO_NOT_SHOW_MY_PASS
the changes included in the patch image are from this MR: #772