unable to make target with given Dockerfile

[abshkd]

I get this error in both centos and debian build. I dont have issues running docker containers and images outside of this. Any clue as to whats causing this?

I believe the issue is with using sudo. Would it be better to go with USER instead of sudo?

make splunk-debian-9 output [snipped]

Step 13/17 : RUN sudo mkdir $SPLUNK_HOME/etc     && sudo mkdir $SPLUNK_HOME/var     && sudo chown -R ${SPLUNK_USER}:${SPLUNK_GROUP} $SPLUNK_HOME
 ---> Running in 2e34b5958f5d
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
The command '/bin/sh -c sudo mkdir $SPLUNK_HOME/etc     && sudo mkdir $SPLUNK_HOME/var     && sudo chown -R ${SPLUNK_USER}:${SPLUNK_GROUP} $SPLUNK_HOME' returned a non-zero code: 1
Makefile:56: recipe for target 'splunk-debian-9' failed
make: *** [splunk-debian-9] Error 1

[abshkd]

just doing USER root resolves this issue. If this is acceptable resolution then I can submit a PR. Perhaps there are other reasons for having a sudoer than I am not aware of.

[nwang92]

@abshkd Can you output your docker version and docker info for me? Also do you have buildkit enabled?

[abshkd]

docker info
Containers: 11
 Running: 9
 Paused: 0
 Stopped: 2
Images: 157
Server Version: 18.09.1
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9754871865f7fe2f4e74d43e2fc7ccd237edcbce
runc version: 96ec2177ae841256168fcf76954f7177af9446eb
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.15.0-43-generic
Operating System: Ubuntu 18.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 64
Total Memory: 125.8GiB
Name: tiny
ID: YQKR:AKLW:ELUR:PV3S:SRQZ:TMWU:D4Q4:JRPZ:NCA3:MYB4:SLTX:CJNV
Docker Root Dir: /mnt/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

WARNING: No swap limit support

docker version
Client:
 Version:           18.09.1
 API version:       1.39
 Go version:        go1.10.6
 Git commit:        4c52b90
 Built:             Wed Jan  9 19:35:31 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.1
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.6
  Git commit:       4c52b90
  Built:            Wed Jan  9 19:02:44 2019
  OS/Arch:          linux/amd64
  Experimental:     false

I dont know what is buildkit and have not used it before so I am assuming I dont have it enabled.

[nwang92]

I believe your issue is related to where you have Docker installed? Your docker info shows:

Docker Root Dir: /mnt/docker

Normally, Docker keeps its contents in /var/lib/docker which is owned by root:root. Is this a shared mount point? Either way, it seems like the permissions of this mount point which Docker is trying to use is too restrictive, and thus the docker build command within the Makefile is failing.

[abshkd]

I dont run docker in root. Its running as user. You are spot on, it appears to be that Splunk requires root ownership in order to run. I dont have this issue with other docker images. This isnt a shared mount point but the system has 8 drives with LVM RAID, I simply remapped /var/lib/docker to something easier to manage administratively. Not to worry. I will close this bug report. sorry for the delay in response

On Tue, Feb 19, 2019 at 9:16 AM Nelson Wang notifications@github.com wrote:

I believe your issue is related to where you have Docker installed? Your docker info shows:

Docker Root Dir: /mnt/docker

Normally, Docker keeps its contents in /var/lib/docker which is owned by root:root. Is this a shared mount point? Either way, it seems like the permissions of this mount point which Docker is trying to use is too restrictive, and thus the docker build command within the Makefile is failing.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/splunk/docker-splunk/issues/118#issuecomment-465225897, or mute the thread https://github.com/notifications/unsubscribe-auth/AAvFHKnDeoqAScOHONgwXdAcmxjRRXv9ks5vPDF3gaJpZM4aZyq7 .

[abshkd]

Just an update. I got it to work with minor edits. I am on non-root docker with non-root splunk

[ivohechmann]

Just an update. I got it to work with minor edits. I am on non-root docker with non-root splunk

Hi @abshkd sounds good, I have the same problem (container in OpenShift run as random user). What edits did you do to get splunk image running as non-root-container-user?

[WafflesVonMaple]

Second @ivohechmann, @abshkd can you share the edits made?

[ivohechmann]

Second @ivohechmann, @abshkd can you share the edits made? Did not get it to work properly, so if there's a solution I'd be interested :)

[gordondu99]

can you share the edit, thanks!

PLAY [Run default Splunk provisioning] *****

TASK [Gathering Facts] ***** fatal: [localhost]: FAILED! => { "ansible_facts": {}, "changed": false, "failed_modules": { "ansible.legacy.setup": { "failed": true, "module_stderr": "sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 } } }

MSG:

The following modules failed to execute: ansible.legacy.setup

[gordondu99]

can you share the edit, thanks!

PLAY [Run default Splunk provisioning] *****

TASK [Gathering Facts] ***** fatal: [localhost]: FAILED! => { "ansible_facts": {}, "changed": false, "failed_modules": { "ansible.legacy.setup": { "failed": true, "module_stderr": "sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 } } }

MSG:

The following modules failed to execute: ansible.legacy.setup

[abshkd]

Apologies. I was under the impression that the way I fixed my setup was not recommended so I did not post it. I have left Splunk many years ago and no longer have this setup on me. If I come across it in my person I will submit here or in a separate repo. I don't recall much but I believe you can edit the Dockerfile to fix the issue where it needs root access.

[gordondu99]

@abshkd Great thanks for your kindly comment! Add docker-compose.yml with --security-opt with no-new-privileges=false the issue fixed, thanks!