Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

instal splunk soar, error can't read /etc/redhat-release

bambarita
Observer
‎03-19-2024 09:12 AM

does anyone ever know this issue,

I use centos8 stream to install soar 6.2.0 onprem,

but it can't read /etc/redhat-release

[phantom@10 splunk-soar]$ ./soar-prepare-system --splunk-soar-home /opt/splunk-soar/ --https-port 443
Detailed logs will be located at /opt/splunk-soar/var/log/phantom/phantom_install_log
Preparing system for installation of Splunk SOAR 6.2.0.355
Unable to read CentOS/RHEL version from /etc/redhat-release.
Traceback (most recent call last):
File "/opt/splunk-soar/./soar-prepare-system", line 93, in main
pre_installer.run()
File "/opt/splunk-soar/install/deployments/deployment.py", line 132, in run
self.run_pre_deploy()
File "/opt/splunk-soar/usr/python39/lib/python3.9/contextlib.py", line 79, in inner
return func(*args, **kwds)
File "/opt/splunk-soar/install/deployments/deployment.py", line 146, in run_pre_deploy
plan = DeploymentPlan.from_spec(self.spec, self.options)
File "/opt/splunk-soar/install/deployments/deployment_plan.py", line 51, in from_spec
deployment_operations=[_type(options) for _type in deployment_operations],
File "/opt/splunk-soar/install/deployments/deployment_plan.py", line 51, in <listcomp>
deployment_operations=[_type(options) for _type in deployment_operations],
File "/opt/splunk-soar/install/operations/optional_tasks/rpm_packages.py", line 53, in __init__
self.rpm_checker = RpmChecker(self.get_rpm_packages(), self.shell)
File "/opt/splunk-soar/install/operations/optional_tasks/rpm_packages.py", line 63, in get_rpm_packages
if get_os_family() == OsFamilyType.el7:
File "/opt/splunk-soar/install/install_common.py", line 340, in get_os_family
os_version = get_os_version()
File "/opt/splunk-soar/install/install_common.py", line 326, in get_os_version
return _get_centos_and_rhel_version()
File "/opt/splunk-soar/install/install_common.py", line 315, in _get_centos_and_rhel_version
raise InstallError("Unable to read CentOS/RHEL version from /etc/redhat-release.")
install.install_common.InstallError: Unable to read CentOS/RHEL version from /etc/redhat-release.
Pre-install failed.

 

while I open the /etc/redhat-release

[phantom@10 splunk-soar]$ cat /etc/redhat-release
NAME="CentOS stream"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Stream 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream"

 

welcome for any suggestion

Labels (2)
Labels
Tags (2)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎03-19-2024 10:39 AM
Hi
I’m not sure, but my expectation is that as Centos 8 isn’t supported (https://docs.splunk.com/Documentation/SOARonprem/6.2.0/Install/InstallUnprivileged), it cannot parse correctly content of this file.
r. Ismo
0 Karma
Reply
Get Updates on the Splunk Community!

Harnessing Splunk’s Federated Search for Amazon S3

Managing your data effectively often means balancing performance, costs, and compliance. Splunk’s Federated ...

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...