Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Splunk 9.1.3 has a regression on the SPLUNKD_SSL_ENABLE variable #639

Closed
Amndeep7 opened this issue Jan 30, 2024 · 3 comments
Closed

Splunk 9.1.3 has a regression on the SPLUNKD_SSL_ENABLE variable #639

Amndeep7 opened this issue Jan 30, 2024 · 3 comments

Comments

@Amndeep7
Copy link

Running docker run -it --rm -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=Valid_password!" -e "SPLUNKD_SSL_ENABLE=false" -e GITHUB_ACTIONS=true -e CI=true -p 8089:8089 -p 8088:8088 -v "/$(pwd)/test/configs/splunk/server.conf":"/etc/system/local/server.conf" splunk/splunk:9.1.2 works w/r to spinning up a usable splunk instance.

Github actions run that contains the ansible output: https://github.com/mitre/heimdall2/actions/runs/7718282174/job/21039190919?pr=5410

var/log/splunkd.log output from a locally spun up container: https://gist.github.com/Amndeep7/9d65c8dedd0739cc82bc682295bcc6f0

Running docker run -it --rm -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=Valid_password!" -e "SPLUNKD_SSL_ENABLE=false" -e GITHUB_ACTIONS=true -e CI=true -p 8089:8089 -p 8088:8088 -v "/$(pwd)/test/configs/splunk/server.conf":"/etc/system/local/server.conf" splunk/splunk:latest causes the container to eventually timeout in an unhealthy state.

Github actions run that contains the ansible output: https://github.com/mitre/heimdall2/actions/runs/7716678293/job/21034050807?pr=5410

var/log/splunkd.log output from a locally spun up container: https://gist.github.com/Amndeep7/539aec96e2c1a02a40a9c863986f41bd

The server.conf file is extremely minimal.

test/configs/splunk/server.conf 
$ cat test/configs/splunk/server.conf
#  List of the HTTP Origins for which to return Access-Control-Allow-* (CORS)
#   headers.
#  These headers tell browsers that web applications are trusted at those sites
#   to make requests to the REST interface.
#  The origin is passed as a URL without a path component (for example
#   "https://app.example.com:8000").
#  This setting can take a list of acceptable origins, separated
#   by spaces and/or commas.
#  Each origin can also contain wildcards for any part.  Examples:
#     *://app.example.com:*  (either HTTP or HTTPS on any port)
#     https://*.example.com  (any host under example.com, including
#     example.com itself)
#  An address can be prefixed with a '!' to negate the match, with
#   the first matching origin taking precedence.  For example,
#   "!*://evil.example.com:* *://*.example.com:*" to not avoid
#   matching one host in a domain
#  A single "*" can also be used to match all origins
#  No default.

[httpServer]
crossOriginSharingPolicy = *
@Amndeep7 Amndeep7 mentioned this issue Jan 30, 2024
Merged
3 tasks
@yarick
Copy link

yarick commented Jan 31, 2024

Could this be related to the removal of Python2 support?

@Amndeep7
Copy link
Author

Looking at the patch notes, it might also have been something that accidentally broke when work was done with the HEC envvars.

@Amndeep7 Amndeep7 mentioned this issue Feb 1, 2024
Open
@Amndeep7
Copy link
Author

Retrying on the latest splunk/splunk image, which I believe is 9.2.1, has worked. I believe this regression has been resolved, so I am closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Amndeep7 @yarick