Hi,
I can run splunk as a docker image - no problem. But running in Openshift it crashes running sudo (assume in entrypoint.sh script).
image splunk/splunk:7.3.0
PLAY [Run default Splunk provisioning]
Thursday 19 September 2019 19:01:12 +1000 (0:00:00.042) 0:00:00.042
TASK [Gathering Facts]
ok: [localhost]
Thursday 19 September 2019 19:01:15 +1000 (0:00:03.283) 0:00:03.326
Thursday 19 September 2019 19:01:16 +1000 (0:00:00.344) 0:00:03.942
included: /opt/ansible/roles/splunk_common/tasks/get_facts.yml for localhost
Thursday 19 September 2019 19:01:16 +1000 (0:00:00.264) 0:00:04.207
TASK [splunk_common : Set privilege escalation user]
ok: [localhost]
..
..
..
TASK [splunk_common : Update Splunk directory owner]
fatal: [localhost]: FAILED! => {
"changed": false,
"rc": 1
}
MSG:
MODULE FAILURE
See stdout/stderr for the exact error
MODULE_STDERR:
sudo: unable to change to root gid: Operation not permitted
sudo: unable to initialize policy plugin
PLAY RECAP *********************************************************************
localhost : ok=15 changed=0 unreachable=0 failed=1 skipped=10 rescued=0 ignored=0
Gathering Facts --------------------------------------------------------- 3.28s
splunk_common : Check for existing installation ------------------------- 1.60s
splunk_common : Check if we are in a docker ----------------------------- 1.19s
..
..
..
Determine captaincy ----------------------------------------------------- 0.11s
ERROR: Couldn't read "/opt/splunk/etc/splunk-launch.conf" -- maybe $SPLUNK_HOME or $SPLUNK_ETC is set wrong?
Generally openshift oc disallows sudo.
Thanks
OKAY. Found a dirty work around which is a security threat.
Need to add users as sudo and strip out openshift restrictions on allowable capabilities.
including SETUID GETUID. Unfortunately the entrypoint.sh should just run as 1 user splunk and not sudo between splunk and ansible.
uneccessary.