Splunk SOAR (f.k.a. Phantom)

Phantom on-prem Install

ada64
Engager

I tried to install unprivillaged phantom soar on centos 7 but I receive same mistake every time. Can somebody help please. The eror: 

 

Initializing Splunk SOAR settings

Failed Splunk SOAR initialization
Traceback (most recent call last):
File "/home/phantom/soar/splunk-soar/install/console.py", line 207, in run
proc = subprocess.run(normalized_cmd, **cmd_args) # noqa: PHANTOM112
File "/home/phantom/soar/splunk-soar/usr/python39/lib/python3.9/subprocess.py", line 528, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['/home/phantom/soar/bin/phenv', 'python', '/home/phantom/soar/bin/initialize.py', '--first-initialize']' returned non-zero exit status 2.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/phantom/soar/splunk-soar/./soar-install", line 72, in main
deployment.run()
File "/home/phantom/soar/splunk-soar/install/deployments/deployment.py", line 132, in run
self.run_deploy()
File "/home/phantom/soar/splunk-soar/usr/python39/lib/python3.9/contextlib.py", line 79, in inner
return func(*args, **kwds)
File "/home/phantom/soar/splunk-soar/install/deployments/deployment.py", line 193, in run_deploy
operation.run()
File "/home/phantom/soar/splunk-soar/install/operations/deployment_operation.py", line 135, in run
self.install()
File "/home/phantom/soar/splunk-soar/install/operations/tasks/initialize_phantom.py", line 62, in install
self.initialize_py("--first-initialize")
File "/home/phantom/soar/splunk-soar/install/operations/tasks/initialize_phantom.py", line 33, in initialize_py
return self.shell.phenv(cmd, **kwargs)
File "/home/phantom/soar/splunk-soar/install/console.py", line 275, in phenv
return self.run([phenv] + cmd, **kwargs)
File "/home/phantom/soar/splunk-soar/install/console.py", line 224, in run
raise InstallError(
install.install_common.InstallError: Failed Splunk SOAR initialization
install failed.

Labels (1)
0 Karma

QuentinM
Loves-to-Learn

Hi, 

I had the same output on a centos7.
I added the option -v to get more verbosity and I was able to see that the installer cannot generate the certificate.

Creating HTTPS cert...
Aborting https cert create. File already exists
Shell command: openssl x509 -in /opt/phantom/etc/ssl/certs/httpd_cert.crt -pubkey -noout
Initialization function create_https_cert failed!
Traceback (most recent call last):
  File "/opt/phantom/bin/initialize.py", line 965, in initialize
    func()
  File "/opt/phantom/bin/initialize.py", line 334, in create_https_cert
    cert_tools.create_https_cert(group=group, force=force)
  File "pycommon3/phantom_common/cert_tools.py/cert_tools.py", line 123, in create_https_cert
  File "pycommon3/phantom_common/phproc.py/phproc.py", line 269, in run
  File "pycommon3/phantom_common/phproc.py/phproc.py", line 379, in __init__
  File "/opt/phantom/usr/python39/lib/python3.9/subprocess.py", line 951, in __init__
    self._execute_child(args, executable, preexec_fn, close_fds,
  File "/opt/phantom/usr/python39/lib/python3.9/subprocess.py", line 1821, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'openssl'
Done.


I installed openssl and I was able to complete the installation.

0 Karma

damianpadden
Observer

did you resolve this? I am trying 6.1.1 on RHEL 7.9 and using the RHEL 7 install getting the same issue

0 Karma

phanTom
SplunkTrust
SplunkTrust

@ada64 

Can you confirm you have downloaded the centos7 version of the installer?

Have you also disabled any SELinux capabilities on the server?

Other than that the error isn't too clear. Can you try the centos8 version on a centos8 box?

0 Karma

ada64
Engager

I installed the soar on  rehl8 os in google cloud machine. But how i will reach the soar web interface?

0 Karma

phanTom
SplunkTrust
SplunkTrust

@ada64 if you have console access to the VM then you need to find the IP address it's using and just go there via HTTPs. 

https://<your_phantom_ip_or_hostname> 

Once there you can log in as soar_local_admin / password. 

https://docs.splunk.com/Documentation/SOARonprem/6.0.2/Install/Login 

0 Karma
Get Updates on the Splunk Community!

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...