Giters

splunk / splunk-ansible

Ansible playbooks for configuring and managing Splunk Enterprise and Universal Forwarder deployments

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Multisite setup task always logging a fatal error

tmaltaverne opened this issue · comments

commented

At each run, the task "Setup SHC - Multisite" for search heads and monitoring console, is always showing a fatal error in the logs:

TASK [splunk_search_head : Setup SHC - Multisite] ******************************
fatal: [localhost]: FAILED! => {
"attempts": 1,
"changed": false,
"cmd": [
"/opt/splunk/bin/splunk",
"edit",
"cluster-config",
"-mode",
"searchhead",
"-master_uri",
"https://splunk-xxx-xxx-cluster-master-service:8089",
"-auth",
"admin:xxxxxxxxxxxxxxxxxx",
"-secret",
"xxxxxxxxxxxxxxxxxx"
],

This is not causing any issue in the rest of the install process, but it is generating noise in the logs by displaying a fatal error, and shows the admin password and secret.
We observe this (at least) in versions 9.0.0 to 9.0.4.1.

Quickly looking at the code it seems to come from here: the fail condition is always true when rc!=0, because there can't be both "cluster-master" and "cluster-manager" at the same time in the stderr. I guess the OR condition should be made an AND.
Issue seems to be at different places.

commented

@tmaltaverne

updated a patch to the path:

docker pull splunk/splunk:b985591d12fd-patch

docker run --mount type=bind,source="PATH_TO_CUSTOM_CONFIG/my_conf.yml",target=/tmp/defaults/default.yml -p 8000:8000 -p 8080:8080 -e "SPLUNK_PASSWORD=trypass@" -e "SPLUNK_START_ARGS=--accept-license" --name so1 -it splunk/splunk:b985591d12fd-patch

contents of config file

hide_password: true
splunk:
  conf:
    - key: authentication
      value:
        directory: /opt/splunk/etc/apps/ldap-password/local
        content:
          iissplunkldap:
            bindDN: CN=app-trial,OU=Applications,OU=Special,OU=Users,OU=Sites,OU=Global,DC=iis,DC=customer,DC=net
            bindDNpassword: DO_NOT_SHOW_MY_PASS
          iissplunkldapsvc:
            bindDN: CN=app-trial,OU=Applications,OU=Special,OU=Users,OU=Sites,OU=Global,DC=iis,DC=customer,DC=net
            bindDNpassword: DO_NOT_SHOW_MY_PASS
    - key: authentication
      value:
        directory: /opt/splunk/etc/master-apps/ldap-password/local
        content:
          iissplunkldap:
            bindDN: CN=app-trial,OU=Applications,OU=Special,OU=Users,OU=Sites,OU=Global,DC=iis,DC=customer,DC=net
            bindDNpassword: DO_NOT_SHOW_MY_PASS
          iissplunkldapsvc:
            bindDN: CN=app-trial,OU=Applications,OU=Special,OU=Users,OU=Sites,OU=Global,DC=iis,DC=customer,DC=net
            bindDNpassword: DO_NOT_SHOW_MY_PASS

the changes included in the patch image are from this MR: #772