Skip to content

Commit 03089a2

Browse files
alishamayornwang92
andauthored
Republish/8.0.3 (#360)
* Merging sudoers step (#354) * Adding test for changes to conf and cluster master (#356) * Updating splunk.conf in docker-splunk docs (#357) * Making password extraction more robust (#358) * Updating changelog to republish 8.0.3 (#359) Co-authored-by: Nelson Wang <[email protected]>
1 parent 357a171 commit 03089a2

File tree

9 files changed

+243
-75
lines changed

9 files changed

+243
-75
lines changed

README.md

Lines changed: 34 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -1,86 +1,92 @@
1-
# docker-splunk: Containerizing Splunk Enterprise
1+
# Docker-Splunk: Containerizing Splunk Enterprise
22

33
[![Build Status](https://circleci.com/gh/splunk/docker-splunk/tree/develop.svg?style=svg)](https://circleci.com/gh/splunk/docker-splunk/tree/develop)&nbsp;
44
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)&nbsp;
55
[![GitHub release](https://img.shields.io/github/v/tag/splunk/docker-splunk?sort=semver&label=Version)](https://github.com/splunk/docker-splunk/releases)
66

7-
Welcome to Splunk's official repository of Dockerfiles for building Splunk Enterprise and Splunk Universal Forwarder images using containerization technology.
7+
Welcome to the official Splunk repository of Dockerfiles for building Splunk Enterprise and Splunk Universal Forwarder images for containerized deployments.
88

99
----
1010

1111
## Table of Contents
1212

1313
1. [Purpose](#purpose)
14-
2. [Quickstart](#quickstart)
15-
3. [Documentation](#documentation)
16-
4. [Support](#support)
17-
5. [Contributing](#contributing)
18-
6. [License](#license)
14+
1. [Quickstart](#quickstart)
15+
1. [Documentation](#documentation)
16+
1. [Support](#support)
17+
1. [Contributing](#contributing)
18+
1. [License](#license)
1919

2020
----
2121

2222
## Purpose
2323

2424
#### What is Splunk Enterprise?
25-
Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
25+
[Splunk Enterprise](https://www.splunk.com/en_us/software/splunk-enterprise.html) is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
2626

27-
Refer to [Splunk products](https://www.splunk.com/en_us/software.html) for more knowledge about the features and capabilities of Splunk, and how you can bring it into your organization.
27+
See [Splunk Products](https://www.splunk.com/en_us/software.html) for more information about the features and capabilities of Splunk products and how you can [bring them into your organization](https://www.splunk.com/en_us/enterprise-data-platform.html).
2828

29-
#### What is docker-splunk?
29+
#### What is Docker-Splunk?
3030
This is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk Enterprise.
3131

32-
The provisioning of these containers is handled by the [splunk-ansible](https://github.com/splunk/splunk-ansible) project. See the [Ansible documentation](http://docs.ansible.com/) for more details about Ansible concepts and how it works.
32+
The provisioning of these containers is handled by the [Splunk-Ansible](https://github.com/splunk/splunk-ansible) project. Refer to the [Splunk-Ansible documentation](https://splunk.github.io/splunk-ansible/) and the [Ansible User Guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) for more details.
3333

3434
----
3535

3636
## Quickstart
37-
Use the following command to start a single standalone instance of Splunk Enterprise:
37+
38+
Start a single containerized instance of Splunk Enterprise with the command below, replacing `<password>` with a password string that conforms to the [Splunk Enterprise password requirements](https://docs.splunk.com/Documentation/Splunk/latest/Security/Configurepasswordsinspecfile).
3839
```bash
39-
$ docker run -it --name so1 -p 8000:8000 -e "SPLUNK_PASSWORD=<password>" -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:latest
40+
$ docker run -p 8000:8000 -e "SPLUNK_PASSWORD=<password>" \
41+
-e "SPLUNK_START_ARGS=--accept-license" \
42+
-it --name so1 splunk/splunk:latest
4043
```
4144

42-
Let's break down what this command does:
43-
1. Starts a Docker container interactively using the `splunk/splunk:latest` image.
44-
2. Expose a port mapping from the host's `8000` to the container's `8000`.
45-
3. Specify a custom `SPLUNK_PASSWORD` - be sure to replace `<password>` with any string that conforms to the [Splunk Enterprise password requirements](https://docs.splunk.com/Documentation/Splunk/latest/Security/Configurepasswordsinspecfile).
46-
4. Accept the license agreement with `SPLUNK_START_ARGS=--accept-license`. This must be explicitly accepted on every `splunk/splunk` container, otherwise Splunk will not start.
45+
This command does the following:
46+
1. Starts a Docker container using the `splunk/splunk:latest` image.
47+
1. Names the container as `so1`.
48+
1. Exposes a port mapping from the host's `8000` port to the container's `8000` port
49+
1. Specifies a custom `SPLUNK_PASSWORD`.
50+
1. Accepts the license agreement with `SPLUNK_START_ARGS=--accept-license`. This agreement must be explicitly accepted on every container or Splunk Enterprise doesn't start.
4751

48-
After the container starts up successfully, you should be able to access SplunkWeb at http://localhost:8000 with `admin:<password>`.
52+
After the container starts up, you can access Splunk Web at <http://localhost:8000> with `admin:<password>`.
4953

5054
To view the logs from the container created above, run:
5155
```bash
5256
$ docker logs -f so1
5357
```
5458

55-
To enter the container and run some Splunk CLI commands:
59+
To enter the container and run Splunk CLI commands, run:
5660
```bash
57-
# Defaults to "ansible" user
61+
# Defaults to the user "ansible"
5862
docker exec -it so1 /bin/bash
59-
# Run shell as "splunk" user
63+
64+
# Run shell as the user "splunk"
6065
docker exec -u splunk -it so1 bash
6166
```
6267

63-
For an example of how to enable TCP 10514 for listening:
68+
To enable TCP 10514 for listening, run:
6469
```bash
6570
docker exec -u splunk so1 /opt/splunk/bin/splunk add tcp 10514 \
6671
-sourcetype syslog -resolvehost true \
6772
-auth "admin:${SPLUNK_PASSWORD}"
6873
```
6974

70-
To install an app:
75+
To install an app, run:
7176
```bash
72-
# Alternatively, apps can be installed at Docker run-time, ex:
73-
# docker run -e SPLUNK_APPS_URL=http://web/app.tgz ...
7477
docker exec -u splunk so1 /opt/splunk/bin/splunk install \
7578
/path/to/app.tar -auth "admin:${SPLUNK_PASSWORD}"
79+
80+
# Alternatively, apps can be installed at Docker run-time
81+
docker run -e SPLUNK_APPS_URL=http://web/app.tgz ...
7682
```
7783

78-
Additional information on Docker support for Splunk Enterprise can be found [here](https://docs.splunk.com/Documentation/Splunk/latest/Installation/DeployandrunSplunkEnterpriseinsideDockercontainers).
84+
See [Deploy and run Splunk Enterprise inside a Docker container](https://docs.splunk.com/Documentation/Splunk/latest/Installation/DeployandrunSplunkEnterpriseinsideDockercontainers) for more information.
7985

8086
---
8187

8288
## Documentation
83-
Visit the [docker-splunk documentation](https://splunk.github.io/docker-splunk/) page for full usage instructions, including installation, examples, and advanced deployment scenarios.
89+
Visit the [Docker-Splunk documentation](https://splunk.github.io/docker-splunk/) page for full usage instructions, including installation, examples, and advanced deployment scenarios.
8490

8591
---
8692

base/redhat-8/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
# the container catalog moved from registry.access.redhat.com to registry.redhat.io
1717
# So at some point before they deprecate the old registry we have to make sure that
1818
# we have access to the new registry and change where we pull the ubi image from.
19-
FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1
19+
FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1-407
2020
LABEL name="splunk" \
2121
maintainer="[email protected]" \
2222
vendor="splunk" \

docs/ADVANCED.md

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -230,15 +230,18 @@ User-specified config files are set in `default.yml` by creating a `conf` key un
230230
---
231231
splunk:
232232
conf:
233-
user-prefs:
234-
directory: /opt/splunkforwarder/etc/users/admin/user-prefs/local
235-
content:
236-
general:
237-
default_namespace: appboilerplate
238-
search_syntax_highlighting: dark
233+
- key: user-prefs
234+
value:
235+
directory: /opt/splunkforwarder/etc/users/admin/user-prefs/local
236+
content:
237+
general:
238+
default_namespace: appboilerplate
239+
search_syntax_highlighting: dark
239240
...
240241
```
241242

243+
**NOTE:** Previously, the `splunk.conf` entry supported a dictionary mapping. Both types will continue to work, but it is highly recommended you move to the new array-based type, as this will become the standard.
244+
242245
This generates a file `user-prefs.conf`, owned by the correct Splunk user and group and located in the given directory (in this case, `/opt/splunkforwarder/etc/users/admin/user-prefs/local`).
243246

244247
Following INI format, the contents of `user-prefs.conf` will resemble the following:

docs/CHANGELOG.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,10 +40,13 @@
4040
* Updated tests and documentation
4141

4242
#### splunk-ansible changes:
43+
* Added support for custom SSL certificates for the HEC endpoint
4344
* Added support for Java installations on Red Hat and CentOS
4445
* Updated defaults for `service_name`
45-
* In S2S configuration, revised Splunk restart trigger to occur only when splunktcp has changed and Splunk is running
46+
* Switched `splunk.conf` in `default.yml` from a dictionary mapping to an array-based scheme. The change is backwards compatible but moving to the new array-based type is highly recommended as the new standard.
47+
* In S2S configuration, revised Splunk restart trigger to occur only when `splunktcp` has changed and Splunk is running
4648
* Refactored how apps are copied and disabled
49+
* Bugfix for supporting empty stanzas in config files
4750

4851
---
4952

docs/index.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,18 @@
1-
# Welcome to the docker-splunk documentation!
1+
# Welcome to the Docker-Splunk documentation!
22

33
Welcome to the official Splunk documentation on containerizing Splunk Enterprise and Splunk Universal Forwarder deployments with Docker.
44

55
### What is Splunk Enterprise?
66
[Splunk Enterprise](https://www.splunk.com/en_us/software/splunk-enterprise.html) is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
77

8-
Learn more about the features and capabilities of [Splunk Products](https://www.splunk.com/en_us/software.html) and how you can [bring them into your organization](https://www.splunk.com/en_us/enterprise-data-platform.html).
8+
See [Splunk Products](https://www.splunk.com/en_us/software.html) for more information about the features and capabilities of Splunk products and how you can [bring them into your organization](https://www.splunk.com/en_us/enterprise-data-platform.html).
99

10-
### What is docker-splunk?
11-
This is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk and its other product offerings.
10+
### What is Docker-Splunk?
11+
The [Docker-Splunk project](https://github.com/splunk/docker-splunk) is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk Enterprise.
1212

1313
This repository should be used by people interested in running Splunk in their container orchestration environments. With this Docker image, we support running a standalone development Splunk instance as easily as running a full-fledged distributed production cluster, all while maintaining the best practices and recommended standards of operating Splunk at scale.
1414

15-
The provisioning of these disjoint containers is handled by the [splunk-ansible](https://github.com/splunk/splunk-ansible) project. See the [Ansible documentation](http://docs.ansible.com/) for more details about Ansible concepts and how it works.
15+
The provisioning of these disjoint containers is handled by the [Splunk-Ansible](https://github.com/splunk/splunk-ansible) project. Refer to the [Splunk-Ansible documentation](https://splunk.github.io/splunk-ansible/) and the [Ansible User Guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) for more details.
1616

1717
---
1818

splunk/common-files/Dockerfile

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -95,8 +95,7 @@ COPY [ "splunk/common-files/entrypoint.sh", "splunk/common-files/createdefaults.
9595
COPY splunk-ansible ${SPLUNK_ANSIBLE_HOME}
9696

9797
# Set sudo rights
98-
RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers \
99-
&& sudo echo -e '\nansible ALL=(splunk)NOPASSWD:ALL' >> /etc/sudoers \
98+
RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL\nansible ALL=(splunk)NOPASSWD:ALL/g' /etc/sudoers \
10099
&& echo 'Create the ansible user/group' \
101100
&& groupadd -r ${ANSIBLE_GROUP} \
102101
&& useradd -r -m -g ${ANSIBLE_GROUP} ${ANSIBLE_USER} \

test_scenarios/1deployment1cm.yaml

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
version: "3.6"
2+
3+
networks:
4+
splunknet:
5+
driver: bridge
6+
attachable: true
7+
8+
services:
9+
appserver:
10+
networks:
11+
splunknet:
12+
aliases:
13+
- appserver
14+
image: nwang92/nginx-mitm
15+
hostname: appserver
16+
container_name: appserver
17+
ports:
18+
- 80
19+
volumes:
20+
- ../tests/fixtures:/www/data
21+
22+
depserver1:
23+
networks:
24+
splunknet:
25+
aliases:
26+
- depserver1
27+
image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
28+
hostname: depserver1
29+
container_name: depserver1
30+
environment:
31+
- SPLUNK_START_ARGS=--accept-license
32+
- SPLUNK_ROLE=splunk_deployment_server
33+
- SPLUNK_APPS_URL=http://appserver/splunk_app_example.tgz
34+
- DEBUG=true
35+
- SPLUNK_PASSWORD
36+
ports:
37+
- 8089
38+
volumes:
39+
- ./defaults:/tmp/defaults
40+
41+
cm1:
42+
networks:
43+
splunknet:
44+
aliases:
45+
- cm1
46+
image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
47+
hostname: cm1
48+
container_name: cm1
49+
environment:
50+
- SPLUNK_START_ARGS=--accept-license
51+
- SPLUNK_DEPLOYMENT_SERVER=depserver1
52+
- SPLUNK_ROLE=splunk_cluster_master
53+
- SPLUNK_CLUSTER_MASTER_URL=cm1
54+
- DEBUG=true
55+
- SPLUNK_PASSWORD
56+
ports:
57+
- 8000
58+
- 8089
59+
volumes:
60+
- ./defaults:/tmp/defaults

0 commit comments

Comments
 (0)