I'm using a Docker image, created in 2017, whose dockerfile specifies:
The image is available from Docker Hub:
I, and other users, have successfully used this image many times to create containers.
Today, however, I had a nasty surprise. I created a container with a typical command:
docker run -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_USER=root" -p 38000:8000 -p 38089:8089 -p 31514:1514 --name taw-splunk fundisoftware/taw-splunk:v0.0
The docker log for the new container shows the message:
Your license is expired. Please login as an administrator to update the license.
I thought the license clock only starts ticking after installation. In the context of a Docker container: I thought the clock starts ticking when I create the Docker container.
From the Splunk admin manual topic "Types of Splunk software licenses":
The Enterprise Trial license expires 60 days after you start using Splunk software.
I'm clearly missing something. Why has this license already expired? Because it's an old Splunk version?
I've now switched the Splunk installation in the container to a Free license, and it's working fine, but this issue causes problems in an entrypoint shell script (defined in the dockerfile) that attempts to stream JSON Lines to the newly started Splunk in the container.
One thought: Is there any way to immediately switch to a Free license; say, via environment variables passed by the
docker run command?
Thanks for the suggestion. Yes, that occurred to me, too. I'm on leave for the next couple of days; next week, I'm going to change the
from statement in the dockerfile to refer to the latest tag and hope there are no breaking changes that affect my dashboard definitions (it's been several months since I last looked at this stuff).
an old license in there and needs to be rebuilt.
I don't understand the reference to "old license in there", but I'm not surprised; it's clear to me now that I don't understand how license expiry works. With thanks again for the suggestion to move to a newer tag, I'd also appreciate any insight you could offer me there (for example, what exactly do you mean by "old license in there"?).
I guess I didn't expect my Docker image to work forever, but I wasn't anticipating this expiry issue; I really did think that the license clock would start ticking from 0 for each new Docker container, but I'm clearly wrong about that.
I've upgraded my Docker image to Splunk 7.2.0. (My Dockerfile now specifies
from splunk/splunk:7.2.0 instead of
That fixed the problem. For how long? I wish I knew.