First time configurations don't work for splunk 7.1.0 image

[andyneff]

The entrypoint has a lot of configuration features based on authenticating as admin using -auth admin:changeme

• SPLUNK_ENABLE_DEPLOY_SERVER
• SPLUNK_DEPLOYMENT_SERVER
• SPLUNK_ENABLE_LISTEN
• SPLUNK_FORWARD_SERVER
• SPLUNK_FORWARD_SERVER_*
• SPLUNK_ADD
• SPLUNK_ADD_*

In the 7.1.0 docker image, unlike 7.0.x, the admin password is set at the begining of first time configuration (rather than via the webpage after the first time configuration is done), before these configurations steps run. So the password has already been changed from changeme and none of the splunk configurations work.

Temporary workarround

Set your command to (for example, in a docker-compose.yml file

command: |
  bash -c "
    if [ -e /opt/splunk/etc/str ]; then
      rm -f /opt/splunk/ftr
      exec /sbin/entrypoint.sh start-service
    else
      touch /opt/splunk/etc/str
      exec /sbin/entrypoint.sh start-service --seed-passwd changeme
    fi
  "

At least this way, the password is changeme, and everything works. Only downside to this is the webpage no longer tells you to change the password after logging in, like it did in 7.0.x

[andyneff]

Related to #72

[ghost]

Wow! I was just tracking down why my cluster Arg commands didnt work. Thank you!!!!

[outcoldman]

@andyneff I believe you can just run --env SPLUNK_START_ARGS="--accept-license --answer-yes --seed-passwd changeme" (see https://www.outcoldsolutions.com/blog/2018-04-25-docker-splunk-7-1-0/) and you should be able to use all of the configuration commands.
I believe these environment variables should be deprecated, instead there are should be a simple solution to write configuration files directly, maybe similar to https://github.com/outcoldman/docker-splunk-cluster#how-it-works

[andyneff]

@outcoldman Thanks, --seed-passwd is the better way I couldn't find.

I totally agree that it looks like a new way to implement the environment features should be added to this image.