https://community.splunk.com/t5/Security/Splunk-Docker-container-error-quot-cannot-create-opt-container/m-p/428304#M10095 <P>Answering my own question, in case it helps someone else...</P> <P>The error was caused by the introduction of an <CODE>ansible</CODE> user into the base Splunk Docker image.</P> <P>My custom Dockerfile was setting the user to <CODE>splunk</CODE> (or rather, the user specified by the corresponding environment variable). That caused a problem, because an updated shell script in the base Docker image was subsequently attempting to write to a file that the <CODE>ansible</CODE> user could write to, but the <CODE>splunk</CODE> user couldn't.</P> <P>I fixed the problem by changing the following line in my Dockerfile:</P> <PRE><CODE>user ${SPLUNK_USER} </CODE></PRE> <P>to:</P> <PRE><CODE>user ${ANSIBLE_USER} </CODE></PRE> <P>I <EM>might</EM> have been able to solve the problem by removing all <CODE>USER</CODE> commands from my Dockerfile, and inserting <CODE>sudo</CODE> in front of the <CODE>apt-get</CODE> command in the "custom stuff" in that Dockerfile. However, after reading, but not fully understanding, some topics on the web that recommended against using <CODE>sudo</CODE> in a Dockerfile (I'm neither a Unix expert nor a Docker expert), I decided against that approach.</P> Tue, 06 Aug 2019 07:17:24 GMT Graham_Hanningt 2019-08-06T07:17:24Z https://community.splunk.com/t5/Security/Splunk-Docker-container-error-quot-cannot-create-opt-container/m-p/428303#M10094 <P>I had been successfully using a custom Dockerfile to create a Docker container based on the Splunk-provided Docker image for Splunk 7.2.0:</P> <PRE><CODE>from splunk/splunk:7.2.0 user root # Do custom stuff... user ${SPLUNK_USER} # Do more custom stuff... </CODE></PRE> <P>(With apologies for being coy about the "custom stuff".)</P> <P>I wanted to upgrade to Splunk 7.3.0, so I updated the <CODE>FROM</CODE> command to refer to the <CODE>7.3.0</CODE> tag.</P> <P>That introduced the following error:</P> <PRE><CODE>sh: 1: cannot create /opt/container_artifact/splunk-container.state: Permission denied </CODE></PRE> <P>What changed between 7.2.0 and 7.3.0 to cause this error?</P> Tue, 06 Aug 2019 07:08:47 GMT https://community.splunk.com/t5/Security/Splunk-Docker-container-error-quot-cannot-create-opt-container/m-p/428303#M10094 Graham_Hanningt 2019-08-06T07:08:47Z https://community.splunk.com/t5/Security/Splunk-Docker-container-error-quot-cannot-create-opt-container/m-p/428304#M10095 <P>Answering my own question, in case it helps someone else...</P> <P>The error was caused by the introduction of an <CODE>ansible</CODE> user into the base Splunk Docker image.</P> <P>My custom Dockerfile was setting the user to <CODE>splunk</CODE> (or rather, the user specified by the corresponding environment variable). That caused a problem, because an updated shell script in the base Docker image was subsequently attempting to write to a file that the <CODE>ansible</CODE> user could write to, but the <CODE>splunk</CODE> user couldn't.</P> <P>I fixed the problem by changing the following line in my Dockerfile:</P> <PRE><CODE>user ${SPLUNK_USER} </CODE></PRE> <P>to:</P> <PRE><CODE>user ${ANSIBLE_USER} </CODE></PRE> <P>I <EM>might</EM> have been able to solve the problem by removing all <CODE>USER</CODE> commands from my Dockerfile, and inserting <CODE>sudo</CODE> in front of the <CODE>apt-get</CODE> command in the "custom stuff" in that Dockerfile. However, after reading, but not fully understanding, some topics on the web that recommended against using <CODE>sudo</CODE> in a Dockerfile (I'm neither a Unix expert nor a Docker expert), I decided against that approach.</P> Tue, 06 Aug 2019 07:17:24 GMT https://community.splunk.com/t5/Security/Splunk-Docker-container-error-quot-cannot-create-opt-container/m-p/428304#M10095 Graham_Hanningt 2019-08-06T07:17:24Z