Comments (12)
@halr9000 I actually explored the simplest way to make it work and came out with the script which I have been using in my cluster aware image https://github.com/outcoldman/docker-splunk-cluster
You can take a look on example how I configure images using this python script https://github.com/outcoldman/docker-splunk-cluster/tree/master/examples/docker
from docker-splunk-legacy.
@FutureSharks you are correct, the image won't currently help with this configuration. Your workaround to update outputs.conf file at container creation should work. You'll want to actually specify sslPassword in the same place, and at the next restart, Splunk will scrub the password from the .conf file and store it encrypted
Quoting from the docs:
Note that when you save the file in $SPLUNK_HOME/etc/system/local/outputs.conf, Splunk encrypts and overwrites the clear-text server certificate password when splunkd restarts.
from docker-splunk-legacy.
@mchene how are we tracking enhancement requests? We could add more ENV parameters to help configuring these settings. I think that the way some have handled this is by automating pre and post-image build steps with out-of-band Python or make scripts.
from docker-splunk-legacy.
In the end I had to use my work around but change it slightly. I am running it on Google Container Engine (Kubernetes).
I used this basic config:
https://gist.github.com/FutureSharks/ece4dbd233a421b3b2581eab92745697
And then had to change the command and args as follows:
command: [ "/bin/bash", "-c" ]
args: [
"timeout 10 /sbin/entrypoint.sh start-service; \
echo '[tcpout]' >> /opt/splunk/etc/system/local/outputs.conf && \
echo 'sslCertPath = /opt/splunk/etc/auth/server.pem' >> /opt/splunk/etc/system/local/outputs.conf && \
echo 'sslRootCAPath = /opt/splunk/etc/auth/cacert.pem' >> /opt/splunk/etc/system/local/outputs.conf && \
echo 'sslVerifyServerCert = false' >> /opt/splunk/etc/system/local/outputs.conf && \
grep sslPassword /opt/splunk/etc/system/local/server.conf >> /opt/splunk/etc/system/local/outputs.conf && \
/sbin/entrypoint.sh start-service"
]
You can see I had to start splunk first, let it initialise to create all the files/directories, then kill it, then apply our config and then start it again. This is pretty hacky I think.
from docker-splunk-legacy.
Anyway, thanks for the input. Feel free to close.
from docker-splunk-legacy.
@FutureSharks help me to understand what is happening in your entrypoint:
- You are invoking "/sbin/entrypoint.sh start-service" but give it only 10 seconds to execute, which means that bash and splunk will going to be killed
- After that you modify all the configurations and start it again.
I see two problems here:
- What if Splunk will take more than 10 seconds to start?
- What if you are restarting container or upgrading - you will execute this logic again.
from docker-splunk-legacy.
@outcoldman, yes you are correct.
To answer your questions:
- This could be a problem but hasn't happened in my testing.
- If the container (or Kubernetes pod) is restarted or upgraded then the whole process is done again, fresh. There is no config left from previous containers, they are effectively stateless.
The problem is that Splunk needs to start up in order to create the directories and files correctly and adjustments can only happen after this. Hence start, kill, add config, restart. Do you have a better idea or method to achieve this?
from docker-splunk-legacy.
@FutureSharks the one I suggested above :) Or you can write your own logic by using BEFORE_START_CMD
, BEFORE_START_CMD_1
, ..., something like
BEFORE_START_CMD=splunk version --accept-license
BEFORE_START_CMD_1=splunk cmd ...."
Where first command will initialize all default configurations, second command will allow you to invoke anything you want from $SPLUNK_HOME/bin, where it can be your own bash script for example.
from docker-splunk-legacy.
@FutureSharks no need to kill Splunk to make config changes: start, add config, restart
is a common flow. However in your case, you're not using CLI so you don't need Splunk to be up, and you can make config changes before start (Splunk package is already extracted before Splunk starts up). So you can add (or better yet, symlink) to custom config files using BEFORE_START_CMD
as suggested by @outcoldman
from docker-splunk-legacy.
Thanks for the replies.
You can take a look on example how I configure images using this python script https://github.com/outcoldman/docker-splunk-cluster/tree/master/examples/docker
Unless I have misunderstood, this solution requires me to create my own image.
I'd rather not have to create my own custom Docker image.
Or you can write your own logic by using BEFORE_START_CMD, BEFORE_START_CMD_1
I didn't actually try this because it looks like these environment variables are just prepended with ${SPLUNK_HOME}/bin/splunk
in the entrypoint.sh file and I can't create all my configuration with the Splunk CLI. For example I can't see how I could retrieve the sslPassword
in order to pipe into outputs.conf?
@FutureSharks no need to kill Splunk to make config changes: start, add config, restart is a common flow
I'm not sure how this would work. If I start splunk like normal then /sbin/entrypoint.sh
is the main process running and this cannot exit. How would I start the container from splunk/universalforwarder:latest
and then add configuration?
you're not using CLI so you don't need Splunk to be up, and you can make config changes before start (Splunk package is already extracted before Splunk starts up). So you can add (or better yet, symlink) to custom config files
I know I can do all of this if I create my own image but like I said in the beginning I'm trying to avoid that.
from docker-splunk-legacy.
@FutureSharks other option is to use Deployment Server to deliver configurations to the forwarders.
From my opinion is a good thing to have an infrastructure with your own registry and a way to build your customer images.
from docker-splunk-legacy.
We do have our own container registry and many custom images but I was hoping in this case I could avoid it. But OK, no worries. I'll see if I can use a deployment server.
Thanks for the suggestions @outcoldman and @rarsan
from docker-splunk-legacy.
Related Issues (20)
- Small error in documentation HOT 1
- Splunk attempts to upgrade from 7.0.0 to 7.0.0 HOT 12
- [Errno 39] Directory not empty: '/opt/splunk/share/splunk/search_mrsparkle/modules.new/converters' HOT 2
- Splunk Universal Forwarder has hardcoded credentials in entrypoint.sh HOT 2
- Branch 7.0.1 not available on Docker Hub HOT 2
- Enterprise Security in Docker container HOT 1
- Error when attempting to run Splunk in Docker for Windows
- kubernetes 1.9.4 breaking universal forwarder with ConfigMap HOT 13
- master branch /tag latest doesn't pull 7.1.0 HOT 2
- failing to run/Permission denied HOT 1
- entrypoint.sh: no such file or directory HOT 2
- docker image for splunk 7.1.0 fails file integrity validation HOT 1
- First time configurations don't work for splunk 7.1.0 image HOT 4
- ARG commands - clustering
- license loading
- _meta data needs to be added as part of splunk cli HOT 1
- No logs in splunk HOT 12
- Include rfc5424-syslog plugin in *-monitor image by default HOT 2
- DeamonSet Logs : asking to set the password HOT 3
- Kubernetes/helm chart packaging? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-splunk-legacy.