trackme
trackme copied to clipboard
guilhemmarchand
Problem on System with different network interfaces and the trackme app
Hey @guilhemmarchand,
running trackme 1.2.57 on splunk 8.1.5.
I have a system with different network interfaces and splunk is bound on a deviating ip than $HOSTNAME in splunk-launch.conf (via SPLUNK_BINDIP). I am not able to get kvstore backup running (response: Warn: exception encountered: [Errno 99] Cannot assign requested address) or do edits like change the priority of a data source over the modify context. Defining lagging classes and controlling the lagging value however is possible.
I already found a target_url = "https://localhost:" in trackme.py which I changed.
Do you have any ideas what I need to do to get the app fully working?
Hey @malso
Oh that is quite an interesting one - so basically on the local system, you can technically reach the API (splunkd) but because of SPLUNK_BINDIP splunkd will not reply to the originating query.
To be fair, there's quite a lot of calls made in the app to localhost, wether in the UI or at the lowest backend level (and this is going to tons more in TrackMe v2)
I see at least these:
./bin/trackme/modalert_trackme_auto_ack_helper.py: helper.writeevents(index="summary", host="localhost", source="localhost")
./bin/trackme/modalert_trackme_auto_ack_helper.py: # we are talking to localhost splunkd in SSL
./bin/trackme/modalert_trackme_auto_ack_helper.py: target_url = "https://localhost:" + str(splunkd_port) + str(endpoint_url)
./bin/trackme/modalert_trackme_free_style_rest_call_helper.py: helper.writeevents(index="summary", host="localhost", source="localhost")
./bin/trackme/modalert_trackme_free_style_rest_call_helper.py: # we are talking to localhost splunkd in SSL
./bin/trackme/modalert_trackme_free_style_rest_call_helper.py: target_url = "https://localhost:" + str(splunkd_port) + str(endpoint_url)
./bin/trackme/modalert_trackme_free_style_rest_call_helper.py: record_url = 'https://localhost:' + str(splunkd_port) \
./bin/trackme/modalert_trackme_smart_status_helper.py: helper.writeevents(index="summary", host="localhost", source="localhost")
./bin/trackme/modalert_trackme_smart_status_helper.py: # we are talking to localhost splunkd in SSL
./bin/trackme/modalert_trackme_smart_status_helper.py: target_url = "https://localhost:" + str(splunkd_port) + str(endpoint_url)
./bin/trackme/modalert_trackme_smart_status_helper.py: record_url = 'https://localhost:' + str(splunkd_port) \
./bin/trackme.py: target_url = "https://localhost:" + str(splunkd_port) + str(self.url)
./bin/trackme_rest_handler_smart_status.py: record_url = 'https://localhost:' + str(splunkd_port) \
./bin/trackme_rest_handler_smart_status.py: record_url = 'https://localhost:' + str(splunkd_port) \
./bin/trackme_rest_handler_smart_status.py: record_url = 'https://localhost:' + str(splunkd_port) \
One option I guess would be to provide something configurable in the configuration UI where you can use a different destination than localhost, but might be quite a work. (and I am focussing on TrackMe v2)
I will need to do some testings to understand where would be the failures in your context
Hey @guilhemmarchand,
Thank you for your fast answer. Unfortunately it did not help.
I deleted all python cache files.
Additionally I changed all occurrences of socket.gethostname() with the fqdn of the ip I'm using for Splunk.
Hey @guilhemmarchand I got it working, but only by change every occurence of loocalhost to the bindip. And by working I mean I was just not ablw to change the priority, and I have no idea if I broke something :) Files I edited: ./bin/trackme/modalert_trackme_auto_ack_helper.py ./bin/trackme/modalert_trackme_free_style_rest_call_helper.py ./bin/trackme/modalert_trackme_smart_status_helper.py ./bin/trackme.py ./bin/trackme_rest_handler_smart_status.py ./lib/splunklib/binding.py ./lib/splunktalib/credentials.py ./lib/urllib3/exceptions.py
Thanks @malso
./bin/trackme/modalert_trackme_auto_ack_helper.py
./bin/trackme/modalert_trackme_free_style_rest_call_helper.py
./bin/trackme/modalert_trackme_smart_status_helper.py
./bin/trackme.py
./bin/trackme_rest_handler_smart_status.py
Makes sense, the localhost call is hard coded.
./lib/splunklib/binding.py
./lib/splunktalib/credentials.py
./lib/urllib3/exceptions.py
That probably shouldn't be necessary.
I am planning to provide a configurable option for the splunkd host target, such that someone in your case can switch from localhost to the bind IP / FQDN / host.
Will revert in this issue.