Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

RHEL 5 64-bit splunkforwarder rpm install fails, kernel 2.6.18...

ctucker42
Explorer
‎08-03-2021 06:11 AM

Rolling out splunkforwarder in the enterprise using RPM install, but having no luck with some old legacy RHEL 5 servers. They are running 64-bit kernel 2.6*, so it should work.

But rpm -i fails with this message:

# rpm -ivh splunkforwarder-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm
error: splunkforwarder-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm: Header V4 RSA/SHA256 signature: BAD, key ID b3cd4420
error: splunkforwarder-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm cannot be installed

Is the issue that RHEL 5 has a problem with V4 RSA?

Am I stuck having to install from tarball?

Kernel version on this server:

# uname -a
Linux intwebhfindev 2.6.18-419.el5 #1 SMP Wed Feb 22 22:40:57 EST 2017 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.11 (Tikanga)

Thanks

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

codebuilder
SplunkTrust
SplunkTrust
‎08-03-2021 07:47 AM

That's back to the security issues with RHEL 5. I don't think it would be worth the effort needed to get RPM/YUM to work in this case. Just unpack the tar to /opt and go from there.

----
An upvote would be appreciated and Accept Solution if it helps!

View solution in original post

Reply
Solved! Jump to solution

ctucker42
Explorer
‎08-03-2021 08:28 AM

Thanks for all your responses. It's really more of a linux issue than a Splunk issue. No amount of command line switches would solve it.

RHEL 6 and later moved to V4 RSA for signing rpms. RHEL 5 is back on V3 (in addition to being obsolete and unsupported, of course). While I think it's possible to compile an rpm on a current Red Hat that would allow a RHEL 5 server to use it, there are obvious reasons that Splunk would not choose to do so. I know I wouldn't.

Since Splunk provides a tarball for kernel 2.6, that's my obvious next route. It complicates my workflow a bit, but what's life without challenges?

Thanks!

Reply
Solved! Jump to solution

ctucker42
Explorer
‎08-03-2021 06:59 AM

tried yum install. Timed out for some reason.

I even tried

# rpm --nosignature -ivh [...]

which gives

rpmlib(FileDigests) <= 4.6.0-1 is needed by splunkforwarder-8.2.1-ddff1c41e5cf.x86_64

I may have to go the tarball route. It's just a little more involved than rpms

Thanks

0 Karma
Reply
Solved! Jump to solution

codebuilder
SplunkTrust
SplunkTrust
‎08-03-2021 07:04 AM

You could try --nodeps flag with yum or --force with rpm.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply
Solved! Jump to solution

ctucker42
Explorer
‎08-03-2021 07:14 AM

Still getting the error

Header V4 RSA/SHA256 signature: BAD

with rpm -i --force

It looks like rpm's bouncing off the V4 RSA signature and not continuing.

Google is implying that RHEL 5 chokes on anything later than V3 - can anyone confirm? (If you can remember that far in the past)

While it would be nice if Splunk would compile an rpm especially for me, I'm not sure that's likely to happen 🙂

 

0 Karma
Reply
Solved! Jump to solution
Solution

codebuilder
SplunkTrust
SplunkTrust
‎08-03-2021 07:47 AM

That's back to the security issues with RHEL 5. I don't think it would be worth the effort needed to get RPM/YUM to work in this case. Just unpack the tar to /opt and go from there.

----
An upvote would be appreciated and Accept Solution if it helps!
Reply
Solved! Jump to solution

ctucker42
Explorer
‎08-03-2021 06:46 AM

I am aware that Red Hat does not support the small fraction of our enterprise's servers that still run RHEL 5. However, since it's not up to me, I still need to install Splunk forwarders.

Thanks.

0 Karma
Reply
Solved! Jump to solution

codebuilder
SplunkTrust
SplunkTrust
‎08-03-2021 06:54 AM

Have you tried using yum to install?

yum install -y splunkforwarder-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply
Solved! Jump to solution

codebuilder
SplunkTrust
SplunkTrust
‎08-03-2021 06:39 AM

RHEL 5 is not a supported OS. It's also several major releases behind and contains a number of security issues. You really should upgrade.

https://docs.splunk.com/Documentation/Splunk/8.2.1/Workloads/Requirements#Splunk_Enterprise_version_...

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...