search

splunk / splunk-ansible

Ansible playbooks for configuring and managing Splunk Enterprise and Universal Forwarder deployments
357 stars 186 forks source link

Docker container cannot be created due to conditional check for 'itsi' in `splunk_common/tasks/install_apps.yml` #838

Open vambavaram opened 6 months ago

vambavaram commented 6 months ago

hi!

I'm using the docker-splunk setup (https://github.com/splunk/docker-splunk?tab=readme-ov-file) to run splunk in a containerized instance. I've recently updated it to the latest version (9.2) and started seeing an issue that's preventing the creation of my docker container. It's in a crash-back loop.

so1  | TASK [splunk_standalone : Install app via REST] ********************************
so1  | fatal: [localhost]: FAILED! => {}
so1  | 
so1  | MSG:
so1  | 
so1  | The conditional check ''itsi' not in app_contents.stdout_lines' failed. The error was: error while evaluating conditional ('itsi' not in app_contents.stdout_lines): 'dict object' has no attribute 'stdout_lines'
so1  | 
so1  | The error appears to be in '/opt/ansible/roles/splunk_common/tasks/install_apps.yml': line 73, column 3, but may
so1  | be elsewhere in the file depending on the exact syntax problem.
so1  | 
so1  | The offending line appears to be:
so1  | 
so1  | 
so1  | - name: Install app via REST
so1  |   ^ here
so1  | 
so1  | 
so1  | PLAY RECAP *********************************************************************
so1  | localhost                  : ok=72   changed=14   unreachable=0    failed=1    skipped=80   rescued=0    ignored=0   
so1  | 
so1  | Tuesday 14 May 2024  15:18:11 +0000 (0:00:00.013)       0:01:09.313 *********** 
so1  | =============================================================================== 
so1  | splunk_common : Restart the splunkd service - Via CLI ------------------ 39.44s
so1  | splunk_common : Restart the splunkd service - Via CLI ------------------ 15.02s
so1  | Gathering Facts --------------------------------------------------------- 1.10s
so1  | splunk_common : Update Splunk directory owner --------------------------- 0.97s
so1  | splunk_common : Update /opt/splunk/etc ---------------------------------- 0.81s
so1  | splunk_common : Generate user-seed.conf (Linux) ------------------------- 0.52s
so1  | splunk_common : Check current license group ----------------------------- 0.48s
so1  | splunk_standalone : Setup global HEC ------------------------------------ 0.43s
so1  | splunk_standalone : Get existing HEC token ------------------------------ 0.40s
so1  | splunk_common : Activate free license ----------------------------------- 0.40s
so1  | splunk_common : Find manifests ------------------------------------------ 0.35s
so1  | splunk_common : Check for scloud ---------------------------------------- 0.31s
so1  | splunk_common : Hash the password --------------------------------------- 0.29s
so1  | splunk_common : Get Splunk status --------------------------------------- 0.27s
so1  | splunk_common : Get Splunk status --------------------------------------- 0.27s
so1  | splunk_common : Enable Splunkd SSL -------------------------------------- 0.26s
so1  | splunk_common : Set mgmt port ------------------------------------------- 0.25s
so1  | splunk_common : Remove user-seed.conf ----------------------------------- 0.24s
so1  | splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key --- 0.24s
so1  | splunk_common : Remove splunktcp-ssl input ------------------------------ 0.24s
so1 exited with code 0

The message seems to indicate that it's having trouble downloading the required apps from splunkbase. But i'm not sure what the conditional check for 'itsi' is.

I'm using a docker-compose file to create the setup programmatically . Here's what it looks like: 

version: "3.6"

services:
  so1:
    image: ${SPLUNK_IMAGE:-easmdevacr.azurecr.io/splunk:latest}
    container_name: so1
    environment:
      - SPLUNK_START_ARGS=--accept-license
      - SPLUNK_PASSWORD=<password>
      - SPLUNK_LICENSE_URI=Free
      - SPLUNK_HTTP_ENABLESSL=false
      - SPLUNK_APPS_URL=https://splunkbase.splunk.com/app/<appid>/release/1.3.0/download,https://splunkbase.splunk.com/app/<appid>/release/1.5.0/download
      - SPLUNKBASE_USERNAME=<username>
      - SPLUNKBASE_PASSWORD=<password>
    ports:
      - 8000:8000
    restart: unless-stopped

I've noticed that removing the variables to download the splunk apps successfully creates the container. Is there a bug in the ansible task i've pointed it preventing it from working correctly?

Also seeing the same issue on versions splunk 9.0 and 9.1 (https://hub.docker.com/r/splunk/splunk/#!)

Any ideas what's going on?