-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Task Remove existing HEC token is failing -1 because of self signed certificates #814
Comments
It looks like the surrounding steps now use splunk_api, which by default does not verify SSL/TLS certs. This step for Remove existing HEC token still uses the uri module, and recently removed "validate_certs: false", causing this problem (because the default is to verify certs). |
This change breaks in 9.1.4 also. The "Remove existing HEC token" task needs the validate_certs: false tasks added back or else the docker container fails to complete with error: This is preventing my team from upgrading from 9.1.2 to 9.1.4. And 9.1.4 has a high vulnerability fix according to the splunk advisory. |
Hello,
We are using Splunk docker images in a K8S environment to spawn a cluster. I have recently try to update from 9.0.8 to 9.0.9 and I have got this error from indexers and standalone nodes :
`TASK [splunk_standalone : Remove existing HEC token] ***************************
fatal: [localhost]: FAILED! => {
"changed": false,
"elapsed": 0,
"redirected": false,
"status": -1,
"url": "https://127.0.0.1:8089/services/data/inputs/http/splunk_hec_token",
"warnings": [
"Module did not set no_log for password"
]
}
MSG:
Status code was -1 and not [200, 404]: Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)>`
I have tested locally in the pod, I am able with curl to
curl -k -u admin:pass https://localhost:8089/services/data/inputs/http/splunk_hec_token -d "remove"
and it's working as expected.
I rollback to 9.0.8 and everything is working as expected, can you try to help ?
Vincent
The text was updated successfully, but these errors were encountered: