UF Containers broken for all 9.x Images #557
Assignees
Comments
chuck-confluent
referenced
this issue
in splunk/splunk-ansible
Oct 25, 2022
When a Pod resets, a new pod comes up and uses the same persistent `etc` and `var` locations. Pod reset causes the file permissions to change. Open permissions on `var/lib/splunk/kvstore/mongo/splunk.key` causing the Mongod 4.2.17 to come up during the migration path, that way the mongod is marked to start with 3.6.x, and that fails forever as the existing mongod db is already 4.2.x compatiable.
|
@alishamayor , has this been tested before it has been approved? Because it broke everything. splunk/splunk-ansible@81b552d#commitcomment-87802600 |
|
I've raised this to splunk via there support portal; case ref is 3200123 Will update this once I hear back. |
|
I got the following response; it's a known issue This is a known Docker bug, its currently working in progress with Expected fix: 9.1.0 Workaround:
Or this can be confgured:
https://community.splunk.com/t5/Installation/Upgrading-Universal-Forwarder-8-x-x-to-9-x-x-does-not-work/m-p/619919_I've asked for a date when version 9.1.0 will be released. |
Hi @Adam2Marsh , |
|
This was fixed in 9.0.5; I haven't tested it myself but assured it is. |
|
Thanks @Adam2Marsh, but I have tried 9.0.5 and it is NOT fixed. That's why I asked if you got any response for the release date of 9.1.0 |
|
I can't believe why it's taking so much time to fix this bug, which has been going on since September. Instead, you have to use 8.2.X versions which are quite risky from a security point of view. The whole ansible process gets stuck when it comes to a task where it needs to call ./splunk. For example:
If you go inside the container and kill of those process, you will get the following error message: |
|
Hey All, Re-raising back to splunk now... as I've doubled check and yep you still need the workaround to make 9.0.5 |
|
9.0.5 was updated yesterday. I was able to get the UF running with the following command - Can you try now with the newly released image? |
|
Thanks, it is working now. |
|
Hi, @Adam2Marsh can you please suggest how that workaround can be run as part of a Dockerfile etc..? Thursday 13 July 2023 16:49:19 +0000 (0:00:00.062) 0:00:08.499 *********
TASK [splunk_common : include_tasks] *************************************************************************************************************************************************
included: /opt/ansible/roles/splunk_common/tasks/get_splunk_status.yml for localhost
ok: [localhost]
Thursday 13 July 2023 16:49:19 +0000 (0:00:00.242) 0:00:08.742 *********
@splunk when will this be fixed? It does not make sense to release newer versions if your offical docker image does not support or is incompatible with said version? Thanks |
|
@Iammusa18 double check you're not running an old cached version of the Run |
yes, I ran into the same problem, but as @bdalpe mentions, you need to refresh the image. |
|
Thanks, the current 9.0.5 Image finally works again. I'll close the issue now. |
As suggested please try re-fetching the image 🙂 |
|
Yeah my bad. Re-fetching image has worked!! Silly me. thanks all |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi folks,
apparently all the UF Images for Version 9.x seem to be broken.
The ansible playbooks always get stuck at task Get Splunk status.
I tried to troubleshoot the problem, but wasn't able to find the problem, yet. Here are my findings so far:
I don't know why the same command fails when it is executed by ansible. All could image is that some environment variables could differ. I didn't check this, yet.
The text was updated successfully, but these errors were encountered: