Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Docker Config option for Splunk web.conf error

jjesudass
Engager
‎10-17-2017 09:43 AM

I am using Splunk/splunk:latest version(7.0.0) and docker compose version (3.4) .
Also deploying an nginx proxy with context root as /splunk to forward to splunk web at 8000.

The web.conf is added to the container as a docker config at /opt/splunk/etc/system/local/web.conf as root user, and also starting the container as root user.
The splunk container fails to start with error: chown: changing ownership of ‘/opt/splunk/etc/system/local/web.conf’: Read-only file system

web.conf:

[settings]

root_endpoint=/splunk

Docker-Compose:

version: "3.4"
services:
enterprise:
image: splunk/splunk
environment:
SPLUNK_START_ARGS: --accept-license
SPLUNK_USER: root
ports:
- "8000"
- "8088"
configs:
- source: web.conf
target: /opt/splunk/etc/system/local/web.conf
uid: '0'
gid: '0'
mode: 0440
deploy:
replicas: 1
restart_policy:
condition: on-failure
configs:
web.conf:
file: web.conf

Reply

ggudgin
Explorer
‎03-14-2018 10:21 PM

I am running the latest docker image and have a similar issue. Running 7.0.2 on Docker CE with Portainer.
The user and group defined by the default variables are splunk splunk
However when I check the files in the /etc volume they are all owned by docker with the exception of modified files which become owned by root.

The container stops with error 13 access denied web.conf

Running the container with environment variables set to root, allows the container to start.

Something is a miss with the ownership when this container makes changes to the file system. For now I'm just running it as root:root

0 Karma
Reply

ggudgin
Explorer
‎03-14-2018 10:21 PM

I am running the latest docker image and have a similar issue. Running 7.0.2 on Docker CE with Portainer.
The user and group defined by the default variables are splunk splunk
However when I check the files in the /etc volume they are all owned by docker with the exception of modified files which become owned by root.

The container stops with error 13 access denied web.conf

Running the container with environment variables set to root, allows the container to start.

Something is a miss with the ownership when this container makes changes to the file system. For now I'm just running it as root:root

0 Karma
Reply
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...