Unable to change the default username from docker-compose
gijswobben opened this issue · 13 comments
I've tried to change the default username with the "command" in docker-compose.yml but it doesn't seem to work. Does anyone know how to do this?
Have you tried using the SPLUNK_USER environment variable as shown in the compose examples? Here's a partial example from that page:
vsplunk:
image: busybox
volumes:
- /opt/splunk/etc
- /opt/splunk/var
splunk:
image: splunk/splunk:6.5.0-monitor
hostname: splunkenterprise
environment:
SPLUNK_START_ARGS: --accept-license --answer-yes
SPLUNK_ENABLE_LISTEN: 9997
SPLUNK_ADD: tcp 1514
SPLUNK_USER: root
Yes I have:
SPLUNK_CMD: edit user admin -password random_password -role admin -auth admin:changeme
This does not work...
@gijswobben do you see any issues / errors or anything else in docker logs {containerId}
?
I see that the examples do not consistently mention that you must include the SPLUNK_START_ARGS="--accept-license"
piece, or you will indeed have problems. The below does work from CLI, can test via compose as well (but it should behave the same):
$ docker run -d --hostname splunkenterprise --publish 8000 --env SPLUNK_CMD='edit user admin -password random_password -role admin -auth admin:changeme' --env SPLUNK_START_ARGS="--accept-license" splunk/splunk
$ docker logs agitated_thompson
Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'.
<snip>
The Splunk web interface is at http://splunkenterprise:8000
User admin edited.
This is my setup (which is not working):
version: '2'
services:
splunk:
image: splunk/splunk:6.5.0
hostname: splunk
environment:
SPLUNK_CMD: edit user admin -password random_password -role admin -auth admin:changeme
SPLUNK_START_ARGS: --accept-license --answer-yes
SPLUNK_ENABLE_LISTEN: 9997
SPLUNK_USER: root
volumes:
- ./apps:/opt/splunk/etc/apps
- ./system:/opt/splunk/etc/system
ports:
- "8000:8000"
- "9997:9997"
- "8088:8088"
- "8191:8191"
$ docker-compose up
Splunk does start, no error messages, but the password has not been changed. Any ideas? Anyone able to replicate?
Please show output from docker logs <container name>
@gijswobben. I'll try to repro later this morning.
This is the full output of docker logs <container>
:
Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'.
Generating RSA private key, 1024 bit long modulus
..............................................++++++
.............++++++
e is 65537 (0x10001)
writing RSA key
Generating RSA private key, 1024 bit long modulus
.......................................................++++++
..................................++++++
e is 65537 (0x10001)
writing RSA key
Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'.
This appears to be your first time running this version of Splunk.
Splunk> All batbelt. No tights.
Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary
Done
New certs have been generated in '/opt/splunk/etc/auth'.
Creating: /opt/splunk/var/lib/splunk
Creating: /opt/splunk/var/run/splunk
Creating: /opt/splunk/var/run/splunk/appserver/i18n
Creating: /opt/splunk/var/run/splunk/appserver/modules/static/css
Creating: /opt/splunk/var/run/splunk/upload
Creating: /opt/splunk/var/spool/splunk
Creating: /opt/splunk/var/spool/dirmoncache
Creating: /opt/splunk/var/lib/splunk/authDb
Creating: /opt/splunk/var/lib/splunk/hashDb
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunk/splunk-6.5.0-59c8927def0f-linux-2.6-x86_64-manifest'
Generating a 1024 bit RSA private key
................................................++++++
.............++++++
writing new private key to 'privKeySecure.pem'
-----
Signature ok
subject=/CN=splunk/O=SplunkUser
Getting CA Private Key
writing RSA key
All installed files intact.
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Done
Waiting for web server at http://127.0.0.1:8000 to be available................................... Done
If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com
The Splunk web interface is at http://splunk:8000
@gijswobben could you show also docker inspect of this container?
I'm unable to repro a docker-compose up
using your sample at this moment due to possibly unrelated errors.
Sure:
[
{
"Id": "4cf5c006c72d1b4c47972b0003a9e2545874820aeec55731826cc7d5fbb13d38",
"Created": "2016-10-20T20:33:14.4012826Z",
"Path": "/sbin/entrypoint.sh",
"Args": [
"start-service"
],
"State": {
"Status": "exited",
"Running": false,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 0,
"ExitCode": 137,
"Error": "",
"StartedAt": "2016-10-20T20:33:15.1746532Z",
"FinishedAt": "2016-10-20T20:35:06.2621316Z"
},
"Image": "sha256:66ab670de146b12becff7970fbe8db8df97dfe3079c9f1eac098ecdb48dc446c",
"ResolvConfPath": "/var/lib/docker/containers/4cf5c006c72d1b4c47972b0003a9e2545874820aeec55731826cc7d5fbb13d38/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/4cf5c006c72d1b4c47972b0003a9e2545874820aeec55731826cc7d5fbb13d38/hostname",
"HostsPath": "/var/lib/docker/containers/4cf5c006c72d1b4c47972b0003a9e2545874820aeec55731826cc7d5fbb13d38/hosts",
"LogPath": "/var/lib/docker/containers/4cf5c006c72d1b4c47972b0003a9e2545874820aeec55731826cc7d5fbb13d38/4cf5c006c72d1b4c47972b0003a9e2545874820aeec55731826cc7d5fbb13d38-json.log",
"Name": "/splunk_splunk_1",
"RestartCount": 0,
"Driver": "aufs",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/c/Users/.../Documents/Docker/Splunk/apps:/opt/splunk/etc/apps:rw",
"/c/Users/.../Documents/Docker/Splunk/system:/opt/splunk/etc/system:rw"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "splunk_default",
"PortBindings": {
"8000/tcp": [
{
"HostIp": "",
"HostPort": "8000"
}
],
"8088/tcp": [
{
"HostIp": "",
"HostPort": "8088"
}
],
"8191/tcp": [
{
"HostIp": "",
"HostPort": "8191"
}
],
"9997/tcp": [
{
"HostIp": "",
"HostPort": "9997"
}
]
},
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": [],
"CapAdd": null,
"CapDrop": null,
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Name": "aufs",
"Data": null
},
"Mounts": [
{
"Source": "/c/Users/.../Documents/Docker/Splunk/apps",
"Destination": "/opt/splunk/etc/apps",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
},
{
"Source": "/c/Users/.../Documents/Docker/Splunk/system",
"Destination": "/opt/splunk/etc/system",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
},
{
"Name": "baf81c26441c713b3548c4d43d2a904ec20903b538be1c74ec3ba33213a2a043",
"Source": "/var/lib/docker/volumes/baf81c26441c713b3548c4d43d2a904ec20903b538be1c74ec3ba33213a2a043/_data",
"Destination": "/opt/splunk/etc",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
},
{
"Name": "11c15386da0bfe5fb6c7f3c14a033a0c39a1b9f5ec400258c9d9e359fd91063b",
"Source": "/var/lib/docker/volumes/11c15386da0bfe5fb6c7f3c14a033a0c39a1b9f5ec400258c9d9e359fd91063b/_data",
"Destination": "/opt/splunk/var",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "splunk",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"1514/tcp": {},
"8000/tcp": {},
"8088/tcp": {},
"8089/tcp": {},
"8191/tcp": {},
"9997/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"SPLUNK_ENABLE_LISTEN=9997",
"SPLUNK_START_ARGS=--accept-license --answer-yes",
"SPLUNK_CMD=edit user admin -password random_password -role admin -auth admin:changeme",
"SPLUNK_USER=root",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"SPLUNK_PRODUCT=splunk",
"SPLUNK_VERSION=6.5.0",
"SPLUNK_BUILD=59c8927def0f",
"SPLUNK_FILENAME=splunk-6.5.0-59c8927def0f-Linux-x86_64.tgz",
"SPLUNK_HOME=/opt/splunk",
"SPLUNK_GROUP=splunk",
"SPLUNK_BACKUP_DEFAULT_ETC=/var/opt/splunk",
"LANG=en_US.utf8"
],
"Cmd": [
"start-service"
],
"Image": "splunk/splunk:6.5.0",
"Volumes": {
"/opt/splunk/etc": {},
"/opt/splunk/etc/apps": {},
"/opt/splunk/etc/system": {},
"/opt/splunk/var": {}
},
"WorkingDir": "/opt/splunk",
"Entrypoint": [
"/sbin/entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "e3a2895b880ad66f190a2d93ce4c58bed46d6285706486f3f403024e2ede0804",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "splunk",
"com.docker.compose.service": "splunk",
"com.docker.compose.version": "1.8.1"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "d1e69a70cf9052b163a8dffa245a6c1b8dead9aef25daf4ef7636258d73c1e0d",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": null,
"SandboxKey": "/var/run/docker/netns/d1e69a70cf90",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"splunk_default": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"4cf5c006c72d",
"splunk"
],
"NetworkID": "ccf7e607f3381c447bd487dfd22191aa40192774ef7b208a7383d0af207882e5",
"EndpointID": "",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": ""
}
}
}
}
]
I am not sure if this mounting will work
volumes:
- ./apps:/opt/splunk/etc/apps
- ./system:/opt/splunk/etc/system
As we mount a volume /opt/splunk/etc/
and you are basically doing the nested volume. Not sure how that works in Docker. We recommend to mount /opt/splunk/etc/
, see https://github.com/splunk/docker-splunk/blob/master/enterprise/README.md#data-store
I have removed volumes definition from your example and tried to run docker-compose on
version: '2'
services:
splunk:
image: splunk/splunk:6.5.0
hostname: splunk
environment:
SPLUNK_CMD: edit user admin -password random_password -role admin -auth admin:changeme
SPLUNK_START_ARGS: --accept-license --answer-yes
SPLUNK_ENABLE_LISTEN: 9997
SPLUNK_USER: root
ports:
- "8000:8000"
- "9997:9997"
- "8088:8088"
- "8191:8191"
And it worked
Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'.
Generating RSA private key, 1024 bit long modulus
..............++++++
...........................++++++
e is 65537 (0x10001)
writing RSA key
Generating RSA private key, 1024 bit long modulus
...++++++
........++++++
e is 65537 (0x10001)
writing RSA key
Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'.
This appears to be your first time running this version of Splunk.
Splunk> Now with more code!
Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Checking critical directories... Done
Checking indexes...
Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary
Done
New certs have been generated in '/opt/splunk/etc/auth'.
Creating: /opt/splunk/var/lib/splunk
Creating: /opt/splunk/var/run/splunk
Creating: /opt/splunk/var/run/splunk/appserver/i18n
Creating: /opt/splunk/var/run/splunk/appserver/modules/static/css
Creating: /opt/splunk/var/run/splunk/upload
Creating: /opt/splunk/var/spool/splunk
Creating: /opt/splunk/var/spool/dirmoncache
Creating: /opt/splunk/var/lib/splunk/authDb
Creating: /opt/splunk/var/lib/splunk/hashDb
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunk/splunk-6.5.0-59c8927def0f-linux-2.6-x86_64-manifest'
Generating a 1024 bit RSA private key
..............++++++
.................................++++++
writing new private key to 'privKeySecure.pem'
-----
Signature ok
subject=/CN=splunk/O=SplunkUser
Getting CA Private Key
writing RSA key
All installed files intact.
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Done
Waiting for web server at http://127.0.0.1:8000 to be available.... Done
If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com
The Splunk web interface is at http://splunk:8000
Listening for Splunk data on TCP port 9997.
User admin edited.
@gijswobben is this still an issue. If so I'll send u a v3 compose file I use daily that works.
I still have the problem when mounting the entire apps or system folder so I started mounting individual apps instead of the entire apps folder and now it works.