Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Docker Config option for Splunk web.conf error

jjesudass
Engager
‎10-17-2017 09:43 AM

I am using Splunk/splunk:latest version(7.0.0) and docker compose version (3.4) .
Also deploying an nginx proxy with context root as /splunk to forward to splunk web at 8000.

The web.conf is added to the container as a docker config at /opt/splunk/etc/system/local/web.conf as root user, and also starting the container as root user.
The splunk container fails to start with error: chown: changing ownership of ‘/opt/splunk/etc/system/local/web.conf’: Read-only file system

web.conf:

[settings]

root_endpoint=/splunk

Docker-Compose:

version: "3.4"
services:
enterprise:
image: splunk/splunk
environment:
SPLUNK_START_ARGS: --accept-license
SPLUNK_USER: root
ports:
- "8000"
- "8088"
configs:
- source: web.conf
target: /opt/splunk/etc/system/local/web.conf
uid: '0'
gid: '0'
mode: 0440
deploy:
replicas: 1
restart_policy:
condition: on-failure
configs:
web.conf:
file: web.conf

Reply

ggudgin
Explorer
‎03-14-2018 10:21 PM

I am running the latest docker image and have a similar issue. Running 7.0.2 on Docker CE with Portainer.
The user and group defined by the default variables are splunk splunk
However when I check the files in the /etc volume they are all owned by docker with the exception of modified files which become owned by root.

The container stops with error 13 access denied web.conf

Running the container with environment variables set to root, allows the container to start.

Something is a miss with the ownership when this container makes changes to the file system. For now I'm just running it as root:root

0 Karma
Reply

ggudgin
Explorer
‎03-14-2018 10:21 PM

I am running the latest docker image and have a similar issue. Running 7.0.2 on Docker CE with Portainer.
The user and group defined by the default variables are splunk splunk
However when I check the files in the /etc volume they are all owned by docker with the exception of modified files which become owned by root.

The container stops with error 13 access denied web.conf

Running the container with environment variables set to root, allows the container to start.

Something is a miss with the ownership when this container makes changes to the file system. For now I'm just running it as root:root

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...