diff --git a/README.md b/README.md index edccde3f..16d4724e 100644 --- a/README.md +++ b/README.md @@ -1,86 +1,92 @@ -# docker-splunk: Containerizing Splunk Enterprise +# Docker-Splunk: Containerizing Splunk Enterprise [![Build Status](https://circleci.com/gh/splunk/docker-splunk/tree/develop.svg?style=svg)](https://circleci.com/gh/splunk/docker-splunk/tree/develop)  [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)  [![GitHub release](https://img.shields.io/github/v/tag/splunk/docker-splunk?sort=semver&label=Version)](https://github.com/splunk/docker-splunk/releases) -Welcome to Splunk's official repository of Dockerfiles for building Splunk Enterprise and Splunk Universal Forwarder images using containerization technology. +Welcome to the official Splunk repository of Dockerfiles for building Splunk Enterprise and Splunk Universal Forwarder images for containerized deployments. ---- ## Table of Contents 1. [Purpose](#purpose) -2. [Quickstart](#quickstart) -3. [Documentation](#documentation) -4. [Support](#support) -5. [Contributing](#contributing) -6. [License](#license) +1. [Quickstart](#quickstart) +1. [Documentation](#documentation) +1. [Support](#support) +1. [Contributing](#contributing) +1. [License](#license) ---- ## Purpose #### What is Splunk Enterprise? -Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results. +[Splunk Enterprise](https://www.splunk.com/en_us/software/splunk-enterprise.html) is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results. -Refer to [Splunk products](https://www.splunk.com/en_us/software.html) for more knowledge about the features and capabilities of Splunk, and how you can bring it into your organization. +See [Splunk Products](https://www.splunk.com/en_us/software.html) for more information about the features and capabilities of Splunk products and how you can [bring them into your organization](https://www.splunk.com/en_us/enterprise-data-platform.html). -#### What is docker-splunk? +#### What is Docker-Splunk? This is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk Enterprise. -The provisioning of these containers is handled by the [splunk-ansible](https://github.com/splunk/splunk-ansible) project. See the [Ansible documentation](http://docs.ansible.com/) for more details about Ansible concepts and how it works. +The provisioning of these containers is handled by the [Splunk-Ansible](https://github.com/splunk/splunk-ansible) project. Refer to the [Splunk-Ansible documentation](https://splunk.github.io/splunk-ansible/) and the [Ansible User Guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) for more details. ---- ## Quickstart -Use the following command to start a single standalone instance of Splunk Enterprise: + +Start a single containerized instance of Splunk Enterprise with the command below, replacing `` with a password string that conforms to the [Splunk Enterprise password requirements](https://docs.splunk.com/Documentation/Splunk/latest/Security/Configurepasswordsinspecfile). ```bash -$ docker run -it --name so1 -p 8000:8000 -e "SPLUNK_PASSWORD=" -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:latest +$ docker run -p 8000:8000 -e "SPLUNK_PASSWORD=" \ + -e "SPLUNK_START_ARGS=--accept-license" \ + -it --name so1 splunk/splunk:latest ``` -Let's break down what this command does: -1. Starts a Docker container interactively using the `splunk/splunk:latest` image. -2. Expose a port mapping from the host's `8000` to the container's `8000`. -3. Specify a custom `SPLUNK_PASSWORD` - be sure to replace `` with any string that conforms to the [Splunk Enterprise password requirements](https://docs.splunk.com/Documentation/Splunk/latest/Security/Configurepasswordsinspecfile). -4. Accept the license agreement with `SPLUNK_START_ARGS=--accept-license`. This must be explicitly accepted on every `splunk/splunk` container, otherwise Splunk will not start. +This command does the following: +1. Starts a Docker container using the `splunk/splunk:latest` image. +1. Names the container as `so1`. +1. Exposes a port mapping from the host's `8000` port to the container's `8000` port +1. Specifies a custom `SPLUNK_PASSWORD`. +1. Accepts the license agreement with `SPLUNK_START_ARGS=--accept-license`. This agreement must be explicitly accepted on every container or Splunk Enterprise doesn't start. -After the container starts up successfully, you should be able to access SplunkWeb at http://localhost:8000 with `admin:`. +After the container starts up, you can access Splunk Web at with `admin:`. To view the logs from the container created above, run: ```bash $ docker logs -f so1 ``` -To enter the container and run some Splunk CLI commands: +To enter the container and run Splunk CLI commands, run: ```bash -# Defaults to "ansible" user +# Defaults to the user "ansible" docker exec -it so1 /bin/bash -# Run shell as "splunk" user + +# Run shell as the user "splunk" docker exec -u splunk -it so1 bash ``` -For an example of how to enable TCP 10514 for listening: +To enable TCP 10514 for listening, run: ```bash docker exec -u splunk so1 /opt/splunk/bin/splunk add tcp 10514 \ -sourcetype syslog -resolvehost true \ -auth "admin:${SPLUNK_PASSWORD}" ``` -To install an app: +To install an app, run: ```bash -# Alternatively, apps can be installed at Docker run-time, ex: -# docker run -e SPLUNK_APPS_URL=http://web/app.tgz ... docker exec -u splunk so1 /opt/splunk/bin/splunk install \ /path/to/app.tar -auth "admin:${SPLUNK_PASSWORD}" + +# Alternatively, apps can be installed at Docker run-time +docker run -e SPLUNK_APPS_URL=http://web/app.tgz ... ``` -Additional information on Docker support for Splunk Enterprise can be found [here](https://docs.splunk.com/Documentation/Splunk/latest/Installation/DeployandrunSplunkEnterpriseinsideDockercontainers). +See [Deploy and run Splunk Enterprise inside a Docker container](https://docs.splunk.com/Documentation/Splunk/latest/Installation/DeployandrunSplunkEnterpriseinsideDockercontainers) for more information. --- ## Documentation -Visit the [docker-splunk documentation](https://splunk.github.io/docker-splunk/) page for full usage instructions, including installation, examples, and advanced deployment scenarios. +Visit the [Docker-Splunk documentation](https://splunk.github.io/docker-splunk/) page for full usage instructions, including installation, examples, and advanced deployment scenarios. --- diff --git a/base/redhat-8/Dockerfile b/base/redhat-8/Dockerfile index 5c9cc528..c94e9053 100644 --- a/base/redhat-8/Dockerfile +++ b/base/redhat-8/Dockerfile @@ -16,7 +16,7 @@ # the container catalog moved from registry.access.redhat.com to registry.redhat.io # So at some point before they deprecate the old registry we have to make sure that # we have access to the new registry and change where we pull the ubi image from. -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1 +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1-407 LABEL name="splunk" \ maintainer="support@splunk.com" \ vendor="splunk" \ diff --git a/docs/ADVANCED.md b/docs/ADVANCED.md index a4be3ae9..20c15179 100644 --- a/docs/ADVANCED.md +++ b/docs/ADVANCED.md @@ -230,15 +230,18 @@ User-specified config files are set in `default.yml` by creating a `conf` key un --- splunk: conf: - user-prefs: - directory: /opt/splunkforwarder/etc/users/admin/user-prefs/local - content: - general: - default_namespace: appboilerplate - search_syntax_highlighting: dark + - key: user-prefs + value: + directory: /opt/splunkforwarder/etc/users/admin/user-prefs/local + content: + general: + default_namespace: appboilerplate + search_syntax_highlighting: dark ... ``` +**NOTE:** Previously, the `splunk.conf` entry supported a dictionary mapping. Both types will continue to work, but it is highly recommended you move to the new array-based type, as this will become the standard. + This generates a file `user-prefs.conf`, owned by the correct Splunk user and group and located in the given directory (in this case, `/opt/splunkforwarder/etc/users/admin/user-prefs/local`). Following INI format, the contents of `user-prefs.conf` will resemble the following: diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index bf916ef8..a3ce36c0 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -40,10 +40,13 @@ * Updated tests and documentation #### splunk-ansible changes: +* Added support for custom SSL certificates for the HEC endpoint * Added support for Java installations on Red Hat and CentOS * Updated defaults for `service_name` -* In S2S configuration, revised Splunk restart trigger to occur only when splunktcp has changed and Splunk is running +* Switched `splunk.conf` in `default.yml` from a dictionary mapping to an array-based scheme. The change is backwards compatible but moving to the new array-based type is highly recommended as the new standard. +* In S2S configuration, revised Splunk restart trigger to occur only when `splunktcp` has changed and Splunk is running * Refactored how apps are copied and disabled +* Bugfix for supporting empty stanzas in config files --- diff --git a/docs/index.md b/docs/index.md index b048e012..9c3944a6 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,18 +1,18 @@ -# Welcome to the docker-splunk documentation! +# Welcome to the Docker-Splunk documentation! Welcome to the official Splunk documentation on containerizing Splunk Enterprise and Splunk Universal Forwarder deployments with Docker. ### What is Splunk Enterprise? [Splunk Enterprise](https://www.splunk.com/en_us/software/splunk-enterprise.html) is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results. -Learn more about the features and capabilities of [Splunk Products](https://www.splunk.com/en_us/software.html) and how you can [bring them into your organization](https://www.splunk.com/en_us/enterprise-data-platform.html). +See [Splunk Products](https://www.splunk.com/en_us/software.html) for more information about the features and capabilities of Splunk products and how you can [bring them into your organization](https://www.splunk.com/en_us/enterprise-data-platform.html). -### What is docker-splunk? -This is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk and its other product offerings. +### What is Docker-Splunk? +The [Docker-Splunk project](https://github.com/splunk/docker-splunk) is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk Enterprise. This repository should be used by people interested in running Splunk in their container orchestration environments. With this Docker image, we support running a standalone development Splunk instance as easily as running a full-fledged distributed production cluster, all while maintaining the best practices and recommended standards of operating Splunk at scale. -The provisioning of these disjoint containers is handled by the [splunk-ansible](https://github.com/splunk/splunk-ansible) project. See the [Ansible documentation](http://docs.ansible.com/) for more details about Ansible concepts and how it works. +The provisioning of these disjoint containers is handled by the [Splunk-Ansible](https://github.com/splunk/splunk-ansible) project. Refer to the [Splunk-Ansible documentation](https://splunk.github.io/splunk-ansible/) and the [Ansible User Guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) for more details. --- diff --git a/splunk/common-files/Dockerfile b/splunk/common-files/Dockerfile index e801e9d8..0f00308a 100644 --- a/splunk/common-files/Dockerfile +++ b/splunk/common-files/Dockerfile @@ -95,8 +95,7 @@ COPY [ "splunk/common-files/entrypoint.sh", "splunk/common-files/createdefaults. COPY splunk-ansible ${SPLUNK_ANSIBLE_HOME} # Set sudo rights -RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers \ - && sudo echo -e '\nansible ALL=(splunk)NOPASSWD:ALL' >> /etc/sudoers \ +RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL\nansible ALL=(splunk)NOPASSWD:ALL/g' /etc/sudoers \ && echo 'Create the ansible user/group' \ && groupadd -r ${ANSIBLE_GROUP} \ && useradd -r -m -g ${ANSIBLE_GROUP} ${ANSIBLE_USER} \ diff --git a/test_scenarios/1deployment1cm.yaml b/test_scenarios/1deployment1cm.yaml new file mode 100644 index 00000000..d9017a19 --- /dev/null +++ b/test_scenarios/1deployment1cm.yaml @@ -0,0 +1,60 @@ +version: "3.6" + +networks: + splunknet: + driver: bridge + attachable: true + +services: + appserver: + networks: + splunknet: + aliases: + - appserver + image: nwang92/nginx-mitm + hostname: appserver + container_name: appserver + ports: + - 80 + volumes: + - ../tests/fixtures:/www/data + + depserver1: + networks: + splunknet: + aliases: + - depserver1 + image: ${SPLUNK_IMAGE:-splunk/splunk:latest} + hostname: depserver1 + container_name: depserver1 + environment: + - SPLUNK_START_ARGS=--accept-license + - SPLUNK_ROLE=splunk_deployment_server + - SPLUNK_APPS_URL=http://appserver/splunk_app_example.tgz + - DEBUG=true + - SPLUNK_PASSWORD + ports: + - 8089 + volumes: + - ./defaults:/tmp/defaults + + cm1: + networks: + splunknet: + aliases: + - cm1 + image: ${SPLUNK_IMAGE:-splunk/splunk:latest} + hostname: cm1 + container_name: cm1 + environment: + - SPLUNK_START_ARGS=--accept-license + - SPLUNK_DEPLOYMENT_SERVER=depserver1 + - SPLUNK_ROLE=splunk_cluster_master + - SPLUNK_CLUSTER_MASTER_URL=cm1 + - DEBUG=true + - SPLUNK_PASSWORD + ports: + - 8000 + - 8089 + volumes: + - ./defaults:/tmp/defaults diff --git a/tests/test_docker_splunk.py b/tests/test_docker_splunk.py index bcbf079c..d455433a 100644 --- a/tests/test_docker_splunk.py +++ b/tests/test_docker_splunk.py @@ -557,8 +557,8 @@ def test_adhoc_1so_using_default_yml(self): output = self.get_container_logs(cid.get("Id")) self.client.remove_container(cid.get("Id"), v=True, force=True) # Get the password - password = re.search(" password: (.*)", output).group(1).strip() - assert password + password = re.search(r"^ password: (.*?)\n", output, flags=re.MULTILINE|re.DOTALL).group(1).strip() + assert password and password != "null" # Change the admin user output = re.sub(r' admin_user: admin', r' admin_user: chewbacca', output) # Write the default.yml to a file @@ -602,8 +602,8 @@ def test_adhoc_1uf_using_default_yml(self): output = self.get_container_logs(cid.get("Id")) self.client.remove_container(cid.get("Id"), v=True, force=True) # Get the password - password = re.search(" password: (.*)", output).group(1).strip() - assert password + password = re.search(r"^ password: (.*?)\n", output, flags=re.MULTILINE|re.DOTALL).group(1).strip() + assert password and password != "null" # Change the admin user output = re.sub(r' admin_user: admin', r' admin_user: hansolo', output) # Write the default.yml to a file @@ -647,8 +647,8 @@ def test_adhoc_1so_custom_conf(self): output = self.get_container_logs(cid.get("Id")) self.client.remove_container(cid.get("Id"), v=True, force=True) # Get the password - password = re.search(" password: (.*)", output).group(1).strip() - assert password + password = re.search(r"^ password: (.*?)\n", output, flags=re.MULTILINE|re.DOTALL).group(1).strip() + assert password and password != "null" # Add a custom conf file output = re.sub(r' group: splunk', r''' group: splunk conf: @@ -705,8 +705,8 @@ def test_adhoc_1uf_custom_conf(self): output = self.get_container_logs(cid.get("Id")) self.client.remove_container(cid.get("Id"), v=True, force=True) # Get the password - password = re.search(" password: (.*)", output).group(1).strip() - assert password + password = re.search(r"^ password: (.*?)\n", output, flags=re.MULTILINE|re.DOTALL).group(1).strip() + assert password and password != "null" # Add a custom conf file output = re.sub(r' group: splunk', r''' group: splunk conf: @@ -1291,8 +1291,8 @@ def test_adhoc_1so_apps_location_in_default_yml(self): output = self.get_container_logs(cid.get("Id")) self.client.remove_container(cid.get("Id"), v=True, force=True) # Get the password - password = re.search(" password: (.*)", output).group(1).strip() - assert password + password = re.search(r"^ password: (.*?)\n", output, flags=re.MULTILINE|re.DOTALL).group(1).strip() + assert password and password != "null" # Change repl factor & search factor output = re.sub(r' user: splunk', r' user: splunk\n apps_location: /tmp/defaults/splunk_app_example.tgz', output) # Write the default.yml to a file @@ -1347,8 +1347,8 @@ def test_adhoc_1so_bind_mount_apps(self): output = self.get_container_logs(cid.get("Id")) self.client.remove_container(cid.get("Id"), v=True, force=True) # Get the password - password = re.search(" password: (.*)", output).group(1).strip() - assert password + password = re.search(r"^ password: (.*?)\n", output, flags=re.MULTILINE|re.DOTALL).group(1).strip() + assert password and password != "null" # Write the default.yml to a file with open(os.path.join(FIXTURES_DIR, "default.yml"), "w") as f: f.write(output) @@ -1401,8 +1401,8 @@ def test_adhoc_1uf_bind_mount_apps(self): output = self.get_container_logs(cid.get("Id")) self.client.remove_container(cid.get("Id"), v=True, force=True) # Get the password - password = re.search(" password: (.*)", output).group(1).strip() - assert password + password = re.search(r"^ password: (.*?)\n", output, flags=re.MULTILINE|re.DOTALL).group(1).strip() + assert password and password != "null" # Write the default.yml to a file with open(os.path.join(FIXTURES_DIR, "default.yml"), "w") as f: f.write(output) @@ -1680,8 +1680,8 @@ def test_adhoc_1so_splunktcp_ssl(self): output = self.get_container_logs(cid.get("Id")) self.client.remove_container(cid.get("Id"), v=True, force=True) # Get the password - password = re.search(" password: (.*)", output).group(1).strip() - assert password + password = re.search(r"^ password: (.*?)\n", output, flags=re.MULTILINE|re.DOTALL).group(1).strip() + assert password and password != "null" # Commands to generate self-signed certificates for Splunk here: https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcertificates passphrase = "abcd1234" cmds = [ @@ -1754,8 +1754,8 @@ def test_adhoc_1uf_splunktcp_ssl(self): output = self.get_container_logs(cid.get("Id")) self.client.remove_container(cid.get("Id"), v=True, force=True) # Get the password - password = re.search(" password: (.*)", output).group(1).strip() - assert password + password = re.search(r"^ password: (.*?)\n", output, flags=re.MULTILINE|re.DOTALL).group(1).strip() + assert password and password != "null" # Commands to generate self-signed certificates for Splunk here: https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcertificates passphrase = "abcd1234" cmds = [ @@ -1981,6 +1981,106 @@ def test_compose_1so_namedvolumes(self): # Check Splunkd on all the containers assert self.check_splunkd("admin", self.password) + def test_compose_1deployment1cm(self): + # Tar the app before spinning up the scenario + with tarfile.open(EXAMPLE_APP_TGZ, "w:gz") as tar: + tar.add(EXAMPLE_APP, arcname=os.path.basename(EXAMPLE_APP)) + + # Generate default.yml + cid = self.client.create_container(self.SPLUNK_IMAGE_NAME, tty=True, command="create-defaults") + self.client.start(cid.get("Id")) + output = self.get_container_logs(cid.get("Id")) + self.client.remove_container(cid.get("Id"), v=True, force=True) + # Add a custom conf file + output = re.sub(r' group: splunk', r''' group: splunk + conf: + - key: user-prefs + value: + directory: /opt/splunk/etc/users/admin/user-prefs/local + content: + general: + default_namespace: appboilerplate + search_syntax_highlighting: dark + search_assistant: + "serverClass:secrets:app:test": {}''', output) + # Write the default.yml to a file + with open(os.path.join(SCENARIOS_DIR, "defaults", "default.yml"), "w") as f: + f.write(output) + # Standup deployment + try: + self.compose_file_name = "1deployment1cm.yaml" + self.project_name = generate_random_string() + container_count, rc = self.compose_up() + assert rc == 0 + # Wait for containers to come up + assert self.wait_for_containers(container_count, label="com.docker.compose.project={}".format(self.project_name)) + # Get container logs + container_mapping = {"cm1": "cm", "depserver1": "deployment_server"} + for container in container_mapping: + # Check ansible version & configs + ansible_logs = self.get_container_logs(container) + self.check_ansible(ansible_logs) + # Check values in log output + inventory_json = self.extract_json(container) + self.check_common_keys(inventory_json, container_mapping[container]) + # Check Splunkd on all the containers + assert self.check_splunkd("admin", self.password) + # Make sure apps are installed and certain subdirectories are excluded + containers = self.client.containers(filters={"label": "com.docker.compose.project={}".format(self.project_name)}) + assert len(containers) == 3 + for container in containers: + # Skip the nginx container + if "nginx" in container["Image"]: + continue + container_name = container["Names"][0].strip("/") + splunkd_port = self.client.port(container["Id"], 8089)[0]["HostPort"] + if container_name == "depserver1": + # Check the app and version + url = "https://localhost:{}/servicesNS/nobody/splunk_app_example/configs/conf-app/launcher?output_mode=json".format(splunkd_port) + resp = requests.get(url, auth=("admin", self.password), verify=False) + # Deployment server should *not* install the app + assert resp.status_code == 404 + # Check that the app exists in etc/apps + exec_command = self.client.exec_create(container["Id"], "ls /opt/splunk/etc/apps/splunk_app_example/local/", user="splunk") + std_out = self.client.exec_start(exec_command) + assert "savedsearches.conf" in std_out + # Check that the app exists in etc/deployment-apps + exec_command = self.client.exec_create(container["Id"], "ls /opt/splunk/etc/deployment-apps/splunk_app_example/local/", user="splunk") + std_out = self.client.exec_start(exec_command) + assert "savedsearches.conf" not in std_out + if container_name == "cm1": + # Check if the created file exists + exec_command = self.client.exec_create(container["Id"], "cat /opt/splunk/etc/users/admin/user-prefs/local/user-prefs.conf", user="splunk") + std_out = self.client.exec_start(exec_command) + assert "[serverClass:secrets:app:test]" in std_out + assert "[general]" in std_out + assert "default_namespace = appboilerplate" in std_out + assert "search_syntax_highlighting = dark" in std_out + assert "search_assistant" in std_out + RETRIES = 5 + for i in range(RETRIES): + try: + # Check the app and version + url = "https://localhost:{}/servicesNS/nobody/splunk_app_example/configs/conf-app/launcher?output_mode=json".format(splunkd_port) + kwargs = {"auth": ("admin", self.password), "verify": False} + status, content = self.handle_request_retry("GET", url, kwargs) + assert status == 200 + assert json.loads(content)["entry"][0]["content"]["version"] == "0.0.1" + except Exception as e: + self.logger.error(e) + if i < RETRIES-1: + time.sleep(30) + continue + raise e + except Exception as e: + self.logger.error(e) + raise e + finally: + try: + os.remove(EXAMPLE_APP_TGZ) + except OSError as e: + pass + def test_compose_1deployment1so(self): # Tar the app before spinning up the scenario with tarfile.open(EXAMPLE_APP_TGZ, "w:gz") as tar: @@ -2677,8 +2777,8 @@ def test_compose_3idx1cm_default_repl_factor(self): output = self.get_container_logs(cid.get("Id")) self.client.remove_container(cid.get("Id"), v=True, force=True) # Get the password - password = re.search(" password: (.*)", output).group(1).strip() - assert password + password = re.search(r"^ password: (.*?)\n", output, flags=re.MULTILINE|re.DOTALL).group(1).strip() + assert password and password != "null" # Write the default.yml to a file with open(os.path.join(SCENARIOS_DIR, "defaults", "default.yml"), "w") as f: f.write(output) @@ -2737,8 +2837,8 @@ def test_compose_3idx1cm_custom_repl_factor(self): output = self.get_container_logs(cid.get("Id")) self.client.remove_container(cid.get("Id"), v=True, force=True) # Get the password - password = re.search(" password: (.*)", output).group(1).strip() - assert password + password = re.search(r"^ password: (.*?)\n", output, flags=re.MULTILINE|re.DOTALL).group(1).strip() + assert password and password != "null" # Change repl factor & search factor output = re.sub(r' replication_factor: 3', r''' replication_factor: 2''', output) output = re.sub(r' search_factor: 3', r''' search_factor: 1''', output) @@ -2903,8 +3003,8 @@ def test_compose_1cm_smartstore(self): output = self.get_container_logs(cid.get("Id")) self.client.remove_container(cid.get("Id"), v=True, force=True) # Get the password - password = re.search(" password: (.*)", output).group(1).strip() - assert password + password = re.search(r"^ password: (.*?)\n", output, flags=re.MULTILINE|re.DOTALL).group(1).strip() + assert password and password != "null" # Add a custom conf file output = re.sub(r' smartstore: null', r''' smartstore: index: @@ -3052,8 +3152,8 @@ def test_compose_1idx3sh1cm1dep(self): output = self.get_container_logs(cid.get("Id")) self.client.remove_container(cid.get("Id"), v=True, force=True) # Get the password - password = re.search(" password: (.*)", output).group(1).strip() - assert password + password = re.search(r"^ password: (.*?)\n", output, flags=re.MULTILINE|re.DOTALL).group(1).strip() + assert password and password != "null" # Write the default.yml to a file with open(os.path.join(SCENARIOS_DIR, "defaults", "default.yml"), "w") as f: f.write(output) diff --git a/uf/common-files/Dockerfile b/uf/common-files/Dockerfile index 3ebadf3a..efa1e76a 100644 --- a/uf/common-files/Dockerfile +++ b/uf/common-files/Dockerfile @@ -88,16 +88,13 @@ COPY [ "uf/common-files/entrypoint.sh", "uf/common-files/checkstate.sh", "uf/com USER root # Setup users and groups -RUN \ - # Set sudo rights - sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers \ - && sudo echo -e '\nansible ALL=(splunk)NOPASSWD:ALL' >> /etc/sudoers \ - # Create the ansible user/group +RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL\nansible ALL=(splunk)NOPASSWD:ALL/g' /etc/sudoers \ + && echo 'Create the ansible user/group' \ && groupadd -r ${ANSIBLE_GROUP} \ && useradd -r -m -g ${ANSIBLE_GROUP} ${ANSIBLE_USER} \ && usermod -aG sudo ${ANSIBLE_USER} \ && usermod -aG ${ANSIBLE_GROUP} ${SPLUNK_USER} \ - # Container Artifact Directory is a place for all artifacts and logs that are generated by the provisioning process. The directory is owned by the user "ansible". + && echo 'Container Artifact Directory is a place for all artifacts and logs that are generated by the provisioning process. The directory is owned by the user "ansible".' \ && mkdir ${CONTAINER_ARTIFACT_DIR} \ && chown -R ${ANSIBLE_USER}:${ANSIBLE_GROUP} ${CONTAINER_ARTIFACT_DIR} \ && chmod -R 775 ${CONTAINER_ARTIFACT_DIR} \