Comments (12)
I am running into this same issue. Any help would be appreciated!
from docker-splunk-legacy.
Hey @bretthamilton, were you able to use the workaround of adding the start args @Raab70 mentioned above?
Will check test this further.
from docker-splunk-legacy.
It's because /opt/splunk/ftr
needs to be removed after first initialization, which isn't currently being done. So every time the container restarts, /opt/splunk/ftr
is recovered because it's baked into the container. Maybe @halr9000 or one of the other maintainers can add a patch into entrypoint.sh
from docker-splunk-legacy.
Hi, I could handle this problem when I don't have persistent volume. Does anyone know how to solve this?. Or at least how could I do to add a patch like @foxx said.
from docker-splunk-legacy.
please solve this problem, also facing into it.
from docker-splunk-legacy.
Let's revisit this with the next Splunk release. Some changes were made to first-time run behavior, and I know they had to touch the Dockerfile, so this issue might go away.
(No, I can't commit to when this release will happen. Sit tight!)
from docker-splunk-legacy.
Feels that the problem is with the share
folder, possible it will require the same as etc
folder, looks like migration keeps some state here. So additional volume needs to be created, and backup of the share
folder copied on the first start.
With Splunk 7.1.0 you will see behavior that integrity checks fail for installed files.
from docker-splunk-legacy.
The /etc/splunk/ftr
mechanism is the same in 7.1.0, and you still have this problem in 7.1.0
Workaround
Here's a snippet from my docker-compose.yml
file to fix this
Updated: @boojew pointed out I missed including my SPLUNK_START_ARGS
command: |
bash -c "
if [ -e /opt/splunk/etc/str ]; then
rm -f /opt/splunk/ftr
exec /sbin/entrypoint.sh start-service
else
touch /opt/splunk/etc/str
exec /sbin/entrypoint.sh start-service --seed-passwd changeme
fi
"
environment:
# bug https://github.com/splunk/docker-splunk/issues/59
- SPLUNK_START_ARGS=--accept-license --answer-yes
# Also suggested, set
# - SPLUNK_ENABLE_LISTEN=9997
# - SPLUNK_ADD=tcp 1514
# - SPLUNK_ADD_1=monitor '/var/log/*' -sourcetype linux_logs -index yourindex
# - SERVER_NAME=your.server.name
volumes:
- splunk_etc:/opt/splunk/etc
- splunk_var:/opt/splunk/var
- splunk_share:/opt/splunk/share/splunk/search_mrsparkle/modules
If you don't add the splunk_share
volume, the webserver fails to come up the second time.
The -f
in rm
is important, when the same container is restarted.
Note: I don't actually use the --answer-yes
flag, even when I upgraded from 7.1.0 to 7.1.2
A Suggested Fix
Basically add the workaround to the entrypoint
from docker-splunk-legacy.
7.0.3 and still happening
from docker-splunk-legacy.
The
/etc/splunk/ftr
mechanism is the same in 7.1.0, and you still have this problem in 7.1.0Workaround
Here's a snippet from my
docker-compose.yml
file to fix thiscommand: | bash -c " if [ -e /opt/splunk/etc/str ]; then rm /opt/splunk/ftr else touch /opt/splunk/etc/str fi exec /sbin/entrypoint.sh start-service " volumes: - splunk_etc:/opt/splunk/etc - splunk_var:/opt/splunk/var - splunk_share:/opt/splunk/share/splunk/search_mrsparkle/modulesIf you don't add the
splunk_share
volume, the webserver fails to come up the second time.A Suggested Fix
Basically add the workaround to the entrypoint
Using this, the startup process continues, but splunkd never starts and attaches :(
from docker-splunk-legacy.
I found another workaround - change the environment variables:
- "SPLUNK_START_ARGS=--accept-license --seed-passwd --answer-yes"
from docker-splunk-legacy.
Still happens on 7.1.0 and 7.1.2
from docker-splunk-legacy.
Related Issues (20)
- Small error in documentation HOT 1
- [Errno 39] Directory not empty: '/opt/splunk/share/splunk/search_mrsparkle/modules.new/converters' HOT 2
- Splunk Universal Forwarder has hardcoded credentials in entrypoint.sh HOT 2
- Branch 7.0.1 not available on Docker Hub HOT 2
- Enterprise Security in Docker container HOT 1
- Error when attempting to run Splunk in Docker for Windows
- kubernetes 1.9.4 breaking universal forwarder with ConfigMap HOT 13
- master branch /tag latest doesn't pull 7.1.0 HOT 2
- failing to run/Permission denied HOT 1
- entrypoint.sh: no such file or directory HOT 2
- docker image for splunk 7.1.0 fails file integrity validation HOT 1
- First time configurations don't work for splunk 7.1.0 image HOT 4
- ARG commands - clustering
- license loading
- _meta data needs to be added as part of splunk cli HOT 1
- No logs in splunk HOT 12
- Include rfc5424-syslog plugin in *-monitor image by default HOT 2
- DeamonSet Logs : asking to set the password HOT 3
- Kubernetes/helm chart packaging? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-splunk-legacy.