![]() the next container restart, it is likely to fail. Regarding your example above, I believe the difference in behavior was exactly the latter case mentioned above - some newer actions taken by the bootstrapping process do require the password, and if this changes between the time the container runs vs. Then of course, if you introduce the complexity of changing passwords, that particular stage could also fail because changing a setting with an out-of-date password will result in an unauthorized failure. For instance, if a user starts a Splunk container with HEC enabled but then disables it via the web UI, the next time the container restarts the internal provisioning will try to enable HEC (because that's what was defined as part of the runtime definition). How can I reset my password Tags: splunk-enterprise 0 Karma Reply All forum topics Previous Topic Next Topic bcyates Communicator 03-01-2018 12:23 PM Change the name of passwd in SPLUNKHOME/etc/passwd to passwd.bak then restart the Splunk service. The password change might be something we want to handle differently, although I suppose then it becomes a question of where the line is drawn. When the container starts up, it will converge towards those desired configurations. how it actually gets used? My assumption was that most users would want to define the "state" of their Splunk environment (including all configs, apps, methods of getting-data-in, etc.) via environment variables or a default.yml. ![]() In practice, depending on your orchestrator, I do believe we recommend you roll with docker secrets or kubectl secrets to persist the default.yml or variables in a non-plaintext-manner.įor the password workflow, I suppose there are some differing ideologies in terms of how we expect this gets used vs. This is great feedback, thanks! For the security note you pointed out, the use of SPLUNK_PASSWORD as plaintext is mostly for the dev workflow. Some of the checks do ignore errors, but others don't.Īctually in earlier version 7.2.3 it was, at least, possible to make the container start again after an admin password had changed. The checks done (with ansible) as admin user towards the Management API during container startup to see if the splunk service need to restarted and other checks are a good service, but they should not prevent a startup of the container if they fail due to a changed admin password. Even if not giving this password, a default known password could be set and be prompted for change or even be forced to change at first login. ![]() It should be enough having the password encrypted as in /opt/splunk/etc/passwd.Ī suggestion would be that the password given as an environment argument to the container or in default.yml should be used only for setting the initial password. Having the password visible in clear text, either via docker inspect or in default.yml, should not be mandatory considering the security aspects. Password change for the admin user, just have to be supported. Isn't a realistic scenario for production that /opt/splunk/etc and /opt/splunk/var are mounted on persistent storage and that they thereby survive removal/recreation of the Splunk container and throughout the lifetime of the production setup, rather than just throughout the lifetime of the container? I think that, at some point during the production period, which could be years, the password might need to be changed and in the worst case even be reset. You will use this One-Time Password to repeat the process to Activate Your UBITName.And the release note indicates that Splunk 7.2 docker deployment is production ready at least in the S1 setup. If you upload your ID, UBIT Help Center staff will contact you at the Non-UB email address and/or telephone number you provide, and give you a new, One-Time Password. Call the UBIT Help Center: Call 71 during business hours and verify your identity with UBIT Help Center staff using multiple data points so we can be sure it’s really you.A UB Card with your picture on it is only accepted at the UBIT Help Center walk-up counter. must meet the same requirements as uploading, above. Bring photo ID to the UB Tech Squad counter in 3rd floor Silverman (North Campus). Bring photo ID in person: Access is currently restricted to UB students, faculty and staff.A copy of photo ID (such as a driver's license or passport) that:. ![]()
0 Comments
Leave a Reply. |