Splunk Cloud Platform

RHEL 5 64-bit splunkforwarder rpm install fails, kernel 2.6.18...

ctucker42
Explorer

Rolling out splunkforwarder in the enterprise using RPM install, but having no luck with some old legacy RHEL 5 servers. They are running 64-bit kernel 2.6*, so it should work.

But rpm -i fails with this message:

# rpm -ivh splunkforwarder-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm
error: splunkforwarder-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm: Header V4 RSA/SHA256 signature: BAD, key ID b3cd4420
error: splunkforwarder-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm cannot be installed

Is the issue that RHEL 5 has a problem with V4 RSA?

Am I stuck having to install from tarball?

Kernel version on this server:

# uname -a
Linux intwebhfindev 2.6.18-419.el5 #1 SMP Wed Feb 22 22:40:57 EST 2017 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.11 (Tikanga)

Thanks

Labels (2)
0 Karma
1 Solution

codebuilder
Influencer

That's back to the security issues with RHEL 5. I don't think it would be worth the effort needed to get RPM/YUM to work in this case. Just unpack the tar to /opt and go from there.

----
An upvote would be appreciated and Accept Solution if it helps!

View solution in original post

ctucker42
Explorer

Thanks for all your responses. It's really more of a linux issue than a Splunk issue. No amount of command line switches would solve it.

RHEL 6 and later moved to V4 RSA for signing rpms. RHEL 5 is back on V3 (in addition to being obsolete and unsupported, of course). While I think it's possible to compile an rpm on a current Red Hat that would allow a RHEL 5 server to use it, there are obvious reasons that Splunk would not choose to do so. I know I wouldn't.

Since Splunk provides a tarball for kernel 2.6, that's my obvious next route. It complicates my workflow a bit, but what's life without challenges?

Thanks!

ctucker42
Explorer

tried yum install. Timed out for some reason.

I even tried

# rpm --nosignature -ivh [...]

which gives

rpmlib(FileDigests) <= 4.6.0-1 is needed by splunkforwarder-8.2.1-ddff1c41e5cf.x86_64

I may have to go the tarball route. It's just a little more involved than rpms

Thanks

0 Karma

codebuilder
Influencer

You could try --nodeps flag with yum or --force with rpm.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

ctucker42
Explorer

Still getting the error

Header V4 RSA/SHA256 signature: BAD

with rpm -i --force

It looks like rpm's bouncing off the V4 RSA signature and not continuing.

Google is implying that RHEL 5 chokes on anything later than V3 - can anyone confirm? (If you can remember that far in the past)

While it would be nice if Splunk would compile an rpm especially for me, I'm not sure that's likely to happen 🙂

 

0 Karma

codebuilder
Influencer

That's back to the security issues with RHEL 5. I don't think it would be worth the effort needed to get RPM/YUM to work in this case. Just unpack the tar to /opt and go from there.

----
An upvote would be appreciated and Accept Solution if it helps!

ctucker42
Explorer

I am aware that Red Hat does not support the small fraction of our enterprise's servers that still run RHEL 5. However, since it's not up to me, I still need to install Splunk forwarders.

Thanks.

0 Karma

codebuilder
Influencer

Have you tried using yum to install?

yum install -y splunkforwarder-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

codebuilder
Influencer

RHEL 5 is not a supported OS. It's also several major releases behind and contains a number of security issues. You really should upgrade.

https://docs.splunk.com/Documentation/Splunk/8.2.1/Workloads/Requirements#Splunk_Enterprise_version_...

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...