Rolling out splunkforwarder in the enterprise using RPM install, but having no luck with some old legacy RHEL 5 servers. They are running 64-bit kernel 2.6*, so it should work.
But rpm -i fails with this message:
# rpm -ivh splunkforwarder-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm
error: splunkforwarder-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm: Header V4 RSA/SHA256 signature: BAD, key ID b3cd4420
error: splunkforwarder-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm cannot be installed
Is the issue that RHEL 5 has a problem with V4 RSA?
Am I stuck having to install from tarball?
Kernel version on this server:
# uname -a
Linux intwebhfindev 2.6.18-419.el5 #1 SMP Wed Feb 22 22:40:57 EST 2017 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.11 (Tikanga)
Thanks
That's back to the security issues with RHEL 5. I don't think it would be worth the effort needed to get RPM/YUM to work in this case. Just unpack the tar to /opt and go from there.
Thanks for all your responses. It's really more of a linux issue than a Splunk issue. No amount of command line switches would solve it.
RHEL 6 and later moved to V4 RSA for signing rpms. RHEL 5 is back on V3 (in addition to being obsolete and unsupported, of course). While I think it's possible to compile an rpm on a current Red Hat that would allow a RHEL 5 server to use it, there are obvious reasons that Splunk would not choose to do so. I know I wouldn't.
Since Splunk provides a tarball for kernel 2.6, that's my obvious next route. It complicates my workflow a bit, but what's life without challenges?
Thanks!
tried yum install. Timed out for some reason.
I even tried
# rpm --nosignature -ivh [...]
which gives
rpmlib(FileDigests) <= 4.6.0-1 is needed by splunkforwarder-8.2.1-ddff1c41e5cf.x86_64
I may have to go the tarball route. It's just a little more involved than rpms
Thanks
You could try --nodeps flag with yum or --force with rpm.
Still getting the error
Header V4 RSA/SHA256 signature: BAD
with rpm -i --force
It looks like rpm's bouncing off the V4 RSA signature and not continuing.
Google is implying that RHEL 5 chokes on anything later than V3 - can anyone confirm? (If you can remember that far in the past)
While it would be nice if Splunk would compile an rpm especially for me, I'm not sure that's likely to happen 🙂
That's back to the security issues with RHEL 5. I don't think it would be worth the effort needed to get RPM/YUM to work in this case. Just unpack the tar to /opt and go from there.
I am aware that Red Hat does not support the small fraction of our enterprise's servers that still run RHEL 5. However, since it's not up to me, I still need to install Splunk forwarders.
Thanks.
Have you tried using yum to install?
yum install -y splunkforwarder-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm
RHEL 5 is not a supported OS. It's also several major releases behind and contains a number of security issues. You really should upgrade.