Open hohenhe1m opened 7 months ago
hortonew
commented
7 months ago It looks like the surrounding steps now use splunk_api, which by default does not verify SSL/TLS certs. This step for Remove existing HEC token still uses the uri module, and recently removed "validate_certs: false", causing this problem (because the default is to verify certs).
cderocco5
commented
6 months ago This change breaks in 9.1.4 also. The "Remove existing HEC token" task needs the validate_certs: false tasks added back or else the docker container fails to complete with error: Status code was -1 and not [200, 404]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091).
This is preventing my team from upgrading from 9.1.2 to 9.1.4. And 9.1.4 has a high vulnerability fix according to the splunk advisory.
Hello,
We are using Splunk docker images in a K8S environment to spawn a cluster. I have recently try to update from 9.0.8 to 9.0.9 and I have got this error from indexers and standalone nodes :
`TASK [splunk_standalone : Remove existing HEC token] *** fatal: [localhost]: FAILED! => { "changed": false, "elapsed": 0, "redirected": false, "status": -1, "url": "https://127.0.0.1:8089/services/data/inputs/http/splunk_hec_token", "warnings": [ "Module did not set no_log for password" ] }
MSG:
Status code was -1 and not [200, 404]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)>`
I have tested locally in the pod, I am able with curl to
curl -k -u admin:pass https://localhost:8089/services/data/inputs/http/splunk_hec_token -d "remove"
and it's working as expected.
I rollback to 9.0.8 and everything is working as expected, can you try to help ?
Vincent