Are you a member of the Splunk Community?
- Find Answers
- :
- Premium Solutions
- :
- Splunk SOAR
- :
- Phantom on-prem Install
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Phantom on-prem Install
I tried to install unprivillaged phantom soar on centos 7 but I receive same mistake every time. Can somebody help please. The eror:
Initializing Splunk SOAR settings
Failed Splunk SOAR initialization
Traceback (most recent call last):
File "/home/phantom/soar/splunk-soar/install/console.py", line 207, in run
proc = subprocess.run(normalized_cmd, **cmd_args) # noqa: PHANTOM112
File "/home/phantom/soar/splunk-soar/usr/python39/lib/python3.9/subprocess.py", line 528, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['/home/phantom/soar/bin/phenv', 'python', '/home/phantom/soar/bin/initialize.py', '--first-initialize']' returned non-zero exit status 2.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/phantom/soar/splunk-soar/./soar-install", line 72, in main
deployment.run()
File "/home/phantom/soar/splunk-soar/install/deployments/deployment.py", line 132, in run
self.run_deploy()
File "/home/phantom/soar/splunk-soar/usr/python39/lib/python3.9/contextlib.py", line 79, in inner
return func(*args, **kwds)
File "/home/phantom/soar/splunk-soar/install/deployments/deployment.py", line 193, in run_deploy
operation.run()
File "/home/phantom/soar/splunk-soar/install/operations/deployment_operation.py", line 135, in run
self.install()
File "/home/phantom/soar/splunk-soar/install/operations/tasks/initialize_phantom.py", line 62, in install
self.initialize_py("--first-initialize")
File "/home/phantom/soar/splunk-soar/install/operations/tasks/initialize_phantom.py", line 33, in initialize_py
return self.shell.phenv(cmd, **kwargs)
File "/home/phantom/soar/splunk-soar/install/console.py", line 275, in phenv
return self.run([phenv] + cmd, **kwargs)
File "/home/phantom/soar/splunk-soar/install/console.py", line 224, in run
raise InstallError(
install.install_common.InstallError: Failed Splunk SOAR initialization
install failed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I had the same output on a centos7.
I added the option -v to get more verbosity and I was able to see that the installer cannot generate the certificate.
Creating HTTPS cert...
Aborting https cert create. File already exists
Shell command: openssl x509 -in /opt/phantom/etc/ssl/certs/httpd_cert.crt -pubkey -noout
Initialization function create_https_cert failed!
Traceback (most recent call last):
File "/opt/phantom/bin/initialize.py", line 965, in initialize
func()
File "/opt/phantom/bin/initialize.py", line 334, in create_https_cert
cert_tools.create_https_cert(group=group, force=force)
File "pycommon3/phantom_common/cert_tools.py/cert_tools.py", line 123, in create_https_cert
File "pycommon3/phantom_common/phproc.py/phproc.py", line 269, in run
File "pycommon3/phantom_common/phproc.py/phproc.py", line 379, in __init__
File "/opt/phantom/usr/python39/lib/python3.9/subprocess.py", line 951, in __init__
self._execute_child(args, executable, preexec_fn, close_fds,
File "/opt/phantom/usr/python39/lib/python3.9/subprocess.py", line 1821, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'openssl'
Done.
I installed openssl and I was able to complete the installation.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
did you resolve this? I am trying 6.1.1 on RHEL 7.9 and using the RHEL 7 install getting the same issue
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you confirm you have downloaded the centos7 version of the installer?
Have you also disabled any SELinux capabilities on the server?
Other than that the error isn't too clear. Can you try the centos8 version on a centos8 box?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I installed the soar on rehl8 os in google cloud machine. But how i will reach the soar web interface?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ada64 if you have console access to the VM then you need to find the IP address it's using and just go there via HTTPs.
https://<your_phantom_ip_or_hostname>
Once there you can log in as soar_local_admin / password.
https://docs.splunk.com/Documentation/SOARonprem/6.0.2/Install/Login
Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?
Data Persistence in the OpenTelemetry Collector
Thanks for the Memories! Splunk University, .conf25, and our Community
