Splunk SOAR
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Phantom on-prem Install

ada64
Engager
‎06-29-2023 08:19 AM

I tried to install unprivillaged phantom soar on centos 7 but I receive same mistake every time. Can somebody help please. The eror: 

 

Initializing Splunk SOAR settings

Failed Splunk SOAR initialization
Traceback (most recent call last):
File "/home/phantom/soar/splunk-soar/install/console.py", line 207, in run
proc = subprocess.run(normalized_cmd, **cmd_args) # noqa: PHANTOM112
File "/home/phantom/soar/splunk-soar/usr/python39/lib/python3.9/subprocess.py", line 528, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['/home/phantom/soar/bin/phenv', 'python', '/home/phantom/soar/bin/initialize.py', '--first-initialize']' returned non-zero exit status 2.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/phantom/soar/splunk-soar/./soar-install", line 72, in main
deployment.run()
File "/home/phantom/soar/splunk-soar/install/deployments/deployment.py", line 132, in run
self.run_deploy()
File "/home/phantom/soar/splunk-soar/usr/python39/lib/python3.9/contextlib.py", line 79, in inner
return func(*args, **kwds)
File "/home/phantom/soar/splunk-soar/install/deployments/deployment.py", line 193, in run_deploy
operation.run()
File "/home/phantom/soar/splunk-soar/install/operations/deployment_operation.py", line 135, in run
self.install()
File "/home/phantom/soar/splunk-soar/install/operations/tasks/initialize_phantom.py", line 62, in install
self.initialize_py("--first-initialize")
File "/home/phantom/soar/splunk-soar/install/operations/tasks/initialize_phantom.py", line 33, in initialize_py
return self.shell.phenv(cmd, **kwargs)
File "/home/phantom/soar/splunk-soar/install/console.py", line 275, in phenv
return self.run([phenv] + cmd, **kwargs)
File "/home/phantom/soar/splunk-soar/install/console.py", line 224, in run
raise InstallError(
install.install_common.InstallError: Failed Splunk SOAR initialization
install failed.

Labels (1)
Labels
Preview file
70 KB
0 Karma
Reply

QuentinM
Loves-to-Learn
‎01-16-2024 03:08 PM

Hi, 

I had the same output on a centos7.
I added the option -v to get more verbosity and I was able to see that the installer cannot generate the certificate.

Creating HTTPS cert...
Aborting https cert create. File already exists
Shell command: openssl x509 -in /opt/phantom/etc/ssl/certs/httpd_cert.crt -pubkey -noout
Initialization function create_https_cert failed!
Traceback (most recent call last):
  File "/opt/phantom/bin/initialize.py", line 965, in initialize
    func()
  File "/opt/phantom/bin/initialize.py", line 334, in create_https_cert
    cert_tools.create_https_cert(group=group, force=force)
  File "pycommon3/phantom_common/cert_tools.py/cert_tools.py", line 123, in create_https_cert
  File "pycommon3/phantom_common/phproc.py/phproc.py", line 269, in run
  File "pycommon3/phantom_common/phproc.py/phproc.py", line 379, in __init__
  File "/opt/phantom/usr/python39/lib/python3.9/subprocess.py", line 951, in __init__
    self._execute_child(args, executable, preexec_fn, close_fds,
  File "/opt/phantom/usr/python39/lib/python3.9/subprocess.py", line 1821, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'openssl'
Done.


I installed openssl and I was able to complete the installation.

0 Karma
Reply

damianpadden
Loves-to-Learn
‎10-16-2023 07:05 AM

did you resolve this? I am trying 6.1.1 on RHEL 7.9 and using the RHEL 7 install getting the same issue

0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎06-29-2023 09:53 AM

@ada64 

Can you confirm you have downloaded the centos7 version of the installer?

Have you also disabled any SELinux capabilities on the server?

Other than that the error isn't too clear. Can you try the centos8 version on a centos8 box?

0 Karma
Reply

ada64
Engager
‎07-03-2023 05:42 AM

I installed the soar on  rehl8 os in google cloud machine. But how i will reach the soar web interface?

0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎07-03-2023 06:00 AM

@ada64 if you have console access to the VM then you need to find the IP address it's using and just go there via HTTPs. 

https://<your_phantom_ip_or_hostname> 

Once there you can log in as soar_local_admin / password. 

https://docs.splunk.com/Documentation/SOARonprem/6.0.2/Install/Login 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

   このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...