Getting Data In

Docker container won't restart if mgmt port is disabled.

waltari2001
New Member

Hi,

I am trying to spin a UF in Docker with the following:

docker run -d --name uf -e "SPLUNK_DEPLOYMENT_SERVER=xxxxxxxx" -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=XXXXXXX' -e "SPLUNK_ENABLE_LISTEN=9997" -e "SPLUNK_ADD=tcp 1514" splunk/universalforwarder

It starts just fine and pulls apps from the deployment server, which among other things, disable the mgmt port. But if I were to restart the container, it will fail with:

TASK [splunk_common : Wait for splunkd management port] ************************
fatal: [localhost]: FAILED! => {
"changed": false,
"elapsed": 300
}

MSG:

Timeout when waiting for 127.0.0.1:8089

Any solution to go around that?

Thanks!

Sadek

0 Karma
1 Solution

PavelP
Motivator

Hello @waltari2001,

you have to modify an ansible playbook roles/splunk_common/tasks/start_splunk.yml

- name: "Wait for splunkd management port"
  wait_for:
    port: "{{ splunk.svc_port }}"

View solution in original post

PavelP
Motivator

Hello @waltari2001,

you have to modify an ansible playbook roles/splunk_common/tasks/start_splunk.yml

- name: "Wait for splunkd management port"
  wait_for:
    port: "{{ splunk.svc_port }}"

tauliang
Communicator

The question mentioned that "which among other things, disable the mgmt port", in that case, the error message is expected. If you don't disable the management port, do you still have the error?

0 Karma

waltari2001
New Member

For security reason the mgmt port needs to be disabled. The container literary dies after doing so.

0 Karma

tauliang
Communicator

How did you disable the port?

Usually, you can add an app with a server.conf like this:

[httpServer]
 disableDefaultPort = true

Or use this app on Splunkbase:
https://splunkbase.splunk.com/app/3246/

0 Karma

waltari2001
New Member

By dropping:

/opt/splunkforwarder/etc/apps/disable_mgt_port/local/server.conf

[httpServer]
disableDefaultPort = true

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...