Problem on System with different network interfaces and the trackme app

[malso]

Hey @guilhemmarchand,

running trackme 1.2.57 on splunk 8.1.5.

I have a system with different network interfaces and splunk is bound on a deviating ip than $HOSTNAME in splunk-launch.conf (via SPLUNK_BINDIP).
I am not able to get kvstore backup running (response: Warn: exception encountered: [Errno 99] Cannot assign requested address)
or do edits like change the priority of a data source over the modify context.
Defining lagging classes and controlling the lagging value however is possible.

I already found a
target_url = "https://localhost:" in trackme.py which I changed.

Do you have any ideas what I need to do to get the app fully working?

[guilhemmarchand]

Hey @malso

Oh that is quite an interesting one - so basically on the local system, you can technically reach the API (splunkd) but because of SPLUNK_BINDIP splunkd will not reply to the originating query.

To be fair, there's quite a lot of calls made in the app to localhost, wether in the UI or at the lowest backend level (and this is going to tons more in TrackMe v2)

I see at least these:

./bin/trackme/modalert_trackme_auto_ack_helper.py:    helper.writeevents(index="summary", host="localhost", source="localhost")
./bin/trackme/modalert_trackme_auto_ack_helper.py:    # we are talking to localhost splunkd in SSL
./bin/trackme/modalert_trackme_auto_ack_helper.py:    target_url = "https://localhost:" + str(splunkd_port) + str(endpoint_url)
./bin/trackme/modalert_trackme_free_style_rest_call_helper.py:    helper.writeevents(index="summary", host="localhost", source="localhost")
./bin/trackme/modalert_trackme_free_style_rest_call_helper.py:    # we are talking to localhost splunkd in SSL
./bin/trackme/modalert_trackme_free_style_rest_call_helper.py:    target_url = "https://localhost:" + str(splunkd_port) + str(endpoint_url)
./bin/trackme/modalert_trackme_free_style_rest_call_helper.py:    record_url = 'https://localhost:' + str(splunkd_port) \
./bin/trackme/modalert_trackme_smart_status_helper.py:    helper.writeevents(index="summary", host="localhost", source="localhost")
./bin/trackme/modalert_trackme_smart_status_helper.py:    # we are talking to localhost splunkd in SSL
./bin/trackme/modalert_trackme_smart_status_helper.py:    target_url = "https://localhost:" + str(splunkd_port) + str(endpoint_url)
./bin/trackme/modalert_trackme_smart_status_helper.py:    record_url = 'https://localhost:' + str(splunkd_port) \
./bin/trackme.py:            target_url = "https://localhost:" + str(splunkd_port) + str(self.url)
./bin/trackme_rest_handler_smart_status.py:                record_url = 'https://localhost:' + str(splunkd_port) \
./bin/trackme_rest_handler_smart_status.py:                record_url = 'https://localhost:' + str(splunkd_port) \
./bin/trackme_rest_handler_smart_status.py:                record_url = 'https://localhost:' + str(splunkd_port) \

One option I guess would be to provide something configurable in the configuration UI where you can use a different destination than localhost, but might be quite a work. (and I am focussing on TrackMe v2)

I will need to do some testings to understand where would be the failures in your context

[malso]

Hey @guilhemmarchand,

Thank you for your fast answer.
Unfortunately it did not help.

I deleted all python cache files.

Additionally I changed all occurrences of socket.gethostname() with the fqdn of the ip I'm using for Splunk.

[guilhemmarchand]

@malso

I will check this out, and will let you know

[malso]

Hey @guilhemmarchand
I got it working, but only by change every occurence of loocalhost to the bindip.
And by working I mean I was just not ablw to change the priority, and I have no idea if I broke something :)
Files I edited:
./bin/trackme/modalert_trackme_auto_ack_helper.py
./bin/trackme/modalert_trackme_free_style_rest_call_helper.py
./bin/trackme/modalert_trackme_smart_status_helper.py
./bin/trackme.py
./bin/trackme_rest_handler_smart_status.py
./lib/splunklib/binding.py
./lib/splunktalib/credentials.py
./lib/urllib3/exceptions.py

[guilhemmarchand]

Thanks @malso

./bin/trackme/modalert_trackme_auto_ack_helper.py
./bin/trackme/modalert_trackme_free_style_rest_call_helper.py
./bin/trackme/modalert_trackme_smart_status_helper.py
./bin/trackme.py
./bin/trackme_rest_handler_smart_status.py

Makes sense, the localhost call is hard coded.

./lib/splunklib/binding.py
./lib/splunktalib/credentials.py
./lib/urllib3/exceptions.py

That probably shouldn't be necessary.

I am planning to provide a configurable option for the splunkd host target, such that someone in your case can switch from localhost to the bind IP / FQDN / host.

Will revert in this issue.