splunk
First time configurations don't work for splunk 7.1.0 image
The entrypoint has a lot of configuration features based on authenticating as admin using -auth admin:changeme
SPLUNK_ENABLE_DEPLOY_SERVERSPLUNK_DEPLOYMENT_SERVERSPLUNK_ENABLE_LISTENSPLUNK_FORWARD_SERVERSPLUNK_FORWARD_SERVER_*SPLUNK_ADDSPLUNK_ADD_*
In the 7.1.0 docker image, unlike 7.0.x, the admin password is set at the begining of first time configuration (rather than via the webpage after the first time configuration is done), before these configurations steps run. So the password has already been changed from changeme and none of the splunk configurations work.
Temporary workarround
Set your command to (for example, in a docker-compose.yml file
command: |
bash -c "
if [ -e /opt/splunk/etc/str ]; then
rm -f /opt/splunk/ftr
exec /sbin/entrypoint.sh start-service
else
touch /opt/splunk/etc/str
exec /sbin/entrypoint.sh start-service --seed-passwd changeme
fi
"
At least this way, the password is changeme, and everything works. Only downside to this is the webpage no longer tells you to change the password after logging in, like it did in 7.0.x
Wow! I was just tracking down why my cluster Arg commands didnt work.
Thank you!!!!
@andyneff I believe you can just run --env SPLUNK_START_ARGS="--accept-license --answer-yes --seed-passwd changeme" (see https://www.outcoldsolutions.com/blog/2018-04-25-docker-splunk-7-1-0/) and you should be able to use all of the configuration commands.
I believe these environment variables should be deprecated, instead there are should be a simple solution to write configuration files directly, maybe similar to https://github.com/outcoldman/docker-splunk-cluster#how-it-works
@outcoldman Thanks, --seed-passwd is the better way I couldn't find.
I totally agree that it looks like a new way to implement the environment features should be added to this image.