Closed esbse2010 closed 5 months ago
guilhemmarchand
commented
2 years ago Hi @esbse2010
This sounds like this is happening at the level of UCC framework, which the TA is built on. The Splunk UCC framework is basically the backend providing the features developping Splunk TAs.
I am not usually testing under Windows, either it's a Windows thing happening, or linked to your environment, what is the Splunk version and OS version you are running on please?
esbse2010
commented
2 years ago It might be a windows thing. I installed the app in our test server and I'm getting the same thing. Then I installed it on my home lab, which is linux, and that works fine.
It's running on Windows Server 2016, and Splunk 8.1.0.
guilhemmarchand
commented
2 years ago Can you please try this preview release:
https://github.com/guilhemmarchand/TA-ms-teams-alert-action/releases/tag/1.1.5
The issue could have been identified and fixed in the meantime by Splunk, this version comes with the latest ucc libs (6.x)
Let me know
esbse2010
commented
2 years ago Still didn't work, Might be our environment. Works in my home lab (linux) and in out test server(windows), just not the prod server(windows). I reverted back to 1.0.20 and that seems to work.
RyoOhki
commented
2 years ago I have the same issue.
From splunkd.log
05-19-2022 13:29:30.219 +0800 ERROR AdminManagerExternal [24909 TcpChannelThread] - Stack trace from python handler:\nTraceback (most recent call last):\n File "/data/splunk/lib/python3.7/site-packages/splunk/admin.py", line 107, in init_persistent\n hand = handler(mode, ctxInfo, data)\n File "/data/splunk/etc/apps/TA-ms-teams-alert-action/lib/splunktaucclib/rest_handler/admin_external.py", line 82, in __init__\n get_splunkd_endpoint(),\n File "/data/splunk/etc/apps/TA-ms-teams-alert-action/lib/splunktaucclib/rest_handler/admin_external.py", line 64, in get_splunkd_endpoint\n splunkd_uri = get_splunkd_uri()\n File "/data/splunk/etc/apps/TA-ms-teams-alert-action/lib/solnlib/splunkenv.py", line 209, in get_splunkd_uri\n scheme, host, port = get_splunkd_access_info()\n File "/data/splunk/etc/apps/TA-ms-teams-alert-action/lib/solnlib/splunkenv.py", line 181, in get_splunkd_access_info\n if utils.is_true(get_conf_key_value("server", "sslConfig", "enableSplunkdSSL")):\n File "/data/splunk/etc/apps/TA-ms-teams-alert-action/lib/solnlib/splunkenv.py", line 228, in get_conf_key_value\n stanzas = get_conf_stanzas(conf_name)\n File "/data/splunk/etc/apps/TA-ms-teams-alert-action/lib/solnlib/splunkenv.py", line 283, in get_conf_stanzas\n parser.readfp(StringIO(out))\n File "/data/splunk/lib/python3.7/configparser.py", line 762, in readfp\n self.read_file(fp, source=filename)\n File "/data/splunk/lib/python3.7/configparser.py", line 717, in read_file\n self._read(f, source)\n File "/data/splunk/lib/python3.7/configparser.py", line 1110, in _read\n raise e\nconfigparser.ParsingError: Source contains parsing errors: '<???>'\n [line 294]: '期限:1 年\n'\n [line 295]: '开始:2021-06-30\n'\n [line 301]: '期限:1 年\n'\n [line 302]: '开始:2022-05-17\n'\n
05-19-2022 13:29:30.219 +0800 ERROR AdminManagerExternal [24909 TcpChannelThread] - Unexpected error "<class 'configparser.ParsingError'>" from python handler: "Source contains parsing errors: '<???>'\n [line 294]: '期限:1 年\n'\n [line 295]: '开始:2021-06-30\n'\n [line 301]: '期限:1 年\n'\n [line 302]: '开始:2022-05-17\n'". See splunkd.log/python.log for more details.Our environment : Linux kernel is 4.14.238-182.422.amzn2.x86_64 Splunk version first is 8.2.2 when this issue show up. Then I upgrade splunk instance , it is 8.2.6 now, the problem is still there.
guilhemmarchand
commented
2 years ago Hi @RyoOhki
Have you fixed your issue?
When the configuration page of an Addon refuses to load, this likely due to an existing credential file in a different Addon which Splunk cannot decrypt properly, because the configuration of the Addon was changed. (an uograde)
Like this: https://github.com/guilhemmarchand/TA-jira-service-desk-simple-addon/issues/131
Generally the Palo Alto Addon
RyoOhki
commented
2 years ago I have not fixed it. Recently I did not upgrade or install new add-on/app. It is showed up on 2022-05-17 by itself. I found this date in log. Are they related with this issue?
The chinese in the log meaning => 期限 : term/retention 年 : year 开始 : start
05-24-2022 18:34:50.008 +0800 ERROR AdminManagerExternal [15257 TcpChannelThread] - Unexpected error "<class 'configparser.ParsingError'>" from python handler: "Source contains parsing errors: '<???>'\n [line 294]: '期限:1 年\n'\n [line 295]: '开始:2021-06-30\n'\n [line 301]: '期限:1 年\n'\n [line 302]: '开始:2022-05-17\n'". See splunkd.log/python.log for more details.
| 05-24-2022 18:34:50.008 +0800 ERROR AdminManagerExternal [15257 TcpChannelThread] - Stack trace from python handler:\nTraceback (most recent call last):\n File "/data/splunk/lib/python3.7/site-packages/splunk/admin.py", line 107, in init_persistent\n hand = handler(mode, ctxInfo, data)\n File "/data/splunk/etc/apps/TA-ms-teams-alert-action/lib/splunktaucclib/rest_handler/admin_external.py", line 82, in init\n get_splunkd_endpoint(),\n File "/data/splunk/etc/apps/TA-ms-teams-alert-action/lib/splunktaucclib/rest_handler/admin_external.py", line 64, in get_splunkd_endpoint\n splunkd_uri = get_splunkd_uri()\n File "/data/splunk/etc/apps/TA-ms-teams-alert-action/lib/solnlib/splunkenv.py", line 207, in get_splunkd_uri\n scheme, host, port = get_splunkd_access_info()\n File "/data/splunk/etc/apps/TA-ms-teams-alert-action/lib/solnlib/splunkenv.py", line 179, in get_splunkd_access_info\n if utils.is_true(get_conf_key_value("server", "sslConfig", "enableSplunkdSSL")):\n File "/data/splunk/etc/apps/TA-ms-teams-alert-action/lib/solnlib/splunkenv.py", line 226, in get_conf_key_value\n stanzas = get_conf_stanzas(conf_name)\n File "/data/splunk/etc/apps/TA-ms-teams-alert-action/lib/solnlib/splunkenv.py", line 279, in get_conf_stanzas\n parser.readfp(StringIO(out))\n File "/data/splunk/lib/python3.7/configparser.py", line 762, in readfp\n self.read_file(fp, source=filename)\n File "/data/splunk/lib/python3.7/configparser.py", line 717, in read_file\n self._read(f, source)\n File "/data/splunk/lib/python3.7/configparser.py", line 1110, in _read\n raise e\nconfigparser.ParsingError: Source contains parsing errors: '<???>'\n [line 294]: '期限:1 年\n'\n [line 295]: '开始:2021-06-30\n'\n [line 301]: '期限:1 年\n'\n [line 302]: '开始:2022-05-17\n'\n
RyoOhki
commented
2 years ago Hi @guilhemmarchand I think I found the reason about this issue, It is a little unexpected. Recently my colleague add some contents into the description of license pool, and the issue showed up after that. It is little convenient for us, because we cannot use this to put some mark on lic pool. Thanks for your time and this addon is really good for our team.
guilhemmarchand
commented
2 years ago Sorry for very late replying @RyoOhki Having been very busy, I had to prioritize.
Do you have any more information / updates? I am about to refresh the version in Splunk Base with latest libs from Splunk UCC (SDK etc) - maybe this can help
RyoOhki
commented
2 years ago Sorry for very late replying @RyoOhki Having been very busy, I had to prioritize.
Do you have any more information / updates? I am about to refresh the version in Splunk Base with latest libs from Splunk UCC (SDK etc) - maybe this can help
After delete contents in description of license pool, the problem was fixed. Hope new version will fix this issue completely.
FrancoisTernois
commented
2 years ago Hi @guilhemmarchand, First of all, thank you for this AddOn :) I'm currently having this issue when loading configuration page even when deleting other passwords.conf. Splunk runs on SHC Linux platform for me.
Splunk version : 9.0.1 TA version : 1.1.5
How can I solve this please ? Regards
guilhemmarchand
commented
2 years ago Hi @FrancoisTernois
Hum right, I haven't been able to reproduce this on a fresh virgin standalone 9.0.1 instance. Checking on a fresh distributed in 9.0.1 with SHC.
My feeling is that is caused by a third party app somehow, do you see any traces in the console when you right click in your Web Browser and go with the developer tools?
Guilhem
guilhemmarchand
commented
2 years ago @FrancoisTernois
Unfortunately I couldn't replicate this either on a fresh fully distributed deployment in 9.0.1 with SHC (RHEL 8) Another thing must come into account, odd
Guilhem
FrancoisTernois
commented
2 years ago Thank you for your reply. It seems to be a passwords.conf issue again. I solved this by :
From splunkd.log 03-02-2022 10:23:44.314 +0800 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n File "D:\Program Files\Splunk\Python-3.7\lib\site-packages\splunk\admin.py", line 108, in init_persistent\n hand = handler(mode, ctxInfo, data)\n File "D:\Program Files\Splunk\etc\apps\TA-ms-teams-alert-action\lib\splunktaucclib\rest_handler\admin_external.py", line 82, in init\n get_splunkd_endpoint(),\n File "D:\Program Files\Splunk\etc\apps\TA-ms-teams-alert-action\lib\splunktaucclib\rest_handler\admin_external.py", line 64, in get_splunkd_endpoint\n splunkd_uri = get_splunkd_uri()\n File "D:\Program Files\Splunk\etc\apps\TA-ms-teams-alert-action\lib\solnlib\splunkenv.py", line 209, in get_splunkd_uri\n scheme, host, port = get_splunkd_access_info()\n File "D:\Program Files\Splunk\etc\apps\TA-ms-teams-alert-action\lib\solnlib\splunkenv.py", line 181, in get_splunkd_access_info\n if utils.is_true(get_conf_key_value("server", "sslConfig", "enableSplunkdSSL")):\n File "D:\Program Files\Splunk\etc\apps\TA-ms-teams-alert-action\lib\solnlib\splunkenv.py", line 228, in get_conf_key_value\n stanzas = get_conf_stanzas(conf_name)\n File "D:\Program Files\Splunk\etc\apps\TA-ms-teams-alert-action\lib\solnlib\splunkenv.py", line 274, in get_conf_stanzas\n btool_cli, stdout=subprocess.PIPE, stderr=subprocess.PIPE\n File "D:\Program Files\Splunk\Python-3.7\lib\subprocess.py", line 800, in init\n restore_signals, start_new_session)\n File "D:\Program Files\Splunk\Python-3.7\lib\subprocess.py", line 1207, in _execute_child\n startupinfo)\nOSError: [WinError 193] %1 is not a valid Win32 application\n
From Chrome: