Docker container cannot be created due to conditional check for 'itsi' in splunk_common/tasks/install_apps.yml #838
Description
hi!
I'm using the docker-splunk setup (https://github.com/splunk/docker-splunk?tab=readme-ov-file) to run splunk in a containerized instance. I've recently updated it to the latest version (9.2) and started seeing an issue that's preventing the creation of my docker container. It's in a crash-back loop.
so1 | TASK [splunk_standalone : Install app via REST] ********************************
so1 | fatal: [localhost]: FAILED! => {}
so1 |
so1 | MSG:
so1 |
so1 | The conditional check ''itsi' not in app_contents.stdout_lines' failed. The error was: error while evaluating conditional ('itsi' not in app_contents.stdout_lines): 'dict object' has no attribute 'stdout_lines'
so1 |
so1 | The error appears to be in '/opt/ansible/roles/splunk_common/tasks/install_apps.yml': line 73, column 3, but may
so1 | be elsewhere in the file depending on the exact syntax problem.
so1 |
so1 | The offending line appears to be:
so1 |
so1 |
so1 | - name: Install app via REST
so1 | ^ here
so1 |
so1 |
so1 | PLAY RECAP *********************************************************************
so1 | localhost : ok=72 changed=14 unreachable=0 failed=1 skipped=80 rescued=0 ignored=0
so1 |
so1 | Tuesday 14 May 2024 15:18:11 +0000 (0:00:00.013) 0:01:09.313 ***********
so1 | ===============================================================================
so1 | splunk_common : Restart the splunkd service - Via CLI ------------------ 39.44s
so1 | splunk_common : Restart the splunkd service - Via CLI ------------------ 15.02s
so1 | Gathering Facts --------------------------------------------------------- 1.10s
so1 | splunk_common : Update Splunk directory owner --------------------------- 0.97s
so1 | splunk_common : Update /opt/splunk/etc ---------------------------------- 0.81s
so1 | splunk_common : Generate user-seed.conf (Linux) ------------------------- 0.52s
so1 | splunk_common : Check current license group ----------------------------- 0.48s
so1 | splunk_standalone : Setup global HEC ------------------------------------ 0.43s
so1 | splunk_standalone : Get existing HEC token ------------------------------ 0.40s
so1 | splunk_common : Activate free license ----------------------------------- 0.40s
so1 | splunk_common : Find manifests ------------------------------------------ 0.35s
so1 | splunk_common : Check for scloud ---------------------------------------- 0.31s
so1 | splunk_common : Hash the password --------------------------------------- 0.29s
so1 | splunk_common : Get Splunk status --------------------------------------- 0.27s
so1 | splunk_common : Get Splunk status --------------------------------------- 0.27s
so1 | splunk_common : Enable Splunkd SSL -------------------------------------- 0.26s
so1 | splunk_common : Set mgmt port ------------------------------------------- 0.25s
so1 | splunk_common : Remove user-seed.conf ----------------------------------- 0.24s
so1 | splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key --- 0.24s
so1 | splunk_common : Remove splunktcp-ssl input ------------------------------ 0.24s
so1 exited with code 0
The message seems to indicate that it's having trouble downloading the required apps from splunkbase. But i'm not sure what the conditional check for 'itsi' is.
I'm using a docker-compose file to create the setup programmatically . Here's what it looks like:
version: "3.6"
services:
so1:
image: ${SPLUNK_IMAGE:-easmdevacr.azurecr.io/splunk:latest}
container_name: so1
environment:
- SPLUNK_START_ARGS=--accept-license
- SPLUNK_PASSWORD=<password>
- SPLUNK_LICENSE_URI=Free
- SPLUNK_HTTP_ENABLESSL=false
- SPLUNK_APPS_URL=https://splunkbase.splunk.com/app/<appid>/release/1.3.0/download,https://splunkbase.splunk.com/app/<appid>/release/1.5.0/download
- SPLUNKBASE_USERNAME=<username>
- SPLUNKBASE_PASSWORD=<password>
ports:
- 8000:8000
restart: unless-stopped
I've noticed that removing the variables to download the splunk apps successfully creates the container. Is there a bug in the ansible task i've pointed it preventing it from working correctly?
Also seeing the same issue on versions splunk 9.0 and 9.1 (https://hub.docker.com/r/splunk/splunk/#!)
Any ideas what's going on?