Hi all,

Right now I'm just trying to deploy a Docker container with Splunk installed from an image built from source (from Splunk's GH page: https://github.com/splunk/docker-splunk). The custom elements will come later, I'm just trying to get the default splunk-centos-7 image to work.

I'm running inside a Centos 8 VM with Docker installed. I believe this is a configuration issue, but I can't find anything online mentioning what to do.

My workflow from inside the cloned repo dir:

• Make the image (this is straight from the master branch)
  sudo make splunk-centos-7

• This successfully builds the image. Then, I run (with the proper password):
  sudo docker run -it -p 8000:8000 -e "SPLUNK_PASSWORD=<password>" -e "SPLUNK_START_ARGS=--accept-license" <image ID>

  • This causes entrypoint.sh to eventually run ansible-playbook $ANSIBLE_EXTRA_FLAGS -i inventory/environ.py site.yml

• This is where my issue is - I get the error:
  TASK [Provision role] ***********************************************************************************************************************************************************************************************************************
[WARNING]: 'splunk' is undefined

I've tried the recommendation at https://splunk.github.io/splunk-ansible/EXAMPLES.html#provision-local-standalone and running with a default.yml file, but I get an Ansible error when including the splunk_standalone role.

It feels like I'm missing some configuration somewhere. The build succeeds, but trying to run the container fails. Does anyone have any suggestions?