From 0de4bffe24c71604a19d95222011d1b2e6d41f10 Mon Sep 17 00:00:00 2001 From: michaellee-splunk <96087429+michaellee-splunk@users.noreply.github.com> Date: Tue, 16 Apr 2024 10:07:56 -0700 Subject: [PATCH 01/10] install busybox 1.36.1 in base redhat 8 (#664) --- base/redhat-8/install.sh | 22 +++++++++++++++------- docs/CHANGELOG.md | 15 +++++++++++++++ 2 files changed, 30 insertions(+), 7 deletions(-) diff --git a/base/redhat-8/install.sh b/base/redhat-8/install.sh index b9bf7ac0..63e7950c 100755 --- a/base/redhat-8/install.sh +++ b/base/redhat-8/install.sh @@ -28,7 +28,8 @@ export LANG=en_US.utf8 # Install utility packages microdnf -y --nodocs install wget sudo shadow-utils procps tar make gcc \ openssl-devel bzip2-devel libffi-devel findutils \ - libssh-devel libcurl-devel glib2-devel ncurses-devel + libssh-devel libcurl-devel glib2-devel ncurses-devel \ + diffutils bzip2 # Patch security updates microdnf -y --nodocs update gnutls kernel-headers libdnf librepo libnghttp2 nettle \ libpwquality libxml2 systemd-libs lz4-libs curl \ @@ -39,6 +40,18 @@ microdnf -y --nodocs update gnutls kernel-headers libdnf librepo libnghttp2 nett # Reinstall tzdata (originally stripped from minimal image): https://bugzilla.redhat.com/show_bug.cgi?id=1903219 microdnf -y --nodocs reinstall tzdata || microdnf -y --nodocs update tzdata +# Build and install busybox direct from the multiarch since EPEL isn't available yet for redhat8 +cd ~ +wget https://busybox.net/downloads/busybox-1.36.1.tar.bz2 +bzip2 -d busybox-1.36.1.tar.bz2 +tar -xf busybox-1.36.1.tar +cd busybox-1.36.1 +make defconfig +make +cp busybox /bin/busybox +cd ~ +rm -rf busybox-1.36.1.tar busybox-1.36.1/ + # Install Python and necessary packages PY_SHORT=${PYTHON_VERSION%.*} wget -O /tmp/python.tgz https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz @@ -74,14 +87,9 @@ ldconfig microdnf remove -y make gcc openssl-devel bzip2-devel findutils glib2-devel glibc-devel cpp binutils \ keyutils-libs-devel krb5-devel libcom_err-devel libffi-devel libcurl-devel \ libselinux-devel libsepol-devel libssh-devel libverto-devel libxcrypt-devel \ - ncurses-devel pcre2-devel zlib-devel + ncurses-devel pcre2-devel zlib-devel diffutils bzip2 microdnf clean all -# Install busybox direct from the multiarch since EPEL isn't available yet for redhat8 -BUSYBOX_URL=${BUSYBOX_URL:=https://busybox.net/downloads/binaries/1.35.0-`arch`-linux-musl/busybox} -wget -O /bin/busybox ${BUSYBOX_URL} -chmod +x /bin/busybox - # Enable busybox symlinks cd /bin BBOX_LINKS=( clear find diff hostname killall netstat nslookup ping ping6 readline route syslogd tail traceroute vi ) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 843fdf07..1a83e886 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -14,6 +14,7 @@ Red Hat images will continue to be published. * [9.2.0.1](#9201) * [9.2.0](#920) * [9.1.4](#914) +* [9.1.3-patch1](#913p1) * [9.1.3](#913) * [9.1.2](#912) * [9.1.1](#911) @@ -159,6 +160,20 @@ Red Hat images will continue to be published. --- +## 9.1.3-patch1 + +#### What's New? +* Install busybox 1.36.1 for remediation of CVE-2022-28391 and CVE-2022-30065 + +#### docker-splunk changes: +* Bumping Splunk version. For details, see [Fixed issues for 9.1.3](https://docs.splunk.com/Documentation/Splunk/9.1.3/ReleaseNotes/Fixedissues#Splunk_Enterprise_9.1.3) + +#### splunk-ansible changes: +* Docs updated +* Bugfixes + +--- + ## 9.1.3 #### What's New? From beed1449ac382830466a174912799eb9cbf7111b Mon Sep 17 00:00:00 2001 From: michaellee-splunk <96087429+michaellee-splunk@users.noreply.github.com> Date: Thu, 30 May 2024 11:11:04 -0700 Subject: [PATCH 02/10] Update exclude list for changes in splunk files (#674) * update exclude list for changes in splunk files * update exclude list for changes in splunk files --- splunk/common-files/make-minimal-exclude.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/splunk/common-files/make-minimal-exclude.py b/splunk/common-files/make-minimal-exclude.py index 72747e0c..d68b6727 100755 --- a/splunk/common-files/make-minimal-exclude.py +++ b/splunk/common-files/make-minimal-exclude.py @@ -39,7 +39,6 @@ minor_version = version_string.group(2) if major_version: - print(EXCLUDE_V7) if int(major_version) == 7: print("*/bin/parsetest*") if int(minor_version) < 3: @@ -51,3 +50,7 @@ print("*/etc/apps/splunk_metrics_workspace*") if int(minor_version) < 1: print("*/bin/parsetest*") + elif int(major_version) >= 9: + if int(minor_version) >= 4: + EXCLUDE_V7 = EXCLUDE_V7.replace('*/bin/jsmin*', '') + print(EXCLUDE_V7) From 120bf34868d46f6950f68f3855d42a153d122dba Mon Sep 17 00:00:00 2001 From: michaellee-splunk <96087429+michaellee-splunk@users.noreply.github.com> Date: Fri, 31 May 2024 12:58:37 -0700 Subject: [PATCH 03/10] Add default.meta for splunk_enterprise_on_docker app (#675) * add default.meta for splunk_enterprise_on_docker app * add default.meta for splunk_enterprise_on_docker app --- .../apps/splunk_enterprise_on_docker/metadata/default.meta | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 splunk/common-files/apps/splunk_enterprise_on_docker/metadata/default.meta diff --git a/splunk/common-files/apps/splunk_enterprise_on_docker/metadata/default.meta b/splunk/common-files/apps/splunk_enterprise_on_docker/metadata/default.meta new file mode 100644 index 00000000..52fba224 --- /dev/null +++ b/splunk/common-files/apps/splunk_enterprise_on_docker/metadata/default.meta @@ -0,0 +1,2 @@ +[] +access = read : [ * ], write : [ admin ] From 8d3efd5d4e9f8e78b3a2210a9716aed29383a9d0 Mon Sep 17 00:00:00 2001 From: Jack Meixensperger Date: Tue, 11 Jun 2024 10:26:29 -0700 Subject: [PATCH 04/10] upgrade redhat8 python/ansible --- base/redhat-8/Dockerfile | 4 ++-- base/redhat-8/install.sh | 2 +- py23-image/redhat-8/Dockerfile | 10 +++++----- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/base/redhat-8/Dockerfile b/base/redhat-8/Dockerfile index 2f71cb49..c52fe57c 100644 --- a/base/redhat-8/Dockerfile +++ b/base/redhat-8/Dockerfile @@ -28,8 +28,8 @@ LABEL name="splunk" \ ARG BUSYBOX_URL ENV BUSYBOX_URL=${BUSYBOX_URL} \ - PYTHON_VERSION=3.7.16 \ - PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D + PYTHON_VERSION=3.8.19 \ + PYTHON_GPG_KEY_ID=E3FF2839C048B25C084DEBE9B26995E310250568 COPY install.sh /install.sh diff --git a/base/redhat-8/install.sh b/base/redhat-8/install.sh index 63e7950c..017b8e8a 100755 --- a/base/redhat-8/install.sh +++ b/base/redhat-8/install.sh @@ -74,7 +74,7 @@ ln -sf /usr/bin/pip${PY_SHORT} /usr/bin/pip # Install splunk-ansible dependencies cd / -/usr/bin/python3.7 -m pip install --upgrade pip +/usr/bin/python3.8 -m pip install --upgrade pip pip -q --no-cache-dir install --upgrade "requests_unixsocket<2.29" "requests<2.29" six wheel Mako "urllib3<2.0.0" certifi jmespath future avro cryptography lxml protobuf setuptools ansible # Remove tests packaged in python libs diff --git a/py23-image/redhat-8/Dockerfile b/py23-image/redhat-8/Dockerfile index 89676579..4dd297a8 100644 --- a/py23-image/redhat-8/Dockerfile +++ b/py23-image/redhat-8/Dockerfile @@ -5,8 +5,8 @@ USER root RUN microdnf -y --nodocs update \ && microdnf -y --nodocs install python2-pip python2-devel \ && pip2 --no-cache-dir install requests pyyaml jmespath \ - && ln -sf /usr/bin/python3.7 /usr/bin/python3 \ - && ln -sf /usr/bin/pip3.7 /usr/bin/pip3 \ - && ln -sf /usr/bin/python3.7 /usr/bin/python \ - && ln -sf /usr/bin/pip3.7 /usr/bin/pip \ - && pip3 install --upgrade ansible==3.4.0 requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0 + && ln -sf /usr/bin/python3.8 /usr/bin/python3 \ + && ln -sf /usr/bin/pip3.8 /usr/bin/pip3 \ + && ln -sf /usr/bin/python3.8 /usr/bin/python \ + && ln -sf /usr/bin/pip3.8 /usr/bin/pip \ + && pip3 install --upgrade requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0 From 27201c1bf600c5655015f5886fc2221ab1bceb1f Mon Sep 17 00:00:00 2001 From: Jack Meixensperger Date: Tue, 11 Jun 2024 12:07:18 -0700 Subject: [PATCH 05/10] add py3 interpreter path --- py23-image/redhat-8/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/py23-image/redhat-8/Dockerfile b/py23-image/redhat-8/Dockerfile index 4dd297a8..22353cee 100644 --- a/py23-image/redhat-8/Dockerfile +++ b/py23-image/redhat-8/Dockerfile @@ -9,4 +9,5 @@ RUN microdnf -y --nodocs update \ && ln -sf /usr/bin/pip3.8 /usr/bin/pip3 \ && ln -sf /usr/bin/python3.8 /usr/bin/python \ && ln -sf /usr/bin/pip3.8 /usr/bin/pip \ - && pip3 install --upgrade requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0 + && pip3 install --upgrade requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0 \ + && sed -i '/^\[defaults\]/a\interpreter_python = /usr/bin/python3' /opt/ansible/ansible.cfg From c2560fa29863f3968c68355d30c1b02834b30b23 Mon Sep 17 00:00:00 2001 From: Jack Meixensperger Date: Wed, 12 Jun 2024 15:35:11 -0700 Subject: [PATCH 06/10] use py3.9, resolve CVEs --- base/redhat-8/Dockerfile | 2 +- base/redhat-8/install.sh | 8 ++++++-- py23-image/redhat-8/Dockerfile | 11 ++++++----- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/base/redhat-8/Dockerfile b/base/redhat-8/Dockerfile index c52fe57c..d839e582 100644 --- a/base/redhat-8/Dockerfile +++ b/base/redhat-8/Dockerfile @@ -28,7 +28,7 @@ LABEL name="splunk" \ ARG BUSYBOX_URL ENV BUSYBOX_URL=${BUSYBOX_URL} \ - PYTHON_VERSION=3.8.19 \ + PYTHON_VERSION=3.9.19 \ PYTHON_GPG_KEY_ID=E3FF2839C048B25C084DEBE9B26995E310250568 COPY install.sh /install.sh diff --git a/base/redhat-8/install.sh b/base/redhat-8/install.sh index 017b8e8a..2763a84a 100755 --- a/base/redhat-8/install.sh +++ b/base/redhat-8/install.sh @@ -17,7 +17,8 @@ set -e # Generate UTF-8 char map and locale # Reinstalling local English def for now, removed in minimal image: https://bugzilla.redhat.com/show_bug.cgi?id=1665251 -microdnf -y --nodocs install glibc-langpack-en +# Comment below install until glibc update is available in minimal image: https://access.redhat.com/errata/RHSA-2024:2722 +#microdnf -y --nodocs install glibc-langpack-en # Currently there is no access to the UTF-8 char map. The following command is commented out until # the base container can generate the locale. @@ -74,9 +75,12 @@ ln -sf /usr/bin/pip${PY_SHORT} /usr/bin/pip # Install splunk-ansible dependencies cd / -/usr/bin/python3.8 -m pip install --upgrade pip +/usr/bin/python3.9 -m pip install --upgrade pip pip -q --no-cache-dir install --upgrade "requests_unixsocket<2.29" "requests<2.29" six wheel Mako "urllib3<2.0.0" certifi jmespath future avro cryptography lxml protobuf setuptools ansible +# Avoid vulnerability on old pip version +/usr/libexec/platform-python -m pip install --upgrade pip + # Remove tests packaged in python libs find /usr/lib/ -depth \( -type d -a -not -wholename '*/ansible/plugins/test' -a \( -name test -o -name tests -o -name idle_test \) \) -exec rm -rf '{}' \; find /usr/lib/ -depth \( -type f -a -name '*.pyc' -o -name '*.pyo' -o -name '*.a' \) -exec rm -rf '{}' \; diff --git a/py23-image/redhat-8/Dockerfile b/py23-image/redhat-8/Dockerfile index 22353cee..c2dd5471 100644 --- a/py23-image/redhat-8/Dockerfile +++ b/py23-image/redhat-8/Dockerfile @@ -3,11 +3,12 @@ FROM ${SPLUNK_PRODUCT}-redhat-8:latest USER root RUN microdnf -y --nodocs update \ - && microdnf -y --nodocs install python2-pip python2-devel \ + && microdnf -y --nodocs install python2 \ + && pip2 install --upgrade pip \ && pip2 --no-cache-dir install requests pyyaml jmespath \ - && ln -sf /usr/bin/python3.8 /usr/bin/python3 \ - && ln -sf /usr/bin/pip3.8 /usr/bin/pip3 \ - && ln -sf /usr/bin/python3.8 /usr/bin/python \ - && ln -sf /usr/bin/pip3.8 /usr/bin/pip \ + && ln -sf /usr/bin/python3.9 /usr/bin/python3 \ + && ln -sf /usr/bin/pip3.9 /usr/bin/pip3 \ + && ln -sf /usr/bin/python3.9 /usr/bin/python \ + && ln -sf /usr/bin/pip3.9 /usr/bin/pip \ && pip3 install --upgrade requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0 \ && sed -i '/^\[defaults\]/a\interpreter_python = /usr/bin/python3' /opt/ansible/ansible.cfg From 7992f8ae0ec1dad1782f2c03c85e6e6e0ba7690f Mon Sep 17 00:00:00 2001 From: Jack Meixensperger Date: Mon, 17 Jun 2024 14:26:38 -0700 Subject: [PATCH 07/10] move py3/pip3 symlink to base --- base/redhat-8/install.sh | 4 ++++ py23-image/redhat-8/Dockerfile | 2 -- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/base/redhat-8/install.sh b/base/redhat-8/install.sh index 2763a84a..595a4936 100755 --- a/base/redhat-8/install.sh +++ b/base/redhat-8/install.sh @@ -111,3 +111,7 @@ echo " # Clean microdnf clean all rm -rf /install.sh /anaconda-post.log /var/log/anaconda/* + +# Symlink python/pip +ln -sf /usr/bin/python3.9 /usr/bin/python3 +ln -sf /usr/bin/pip3.9 /usr/bin/pip3 diff --git a/py23-image/redhat-8/Dockerfile b/py23-image/redhat-8/Dockerfile index c2dd5471..85e8813f 100644 --- a/py23-image/redhat-8/Dockerfile +++ b/py23-image/redhat-8/Dockerfile @@ -6,8 +6,6 @@ RUN microdnf -y --nodocs update \ && microdnf -y --nodocs install python2 \ && pip2 install --upgrade pip \ && pip2 --no-cache-dir install requests pyyaml jmespath \ - && ln -sf /usr/bin/python3.9 /usr/bin/python3 \ - && ln -sf /usr/bin/pip3.9 /usr/bin/pip3 \ && ln -sf /usr/bin/python3.9 /usr/bin/python \ && ln -sf /usr/bin/pip3.9 /usr/bin/pip \ && pip3 install --upgrade requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0 \ From c5c45d499a10057f8d2cc6bf24e2a0604d9496b8 Mon Sep 17 00:00:00 2001 From: Jack Meixensperger Date: Mon, 17 Jun 2024 14:56:53 -0700 Subject: [PATCH 08/10] move all symlinking --- base/centos-7/install.sh | 4 ++++ base/centos-8/install.sh | 1 + base/debian-10/install.sh | 4 ++++ base/debian-9/install.sh | 4 ++++ py23-image/centos-7/Dockerfile | 3 +-- py23-image/centos-8/Dockerfile | 3 +-- py23-image/debian-10/Dockerfile | 2 -- py23-image/debian-9/Dockerfile | 2 -- py23-image/redhat-8/Dockerfile | 3 +-- splunk/common-files/Dockerfile | 1 + 10 files changed, 17 insertions(+), 10 deletions(-) diff --git a/base/centos-7/install.sh b/base/centos-7/install.sh index 0d2c2873..ae8e4e33 100755 --- a/base/centos-7/install.sh +++ b/base/centos-7/install.sh @@ -47,3 +47,7 @@ rm -rf /etc/security/limits.d/20-nproc.conf # Clean yum clean all rm -rf /anaconda-post.log /var/log/anaconda/* + +# symlink for python3 +ln -s /bin/python3 /bin/python +ln -sf /usr/bin/pip3.7 /usr/bin/pip3 diff --git a/base/centos-8/install.sh b/base/centos-8/install.sh index ebcd7dda..af1f69d2 100755 --- a/base/centos-8/install.sh +++ b/base/centos-8/install.sh @@ -49,6 +49,7 @@ echo " # symlink for python3 ln -s /bin/python3 /bin/python +ln -sf /usr/bin/pip3.7 /usr/bin/pip3 # Clean yum clean all diff --git a/base/debian-10/install.sh b/base/debian-10/install.sh index 28bdb290..d8357bac 100755 --- a/base/debian-10/install.sh +++ b/base/debian-10/install.sh @@ -92,3 +92,7 @@ chmod u+s /bin/ping # Clean apt clean autoclean rm -rf /var/lib/apt/lists/* + +# Symlink python/pip +ln -sf /usr/bin/python3.7 /usr/bin/python3 +ln -sf /usr/bin/pip3.7 /usr/bin/pip3 \ No newline at end of file diff --git a/base/debian-9/install.sh b/base/debian-9/install.sh index 7c074cc8..12dc0ef2 100755 --- a/base/debian-9/install.sh +++ b/base/debian-9/install.sh @@ -93,3 +93,7 @@ chmod u+s /bin/ping # Clean apt clean autoclean rm -rf /var/lib/apt/lists/* + +# Symlink python/pip +ln -sf /usr/bin/python3.7 /usr/bin/python3 +ln -sf /usr/bin/pip3.7 /usr/bin/pip3 diff --git a/py23-image/centos-7/Dockerfile b/py23-image/centos-7/Dockerfile index 04a439f6..0811f0dc 100644 --- a/py23-image/centos-7/Dockerfile +++ b/py23-image/centos-7/Dockerfile @@ -17,8 +17,7 @@ RUN wget https://www.python.org/ftp/python/3.7.4/Python-3.7.4.tgz \ && python3.7 get-pip.py \ && rm -f get-pip.py \ #pip version is not automatically "fixed", unlike debian-based - && ln -sf /usr/bin/pip2 /usr/bin/pip \ - && ln -sf /usr/bin/pip3.7 /usr/bin/pip3 + && ln -sf /usr/bin/pip2 /usr/bin/pip RUN yum remove -y --setopt=tsflags=noscripts gcc openssl-devel bzip2-devel libffi-devel \ && yum autoremove -y \ && yum clean all diff --git a/py23-image/centos-8/Dockerfile b/py23-image/centos-8/Dockerfile index db936b26..6562f180 100644 --- a/py23-image/centos-8/Dockerfile +++ b/py23-image/centos-8/Dockerfile @@ -18,8 +18,7 @@ RUN wget https://www.python.org/ftp/python/3.7.4/Python-3.7.4.tgz \ && python3.7 get-pip.py \ && rm -f get-pip.py \ # pip version is not automatically "fixed", unlike debian-based - && ln -sf /usr/bin/pip2 /usr/bin/pip \ - && ln -sf /usr/bin/pip3.7 /usr/bin/pip3 + && ln -sf /usr/bin/pip2 /usr/bin/pip # add python alias # && ln -s /bin/python3 /bin/python diff --git a/py23-image/debian-10/Dockerfile b/py23-image/debian-10/Dockerfile index 8ff6d359..bae3f1c2 100644 --- a/py23-image/debian-10/Dockerfile +++ b/py23-image/debian-10/Dockerfile @@ -4,8 +4,6 @@ USER root RUN apt-get update -y \ && apt-get install -y --no-install-recommends libpython-dev python-pip python-requests python-jmespath python-yaml \ - && ln -sf /usr/bin/python3.7 /usr/bin/python3 \ - && ln -sf /usr/bin/pip3.7 /usr/bin/pip3 \ && ln -sf /usr/bin/python3.7 /usr/bin/python \ && ln -sf /usr/bin/pip3.7 /usr/bin/pip \ && pip3 install --upgrade ansible==3.4.0 requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0 diff --git a/py23-image/debian-9/Dockerfile b/py23-image/debian-9/Dockerfile index 69779918..acbd13d2 100644 --- a/py23-image/debian-9/Dockerfile +++ b/py23-image/debian-9/Dockerfile @@ -4,8 +4,6 @@ USER root RUN apt-get update -y \ && apt-get install -y --no-install-recommends libpython-dev python-pip python-requests python-jmespath python-yaml \ - && ln -sf /usr/bin/python3.7 /usr/bin/python3 \ - && ln -sf /usr/bin/pip3.7 /usr/bin/pip3 \ && ln -sf /usr/bin/python3.7 /usr/bin/python \ && ln -sf /usr/bin/pip3.7 /usr/bin/pip \ && pip3 install --upgrade ansible==3.4.0 requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0 diff --git a/py23-image/redhat-8/Dockerfile b/py23-image/redhat-8/Dockerfile index 85e8813f..deb0a063 100644 --- a/py23-image/redhat-8/Dockerfile +++ b/py23-image/redhat-8/Dockerfile @@ -8,5 +8,4 @@ RUN microdnf -y --nodocs update \ && pip2 --no-cache-dir install requests pyyaml jmespath \ && ln -sf /usr/bin/python3.9 /usr/bin/python \ && ln -sf /usr/bin/pip3.9 /usr/bin/pip \ - && pip3 install --upgrade requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0 \ - && sed -i '/^\[defaults\]/a\interpreter_python = /usr/bin/python3' /opt/ansible/ansible.cfg + && pip3 install --upgrade requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0 diff --git a/splunk/common-files/Dockerfile b/splunk/common-files/Dockerfile index 7338c52a..809c09c3 100644 --- a/splunk/common-files/Dockerfile +++ b/splunk/common-files/Dockerfile @@ -112,6 +112,7 @@ RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL\nans && chgrp ${ANSIBLE_GROUP} ${SPLUNK_ANSIBLE_HOME} ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \ && chmod 775 ${SPLUNK_ANSIBLE_HOME} \ && chmod 664 ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \ + && sed -i '/^\[defaults\]/a\interpreter_python = /usr/bin/python3' ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \ && chmod 755 /sbin/entrypoint.sh /sbin/createdefaults.py /sbin/checkstate.sh USER ${ANSIBLE_USER} From b08dedf22b25989686115503da57dc7df8330be5 Mon Sep 17 00:00:00 2001 From: Jack Meixensperger Date: Mon, 17 Jun 2024 15:05:28 -0700 Subject: [PATCH 09/10] set ansible interpreter on uf --- uf/common-files/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/uf/common-files/Dockerfile b/uf/common-files/Dockerfile index 785de0eb..0048eae1 100644 --- a/uf/common-files/Dockerfile +++ b/uf/common-files/Dockerfile @@ -105,6 +105,7 @@ RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL\nans && chgrp ${ANSIBLE_GROUP} ${SPLUNK_ANSIBLE_HOME} ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \ && chmod 775 ${SPLUNK_ANSIBLE_HOME} \ && chmod 664 ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \ + && sed -i '/^\[defaults\]/a\interpreter_python = /usr/bin/python3' ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \ && chmod 755 /sbin/entrypoint.sh /sbin/createdefaults.py /sbin/checkstate.sh USER ${ANSIBLE_USER} From 57045ecf1d6895d060759ee836b03b0df0e33c6d Mon Sep 17 00:00:00 2001 From: Jack Meixensperger Date: Tue, 18 Jun 2024 14:04:14 -0700 Subject: [PATCH 10/10] fix pip3 symlink --- base/redhat-8/install.sh | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/base/redhat-8/install.sh b/base/redhat-8/install.sh index 595a4936..790f7217 100755 --- a/base/redhat-8/install.sh +++ b/base/redhat-8/install.sh @@ -72,15 +72,14 @@ make altinstall LDFLAGS="-Wl,--strip-all" rm -rf /tmp/pyinstall ln -sf /usr/bin/python${PY_SHORT} /usr/bin/python ln -sf /usr/bin/pip${PY_SHORT} /usr/bin/pip +ln -sf /usr/bin/python${PY_SHORT} /usr/bin/python3 +ln -sf /usr/bin/pip${PY_SHORT} /usr/bin/pip3 # Install splunk-ansible dependencies cd / /usr/bin/python3.9 -m pip install --upgrade pip pip -q --no-cache-dir install --upgrade "requests_unixsocket<2.29" "requests<2.29" six wheel Mako "urllib3<2.0.0" certifi jmespath future avro cryptography lxml protobuf setuptools ansible -# Avoid vulnerability on old pip version -/usr/libexec/platform-python -m pip install --upgrade pip - # Remove tests packaged in python libs find /usr/lib/ -depth \( -type d -a -not -wholename '*/ansible/plugins/test' -a \( -name test -o -name tests -o -name idle_test \) \) -exec rm -rf '{}' \; find /usr/lib/ -depth \( -type f -a -name '*.pyc' -o -name '*.pyo' -o -name '*.a' \) -exec rm -rf '{}' \; @@ -111,7 +110,3 @@ echo " # Clean microdnf clean all rm -rf /install.sh /anaconda-post.log /var/log/anaconda/* - -# Symlink python/pip -ln -sf /usr/bin/python3.9 /usr/bin/python3 -ln -sf /usr/bin/pip3.9 /usr/bin/pip3