docker-splunk-legacy icon indicating copy to clipboard operation
docker-splunk-legacy copied to clipboard
verified publisher icon splunk

docker image for splunk 7.1.0 fails file integrity validation

Open skwongg opened this issue 7 years ago • 1 comments

I'm not sure if this version is still supported but I found 3 app files are failing file integrity check and yield different sha256 hashes in the docker image vs. direct tar install. The hashes in the manifest file are consistent with the direct tar installation but not with the files from docker. I can suppress the errors for now or edit the manifest, but both of those solutions are not ideal since I don't want to bake these into my cluster management scripts. I've checked on different machines and environments and arrived at the same result (some local, some staging and some live). Thanks!

Docker version: docker version 18.03.1-ce

Steps to reproduce: docker pull splunk/splunk:7.1.0 docker run -d -it splunk/splunk:7.1.0 docker exec -it <container_name> bash ./bin/splunk validate files

results in:

File '/opt/splunk/share/splunk/migration/app_contents_SplunkDeploymentMonitor.tar.gz' changed. File '/opt/splunk/share/splunk/migration/app_contents_unix.tar.gz' changed. File '/opt/splunk/share/splunk/migration/app_contents_windows.tar.gz' changed.

Compared with the tar.gz downloaded hashes they are different.

run sha256sum against these files: sha256sum /opt/splunk/share/splunk/migration/app_contents_*

output: b3f57820ec6af9c62d6685a6a7a7a2ff7f039be2712c04c1f190785afc34fdc4 /opt/splunk/share/splunk/migration/app_contents_SplunkDeploymentMonitor.tar.gz 75728e3fa3b43e7c9214f36df7cb483079d5d14511b754fd14b439bf0d1ad3bd /opt/splunk/share/splunk/migration/app_contents_unix.tar.gz b141a423f3b7822673465776596fc8278c12e793b6b1f108045b063c975c130f /opt/splunk/share/splunk/migration/app_contents_windows.tar.gz

To grep the manifest file for the hashes it was expecting for these files (run from $SPLUNK_HOME): grep "app_contents_" splunk-7.1.0-2e75b3406c5b-linux-2.6-x86_64-manifest

which results in:

f 444 splunk splunk splunk/share/splunk/migration/app_contents_SplunkDeploymentMonitor.tar.gz 3478cfae2593f6be92fc084f2d195c27be13e11441d4118116e27010a2a041d5 f 444 splunk splunk splunk/share/splunk/migration/app_contents_unix.tar.gz 98cc648a8a0c6901f7d3bb585e8597f410df628ee81e1c65082c63195794e283 f 444 splunk splunk splunk/share/splunk/migration/app_contents_windows.tar.gz 2ae56598076bee59f46823ae3957eb2f422be83976774493423684ab7281dd3e

skwongg avatar Jun 19 '18 18:06 skwongg

I saw that too but in case of 7.1.1 I have not seen this issue anymore https://github.com/outcoldman/docker-splunk/tree/splunk_7_1_1 I have not created a PR yet, but feel free to apply this change on top and give it a try https://github.com/outcoldman/docker-splunk/commit/a1c2e8e36f2620f3ad454622c8a57682c90d3931

outcoldman avatar Jun 20 '18 21:06 outcoldman