Republish/8.0.3 (#360)

* Merging sudoers step (#354) * Adding test for changes to conf and cluster master (#356) * Updating splunk.conf in docker-splunk docs (#357) * Making password extraction more robust (#358) * Updating changelog to republish 8.0.3 (#359) Co-authored-by: Nelson Wang <nwang92@users.noreply.github.com>
splunk · Apr 15, 2020 · 03089a2 · 03089a2
1 parent 357a171
commit 03089a2
Show file tree

Hide file tree

Showing 9 changed files with 243 additions and 75 deletions.
diff --git a/README.md b/README.md
@@ -1,86 +1,92 @@
-# docker-splunk: Containerizing Splunk Enterprise
+# Docker-Splunk: Containerizing Splunk Enterprise
 
 [![Build Status](https://circleci.com/gh/splunk/docker-splunk/tree/develop.svg?style=svg)](https://circleci.com/gh/splunk/docker-splunk/tree/develop)&nbsp;
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)&nbsp;
 [![GitHub release](https://img.shields.io/github/v/tag/splunk/docker-splunk?sort=semver&label=Version)](https://github.com/splunk/docker-splunk/releases)
 
-Welcome to Splunk's official repository of Dockerfiles for building Splunk Enterprise and Splunk Universal Forwarder images using containerization technology.
+Welcome to the official Splunk repository of Dockerfiles for building Splunk Enterprise and Splunk Universal Forwarder images for containerized deployments.
 
 ----
 
 ## Table of Contents
 
 1. [Purpose](#purpose)
-2. [Quickstart](#quickstart)
-3. [Documentation](#documentation)
-4. [Support](#support)
-5. [Contributing](#contributing)
-6. [License](#license)
+1. [Quickstart](#quickstart)
+1. [Documentation](#documentation)
+1. [Support](#support)
+1. [Contributing](#contributing)
+1. [License](#license)
 
 ----
 
 ## Purpose
 
 #### What is Splunk Enterprise?
-Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
+[Splunk Enterprise](https://www.splunk.com/en_us/software/splunk-enterprise.html) is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
 
-Refer to [Splunk products](https://www.splunk.com/en_us/software.html) for more knowledge about the features and capabilities of Splunk, and how you can bring it into your organization.
+See [Splunk Products](https://www.splunk.com/en_us/software.html) for more information about the features and capabilities of Splunk products and how you can [bring them into your organization](https://www.splunk.com/en_us/enterprise-data-platform.html).
 
-#### What is docker-splunk?
+#### What is Docker-Splunk?
 This is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk Enterprise.
 
-The provisioning of these containers is handled by the [splunk-ansible](https://github.com/splunk/splunk-ansible) project. See the [Ansible documentation](http://docs.ansible.com/) for more details about Ansible concepts and how it works.
+The provisioning of these containers is handled by the [Splunk-Ansible](https://github.com/splunk/splunk-ansible) project. Refer to the [Splunk-Ansible documentation](https://splunk.github.io/splunk-ansible/) and the [Ansible User Guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) for more details.
 
 ----
 
 ## Quickstart
-Use the following command to start a single standalone instance of Splunk Enterprise:
+
+Start a single containerized instance of Splunk Enterprise with the command below, replacing `<password>` with a password string that conforms to the [Splunk Enterprise password requirements](https://docs.splunk.com/Documentation/Splunk/latest/Security/Configurepasswordsinspecfile).
 ```bash
-$ docker run -it --name so1 -p 8000:8000 -e "SPLUNK_PASSWORD=<password>" -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:latest
+$ docker run -p 8000:8000 -e "SPLUNK_PASSWORD=<password>" \
+             -e "SPLUNK_START_ARGS=--accept-license" \
+             -it --name so1 splunk/splunk:latest
 ```
 
-Let's break down what this command does:
-1. Starts a Docker container interactively using the `splunk/splunk:latest` image.
-2. Expose a port mapping from the host's `8000` to the container's `8000`.
-3. Specify a custom `SPLUNK_PASSWORD` - be sure to replace `<password>` with any string that conforms to the [Splunk Enterprise password requirements](https://docs.splunk.com/Documentation/Splunk/latest/Security/Configurepasswordsinspecfile).
-4. Accept the license agreement with `SPLUNK_START_ARGS=--accept-license`. This must be explicitly accepted on every `splunk/splunk` container, otherwise Splunk will not start.
+This command does the following:
+1. Starts a Docker container using the `splunk/splunk:latest` image.
+1. Names the container as `so1`.
+1. Exposes a port mapping from the host's `8000` port to the container's `8000` port
+1. Specifies a custom `SPLUNK_PASSWORD`.
+1. Accepts the license agreement with `SPLUNK_START_ARGS=--accept-license`. This agreement must be explicitly accepted on every container or Splunk Enterprise doesn't start.
 
-After the container starts up successfully, you should be able to access SplunkWeb at http://localhost:8000 with `admin:<password>`.
+After the container starts up, you can access Splunk Web at <http://localhost:8000> with `admin:<password>`.
 
 To view the logs from the container created above, run:
 ```bash
 $ docker logs -f so1
 ```
 
-To enter the container and run some Splunk CLI commands:
+To enter the container and run Splunk CLI commands, run:
 ```bash
-# Defaults to "ansible" user
+# Defaults to the user "ansible"
 docker exec -it so1 /bin/bash
-# Run shell as "splunk" user
+
+# Run shell as the user "splunk"
 docker exec -u splunk -it so1 bash
 ```
 
-For an example of how to enable TCP 10514 for listening:
+To enable TCP 10514 for listening, run:
 ```bash
 docker exec -u splunk so1 /opt/splunk/bin/splunk add tcp 10514 \
     -sourcetype syslog -resolvehost true \
     -auth "admin:${SPLUNK_PASSWORD}"
 ```
 
-To install an app:
+To install an app, run:
 ```bash
-# Alternatively, apps can be installed at Docker run-time, ex:
-# docker run -e SPLUNK_APPS_URL=http://web/app.tgz ...
 docker exec -u splunk so1 /opt/splunk/bin/splunk install \
 	/path/to/app.tar -auth "admin:${SPLUNK_PASSWORD}"
+
+# Alternatively, apps can be installed at Docker run-time
+docker run -e SPLUNK_APPS_URL=http://web/app.tgz ...
 ```
 
-Additional information on Docker support for Splunk Enterprise can be found [here](https://docs.splunk.com/Documentation/Splunk/latest/Installation/DeployandrunSplunkEnterpriseinsideDockercontainers).
+See [Deploy and run Splunk Enterprise inside a Docker container](https://docs.splunk.com/Documentation/Splunk/latest/Installation/DeployandrunSplunkEnterpriseinsideDockercontainers) for more information.
 
 ---
 
 ## Documentation
-Visit the [docker-splunk documentation](https://splunk.github.io/docker-splunk/) page for full usage instructions, including installation, examples, and advanced deployment scenarios.
+Visit the [Docker-Splunk documentation](https://splunk.github.io/docker-splunk/) page for full usage instructions, including installation, examples, and advanced deployment scenarios.
 
 ---
 

diff --git a/base/redhat-8/Dockerfile b/base/redhat-8/Dockerfile
@@ -16,7 +16,7 @@
 # the container catalog moved from registry.access.redhat.com to registry.redhat.io
 # So at some point before they deprecate the old registry we have to make sure that
 # we have access to the new registry and change where we pull the ubi image from.
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1-407
 LABEL name="splunk" \
       maintainer="support@splunk.com" \
       vendor="splunk" \

diff --git a/docs/ADVANCED.md b/docs/ADVANCED.md
@@ -230,15 +230,18 @@ User-specified config files are set in `default.yml` by creating a `conf` key un
 ---
 splunk:
   conf:
-    user-prefs:
-      directory: /opt/splunkforwarder/etc/users/admin/user-prefs/local
-      content:
-        general:
-          default_namespace: appboilerplate
-          search_syntax_highlighting: dark
+    - key: user-prefs
+      value:
+        directory: /opt/splunkforwarder/etc/users/admin/user-prefs/local
+        content:
+          general:
+            default_namespace: appboilerplate
+            search_syntax_highlighting: dark
   ...
 ```
 
+**NOTE:** Previously, the `splunk.conf` entry supported a dictionary mapping. Both types will continue to work, but it is highly recommended you move to the new array-based type, as this will become the standard.
+
 This generates a file `user-prefs.conf`, owned by the correct Splunk user and group and located in the given directory (in this case, `/opt/splunkforwarder/etc/users/admin/user-prefs/local`).
 
 Following INI format, the contents of `user-prefs.conf` will resemble the following:

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -40,10 +40,13 @@
 * Updated tests and documentation
 
 #### splunk-ansible changes:
+* Added support for custom SSL certificates for the HEC endpoint
 * Added support for Java installations on Red Hat and CentOS
 * Updated defaults for `service_name`
-* In S2S configuration, revised Splunk restart trigger to occur only when splunktcp has changed and Splunk is running
+* Switched `splunk.conf` in `default.yml` from a dictionary mapping to an array-based scheme. The change is backwards compatible but moving to the new array-based type is highly recommended as the new standard.
+* In S2S configuration, revised Splunk restart trigger to occur only when `splunktcp` has changed and Splunk is running
 * Refactored how apps are copied and disabled
+* Bugfix for supporting empty stanzas in config files
 
 ---
 

diff --git a/docs/index.md b/docs/index.md
@@ -1,18 +1,18 @@
-# Welcome to the docker-splunk documentation!
+# Welcome to the Docker-Splunk documentation!
 
 Welcome to the official Splunk documentation on containerizing Splunk Enterprise and Splunk Universal Forwarder deployments with Docker.
 
 ### What is Splunk Enterprise?
 [Splunk Enterprise](https://www.splunk.com/en_us/software/splunk-enterprise.html) is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
 
-Learn more about the features and capabilities of [Splunk Products](https://www.splunk.com/en_us/software.html) and how you can [bring them into your organization](https://www.splunk.com/en_us/enterprise-data-platform.html).
+See [Splunk Products](https://www.splunk.com/en_us/software.html) for more information about the features and capabilities of Splunk products and how you can [bring them into your organization](https://www.splunk.com/en_us/enterprise-data-platform.html).
 
-### What is docker-splunk?
-This is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk and its other product offerings.
+### What is Docker-Splunk?
+The [Docker-Splunk project](https://github.com/splunk/docker-splunk) is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk Enterprise.
 
 This repository should be used by people interested in running Splunk in their container orchestration environments. With this Docker image, we support running a standalone development Splunk instance as easily as running a full-fledged distributed production cluster, all while maintaining the best practices and recommended standards of operating Splunk at scale.
 
-The provisioning of these disjoint containers is handled by the [splunk-ansible](https://github.com/splunk/splunk-ansible) project. See the [Ansible documentation](http://docs.ansible.com/) for more details about Ansible concepts and how it works.
+The provisioning of these disjoint containers is handled by the [Splunk-Ansible](https://github.com/splunk/splunk-ansible) project. Refer to the [Splunk-Ansible documentation](https://splunk.github.io/splunk-ansible/) and the [Ansible User Guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) for more details.
 
 ---
 

diff --git a/splunk/common-files/Dockerfile b/splunk/common-files/Dockerfile
@@ -95,8 +95,7 @@ COPY [ "splunk/common-files/entrypoint.sh", "splunk/common-files/createdefaults.
 COPY splunk-ansible ${SPLUNK_ANSIBLE_HOME}
 
 # Set sudo rights
-RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers \
-    && sudo echo -e '\nansible ALL=(splunk)NOPASSWD:ALL' >> /etc/sudoers \
+RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL\nansible ALL=(splunk)NOPASSWD:ALL/g' /etc/sudoers \
     && echo 'Create the ansible user/group' \
     && groupadd -r ${ANSIBLE_GROUP} \
     && useradd -r -m -g ${ANSIBLE_GROUP} ${ANSIBLE_USER} \

diff --git a/test_scenarios/1deployment1cm.yaml b/test_scenarios/1deployment1cm.yaml
@@ -0,0 +1,60 @@
+version: "3.6"
+
+networks:
+  splunknet:
+    driver: bridge
+    attachable: true
+
+services:
+  appserver:
+    networks:
+      splunknet:
+        aliases:
+          - appserver
+    image: nwang92/nginx-mitm
+    hostname: appserver
+    container_name: appserver
+    ports:
+      - 80
+    volumes:
+      - ../tests/fixtures:/www/data
+
+  depserver1:
+    networks:
+      splunknet:
+        aliases:
+          - depserver1
+    image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
+    hostname: depserver1
+    container_name: depserver1
+    environment:
+      - SPLUNK_START_ARGS=--accept-license
+      - SPLUNK_ROLE=splunk_deployment_server
+      - SPLUNK_APPS_URL=http://appserver/splunk_app_example.tgz
+      - DEBUG=true
+      - SPLUNK_PASSWORD
+    ports:
+      - 8089
+    volumes:
+      - ./defaults:/tmp/defaults
+
+  cm1:
+    networks:
+      splunknet:
+        aliases:
+          - cm1
+    image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
+    hostname: cm1
+    container_name: cm1
+    environment:
+      - SPLUNK_START_ARGS=--accept-license
+      - SPLUNK_DEPLOYMENT_SERVER=depserver1
+      - SPLUNK_ROLE=splunk_cluster_master
+      - SPLUNK_CLUSTER_MASTER_URL=cm1
+      - DEBUG=true
+      - SPLUNK_PASSWORD
+    ports:
+      - 8000
+      - 8089
+    volumes:
+      - ./defaults:/tmp/defaults