├── .dockerignore
├── .gitignore
├── .trivyignore
├── CODEOWNERS
├── Makefile
├── README.md
├── base
├── centos-7
│ ├── Dockerfile
│ └── install.sh
├── centos-8
│ ├── Dockerfile
│ └── install.sh
├── debian-10
│ ├── Dockerfile
│ └── install.sh
├── debian-9
│ ├── Dockerfile
│ └── install.sh
├── redhat-8
│ ├── Dockerfile
│ └── install.sh
└── redhat-9
│ ├── Dockerfile
│ └── install.sh
├── clair-whitelist.yml
├── clair_to_junit_parser.py
├── docs
├── ADVANCED.md
├── ARCHITECTURE.md
├── CHANGELOG.md
├── CONTRIBUTING.md
├── EXAMPLES.md
├── INTRODUCTION.md
├── LICENSE.md
├── README.md
├── SECURITY.md
├── SETUP.md
├── STORAGE_OPTIONS.md
├── SUPPORT.md
├── TROUBLESHOOTING.md
├── _config.yml
├── advanced
│ ├── APP_INSTALL.md
│ ├── DEPLOYMENT_SERVER.md
│ ├── DISTRIBUTED_TOPOLOGY.md
│ ├── DSP.md
│ └── LICENSE_INSTALL.md
├── contributing
│ └── code-of-conduct.md
├── images
│ ├── container-vm.png
│ └── containerized-application.png
└── index.md
├── py23-image
├── centos-7
│ └── Dockerfile
├── centos-8
│ └── Dockerfile
├── debian-10
│ └── Dockerfile
├── debian-9
│ └── Dockerfile
└── redhat-8
│ └── Dockerfile
├── splunk
└── common-files
│ ├── Dockerfile
│ ├── apps
│ └── splunk_enterprise_on_docker
│ │ ├── default
│ │ └── app.conf
│ │ └── metadata
│ │ └── default.meta
│ ├── checkstate.sh
│ ├── createdefaults.py
│ ├── entrypoint.sh
│ ├── make-minimal-exclude.py
│ └── updateetc.sh
├── test-results
└── .gitignore
├── test_scenarios
├── 1dep3sh2idx.yaml
├── 1dep3sh2idx1dmc.yaml
├── 1deployment1cm.yaml
├── 1deployment1so.yaml
├── 1deployment1uf.yaml
├── 1hf_splunk_add_user.yaml
├── 1idx3sh1cm1dep.yaml
├── 1sh1cm.yaml
├── 1sh1cm1dmc.yaml
├── 1sh1idx_dfs.yaml
├── 1sh2idx2hf.yaml
├── 1sh2idx2hf1dmc.yaml
├── 1so1cm_connected.yaml
├── 1so1cm_unconnected.yaml
├── 1so1dmc.yaml
├── 1so1lm.yaml
├── 1so_apps.yaml
├── 1so_before_start_cmd.yaml
├── 1so_beta.yaml
├── 1so_custombuild.yaml
├── 1so_enable_service.yaml
├── 1so_hec.yaml
├── 1so_java_openjdk11.yaml
├── 1so_java_openjdk8.yaml
├── 1so_java_oracle.yaml
├── 1so_license_secret.yml
├── 1so_namedvolumes.yaml
├── 1so_namedvolumes_upgrade.yaml
├── 1so_splunk_add_user.yaml
├── 1so_trial.yaml
├── 1uf.yaml
├── 1uf1dmc.yaml
├── 1uf1so.yaml
├── 1uf1so1dmc.yaml
├── 1uf_apps.yaml
├── 1uf_before_start_cmd.yaml
├── 1uf_enable_service.yaml
├── 1uf_hec.yaml
├── 1uf_splunk_add_user.yaml
├── 1uf_splunk_cmd.yaml
├── 2idx2sh.yaml
├── 2idx2sh1cm.yaml
├── 2idx2sh1cm1dmc.yaml
├── 2idx2sh1cm_idx3.yaml
├── 2idx2sh1dmc.yaml
├── 2so2hf.yaml
├── 2so2hf1dmc.yaml
├── 3idx1cm.yaml
├── 3idx1cm1dmc.yaml
├── 3idx3sh1cm.yaml
├── 3idx3sh1cm1dmc.yaml
├── 3idx3sh1cm_upgrade.yaml
├── cluster_absolute_unit.yaml
├── cluster_absolute_unit_idx5.yaml
├── defaults
│ └── .gitkeep
├── kubernetes
│ ├── 3idx1sh1cm-pvc
│ │ ├── splunk-indexer-statefulset-persistent.yaml
│ │ ├── splunk-indexer-statefulset-service.yaml
│ │ ├── splunk-master-deploy-persistent.yaml
│ │ ├── splunk-master-pvc.yaml
│ │ ├── splunk-master-service.yaml
│ │ ├── splunk-search-deploy-persistent.yaml
│ │ ├── splunk-search-pvc.yaml
│ │ └── splunk-search-service.yaml
│ ├── 3idx1sh1cm
│ │ ├── splunk-indexer-statefulset-emptydir.yaml
│ │ ├── splunk-indexer-statefulset-service.yaml
│ │ ├── splunk-master-deploy-emptydir.yaml
│ │ ├── splunk-master-service.yaml
│ │ ├── splunk-search-deploy-emptydir.yaml
│ │ └── splunk-search-service.yaml
│ ├── 3idxc3shc1cm1lm1dep-pvc
│ │ ├── splunk-deployer-deploy-persistent.yaml
│ │ ├── splunk-deployer-pvc.yaml
│ │ ├── splunk-deployer-service.yaml
│ │ ├── splunk-indexer-statefulset-persistent.yaml
│ │ ├── splunk-indexer-statefulset-service.yaml
│ │ ├── splunk-license-deploy-persistent.yaml
│ │ ├── splunk-license-pvc.yaml
│ │ ├── splunk-license-service.yaml
│ │ ├── splunk-master-deploy-persistent.yaml
│ │ ├── splunk-master-pvc.yaml
│ │ ├── splunk-master-service.yaml
│ │ ├── splunk-search-captain-deploy-persistent.yaml
│ │ ├── splunk-search-captain-pvc.yaml
│ │ ├── splunk-search-captain-service.yaml
│ │ ├── splunk-search-service.yaml
│ │ └── splunk-search-statefulset-persistent.yaml
│ ├── 3idxc3shc1cm1lm1dep
│ │ ├── splunk-deployer-deploy-emptydir.yaml
│ │ ├── splunk-deployer-service.yaml
│ │ ├── splunk-indexer-statefulset-emptydir.yaml
│ │ ├── splunk-indexer-statefulset-service.yaml
│ │ ├── splunk-license-deploy-emptydir.yaml
│ │ ├── splunk-license-service.yaml
│ │ ├── splunk-master-deploy-emptydir.yaml
│ │ ├── splunk-master-service.yaml
│ │ ├── splunk-search-captain-deploy-emptydir.yaml
│ │ ├── splunk-search-captain-service.yaml
│ │ ├── splunk-search-service.yaml
│ │ └── splunk-search-statefulset-emptydir.yaml
│ ├── README.md
│ ├── nginx
│ │ ├── manifests
│ │ │ ├── nginx-splunk-defaults-service.yaml
│ │ │ └── nginx-splunk-defaults.yaml
│ │ ├── nginx-data-www
│ │ │ ├── default.yml
│ │ │ └── mySplunkLicense.lic
│ │ └── nginx-static.conf
│ └── splunk_ns.yaml
├── massive_absolute_unit.yaml
└── multisite_2site2idx2sh1cm.yaml
├── tests
├── conftest.py
├── executor.py
├── fixtures
│ ├── pwfile
│ ├── splunk_app_example
│ │ ├── default
│ │ │ └── app.conf
│ │ ├── local
│ │ │ └── savedsearches.conf
│ │ └── metadata
│ │ │ └── default.meta
│ ├── sudo_touch_dummy_file.yml
│ └── touch_dummy_file.yml
├── pytest.ini
├── requirements.txt
├── test_distributed_splunk_image.py
└── test_single_splunk_image.py
└── uf
└── common-files
├── Dockerfile
├── apps
└── splunk_forwarder_on_docker
│ └── default
│ └── app.conf
├── checkstate.sh
├── createdefaults.py
├── entrypoint.sh
└── updateetc.sh
/.dockerignore:
--------------------------------------------------------------------------------
1 | Makefile
2 | Jenkinsfile
3 | **/.git
4 | **/.gitignore
5 | **/test*
6 | **/.DS_Store
7 | **/*.pyc
8 | **/*.pyo
9 | **/.cache
10 | **/__pycache__
11 | **/.idea
12 | **/*.pytest_cache
13 | **/docs
14 | **/tests
15 | **/test-results
16 | **/molecule
17 | **/*.md
18 | **/wrapper-example
19 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .vscode/
2 | splunk-ansible
3 | *.idea
4 | *.DS_Store
5 | **/*.log
6 | .pytest_cache
7 | **/*.pyc
8 | *.xml
9 | *clair-scanner*
10 | .env
11 | venv
12 |
--------------------------------------------------------------------------------
/.trivyignore:
--------------------------------------------------------------------------------
1 | # Downgraded to LOW severity by the Product Security team as the packages are not actually
2 | # shipped with the release.
3 | # SPL-203200
4 | CVE-2021-28092
5 | # SPL-203205
6 | CVE-2021-27290
7 | # SPL-196809
8 | CVE-2018-11777
9 | CVE-2016-3083
10 | CVE-2015-7521
11 | CVE-2016-3083
12 |
13 | # Marked as fixed in the next Splunk release
14 | CVE-2021-23358
15 | CVE-2020-25649
16 |
17 | # Fixed by Apache Spark in versions 3.0.3, 3.1.2, 3.2.0
18 | CVE-2020-27216
19 | CVE-2021-28165
20 | CVE-2020-27216
21 |
22 | # Ignoring for now -- escalated to ProdSec
23 | CVE-2021-27568
24 |
--------------------------------------------------------------------------------
/CODEOWNERS:
--------------------------------------------------------------------------------
1 | # Code owners are automatically requested for review when someone opens a
2 | # pull request modifying code that they own.
3 | # See: https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
4 |
5 | # Note: Each line is a file pattern followed by one or more owners.
6 | # Order matters: The last matching pattern has the most precedence.
7 |
8 | # Default owners for everything in docker-splunk:
9 | * @splunk/splunk-internal-dev-services
10 |
--------------------------------------------------------------------------------
/base/centos-7/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2018-2021 Splunk
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | FROM centos:7
16 | LABEL maintainer="support@splunk.com"
17 |
18 | ARG SCLOUD_URL
19 | ENV SCLOUD_URL=${SCLOUD_URL}
20 |
21 | COPY install.sh /install.sh
22 | RUN /install.sh && rm -rf /install.sh
23 |
--------------------------------------------------------------------------------
/base/centos-7/install.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Copyright 2018-2021 Splunk
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | set -e
17 |
18 | localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
19 | export LANG=en_US.utf8
20 |
21 | yum -y update && yum -y install wget sudo epel-release
22 | yum -y install busybox ansible python-requests python-jmespath
23 |
24 | # Install scloud
25 | wget -O /usr/bin/scloud.tar.gz ${SCLOUD_URL}
26 | tar -xf /usr/bin/scloud.tar.gz -C /usr/bin/
27 | rm /usr/bin/scloud.tar.gz
28 |
29 | cd /bin
30 | ln -s busybox killall
31 | ln -s busybox netstat
32 | ln -s busybox nslookup
33 | ln -s busybox readline
34 | ln -s busybox route
35 | ln -s busybox syslogd
36 | ln -s busybox traceroute
37 | chmod u+s /bin/ping
38 | groupadd sudo
39 |
40 | echo "
41 | ## Allows people in group sudo to run all commands
42 | %sudo ALL=(ALL) ALL" >> /etc/sudoers
43 |
44 | # Remove nproc limits
45 | rm -rf /etc/security/limits.d/20-nproc.conf
46 |
47 | # Clean
48 | yum clean all
49 | rm -rf /anaconda-post.log /var/log/anaconda/*
50 |
51 | # symlink for python3
52 | ln -s /bin/python3 /bin/python
53 | ln -sf /usr/bin/pip3.7 /usr/bin/pip3
54 |
--------------------------------------------------------------------------------
/base/centos-8/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2018-2021 Splunk
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | FROM centos:8
16 | LABEL maintainer="support@splunk.com"
17 |
18 | ARG SCLOUD_URL
19 | ENV SCLOUD_URL=${SCLOUD_URL}
20 |
21 | COPY install.sh /install.sh
22 | RUN /install.sh && rm -rf /install.sh
--------------------------------------------------------------------------------
/base/centos-8/install.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Copyright 2018-2021 Splunk
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | set -e
17 |
18 | yum -y install glibc-locale-source glibc-langpack-en
19 |
20 | localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
21 | export LANG=en_US.utf8
22 |
23 | yum -y update && yum -y install wget sudo epel-release make
24 | yum -y install ansible python3-requests python3-jmespath
25 |
26 | # Install busybox
27 | wget -O /bin/busybox https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-`arch`
28 | chmod +x /bin/busybox
29 |
30 | # Install scloud
31 | wget -O /usr/bin/scloud.tar.gz ${SCLOUD_URL}
32 | tar -xf /usr/bin/scloud.tar.gz -C /usr/bin/
33 | rm /usr/bin/scloud.tar.gz
34 |
35 | cd /bin
36 | ln -s busybox killall
37 | ln -s busybox netstat
38 | ln -s busybox nslookup
39 | ln -s busybox readline
40 | ln -s busybox route
41 | ln -s busybox syslogd
42 | ln -s busybox traceroute
43 | chmod u+s /bin/ping
44 | groupadd sudo
45 |
46 | echo "
47 | ## Allows people in group sudo to run all commands
48 | %sudo ALL=(ALL) ALL" >> /etc/sudoers
49 |
50 | # symlink for python3
51 | ln -s /bin/python3 /bin/python
52 | ln -sf /usr/bin/pip3.7 /usr/bin/pip3
53 |
54 | # Clean
55 | yum clean all
56 | rm -rf /anaconda-post.log /var/log/anaconda/*
57 |
--------------------------------------------------------------------------------
/base/debian-10/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2018-2021 Splunk
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | FROM debian:buster-slim
16 | LABEL maintainer="support@splunk.com"
17 |
18 | ARG SCLOUD_URL
19 | ENV SCLOUD_URL=${SCLOUD_URL} \
20 | DEBIAN_FRONTEND=noninteractive \
21 | PYTHON_VERSION=3.7.10 \
22 | PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D
23 |
24 | COPY install.sh /install.sh
25 | RUN /install.sh && rm -rf /install.sh
26 |
--------------------------------------------------------------------------------
/base/debian-10/install.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Copyright 2018-2021 Splunk
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | set -e
17 |
18 | # Generate UTF-8 char map and locale
19 | apt-get update -y
20 | apt-get install -y --no-install-recommends locales wget gnupg
21 | echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
22 | rm -f /usr/share/locale/locale.alias
23 | ln -s /etc/locale.alias /usr/share/locale/locale.alias
24 | locale-gen
25 | localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
26 | export LANG=en_US.utf8
27 |
28 | # Set timezone to use UTC
29 | ln -sf /usr/share/zoneinfo/UTC /etc/localtime
30 | /usr/sbin/dpkg-reconfigure -f noninteractive tzdata
31 |
32 | # Install utility packages
33 | apt-get install -y --no-install-recommends curl sudo libgssapi-krb5-2 busybox procps acl gcc make \
34 | libffi-dev libssl-dev make build-essential libbz2-dev \
35 | wget xz-utils ca-certificates zlib1g-dev python3-apt p11-kit liblz4-dev \
36 | libhogweed4=3.4.1-1+deb10u1 libgnutls30=3.6.7-4+deb10u7 libgcrypt20=1.8.4-5+deb10u1
37 |
38 | # Install Python and necessary packages
39 | PY_SHORT=${PYTHON_VERSION%.*}
40 | wget -O /tmp/python.tgz https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz
41 | wget -O /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz.asc
42 | gpg --recv-keys $PYTHON_GPG_KEY_ID
43 | gpg --verify /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc /tmp/python.tgz
44 | rm /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc
45 | mkdir -p /tmp/pyinstall
46 | tar -xzC /tmp/pyinstall/ --strip-components=1 -f /tmp/python.tgz
47 | rm /tmp/python.tgz
48 | cd /tmp/pyinstall
49 | ./configure --enable-optimizations --prefix=/usr --with-ensurepip=install
50 | make altinstall LDFLAGS="-Wl,--strip-all"
51 | rm -rf /tmp/pyinstall
52 | ln -sf /usr/bin/python${PY_SHORT} /usr/bin/python
53 | ln -sf /usr/bin/pip${PY_SHORT} /usr/bin/pip
54 | # For ansible apt module
55 | cd /tmp
56 | apt-get download python3-apt=1.8.4.3
57 | ARCH=`arch`
58 | PKG_ARCH=`dpkg --print-architecture`
59 | dpkg -x python3-apt_1.8.4.3_${PKG_ARCH}.deb python3-apt
60 | rm python3-apt_1.8.4.3_${PKG_ARCH}.deb
61 | cp -r /tmp/python3-apt/usr/lib/python3/dist-packages/* /usr/lib/python${PY_SHORT}/site-packages/
62 | cd /usr/lib/python${PY_SHORT}/site-packages/
63 | cp apt_pkg.cpython-37m-${ARCH}-linux-gnu.so apt_pkg.so
64 | cp apt_inst.cpython-37m-${ARCH}-linux-gnu.so apt_inst.so
65 | rm -rf /tmp/python3-apt
66 | # Install splunk-ansible dependencies
67 | cd /
68 | pip -q --no-cache-dir install six wheel requests cryptography==3.3.2 ansible==3.4.0 urllib3==1.26.5 jmespath --upgrade
69 | # Remove tests packaged in python libs
70 | find /usr/lib/ -depth \( -type d -a -not -wholename '*/ansible/plugins/test' -a \( -name test -o -name tests -o -name idle_test \) \) -exec rm -rf '{}' \;
71 | find /usr/lib/ -depth \( -type f -a -name '*.pyc' -o -name '*.pyo' -o -name '*.a' \) -exec rm -rf '{}' \;
72 | find /usr/lib/ -depth \( -type f -a -name 'wininst-*.exe' \) -exec rm -rf '{}' \;
73 | ldconfig
74 |
75 | apt-get remove -y --allow-remove-essential gcc libffi-dev libssl-dev make build-essential libbz2-dev xz-utils zlib1g-dev
76 | apt-get autoremove -y --allow-remove-essential
77 |
78 | # Install scloud
79 | wget -O /usr/bin/scloud.tar.gz ${SCLOUD_URL}
80 | tar -xf /usr/bin/scloud.tar.gz -C /usr/bin/
81 | rm /usr/bin/scloud.tar.gz
82 |
83 | # Enable busybox symlinks
84 | cd /bin
85 | BBOX_LINKS=( clear find diff hostname killall netstat nslookup ping ping6 readline route syslogd tail traceroute vi )
86 | for item in "${BBOX_LINKS[@]}"
87 | do
88 | ln -s busybox $item || true
89 | done
90 | chmod u+s /bin/ping
91 |
92 | # Clean
93 | apt clean autoclean
94 | rm -rf /var/lib/apt/lists/*
95 |
96 | # Symlink python/pip
97 | ln -sf /usr/bin/python3.7 /usr/bin/python3
98 | ln -sf /usr/bin/pip3.7 /usr/bin/pip3
--------------------------------------------------------------------------------
/base/debian-9/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2018-2021 Splunk
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | FROM debian:stretch-slim
16 | LABEL maintainer="support@splunk.com"
17 |
18 | ARG SCLOUD_URL
19 | ENV SCLOUD_URL=${SCLOUD_URL} \
20 | DEBIAN_FRONTEND=noninteractive \
21 | PYTHON_VERSION=3.7.10 \
22 | PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D
23 |
24 | COPY install.sh /install.sh
25 | RUN /install.sh && rm -rf /install.sh
26 |
--------------------------------------------------------------------------------
/base/debian-9/install.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Copyright 2018-2021 Splunk
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | set -e
17 |
18 | # Generate UTF-8 char map and locale
19 | apt-get update -y
20 | apt-get install -y --no-install-recommends locales wget gnupg apt-utils
21 | echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
22 | rm -f /usr/share/locale/locale.alias
23 | ln -s /etc/locale.alias /usr/share/locale/locale.alias
24 | locale-gen
25 | localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
26 | export LANG=en_US.utf8
27 |
28 | # Set timezone to use UTC
29 | ln -sf /usr/share/zoneinfo/UTC /etc/localtime
30 | /usr/sbin/dpkg-reconfigure -f noninteractive tzdata
31 |
32 | # Install utility packages
33 | apt-get install -y --no-install-recommends curl sudo libgssapi-krb5-2 busybox procps acl gcc make \
34 | libffi-dev libssl-dev make build-essential libbz2-dev \
35 | wget xz-utils ca-certificates zlib1g-dev liblz4-dev
36 |
37 | # Install Python and necessary packages
38 | PY_SHORT=${PYTHON_VERSION%.*}
39 | wget -O /tmp/python.tgz https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz
40 | wget -O /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz.asc
41 | apt-get install dirmngr -y
42 | gpg --keyserver keys.openpgp.org --recv-keys $PYTHON_GPG_KEY_ID \
43 | || gpg --keyserver pool.sks-keyservers.net --recv-keys $PYTHON_GPG_KEY_ID \
44 | || gpg --keyserver pgp.mit.edu --recv-keys $PYTHON_GPG_KEY_ID \
45 | || gpg --keyserver keyserver.pgp.com --recv-keys $PYTHON_GPG_KEY_ID
46 | gpg --verify /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc /tmp/python.tgz
47 | rm /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc
48 | mkdir -p /tmp/pyinstall
49 | tar -xzC /tmp/pyinstall/ --strip-components=1 -f /tmp/python.tgz
50 | rm /tmp/python.tgz
51 | cd /tmp/pyinstall
52 | ./configure --enable-optimizations --prefix=/usr --with-ensurepip=install
53 | make altinstall LDFLAGS="-Wl,--strip-all"
54 | rm -rf /tmp/pyinstall
55 | ln -sf /usr/bin/python${PY_SHORT} /usr/bin/python
56 | ln -sf /usr/bin/pip${PY_SHORT} /usr/bin/pip
57 | # For ansible apt module
58 | cd /tmp
59 | apt-get download python3-apt=1.4.3
60 | dpkg -x python3-apt_1.4.3_amd64.deb python3-apt
61 | rm python3-apt_1.4.3_amd64.deb
62 | cp -r /tmp/python3-apt/usr/lib/python3/dist-packages/* /usr/lib/python${PY_SHORT}/site-packages/
63 | cd /usr/lib/python${PY_SHORT}/site-packages/
64 | cp apt_pkg.cpython-35m-x86_64-linux-gnu.so apt_pkg.so
65 | cp apt_inst.cpython-35m-x86_64-linux-gnu.so apt_inst.so
66 | rm -rf /tmp/python3-apt
67 | # Install splunk-ansible dependencies
68 | cd /
69 | pip -q --no-cache-dir install six wheel requests cryptography==3.3.2 ansible==3.4.0 urllib3==1.26.5 jmespath --upgrade
70 | # Remove tests packaged in python libs
71 | find /usr/lib/ -depth \( -type d -a -not -wholename '*/ansible/plugins/test' -a \( -name test -o -name tests -o -name idle_test \) \) -exec rm -rf '{}' \;
72 | find /usr/lib/ -depth \( -type f -a -name '*.pyc' -o -name '*.pyo' -o -name '*.a' \) -exec rm -rf '{}' \;
73 | find /usr/lib/ -depth \( -type f -a -name 'wininst-*.exe' \) -exec rm -rf '{}' \;
74 | ldconfig
75 |
76 | apt-get remove -y --allow-remove-essential gcc libffi-dev libssl-dev make build-essential libbz2-dev xz-utils zlib1g-dev
77 | apt-get autoremove -y --allow-remove-essential
78 |
79 | # Install scloud
80 | wget -O /usr/bin/scloud.tar.gz ${SCLOUD_URL}
81 | tar -xf /usr/bin/scloud.tar.gz -C /usr/bin/
82 | rm /usr/bin/scloud.tar.gz
83 |
84 | # Enable busybox symlinks
85 | cd /bin
86 | BBOX_LINKS=( clear find diff hostname killall netstat nslookup ping ping6 readline route syslogd tail traceroute vi )
87 | for item in "${BBOX_LINKS[@]}"
88 | do
89 | ln -s busybox $item || true
90 | done
91 | chmod u+s /bin/ping
92 |
93 | # Clean
94 | apt clean autoclean
95 | rm -rf /var/lib/apt/lists/*
96 |
97 | # Symlink python/pip
98 | ln -sf /usr/bin/python3.7 /usr/bin/python3
99 | ln -sf /usr/bin/pip3.7 /usr/bin/pip3
100 |
--------------------------------------------------------------------------------
/base/redhat-8/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2018-2021 Splunk
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | # NOTE that since OpenShift Container Platform 3.11
16 | # the container catalog moved from registry.access.redhat.com to registry.redhat.io
17 | # So at some point before they deprecate the old registry we have to make sure that
18 | # we have access to the new registry and change where we pull the ubi image from.
19 | FROM registry.access.redhat.com/ubi8/ubi-minimal
20 |
21 | LABEL name="splunk" \
22 | maintainer="support@splunk.com" \
23 | vendor="splunk" \
24 | release="1" \
25 | summary="UBI 8 Docker image of Splunk Enterprise" \
26 | description="Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results."
27 |
28 | ENV PYTHON_VERSION=3.9.19 \
29 | PYTHON_GPG_KEY_ID=E3FF2839C048B25C084DEBE9B26995E310250568
30 |
31 | COPY install.sh /install.sh
32 |
33 | RUN mkdir /licenses \
34 | && curl -o /licenses/apache-2.0.txt https://www.apache.org/licenses/LICENSE-2.0.txt \
35 | && curl -o /licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf \
36 | && /install.sh
37 |
--------------------------------------------------------------------------------
/base/redhat-9/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2018-2021 Splunk
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | # NOTE that since OpenShift Container Platform 3.11
16 | # the container catalog moved from registry.access.redhat.com to registry.redhat.io
17 | # So at some point before they deprecate the old registry we have to make sure that
18 | # we have access to the new registry and change where we pull the ubi image from.
19 | FROM registry.access.redhat.com/ubi9/ubi-minimal
20 |
21 | LABEL name="splunk" \
22 | maintainer="support@splunk.com" \
23 | vendor="splunk" \
24 | release="1" \
25 | summary="UBI 9 Docker image of Splunk Enterprise" \
26 | description="Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results."
27 |
28 | ARG BUSYBOX_URL
29 |
30 | ENV BUSYBOX_URL=${BUSYBOX_URL} \
31 | PYTHON_VERSION=3.9.19 \
32 | PYTHON_GPG_KEY_ID=E3FF2839C048B25C084DEBE9B26995E310250568
33 |
34 | COPY install.sh /install.sh
35 |
36 | RUN mkdir /licenses \
37 | && curl -o /licenses/apache-2.0.txt https://www.apache.org/licenses/LICENSE-2.0.txt \
38 | && curl -o /licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf \
39 | && /install.sh && rm -rf /install.sh
40 |
--------------------------------------------------------------------------------
/clair-whitelist.yml:
--------------------------------------------------------------------------------
1 | generalwhitelist:
2 | CVE-2018-16876: Ansible is updated passed 2.7.5
3 | CVE-2018-7169: While shadow does exist in the debian containers, it is not actively referenced by splunk.
4 | CVE-2016-10739: Once debian updates glibc, this will be fixed. This should not be exposed in Splunk
5 | CVE-2011-3389: Installed in the base debian package, but not used.
6 | CVE-2018-14647: Issue that exists in current Python, awaiting patch.
7 | CVE-2016-10228: Installed with glibc, but miss flags on debian. Verify version is > 2.25
8 | CVE-2018-20679: Busybox is not used for anything related to DHCP by default in the container.
9 | CVE-2016-2781: chroot is not used the container by default.
10 | CVE-2011-3374: Apt is a required library of debian. This must be updated from debian's side.
11 | CVE-2013-4392: Systemd only has partial libraries installed in debian-slim packages. Full systemd is not enabled.
12 | CVE-2010-4052: False Positive. Being flagged even though glibc is > 2.12
13 | CVE-2010-4756: There is no ftp daemon running in the container.
14 | CVE-2010-4051: False Positive. Installed libc is > 2.12
15 | CVE-2020-29361: Fixed in 0.23.15-2+deb10u1 per https://security-tracker.debian.org/tracker/CVE-2020-29361
16 | CVE-2020-29362: Fixed in 0.23.15-2+deb10u1 per https://security-tracker.debian.org/tracker/CVE-2020-29362
17 | CVE-2020-29363: Fixed in 0.23.15-2+deb10u1 per https://security-tracker.debian.org/tracker/CVE-2020-29363
18 |
--------------------------------------------------------------------------------
/clair_to_junit_parser.py:
--------------------------------------------------------------------------------
1 | import json
2 | from junit_xml import TestSuite, TestCase
3 | import os
4 | import argparse
5 | import logging
6 |
7 | logger = logging.getLogger('clair_scanner_converter')
8 | logger.setLevel(logging.WARN)
9 | console_logger = logging.StreamHandler()
10 | console_logger.setLevel(logging.WARN)
11 | formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
12 | console_logger.setFormatter(formatter)
13 | logger.addHandler(console_logger)
14 |
15 | def parse_args():
16 | parser = argparse.ArgumentParser(description="Process Json File")
17 | parser.add_argument("clairfile", type=str, default=None, help="Location of clair scanner ouptut file to convert to cucumber.json")
18 | parser.add_argument("--output", type=str, default=None, help="name of output file to store in new format. Defaults to clair inputfile")
19 | args = parser.parse_args()
20 | if not args.output:
21 | logger.warning("No output file specified, replacing input file.")
22 | args.output = args.clairfile
23 | return args
24 |
25 | def main():
26 | cwd = os.getcwd()
27 | args = parse_args()
28 | try:
29 | if os.path.exists(args.clairfile):
30 | with open(args.clairfile) as clairfile:
31 | clair_parsed_file = json.load(clairfile)
32 | if os.path.exists(os.path.join("clair-scanner-logs", "/clair_setup_errors.log")):
33 | with open(os.path.join("clair-scanner-logs", "/clair_setup_errors.log"), 'r') as clairfile_errors:
34 | clair_parsed_error_file = clairfile_errors.readlines()
35 | else:
36 | clair_parsed_error_file = None
37 | except:
38 | logger.exception("Failed to parse clair / clair_error file. Exiting.")
39 |
40 | current_sorted_level = None
41 | current_suite = None
42 | test_suites = []
43 | if clair_parsed_error_file:
44 | current_suite = TestSuite("SetupError")
45 | new_step = TestCase(name="SetupError", classname="SetupError", status="unapproved", stderr=clair_parsed_error_file)
46 | new_step.log = clair_parsed_error_file
47 | new_step.category = "SetupError"
48 | new_step.failure_type = "unapproved"
49 | new_step.failure_message = "Please have the following security issue reviewed by Splunk: {}".format(vuln["link"])
50 | new_step.failure_output = clair_parsed_error_file
51 | current_suite.test_cases.append(new_step)
52 | test_suites.append(current_suite)
53 | for vuln in clair_parsed_file["vulnerabilities"]:
54 | if current_sorted_level != vuln["severity"]:
55 | if current_suite:
56 | test_suites.append(current_suite)
57 | current_suite = TestSuite(name=vuln["severity"])
58 | current_sorted_level = vuln["severity"]
59 | new_step = TestCase(name=vuln["vulnerability"], classname=vuln["severity"], status="unapproved", url=vuln["link"], stderr=vuln["description"])
60 | new_step.log = vuln
61 | new_step.category = vuln["severity"]
62 | new_step.failure_type = "unapproved"
63 | new_step.failure_message = "Please have the following security issue reviewed by Splunk: {}".format(vuln["link"])
64 | new_step.failure_output = vuln["description"]
65 | current_suite.test_cases.append(new_step)
66 | # try to write new file
67 | try:
68 | with open(args.output, 'w') as outfile:
69 | outfile.write(TestSuite.to_xml_string(test_suites))
70 | except:
71 | logger.exception("Filed saving file.")
72 |
73 |
74 | if __name__ == "__main__":
75 | main()
76 |
--------------------------------------------------------------------------------
/docs/ARCHITECTURE.md:
--------------------------------------------------------------------------------
1 | ## Architecture
2 | From a design perspective, the containers brought up with the `docker-splunk` images are meant to provision themselves locally and asynchronously. The execution flow of the provisioning process is meant to gracefully handle interoperability in this manner, while also maintaining idempotency and reliability.
3 |
4 | ## Navigation
5 |
6 | * [Networking](#networking)
7 | * [Design](#design)
8 | * [Remote networking](#remote-networking)
9 | * [Supported platforms](#supported-platforms)
10 |
11 | ## Networking
12 | By default, the Docker image exposes a variety of ports for both external interaction as well as internal use.
13 | ```
14 | EXPOSE 8000 8065 8088 8089 8191 9887 9997
15 | ```
16 |
17 | Below is a table detailing the purpose of each port, which can be used as a reference for determining whether the port should be published for external consumption.
18 |
19 | | Port Number | Description |
20 | | --- | --- |
21 | | 8000 | SplunkWeb UI |
22 | | 8065 | Splunk app server |
23 | | 8088 | HTTP Event Collector (HEC) |
24 | | 8089 | SplunkD management port (REST API access) |
25 | | 8191 | Key-value store replication |
26 | | 9887 | Index replication |
27 | | 9997 | Indexing/receiving |
28 |
29 | ## Design
30 |
31 | #### Remote networking
32 | Particularly when bringing up distributed Splunk topologies, there is a need for one Splunk instances to make a request against another Splunk instance in order to construct the cluster. These networking requests are often prone to failure, as when Ansible is executed asynchronously there are no guarantees that the requestee is online/ready to receive the message.
33 |
34 | While developing new playbooks that require remote Splunk-to-Splunk connectivity, we employ the use of `retry` and `delay` options for tasks. For instance, in this example below, we add indexers as search peers of individual search head. To overcome error-prone networking, we have retry counts with delays embedded in the task. There are also break-early conditions that maintain idempotency so we can progress if successful:
35 |
36 |
37 | ```yaml
38 | - name: Set all indexers as search peers
39 | command: "{{ splunk.exec }} add search-server https://{{ item }}:{{ splunk.svc_port }} -auth {{ splunk.admin_user }}:{{ splunk.password }} -remoteUsername {{ splunk.admin_user }} -remotePassword {{ splunk.password }}"
40 | become: yes
41 | become_user: "{{ splunk.user }}"
42 | with_items: "{{ groups['splunk_indexer'] }}"
43 | register: set_indexer_as_peer
44 | until: set_indexer_as_peer.rc == 0 or set_indexer_as_peer.rc == 24
45 | retries: "{{ retry_num }}"
46 | delay: 3
47 | changed_when: set_indexer_as_peer.rc == 0
48 | failed_when: set_indexer_as_peer.rc != 0 and 'already exists' not in set_indexer_as_peer.stderr
49 | notify:
50 | - Restart the splunkd service
51 | no_log: "{{ hide_password }}"
52 | when: "'splunk_indexer' in groups"
53 | ```
54 |
55 |
56 | Another utility you can add when creating new plays is an implicit wait. For more information on this, see the `roles/splunk_common/tasks/wait_for_splunk_instance.yml` play which will wait for another Splunk instance to be online before making any connections against it.
57 |
58 |
59 | ```yaml
60 | - name: Check Splunk instance is running
61 | uri:
62 | url: https://{{ splunk_instance_address }}:{{ splunk.svc_port }}/services/server/info?output_mode=json
63 | method: GET
64 | user: "{{ splunk.admin_user }}"
65 | password: "{{ splunk.password }}"
66 | validate_certs: false
67 | register: task_response
68 | until:
69 | - task_response.status == 200
70 | - lookup('pipe', 'date +"%s"')|int - task_response.json.entry[0].content.startup_time > 10
71 | retries: "{{ retry_num }}"
72 | delay: 3
73 | ignore_errors: true
74 | no_log: "{{ hide_password }}"
75 | ```
76 |
77 |
78 | ## Supported platforms
79 | At the current time, this project only officially supports running Splunk Enterprise on `debian:stretch-slim`. We do have plans to incorporate other operating systems and Windows in the future.
80 |
81 |
--------------------------------------------------------------------------------
/docs/INTRODUCTION.md:
--------------------------------------------------------------------------------
1 | ## The Need for Containers
2 | Splunk Enterprise is most commonly deployed with dedicated hardware, and in configurations to support the size of your organization. Expanding your Splunk Enterprise service using only dedicated hardware involves procuring new hardware, installing the operating system, installing and then configuring Splunk Enterprise. Expanding to meet the needs of your users rapidly becomes difficult and overly complex in this model.
3 |
4 | The overhead of this operation normally leads people down the path of creating virtual machines using a hypervisor. A hypervisor provides a significant improvement to the speed of spinning up more compute resources, but comes with one major drawback: the overhead of running multiple operating systems on one host.
5 |
6 | 
7 |
8 | ## The Advent of Docker
9 | In recent years, [Docker](https://www.docker.com) has become the de-facto tool designed make it easier to create, deploy, and run applications through the use of containers.
10 |
11 | Containers allow an application to be the only process that runs in a VM-like, isolated environment. Unlike a hypervisor, a container-based system does not require the use of a guest operating system. This allows a single host to dedicate more resources towards the application.
12 |
13 | For more information on how containers or Docker works, we'll [let Docker do the talking](https://www.docker.com/resources/what-container).
14 |
15 | 
16 |
17 | The Splunk user community has asked us to support containerization as a platform for running Splunk. The promise of running applications in a microservice-oriented architecture evangelizes the principles of infrastructure-as-code and declarative directives, and we aimed to bring those benefits with the work in this codebase. This project delivers on that request: to provide the rich functionality that Splunk Enterprise offers with the user-friendliness and production-readiness of container-native software.
18 |
19 | ## History
20 | In 2015, Denis Gladkikh ([@outcoldman](https://github.com/outcoldman)) created an open-source GitHub repository for installing Splunk Enterprise, Splunk Universal Forwarder, and Splunk Light inside containers.
21 |
22 | Universal Forwarders and standalone instances were being brought online at a rapid pace, which introduced a new level of complexity into the enterprise environment. In 2018, a new container image was created to improve the flexibility with which Splunk Enterprise could be operated in larger and more dynamic environments. The new Splunk container can now with a small environment and grow with the deployment. This, however, has caused a divergence from the open-source community edition of the Splunk Enterprise container.
23 |
24 | As a result, containers for Splunk Enterprise versions prior to 7.1 can not be used with, or in conjunction with, this new version as it is not backward compatible. We are also unable to support version updates from any prior container to the current version released with Splunk Enterprise and Splunk Universal Forwarder 7.2, as the older versions are not forward compatible. We are sorry for any inconvenience this may cause.
25 |
--------------------------------------------------------------------------------
/docs/README.md:
--------------------------------------------------------------------------------
1 | # Splunk Enterprise Docker Container
2 |
3 | **Use the Docker containers for Splunk Enterprise and the Splunk Universal Forwarder to quickly deploy Splunk software, with the ability to add complexity in the future.**
4 |
5 | ## Top features
6 |
7 | * Deployment of Splunk Enterprise that can be run on your laptop or desktop, or pushed to a large orchestrator
8 | * Support for multiple Splunk Enterprise topologies including:
9 | * Standalone Splunk Enterprise server
10 | * Standalone Universal and Heavy forwarders
11 | * See [Splunk Validated Architectures](https://www.splunk.com/pdfs/white-papers/splunk-validated-architectures.pdf) for more information. Currently, only the S1 architecture is supported.
12 | * Automatic installation of the latest version of Splunk Enterprise and the Splunk Universal Forwarder, beginning with version 7.2
13 | * Defaults to the latest official Splunk Enterprise/Splunk Universal Forwarder release
14 | * **Versions 7.2 and higher** can be installed and upgraded to the latest version of Splunk Enterprise and the Splunk Universal Forwarder.
15 | * Automatic installation of most Splunk-supported apps
16 | * Splunk Enterprise applications such as Splunk IT Service Intelligence (ITSI) and Splunk Enterprise Security (ES) might require additional setup and must be installed by Splunk Professional Services.
17 |
--------------------------------------------------------------------------------
/docs/SECURITY.md:
--------------------------------------------------------------------------------
1 | ## Security ##
2 | This section will cover various security considerations when using the Splunk Enterprise and Universal Forwarder containers.
3 |
4 | ### Startup Users ###
5 |
6 | The Splunk Enterprise and Universal Forwarder containers may be started using one of the following three user accounts:
7 |
8 | * `splunk` (most secure): This user has no privileged access and cannot use `sudo` to change to another user account. It is a member of the `ansible` group, which enables it to run the embedded playbooks at startup. When using the `splunk` user, all processes will run as this user. The `SPLUNK_HOME_OWNERSHIP_ENFORCEMENT` environment variable must be set to `false` when starting as this user. ***Recommended for production***
9 |
10 | * `ansible` (middle ground): This user is a member of the `sudo` group and able to execute `sudo` commands without a password. It uses privileged access at startup only to perform certain actions which cannot be performed by regular users (see below). After startup, `sudo` access will automatically be removed from the `ansible` user if the environment variable `STEPDOWN_ANSIBLE_USER` is set to `true`. ***This is the default user account***
11 |
12 | * `root` (least secure): This is a privileged user running with UID of `0`. Some customers may want to use this for forwarder processes that require access to log files which cannot be read by any other user. ***This is not recommended***
13 |
14 | ### After Startup ###
15 |
16 | By default, the primary Splunk processes will always run as the unprivileged user and group `splunk`,
17 | regardless of which user account the containers are started with. You can override this by changing the following:
18 |
19 | * User: `splunk.user` variable in your `default.yml` template, or the `SPLUNK_USER` environment variable
20 | * Group: `splunk.group` variable in your `default.yml` template, or the `SPLUNK_GROUP` environment variable
21 |
22 | Note that the containers are built with the `splunk` user having UID `41812` and the `splunk` group having GID `41812`.
23 |
24 | You may want to override these settings to ensure that Splunk forwarder processes have access to read your log files. For example, you can ensure that all processes run as `root` by starting as the `root` user with the environment variable `SPLUNK_USER` also set to `root` (this is not recommended).
25 |
26 | ### Privileged Features ###
27 |
28 | Certain features supported by the Splunk Enterprise and Universal Forwarder containers require that they are started with privileged access using either the `ansible` or `root` user accounts.
29 |
30 | #### Splunk Home Ownership ####
31 |
32 | By default, at startup the containers will ensure that all files located under the `SPLUNK_HOME` directory (`/opt/splunk`) are owned by user `splunk` and group `splunk`. This helps to ensure that the Splunk processes are able to read and write any external volumes mounted for `/opt/splunk/etc` and `/opt/splunk/var`. While all supported versions of the docker engine will automatically set proper ownership for these volumes, external orchestration systems
33 | typically will require extra steps.
34 |
35 | If you know that this step is unnecessary, you can disable it by setting the `SPLUNK_HOME_OWNERSHIP_ENFORCEMENT` environment variable to `false`. This must be disabled when starting containers with the `splunk` user account.
36 |
37 | #### Package Installation ####
38 |
39 | The `JAVA_VERSION` environment variable can be used to automatically install OpenJDK at startup time. This feature requires starting as a privileged user account.
40 |
41 | ### Kubernetes Users ###
42 |
43 | For Kubernetes, we recommend using the `fsGroup` [Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) to ensure that all Pods are able to write to your Persistent Volumes. For example:
44 |
45 | ```
46 | apiVersion: v1
47 | kind: Pod
48 | metadata:
49 | name: example-splunk-pod
50 | spec:
51 | securityContext:
52 | runAsUser: 41812
53 | fsGroup: 41812
54 | containers:
55 | name: example-splunk-container
56 | image: splunk/splunk
57 | env:
58 | - name: SPLUNK_HOME_OWNERSHIP_ENFORCEMENT
59 | value: "false"
60 | ...
61 | ```
62 |
63 | This can be used to create a Splunk Enterprise Pod running as the unprivileged `splunk` user which is able to securely read and write from any Persistent Volumes that are created for it.
64 |
65 | Red Hat OpenShift users can leverage the built-in `nonroot` [Security Context Constraint](https://docs.openshift.com/container-platform/3.9/admin_guide/manage_scc.html)
66 | to run Pods with the above Security Context:
67 | ```
68 | oc adm policy add-scc-to-user nonroot default
69 | ```
--------------------------------------------------------------------------------
/docs/SUPPORT.md:
--------------------------------------------------------------------------------
1 | ## Navigation
2 |
3 | * [Preface](#preface)
4 | * [System requirements](#system-requirements)
5 | * [Contact](#contact)
6 | * [Support violation](#support-violation)
7 |
8 | ## Preface
9 | Splunk Enterprise contains many settings that allow customers to tailor their Splunk environment. However, because not all settings apply to all customers, Splunk will only support the most common subset of all configurations. Throughout this document, the term "supported" means you can contact Splunk Support for assistance with issues.
10 |
11 | ## System requirements
12 |
13 | If you intend for this containerized Splunk Enterprise deployment to be supported in your Enterprise Support Agreement, you must verify you meet all of the requirements below. **Failure to do so will render your deployment in an unsupported state.** See [Support violation](#support-violation) below.
14 |
15 | The following prerequisites and dependencies must be installed on each node you plan on deploying the container.
16 | * Linux-based operating system, such as Debian, CentOS, and so on.
17 | * Chipset:
18 | * `splunk/splunk` image supports x86-64 chipsets
19 | * `splunk/universalforwarder` image supports both x86-64 and s390x chipsets
20 | * Kernel version 4.x
21 | * Docker engine:
22 | * Docker Enterprise Engine 17.06.2 or higher
23 | * Docker Community Engine 17.06.2 or higher
24 |
25 | **Note:** If you are using [podman](https://github.com/containers/libpod), [CRI-O](https://github.com/cri-o/cri-o), [containerd](https://github.com/containerd/containerd) or other container runtimes, please be aware that these are currently outside of our support/testing matrix. It's possible that this Docker image still works, although you may need to manually add the environment variable `KUBERNETES_SERVICE_HOST=kubernetes` to configure the provisioning hooks properly.
26 | * [OverlayFS](https://docs.docker.com/storage/storagedriver/overlayfs-driver/) `overlay2` Docker daemon storage driver
27 | 1. Edit `/etc/docker/daemon.json`. If it does not yet exist, create it.
28 | 2. Assuming the file was empty, add the following contents:
29 | ```
30 | { "storage-driver": "overlay2" }
31 | ```
32 | **Note:** If you already have an existing JSON file, add only `"storage-driver": "overlay2"` as a key-value pair. Docker does not start if the `daemon.json` file contains badly-formed JSON.
33 |
34 | ### See also
35 |
36 | * [Supported platforms for containerized Splunk software environments](https://docs.splunk.com/Documentation/Splunk/latest/Installation/Systemrequirements#Containerized_computing_platforms)
37 | * [Recommended hardware and capacity](https://docs.splunk.com/Documentation/Splunk/latest/Installation/Systemrequirements#Recommended_hardware)
38 | * Basic instructions to [deploy and run Splunk Enterprise inside containers](https://docs.splunk.com/Documentation/Splunk/latest/Installation/DeployandrunSplunkEnterpriseinsideDockercontainers)
39 |
40 | ## Contact
41 | Splunk Support only provides support for the single instance Splunk Validated Architectures (S-Type), Universal Forwarders and Heavy Forwarders. For all other configurations, [contact Splunk Professional Services](https://www.splunk.com/en_us/support-and-services.html).
42 |
43 | For additional support, you can:
44 | * Post a question to [Splunk Answers](http://answers.splunk.com).
45 | * [Join us on Slack](https://docs.splunk.com/Documentation/Community/1.0/community/Chat#Join_us_on_Slack) and post in the [#docker](https://splunk-usergroups.slack.com/messages/C1RH09ERM/) channel.
46 |
47 | If you are a Splunk Enterprise customer with a valid support entitlement contract and have a Splunk-related question, you can
48 | * Open a support case on the support portal.
49 |
50 | ## Support violation
51 | In the following conditions, Splunk Support reserves the right to deem your installation unsupported and not provide assistance when issues arise:
52 | * You do not have an active support contract.
53 | * You are running Splunk Enterprise and/or Splunk Universal Forwarder in a container on a platform not officially supported by Splunk.
54 | * You are using features not officially supported by Splunk.
55 |
56 | In the event you fall into an unsupported state, you may find support on [Splunk Answers](http://answers.splunk.com) or through the open-source communities found on GitHub for this [docker-splunk](https://github.com/splunk/docker-splunk) project or the related [splunk-ansible](https://www.github.com/splunk/splunk-ansible) project.
57 |
--------------------------------------------------------------------------------
/docs/_config.yml:
--------------------------------------------------------------------------------
1 | include: [ 'CONTRIBUTING.md', 'LICENSE.md' ]
2 | relative_links:
3 | enabled: true
4 | collections: true
5 | markdown: kramdown
6 | kramdown:
7 | parse_block_html: true
8 | plugins:
9 | - jemoji
10 |
--------------------------------------------------------------------------------
/docs/contributing/code-of-conduct.md:
--------------------------------------------------------------------------------
1 | ## Code of Conduct
2 |
3 | ### Our Pledge
4 |
5 | In the interest of fostering an open and welcoming environment, we as
6 | contributors and maintainers pledge to making participation in our project and
7 | our community a harassment-free experience for everyone, regardless of age, body
8 | size, disability, ethnicity, gender identity and expression, level of experience,
9 | nationality, personal appearance, race, religion, or sexual identity and
10 | orientation.
11 |
12 | ### Our Standards
13 |
14 | Examples of behavior that contributes to creating a positive environment
15 | include:
16 |
17 | * Using welcoming and inclusive language
18 | * Being respectful of differing viewpoints and experiences
19 | * Gracefully accepting constructive criticism
20 | * Focusing on what is best for the community
21 | * Showing empathy towards other community members
22 |
23 | Examples of unacceptable behavior by participants include:
24 |
25 | * The use of sexualized language or imagery and unwelcome sexual attention or
26 | advances
27 | * Trolling, insulting/derogatory comments, and personal or political attacks
28 | * Public or private harassment
29 | * Publishing others' private information, such as a physical or electronic address, without explicit permission
30 | * Other conduct which could reasonably be considered inappropriate in a professional setting
31 |
32 | ### Our Responsibilities
33 |
34 | Project maintainers are responsible for clarifying the standards of acceptable
35 | behavior and are expected to take appropriate and fair corrective action in
36 | response to any instances of unacceptable behavior.
37 |
38 | Project maintainers have the right and responsibility to remove, edit, or
39 | reject comments, commits, code, wiki edits, issues, and other contributions
40 | that are not aligned to this Code of Conduct, or to ban temporarily or
41 | permanently any contributor for other behaviors that they deem inappropriate,
42 | threatening, offensive, or harmful.
43 |
44 | ### Scope
45 |
46 | This Code of Conduct applies both within project spaces and in public spaces
47 | when an individual is representing the project or its community. Examples of
48 | representing a project or community include using an official project e-mail
49 | address, posting via an official social media account, or acting as an appointed
50 | representative at an online or offline event. Representation of a project may be
51 | further defined and clarified by project maintainers.
52 |
53 | ### Enforcement
54 |
55 | Instances of abusive, harassing, or otherwise unacceptable behavior may be
56 | reported by contacting the project team at support@splunk.com. All
57 | complaints will be reviewed and investigated and will result in a response that
58 | is deemed necessary and appropriate to the circumstances. The project team is
59 | obligated to maintain confidentiality with regard to the reporter of an incident.
60 | Further details of specific enforcement policies may be posted separately.
61 |
62 | Project maintainers who do not follow or enforce the Code of Conduct in good
63 | faith may face temporary or permanent repercussions as determined by other
64 | members of the project's leadership.
65 |
66 | ### Attribution
67 |
68 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
69 | available at [http://contributor-covenant.org/version/1/4][version]
70 |
71 | [homepage]: http://contributor-covenant.org
72 | [version]: http://contributor-covenant.org/version/1/4/
73 |
--------------------------------------------------------------------------------
/docs/images/container-vm.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/splunk/docker-splunk/83df4dfa1ad4b18f15b3cdb253ee3f05b93da5ba/docs/images/container-vm.png
--------------------------------------------------------------------------------
/docs/images/containerized-application.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/splunk/docker-splunk/83df4dfa1ad4b18f15b3cdb253ee3f05b93da5ba/docs/images/containerized-application.png
--------------------------------------------------------------------------------
/docs/index.md:
--------------------------------------------------------------------------------
1 | # Welcome to the Docker-Splunk documentation!
2 |
3 | Welcome to the official Splunk documentation on containerizing Splunk Enterprise and Splunk Universal Forwarder deployments with Docker.
4 |
5 | ### What is Splunk Enterprise?
6 | [Splunk Enterprise](https://www.splunk.com/en_us/software/splunk-enterprise.html) is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
7 |
8 | See [Splunk Products](https://www.splunk.com/en_us/software.html) for more information about the features and capabilities of Splunk products and how you can [bring them into your organization](https://www.splunk.com/en_us/enterprise-data-platform.html).
9 |
10 | ### What is Docker-Splunk?
11 | The [Docker-Splunk project](https://github.com/splunk/docker-splunk) is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk Enterprise.
12 |
13 | This repository should be used by people interested in running Splunk in their container orchestration environments. With this Docker image, we support running a standalone development Splunk instance as easily as running a full-fledged distributed production cluster, all while maintaining the best practices and recommended standards of operating Splunk at scale.
14 |
15 | The provisioning of these disjoint containers is handled by the [Splunk-Ansible](https://github.com/splunk/splunk-ansible) project. Refer to the [Splunk-Ansible documentation](https://splunk.github.io/splunk-ansible/) and the [Ansible User Guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) for more details.
16 |
17 | ---
18 |
19 | ### Table of Contents
20 |
21 | * [Introduction](INTRODUCTION.md)
22 | * [Getting Started](SETUP.md)
23 | * [Requirements](SETUP.md#requirements)
24 | * [Install](SETUP.md#install)
25 | * [Deploy](SETUP.md#deploy)
26 | * [Examples](EXAMPLES.md)
27 | * [Advanced Usage](ADVANCED.md)
28 | * [Runtime configuration](ADVANCED.md#runtime-configuration)
29 | * [Install apps](ADVANCED.md#install-apps)
30 | * [Apply Splunk license](ADVANCED.md#apply-splunk-license)
31 | * [Create custom configs](ADVANCED.md#create-custom-configs)
32 | * [Enable SmartStore](ADVANCED.md#enable-smartstore)
33 | * [Use a deployment server](ADVANCED.md#use-a-deployment-server)
34 | * [Deploy distributed topology](ADVANCED.md#deploy-distributed-topology)
35 | * [Enable SSL communication](ADVANCED.md#enable-ssl-internal-communication)
36 | * [Build from source](ADVANCED.md#build-from-source)
37 | * [Persistent Storage](STORAGE_OPTIONS.md)
38 | * [Architecture](ARCHITECTURE.md)
39 | * [Troubleshooting](TROUBLESHOOTING.md)
40 | * [Contributing](CONTRIBUTING.md)
41 | * [Support](SUPPORT.md)
42 | * [Changelog](CHANGELOG.md)
43 | * [License](LICENSE.md)
44 |
--------------------------------------------------------------------------------
/py23-image/centos-7/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG SPLUNK_PRODUCT=splunk
2 | FROM ${SPLUNK_PRODUCT}-centos-7:latest
3 | USER root
4 |
5 | RUN yum -y update
6 | RUN yum -y install gcc openssl-devel bzip2-devel libffi-devel python-pip
7 | # INFRA-15385: manual installation of python 3.7 as default distro version is 3.6
8 | RUN wget https://www.python.org/ftp/python/3.7.4/Python-3.7.4.tgz \
9 | && tar xzf Python-3.7.4.tgz \
10 | && cd Python-3.7.4 \
11 | && ./configure --enable-optimizations --prefix=/usr \
12 | && make install \
13 | && cd .. \
14 | && rm Python-3.7.4.tgz \
15 | && rm -r Python-3.7.4 \
16 | && curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
17 | && python3.7 get-pip.py \
18 | && rm -f get-pip.py \
19 | #pip version is not automatically "fixed", unlike debian-based
20 | && ln -sf /usr/bin/pip2 /usr/bin/pip
21 | RUN yum remove -y --setopt=tsflags=noscripts gcc openssl-devel bzip2-devel libffi-devel \
22 | && yum autoremove -y \
23 | && yum clean all
24 | RUN pip3 --no-cache-dir install ansible==3.4.0 requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0
25 |
--------------------------------------------------------------------------------
/py23-image/centos-8/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG SPLUNK_PRODUCT=splunk
2 | FROM ${SPLUNK_PRODUCT}-centos-8:latest
3 | USER root
4 |
5 | RUN yum -y update
6 | RUN yum -y install gcc openssl-devel bzip2-devel libffi-devel python3-pip python2 python2-pip
7 |
8 | # manual installation of python 3.7 as default distro version is 3.6
9 | RUN wget https://www.python.org/ftp/python/3.7.4/Python-3.7.4.tgz \
10 | && tar xzf Python-3.7.4.tgz \
11 | && cd Python-3.7.4 \
12 | && ./configure --enable-optimizations --prefix=/usr \
13 | && make install \
14 | && cd .. \
15 | && rm Python-3.7.4.tgz \
16 | && rm -r Python-3.7.4 \
17 | && curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
18 | && python3.7 get-pip.py \
19 | && rm -f get-pip.py \
20 | # pip version is not automatically "fixed", unlike debian-based
21 | && ln -sf /usr/bin/pip2 /usr/bin/pip
22 | # add python alias
23 | # && ln -s /bin/python3 /bin/python
24 |
25 | RUN yum remove -y --setopt=tsflags=noscripts gcc openssl-devel bzip2-devel libffi-devel \
26 | && yum autoremove -y \
27 | && yum clean all
28 | RUN pip3 --no-cache-dir install ansible==3.4.0 requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0 \
29 | && pip --no-cache-dir install requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0
30 |
--------------------------------------------------------------------------------
/py23-image/debian-10/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG SPLUNK_PRODUCT=splunk
2 | FROM ${SPLUNK_PRODUCT}-debian-10:latest
3 | USER root
4 |
5 | RUN apt-get update -y \
6 | && apt-get install -y --no-install-recommends libpython-dev python-pip python-requests python-jmespath python-yaml \
7 | && ln -sf /usr/bin/python3.7 /usr/bin/python \
8 | && ln -sf /usr/bin/pip3.7 /usr/bin/pip \
9 | && pip3 install --upgrade ansible==3.4.0 requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0
10 |
--------------------------------------------------------------------------------
/py23-image/debian-9/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG SPLUNK_PRODUCT=splunk
2 | FROM ${SPLUNK_PRODUCT}-debian-9:latest
3 | USER root
4 |
5 | RUN apt-get update -y \
6 | && apt-get install -y --no-install-recommends libpython-dev python-pip python-requests python-jmespath python-yaml \
7 | && ln -sf /usr/bin/python3.7 /usr/bin/python \
8 | && ln -sf /usr/bin/pip3.7 /usr/bin/pip \
9 | && pip3 install --upgrade ansible==3.4.0 requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0
10 |
--------------------------------------------------------------------------------
/py23-image/redhat-8/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG SPLUNK_PRODUCT=splunk
2 | FROM ${SPLUNK_PRODUCT}-redhat-8:latest
3 | USER root
4 |
5 | RUN microdnf -y --nodocs update \
6 | && microdnf -y --nodocs install python2 \
7 | && pip2 install --upgrade pip \
8 | && pip2 --no-cache-dir install requests pyyaml jmespath \
9 | && ln -sf /usr/bin/python3.9 /usr/bin/python \
10 | && ln -sf /usr/bin/pip3.9 /usr/bin/pip \
11 | && pip3 install --upgrade requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0
12 |
--------------------------------------------------------------------------------
/splunk/common-files/apps/splunk_enterprise_on_docker/default/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | is_configured = 1
3 |
4 | [ui]
5 | is_visible = 0
6 | label = Splunk Enterprise On Docker
7 |
8 | [launcher]
9 | author = Splunk
10 | description = When telemetry is enabled, this app is used to help Splunk understand how many customers are running our products within Docker containers.
11 | version = 1.0.0
12 |
13 |
--------------------------------------------------------------------------------
/splunk/common-files/apps/splunk_enterprise_on_docker/metadata/default.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 |
--------------------------------------------------------------------------------
/splunk/common-files/checkstate.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright 2018 Splunk
4 |
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 |
18 | #This script is used to retrieve and report the state of the container
19 | #Although not actively in the container, it can be used to check the health
20 | #of the splunk instance
21 | #NOTE: If you plan on running the splunk container while keeping Splunk
22 | # inactive for long periods of time, this script may give misleading
23 | # health results
24 |
25 | if [[ "" == "$NO_HEALTHCHECK" ]]; then
26 | if [[ "false" == "$SPLUNKD_SSL_ENABLE" || "false" == "$(/opt/splunk/bin/splunk btool server list | grep enableSplunkdSSL | cut -d\ -f 3)" ]]; then
27 | SCHEME="http"
28 | else
29 | SCHEME="https"
30 | fi
31 | #If NO_HEALTHCHECK is NOT defined, then we want the healthcheck
32 | state="$(< $CONTAINER_ARTIFACT_DIR/splunk-container.state)"
33 |
34 | case "$state" in
35 | running|started)
36 | curl --max-time 30 --fail --insecure $SCHEME://localhost:8089/
37 | exit $?
38 | ;;
39 | *)
40 | exit 1
41 | esac
42 | else
43 | #If NO_HEALTHCHECK is defined, ignore the healthcheck
44 | exit 0
45 | fi
46 |
--------------------------------------------------------------------------------
/splunk/common-files/createdefaults.py:
--------------------------------------------------------------------------------
1 | #! /usr/bin/python
2 | # Copyright 2018-2021 Splunk
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | import os
16 | import six
17 | import sys
18 | import uuid
19 | import random
20 | import base64
21 |
22 | splunk_ansible_home = os.environ.get('SPLUNK_ANSIBLE_HOME')
23 | splunk_ansible_inventory = os.path.join(splunk_ansible_home, "inventory")
24 | sys.path.append(os.path.abspath(splunk_ansible_inventory))
25 |
26 | splunk_hec_token = os.environ.get("SPLUNK_HEC_TOKEN", None)
27 | splunk_password = os.environ.get("SPLUNK_PASSWORD", None)
28 | splunk_idxc_secret = os.environ.get("SPLUNK_IDXC_SECRET", None)
29 | splunk_idxc_pass4SymmKey = os.environ.get("SPLUNK_IDXC_PASS4SYMMKEY", None)
30 | splunk_shc_secret = os.environ.get("SPLUNK_SHC_SECRET", None)
31 | splunk_shc_pass4SymmKey = os.environ.get("SPLUNK_SHC_PASS4SYMMKEY", None)
32 |
33 | def random_generator(size=24):
34 | # Use System Random for
35 | rng = random.SystemRandom()
36 | b = [chr(rng.randrange(256)) for i in range(size)]
37 | s = ''.join(b)
38 | if six.PY2:
39 | s = base64.b64encode(s)
40 | else:
41 | s = base64.b64encode(s.encode()).decode()
42 | return s
43 |
44 |
45 | # if there are no environment vars set, lets make some safe defaults
46 | if not splunk_hec_token:
47 | tempuuid=uuid.uuid4()
48 | os.environ["SPLUNK_HEC_TOKEN"] = str(tempuuid)
49 | if not splunk_password:
50 | os.environ["SPLUNK_PASSWORD"] = random_generator()
51 | if splunk_idxc_pass4SymmKey:
52 | os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = splunk_idxc_pass4SymmKey
53 | elif splunk_idxc_secret:
54 | os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = splunk_idxc_secret
55 | else:
56 | os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = random_generator()
57 | if splunk_shc_secret:
58 | os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = splunk_shc_pass4SymmKey
59 | elif splunk_shc_pass4SymmKey:
60 | os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = splunk_shc_secret
61 | else:
62 | os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = random_generator()
63 | sys.argv.append("--write-to-stdout")
64 | import environ
65 | environ.main()
66 |
67 |
--------------------------------------------------------------------------------
/splunk/common-files/make-minimal-exclude.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | import re, sys
4 |
5 | EXCLUDE_V7 = """*-manifest
6 | */bin/installit.py
7 | */bin/jars/*
8 | */bin/jsmin*
9 | */bin/*mongo*
10 | */3rdparty/Copyright-for-mongo*
11 | */bin/node*
12 | */bin/pcregextest*
13 | */etc/*.lic*
14 | */etc/anonymizer*
15 | */etc/apps/SplunkForwarder*
16 | */etc/apps/SplunkLightForwarder*
17 | */etc/apps/launcher*
18 | */etc/apps/legacy*
19 | */etc/apps/sample_app*
20 | */etc/apps/appsbrowser*
21 | */etc/apps/alert_webhook*
22 | */etc/apps/splunk_archiver*
23 | */etc/apps/splunk_monitoring_console*
24 | */lib/node_modules*
25 | */share/splunk/app_templates*
26 | */share/splunk/authScriptSamples*
27 | */share/splunk/diag
28 | */share/splunk/mbtiles*
29 | */share/splunk/migration*
30 | */share/splunk/pdf*
31 | *mrsparkle*"""
32 |
33 | version_string = re.match(".*splunk-([0-9]+)\.([0-9]+)\.[0-9]+\.?[0-9]?-[0-9a-z]+-[lL]inux-[0-9a-z_-]+.tgz", sys.argv[1])
34 | major_version = None
35 | minor_version = None
36 |
37 | if version_string:
38 | major_version = version_string.group(1)
39 | minor_version = version_string.group(2)
40 |
41 | if major_version:
42 | if int(major_version) == 7:
43 | print("*/bin/parsetest*")
44 | if int(minor_version) < 3:
45 | print("*/etc/apps/framework*")
46 | print("*/etc/apps/gettingstarted*")
47 | else:
48 | print("*/etc/apps/splunk_metrics_workspace*")
49 | elif int(major_version) == 8:
50 | print("*/etc/apps/splunk_metrics_workspace*")
51 | if int(minor_version) < 1:
52 | print("*/bin/parsetest*")
53 | elif int(major_version) == 9:
54 | if int(minor_version) >= 4:
55 | EXCLUDE_V7 = EXCLUDE_V7.replace('*/bin/jsmin*', '')
56 | elif int(major_version) > 9:
57 | EXCLUDE_V7 = EXCLUDE_V7.replace('*/bin/jsmin*', '')
58 | print(EXCLUDE_V7)
59 |
--------------------------------------------------------------------------------
/splunk/common-files/updateetc.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright 2018-2020 Splunk
4 |
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 |
18 | SPLUNK_ETC_BAK="${SPLUNK_ETC_BAK:-/opt/splunk-etc}"
19 |
20 | if [[ -f "${SPLUNK_ETC_BAK}/splunk.version" ]]; then
21 | IMAGE_VERSION_SHA=`cat ${SPLUNK_ETC_BAK}/splunk.version | sha512sum`
22 |
23 | if [[ -f "${SPLUNK_HOME}/etc/splunk.version" ]]; then
24 | ETC_VERSION_SHA=`cat ${SPLUNK_HOME}/etc/splunk.version | sha512sum`
25 | fi
26 |
27 | if [[ "x${IMAGE_VERSION_SHA}" != "x${ETC_VERSION_SHA}" ]]; then
28 | echo Updating ${SPLUNK_HOME}/etc
29 | (cd ${SPLUNK_ETC_BAK}; tar cf - *) | (cd ${SPLUNK_HOME}/etc; tar xf -)
30 | fi
31 | fi
32 |
--------------------------------------------------------------------------------
/test-results/.gitignore:
--------------------------------------------------------------------------------
1 | *
2 | !.gitignore
--------------------------------------------------------------------------------
/test_scenarios/1dep3sh2idx.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | dep1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - dep1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | command: start
16 | hostname: dep1
17 | container_name: dep1
18 | environment:
19 | - SPLUNK_START_ARGS=--accept-license
20 | - SPLUNK_INDEXER_URL=idx1,idx2
21 | - SPLUNK_SEARCH_HEAD_URL=sh2,sh3
22 | - SPLUNK_SEARCH_HEAD_CAPTAIN_URL=sh1
23 | - SPLUNK_DEPLOYER_URL=dep1
24 | - SPLUNK_ROLE=splunk_deployer
25 | - SPLUNK_LICENSE_URI
26 | - DEBUG=true
27 | ports:
28 | - 8000
29 | - 8089
30 |
31 | sh1:
32 | networks:
33 | splunknet:
34 | aliases:
35 | - sh1
36 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
37 | command: start
38 | hostname: sh1
39 | container_name: sh1
40 | environment:
41 | - SPLUNK_START_ARGS=--accept-license
42 | - SPLUNK_INDEXER_URL=idx1,idx2
43 | - SPLUNK_SEARCH_HEAD_URL=sh2,sh3
44 | - SPLUNK_SEARCH_HEAD_CAPTAIN_URL=sh1
45 | - SPLUNK_DEPLOYER_URL=dep1
46 | - SPLUNK_ROLE=splunk_search_head_captain
47 | - SPLUNK_LICENSE_URI
48 | - DEBUG=true
49 | ports:
50 | - 8000
51 | - 8089
52 |
53 | sh2:
54 | networks:
55 | splunknet:
56 | aliases:
57 | - sh2
58 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
59 | command: start
60 | hostname: sh2
61 | container_name: sh2
62 | environment:
63 | - SPLUNK_START_ARGS=--accept-license
64 | - SPLUNK_INDEXER_URL=idx1,idx2
65 | - SPLUNK_SEARCH_HEAD_URL=sh2,sh3
66 | - SPLUNK_SEARCH_HEAD_CAPTAIN_URL=sh1
67 | - SPLUNK_DEPLOYER_URL=dep1
68 | - SPLUNK_ROLE=splunk_search_head
69 | - SPLUNK_LICENSE_URI
70 | - DEBUG=true
71 | ports:
72 | - 8000
73 | - 8089
74 |
75 | sh3:
76 | networks:
77 | splunknet:
78 | aliases:
79 | - sh3
80 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
81 | command: start
82 | hostname: sh3
83 | container_name: sh3
84 | environment:
85 | - SPLUNK_START_ARGS=--accept-license
86 | - SPLUNK_INDEXER_URL=idx1,idx2
87 | - SPLUNK_SEARCH_HEAD_URL=sh2,sh3
88 | - SPLUNK_SEARCH_HEAD_CAPTAIN_URL=sh1
89 | - SPLUNK_DEPLOYER_URL=dep1
90 | - SPLUNK_ROLE=splunk_search_head
91 | - SPLUNK_LICENSE_URI
92 | - DEBUG=true
93 | ports:
94 | - 8000
95 | - 8089
96 |
97 | idx1:
98 | networks:
99 | splunknet:
100 | aliases:
101 | - idx1
102 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
103 | command: start
104 | hostname: idx1
105 | container_name: idx1
106 | environment:
107 | - SPLUNK_START_ARGS=--accept-license
108 | - SPLUNK_INDEXER_URL=idx1,idx2
109 | - SPLUNK_SEARCH_HEAD_URL=sh2,sh3
110 | - SPLUNK_SEARCH_HEAD_CAPTAIN_URL=sh1
111 | - SPLUNK_DEPLOYER_URL=dep1
112 | - SPLUNK_ROLE=splunk_indexer
113 | - SPLUNK_LICENSE_URI
114 | - DEBUG=true
115 | ports:
116 | - 8000
117 | - 8089
118 |
119 | idx2:
120 | networks:
121 | splunknet:
122 | aliases:
123 | - idx2
124 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
125 | command: start
126 | hostname: idx2
127 | container_name: idx2
128 | environment:
129 | - SPLUNK_START_ARGS=--accept-license
130 | - SPLUNK_INDEXER_URL=idx1,idx2
131 | - SPLUNK_SEARCH_HEAD_URL=sh2,sh3
132 | - SPLUNK_SEARCH_HEAD_CAPTAIN_URL=sh1
133 | - SPLUNK_DEPLOYER_URL=dep1
134 | - SPLUNK_ROLE=splunk_indexer
135 | - SPLUNK_LICENSE_URI
136 | - DEBUG=true
137 | ports:
138 | - 8000
139 | - 8089
140 |
--------------------------------------------------------------------------------
/test_scenarios/1deployment1cm.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | appserver:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - appserver
14 | image: nwang92/nginx-mitm
15 | hostname: appserver
16 | ports:
17 | - 80
18 | volumes:
19 | - ../tests/fixtures:/www/data
20 |
21 | depserver1:
22 | networks:
23 | splunknet:
24 | aliases:
25 | - depserver1
26 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
27 | hostname: depserver1
28 | environment:
29 | - SPLUNK_START_ARGS=--accept-license
30 | - SPLUNK_ROLE=splunk_deployment_server
31 | - SPLUNK_APPS_URL
32 | - DEBUG=true
33 | - SPLUNK_PASSWORD
34 | - SPLUNK_DEFAULTS_URL
35 | ports:
36 | - 8089
37 | volumes:
38 | - ./defaults:/tmp/defaults
39 |
40 | cm1:
41 | networks:
42 | splunknet:
43 | aliases:
44 | - cm1
45 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
46 | hostname: cm1
47 | environment:
48 | - SPLUNK_START_ARGS=--accept-license
49 | - SPLUNK_DEPLOYMENT_SERVER=depserver1
50 | - SPLUNK_ROLE=splunk_cluster_master
51 | - SPLUNK_CLUSTER_MASTER_URL=cm1
52 | - DEBUG=true
53 | - SPLUNK_PASSWORD
54 | - SPLUNK_DEFAULTS_URL
55 | ports:
56 | - 8000
57 | - 8089
58 | volumes:
59 | - ./defaults:/tmp/defaults
60 |
--------------------------------------------------------------------------------
/test_scenarios/1deployment1so.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | appserver:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - appserver
14 | image: nwang92/nginx-mitm
15 | hostname: appserver
16 | ports:
17 | - 80
18 | volumes:
19 | - ../tests/fixtures:/www/data
20 |
21 | depserver1:
22 | networks:
23 | splunknet:
24 | aliases:
25 | - depserver1
26 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
27 | hostname: depserver1
28 | environment:
29 | - SPLUNK_START_ARGS=--accept-license
30 | - SPLUNK_ROLE=splunk_deployment_server
31 | - SPLUNK_APPS_URL
32 | - DEBUG=true
33 | - SPLUNK_PASSWORD
34 | ports:
35 | - 8089
36 |
37 | so1:
38 | networks:
39 | splunknet:
40 | aliases:
41 | - so1
42 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
43 | hostname: so1
44 | environment:
45 | - SPLUNK_START_ARGS=--accept-license
46 | - SPLUNK_DEPLOYMENT_SERVER=depserver1
47 | - DEBUG=true
48 | - SPLUNK_PASSWORD
49 | ports:
50 | - 8000
51 | - 8089
52 |
--------------------------------------------------------------------------------
/test_scenarios/1deployment1uf.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | appserver:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - appserver
14 | image: nwang92/nginx-mitm
15 | hostname: appserver
16 | ports:
17 | - 80
18 | volumes:
19 | - ../tests/fixtures:/www/data
20 |
21 | depserver1:
22 | networks:
23 | splunknet:
24 | aliases:
25 | - depserver1
26 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
27 | hostname: depserver1
28 | environment:
29 | - SPLUNK_START_ARGS=--accept-license
30 | - SPLUNK_ROLE=splunk_deployment_server
31 | - SPLUNK_APPS_URL
32 | - DEBUG=true
33 | - SPLUNK_PASSWORD
34 | ports:
35 | - 8089
36 |
37 | uf1:
38 | networks:
39 | splunknet:
40 | aliases:
41 | - uf1
42 | image: ${UF_IMAGE:-splunk/universalforwarder:latest}
43 | hostname: uf1
44 | environment:
45 | - SPLUNK_START_ARGS=--accept-license
46 | - SPLUNK_DEPLOYMENT_SERVER=depserver1
47 | - DEBUG=true
48 | - SPLUNK_PASSWORD
49 | ports:
50 | - 8000
51 | - 8089
52 |
--------------------------------------------------------------------------------
/test_scenarios/1hf_splunk_add_user.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | hf1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - hf1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | environment:
16 | - SPLUNK_ROLE=splunk_heavy_forwarder
17 | - SPLUNK_START_ARGS=--accept-license
18 | - SPLUNK_ADD=user jerry -password seinfeld -role admin
19 | - SPLUNK_PASSWORD
20 | - DEBUG=true
21 | ports:
22 | - 8089
23 |
--------------------------------------------------------------------------------
/test_scenarios/1idx3sh1cm1dep.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | appserver:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - appserver
14 | image: nwang92/nginx-mitm
15 | hostname: appserver
16 | ports:
17 | - 80
18 | volumes:
19 | - ../tests/fixtures:/www/data
20 |
21 | dep1:
22 | networks:
23 | splunknet:
24 | aliases:
25 | - dep1
26 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
27 | hostname: dep1
28 | environment:
29 | - SPLUNK_START_ARGS=--accept-license
30 | - SPLUNK_INDEXER_URL=idx1
31 | - SPLUNK_SEARCH_HEAD_CAPTAIN_URL=sh1
32 | - SPLUNK_SEARCH_HEAD_URL=sh2,sh3
33 | - SPLUNK_DEPLOYER_URL=dep1
34 | - SPLUNK_CLUSTER_MASTER_URL=cm1
35 | - SPLUNK_ROLE=splunk_deployer
36 | - SPLUNK_LICENSE_URI
37 | - DEBUG=true
38 | - SPLUNK_PASSWORD
39 | - SPLUNK_DEFAULTS_URL
40 | - SPLUNK_APPS_URL
41 | ports:
42 | - 8000
43 | - 8089
44 | volumes:
45 | - ./defaults:/tmp/defaults
46 |
47 | sh1:
48 | networks:
49 | splunknet:
50 | aliases:
51 | - sh1
52 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
53 | hostname: sh1
54 | environment:
55 | - SPLUNK_START_ARGS=--accept-license
56 | - SPLUNK_INDEXER_URL=idx1
57 | - SPLUNK_SEARCH_HEAD_CAPTAIN_URL=sh1
58 | - SPLUNK_SEARCH_HEAD_URL=sh2,sh3
59 | - SPLUNK_DEPLOYER_URL=dep1
60 | - SPLUNK_CLUSTER_MASTER_URL=cm1
61 | - SPLUNK_ROLE=splunk_search_head
62 | - SPLUNK_LICENSE_URI
63 | - DEBUG=true
64 | - SPLUNK_PASSWORD
65 | - SPLUNK_DEFAULTS_URL
66 | ports:
67 | - 8000
68 | - 8089
69 | volumes:
70 | - ./defaults:/tmp/defaults
71 |
72 | sh2:
73 | networks:
74 | splunknet:
75 | aliases:
76 | - sh2
77 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
78 | hostname: sh2
79 | environment:
80 | - SPLUNK_START_ARGS=--accept-license
81 | - SPLUNK_INDEXER_URL=idx1
82 | - SPLUNK_SEARCH_HEAD_CAPTAIN_URL=sh1
83 | - SPLUNK_SEARCH_HEAD_URL=sh2,sh3
84 | - SPLUNK_DEPLOYER_URL=dep1
85 | - SPLUNK_CLUSTER_MASTER_URL=cm1
86 | - SPLUNK_ROLE=splunk_search_head
87 | - SPLUNK_LICENSE_URI
88 | - DEBUG=true
89 | - SPLUNK_PASSWORD
90 | - SPLUNK_DEFAULTS_URL
91 | ports:
92 | - 8000
93 | - 8089
94 | volumes:
95 | - ./defaults:/tmp/defaults
96 |
97 | sh3:
98 | networks:
99 | splunknet:
100 | aliases:
101 | - sh3
102 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
103 | hostname: sh3
104 | environment:
105 | - SPLUNK_START_ARGS=--accept-license
106 | - SPLUNK_INDEXER_URL=idx1
107 | - SPLUNK_SEARCH_HEAD_CAPTAIN_URL=sh1
108 | - SPLUNK_SEARCH_HEAD_URL=sh2,sh3
109 | - SPLUNK_DEPLOYER_URL=dep1
110 | - SPLUNK_CLUSTER_MASTER_URL=cm1
111 | - SPLUNK_ROLE=splunk_search_head
112 | - SPLUNK_LICENSE_URI
113 | - DEBUG=true
114 | - SPLUNK_PASSWORD
115 | - SPLUNK_DEFAULTS_URL
116 | ports:
117 | - 8000
118 | - 8089
119 | volumes:
120 | - ./defaults:/tmp/defaults
121 |
122 | cm1:
123 | networks:
124 | splunknet:
125 | aliases:
126 | - cm1
127 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
128 | hostname: cm1
129 | environment:
130 | - SPLUNK_START_ARGS=--accept-license
131 | - SPLUNK_INDEXER_URL=idx1
132 | - SPLUNK_SEARCH_HEAD_CAPTAIN_URL=sh1
133 | - SPLUNK_SEARCH_HEAD_URL=sh2,sh3
134 | - SPLUNK_DEPLOYER_URL=dep1
135 | - SPLUNK_CLUSTER_MASTER_URL=cm1
136 | - SPLUNK_ROLE=splunk_cluster_master
137 | - SPLUNK_LICENSE_URI
138 | - DEBUG=true
139 | - SPLUNK_PASSWORD
140 | - SPLUNK_DEFAULTS_URL
141 | - SPLUNK_APPS_URL
142 | ports:
143 | - 8000
144 | - 8089
145 | volumes:
146 | - ./defaults:/tmp/defaults
147 |
148 | idx1:
149 | networks:
150 | splunknet:
151 | aliases:
152 | - idx1
153 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
154 | hostname: idx1
155 | environment:
156 | - SPLUNK_START_ARGS=--accept-license
157 | - SPLUNK_INDEXER_URL=idx1
158 | - SPLUNK_SEARCH_HEAD_CAPTAIN_URL=sh1
159 | - SPLUNK_SEARCH_HEAD_URL=sh2,sh3
160 | - SPLUNK_DEPLOYER_URL=dep1
161 | - SPLUNK_CLUSTER_MASTER_URL=cm1
162 | - SPLUNK_ROLE=splunk_indexer
163 | - SPLUNK_APPS_URL
164 | - SPLUNK_LICENSE_URI
165 | - DEBUG=true
166 | - SPLUNK_PASSWORD
167 | - SPLUNK_DEFAULTS_URL
168 | ports:
169 | - 8000
170 | - 8089
171 | volumes:
172 | - ./defaults:/tmp/defaults
173 |
--------------------------------------------------------------------------------
/test_scenarios/1sh1cm.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | sh1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - sh1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | hostname: sh1
16 | environment:
17 | - SPLUNK_START_ARGS=--accept-license
18 | - SPLUNK_CLUSTER_MASTER_URL=cm1
19 | - SPLUNK_ROLE=splunk_search_head
20 | - SPLUNK_PASSWORD
21 | - DEBUG=true
22 | ports:
23 | - 8000
24 | - 8089
25 |
26 | cm1:
27 | networks:
28 | splunknet:
29 | aliases:
30 | - cm1
31 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
32 | hostname: cm1
33 | environment:
34 | - SPLUNK_START_ARGS=--accept-license
35 | - SPLUNK_ROLE=splunk_cluster_master
36 | - SPLUNK_PASSWORD
37 | - DEBUG=true
38 | ports:
39 | - 8000
40 | - 8089
41 |
--------------------------------------------------------------------------------
/test_scenarios/1sh1cm1dmc.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | sh1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - sh1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | hostname: sh1
16 | environment:
17 | - SPLUNK_START_ARGS=--accept-license
18 | - SPLUNK_CLUSTER_MASTER_URL=cm1
19 | - SPLUNK_ROLE=splunk_search_head
20 | - SPLUNK_PASSWORD
21 | - DEBUG=true
22 | ports:
23 | - 8000
24 | - 8089
25 |
26 | cm1:
27 | networks:
28 | splunknet:
29 | aliases:
30 | - cm1
31 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
32 | hostname: cm1
33 | environment:
34 | - SPLUNK_START_ARGS=--accept-license
35 | - SPLUNK_ROLE=splunk_cluster_master
36 | - SPLUNK_PASSWORD
37 | - DEBUG=true
38 | ports:
39 | - 8000
40 | - 8089
41 |
42 | dmc:
43 | networks:
44 | splunknet:
45 | aliases:
46 | - dmc
47 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
48 | command: start
49 | hostname: dmc
50 | environment:
51 | - SPLUNK_START_ARGS=--accept-license
52 | - SPLUNK_CLUSTER_MASTER_URL=cm1
53 | - SPLUNK_SEARCH_HEAD_URL=sh1
54 | - SPLUNK_ROLE=splunk_monitor
55 | - SPLUNK_LICENSE_URI
56 | - SPLUNK_PASSWORD
57 | - DEBUG=true
58 | ports:
59 | - 8000
60 | - 8089
61 |
--------------------------------------------------------------------------------
/test_scenarios/1sh1idx_dfs.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | volumes:
9 | mnt-spark:
10 | mnt-jdk:
11 |
12 | services:
13 | init:
14 | image: ${SPARK_IMAGE:-splunk/spark:latest}
15 | entrypoint: [ "sh", "-c" ]
16 | command: [ "cp -r /opt/jdk /mnt && cp -r /opt/spark /mnt" ]
17 | hostname: init
18 | container_name: init
19 | networks:
20 | splunknet:
21 | aliases:
22 | - init
23 | volumes:
24 | - mnt-spark:/mnt/spark
25 | - mnt-jdk:/mnt/jdk
26 |
27 | sh1:
28 | networks:
29 | splunknet:
30 | aliases:
31 | - sh1
32 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
33 | command: start
34 | hostname: sh1
35 | container_name: sh1
36 | environment:
37 | - SPLUNK_START_ARGS=--accept-license
38 | - SPLUNK_SEARCH_HEAD_URL=sh1
39 | - SPLUNK_INDEXER_URL=idx1
40 | - SPLUNK_ROLE=splunk_search_head
41 | - SPLUNK_LICENSE_URI
42 | - SPLUNK_PASSWORD
43 | - DEBUG=true
44 | - SPLUNK_ENABLE_DFS=true
45 | - SPARK_MASTER_HOST=spark-master
46 | - SPARK_MASTER_WEBUI_PORT=8009
47 | - JAVA_HOME=/mnt/jdk
48 | - SPARK_HOME=/mnt/spark
49 | - SPLUNK_DFW_NUM_SLOTS_ENABLED=false
50 | ports:
51 | - 8000
52 | - 8089
53 | depends_on:
54 | - init
55 | volumes:
56 | - mnt-spark:/mnt/spark
57 | - mnt-jdk:/mnt/jdk
58 |
59 | idx1:
60 | networks:
61 | splunknet:
62 | aliases:
63 | - idx1
64 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
65 | command: start
66 | hostname: idx1
67 | container_name: idx1
68 | environment:
69 | - SPLUNK_START_ARGS=--accept-license
70 | - SPLUNK_SEARCH_HEAD_URL=sh1
71 | - SPLUNK_INDEXER_URL=idx1
72 | - SPLUNK_ROLE=splunk_indexer
73 | - SPLUNK_LICENSE_URI
74 | - SPLUNK_PASSWORD
75 | - DEBUG=true
76 | ports:
77 | - 8000
78 | - 8089
79 |
80 | spark-master:
81 | image: ${SPARK_IMAGE:-splunk/spark:latest}
82 | hostname: spark-master
83 | container_name: spark-master
84 | networks:
85 | splunknet:
86 | aliases:
87 | - spark-master
88 | environment:
89 | - SPLUNK_ROLE=splunk_spark_master
90 |
91 | spark-worker:
92 | image: ${SPARK_IMAGE:-splunk/spark:latest}
93 | hostname: spark-worker
94 | container_name: spark-worker
95 | networks:
96 | splunknet:
97 | aliases:
98 | - spark-worker
99 | environment:
100 | - SPLUNK_ROLE=splunk_spark_worker
101 | - SPARK_MASTER_HOSTNAME=spark-master
102 |
--------------------------------------------------------------------------------
/test_scenarios/1sh2idx2hf.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | sh1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - sh1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | command: start
16 | hostname: sh1
17 | container_name: sh1
18 | environment:
19 | - SPLUNK_START_ARGS=--accept-license
20 | - SPLUNK_SEARCH_HEAD_URL=sh1
21 | - SPLUNK_INDEXER_URL=idx1,idx2
22 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
23 | - SPLUNK_ROLE=splunk_search_head
24 | - SPLUNK_LICENSE_URI
25 | - DEBUG=true
26 | ports:
27 | - 8000
28 | - 8089
29 |
30 | idx1:
31 | networks:
32 | splunknet:
33 | aliases:
34 | - idx1
35 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
36 | command: start
37 | hostname: idx1
38 | container_name: idx1
39 | environment:
40 | - SPLUNK_START_ARGS=--accept-license
41 | - SPLUNK_SEARCH_HEAD_URL=sh1
42 | - SPLUNK_INDEXER_URL=idx1,idx2
43 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
44 | - SPLUNK_ROLE=splunk_indexer
45 | - SPLUNK_LICENSE_URI
46 | - DEBUG=true
47 | ports:
48 | - 8000
49 | - 8089
50 |
51 | idx2:
52 | networks:
53 | splunknet:
54 | aliases:
55 | - idx2
56 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
57 | command: start
58 | hostname: idx2
59 | container_name: idx2
60 | environment:
61 | - SPLUNK_START_ARGS=--accept-license
62 | - SPLUNK_SEARCH_HEAD_URL=sh1
63 | - SPLUNK_INDEXER_URL=idx1,idx2
64 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
65 | - SPLUNK_ROLE=splunk_indexer
66 | - SPLUNK_LICENSE_URI
67 | - DEBUG=true
68 | ports:
69 | - 8000
70 | - 8089
71 |
72 | hf1:
73 | networks:
74 | splunknet:
75 | aliases:
76 | - hf1
77 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
78 | command: start
79 | hostname: hf1
80 | container_name: hf1
81 | environment:
82 | - SPLUNK_START_ARGS=--accept-license
83 | - SPLUNK_SEARCH_HEAD_URL=sh1
84 | - SPLUNK_INDEXER_URL=idx1,idx2
85 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
86 | - SPLUNK_ROLE=splunk_heavy_forwarder
87 | - SPLUNK_LICENSE_URI
88 | - DEBUG=true
89 | ports:
90 | - 8000
91 | - 8089
92 |
93 | hf2:
94 | networks:
95 | splunknet:
96 | aliases:
97 | - hf2
98 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
99 | command: start
100 | hostname: hf2
101 | container_name: hf2
102 | environment:
103 | - SPLUNK_START_ARGS=--accept-license
104 | - SPLUNK_SEARCH_HEAD_URL=sh1
105 | - SPLUNK_INDEXER_URL=idx1,idx2
106 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
107 | - SPLUNK_ROLE=splunk_heavy_forwarder
108 | - SPLUNK_LICENSE_URI
109 | - DEBUG=true
110 | ports:
111 | - 8000
112 | - 8089
113 |
--------------------------------------------------------------------------------
/test_scenarios/1sh2idx2hf1dmc.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | sh1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - sh1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | command: start
16 | hostname: sh1
17 | environment:
18 | - SPLUNK_START_ARGS=--accept-license
19 | - SPLUNK_SEARCH_HEAD_URL=sh1
20 | - SPLUNK_INDEXER_URL=idx1,idx2
21 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
22 | - SPLUNK_ROLE=splunk_search_head
23 | - SPLUNK_LICENSE_URI
24 | - DEBUG=true
25 | - SPLUNK_PASSWORD
26 | ports:
27 | - 8000
28 | - 8089
29 |
30 | idx1:
31 | networks:
32 | splunknet:
33 | aliases:
34 | - idx1
35 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
36 | command: start
37 | hostname: idx1
38 | environment:
39 | - SPLUNK_START_ARGS=--accept-license
40 | - SPLUNK_SEARCH_HEAD_URL=sh1
41 | - SPLUNK_INDEXER_URL=idx1,idx2
42 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
43 | - SPLUNK_ROLE=splunk_indexer
44 | - SPLUNK_LICENSE_URI
45 | - DEBUG=true
46 | - SPLUNK_PASSWORD
47 | ports:
48 | - 8000
49 | - 8089
50 |
51 | idx2:
52 | networks:
53 | splunknet:
54 | aliases:
55 | - idx2
56 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
57 | command: start
58 | hostname: idx2
59 | environment:
60 | - SPLUNK_START_ARGS=--accept-license
61 | - SPLUNK_SEARCH_HEAD_URL=sh1
62 | - SPLUNK_INDEXER_URL=idx1,idx2
63 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
64 | - SPLUNK_ROLE=splunk_indexer
65 | - SPLUNK_LICENSE_URI
66 | - DEBUG=true
67 | - SPLUNK_PASSWORD
68 | ports:
69 | - 8000
70 | - 8089
71 |
72 | hf1:
73 | networks:
74 | splunknet:
75 | aliases:
76 | - hf1
77 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
78 | command: start
79 | hostname: hf1
80 | environment:
81 | - SPLUNK_START_ARGS=--accept-license
82 | - SPLUNK_SEARCH_HEAD_URL=sh1
83 | - SPLUNK_INDEXER_URL=idx1,idx2
84 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
85 | - SPLUNK_ROLE=splunk_heavy_forwarder
86 | - SPLUNK_LICENSE_URI
87 | - DEBUG=true
88 | - SPLUNK_PASSWORD
89 | ports:
90 | - 8000
91 | - 8089
92 |
93 | hf2:
94 | networks:
95 | splunknet:
96 | aliases:
97 | - hf2
98 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
99 | command: start
100 | hostname: hf2
101 | environment:
102 | - SPLUNK_START_ARGS=--accept-license
103 | - SPLUNK_SEARCH_HEAD_URL=sh1
104 | - SPLUNK_INDEXER_URL=idx1,idx2
105 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
106 | - SPLUNK_ROLE=splunk_heavy_forwarder
107 | - SPLUNK_LICENSE_URI
108 | - DEBUG=true
109 | - SPLUNK_PASSWORD
110 | ports:
111 | - 8000
112 | - 8089
113 |
114 | dmc:
115 | networks:
116 | splunknet:
117 | aliases:
118 | - dmc
119 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
120 | command: start
121 | hostname: dmc
122 | environment:
123 | - SPLUNK_START_ARGS=--accept-license
124 | - SPLUNK_SEARCH_HEAD_URL=sh1
125 | - SPLUNK_INDEXER_URL=idx1,idx2
126 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
127 | - SPLUNK_ROLE=splunk_monitor
128 | - SPLUNK_LICENSE_URI
129 | - SPLUNK_PASSWORD
130 | - DEBUG=true
131 | ports:
132 | - 8000
133 | - 8089
--------------------------------------------------------------------------------
/test_scenarios/1so1cm_connected.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | cm1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - cm1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | hostname: cm1
16 | environment:
17 | - SPLUNK_START_ARGS=--accept-license
18 | - SPLUNK_ROLE=splunk_cluster_master
19 | - DEBUG=true
20 | - SPLUNK_PASSWORD
21 | ports:
22 | - 8000
23 | - 8089
24 |
25 | so1:
26 | networks:
27 | splunknet:
28 | aliases:
29 | - so1
30 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
31 | hostname: so1
32 | environment:
33 | - SPLUNK_START_ARGS=--accept-license
34 | - SPLUNK_CLUSTER_MASTER_URL=cm1
35 | - DEBUG=true
36 | - SPLUNK_PASSWORD
37 | ports:
38 | - 8000
39 | - 8089
40 |
--------------------------------------------------------------------------------
/test_scenarios/1so1cm_unconnected.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | cm1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - cm1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | hostname: cm1
16 | environment:
17 | - SPLUNK_START_ARGS=--accept-license
18 | - SPLUNK_ROLE=splunk_cluster_master
19 | - DEBUG=true
20 | - SPLUNK_PASSWORD
21 | ports:
22 | - 8000
23 | - 8089
24 |
25 | so1:
26 | networks:
27 | splunknet:
28 | aliases:
29 | - so1
30 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
31 | hostname: so1
32 | environment:
33 | - SPLUNK_START_ARGS=--accept-license
34 | - DEBUG=true
35 | - SPLUNK_PASSWORD
36 | ports:
37 | - 8000
38 | - 8089
39 |
--------------------------------------------------------------------------------
/test_scenarios/1so1dmc.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | so1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - so1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | hostname: so1
16 | environment:
17 | - SPLUNK_START_ARGS=--accept-license
18 | - SPLUNK_STANDALONE_URL=so1
19 | - DEBUG=true
20 | - SPLUNK_PASSWORD
21 | ports:
22 | - 8000
23 | - 8089
24 |
25 | dmc:
26 | networks:
27 | splunknet:
28 | aliases:
29 | - dmc
30 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
31 | command: start
32 | hostname: dmc
33 | environment:
34 | - SPLUNK_START_ARGS=--accept-license
35 | - SPLUNK_STANDALONE_URL=so1
36 | - SPLUNK_ROLE=splunk_monitor
37 | - SPLUNK_LICENSE_URI
38 | - SPLUNK_PASSWORD
39 | - DEBUG=true
40 | ports:
41 | - 8000
42 | - 8089
--------------------------------------------------------------------------------
/test_scenarios/1so1lm.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | lm1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - lm1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | command: start
16 | hostname: lm1
17 | container_name: lm1
18 | environment:
19 | - SPLUNK_START_ARGS=--accept-license
20 | - SPLUNK_STANDALONE_URL=so1
21 | - SPLUNK_LICENSE_MASTER_URL=lm1
22 | - SPLUNK_ROLE=splunk_license_master
23 | - SPLUNK_LICENSE_URI
24 | - SPLUNK_PASSWORD
25 | - DEBUG=true
26 | ports:
27 | - 8000
28 | - 8089
29 |
30 | so1:
31 | networks:
32 | splunknet:
33 | aliases:
34 | - so1
35 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
36 | command: start
37 | hostname: so1
38 | container_name: so1
39 | environment:
40 | - SPLUNK_START_ARGS=--accept-license
41 | - SPLUNK_STANDALONE_URL=so1
42 | - SPLUNK_LICENSE_MASTER_URL=lm1
43 | - SPLUNK_ROLE=splunk_standalone
44 | - SPLUNK_LICENSE_URI
45 | - SPLUNK_PASSWORD
46 | - DEBUG=true
47 | ports:
48 | - 8000
49 | - 8089
50 |
--------------------------------------------------------------------------------
/test_scenarios/1so_apps.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | appserver:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - appserver
14 | image: nwang92/nginx-mitm
15 | hostname: appserver
16 | ports:
17 | - 80
18 | volumes:
19 | - ../tests/fixtures:/www/data
20 |
21 | so1:
22 | networks:
23 | splunknet:
24 | aliases:
25 | - so1
26 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
27 | hostname: so1
28 | environment:
29 | - SPLUNK_START_ARGS=--accept-license
30 | - SPLUNK_PASSWORD
31 | - SPLUNK_APPS_URL
32 | - DEBUG=true
33 | ports:
34 | - 8000
35 | - 8089
36 |
--------------------------------------------------------------------------------
/test_scenarios/1so_before_start_cmd.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | so1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - so1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | environment:
16 | - SPLUNK_START_ARGS=--accept-license
17 | - SPLUNK_BEFORE_START_CMD=add user admin2 -password changemepls -role admin, add user admin3 -password changemepls -role admin
18 | - SPLUNK_PASSWORD
19 | - DEBUG=true
20 | ports:
21 | - 8000
22 | - 8089
23 |
--------------------------------------------------------------------------------
/test_scenarios/1so_beta.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | so1:
10 | image: splunk/splunk:beta
11 | hostname: so1
12 | container_name: so1
13 | environment:
14 | - SPLUNK_START_ARGS=--accept-license
15 | - SPLUNK_HOME=/opt/splunkbeta
16 | - SPLUNK_LICENSE_URI
17 | - SPLUNK_PASSWORD
18 | - DEBUG=true
19 | volumes:
20 | - /opt/splunkbeta/etc
21 | - /opt/splunkbeta/var
22 | ports:
23 | - 8000
24 | - 8089
25 |
26 | uf1:
27 | image: ${UF_IMAGE:-splunk/universalforwarder:latest}
28 | hostname: uf1
29 | container_name: uf1
30 | environment:
31 | - SPLUNK_STANDALONE_URL=so1
32 | - SPLUNK_START_ARGS=--accept-license
33 | - SPLUNK_HOME=/opt/splunkforwarder
34 | - SPLUNK_LICENSE_URI
35 | - SPLUNK_PASSWORD
36 | - DEBUG=true
37 | volumes:
38 | - /opt/splunkforwarder/etc
39 | - /opt/splunkforwarder/var
40 | ports:
41 | - 8089
42 |
43 |
--------------------------------------------------------------------------------
/test_scenarios/1so_custombuild.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | so1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - so1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | hostname: so1
16 | environment:
17 | - SPLUNK_START_ARGS=--accept-license
18 | - SPLUNK_BUILD_URL=https://download.splunk.com/products/splunk/releases/7.1.1/linux/splunk-7.1.1-8f0ead9ec3db-Linux-x86_64.tgz
19 | - SPLUNK_PASSWORD
20 | - DEBUG=true
21 | - SPLUNK_ALLOW_UPGRADE=False
22 | ports:
23 | - 8000
24 | - 8089
25 |
--------------------------------------------------------------------------------
/test_scenarios/1so_enable_service.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | so1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - so1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | environment:
16 | - SPLUNK_START_ARGS=--accept-license
17 | - SPLUNK_ENABLE_SERVICE=true
18 | - SPLUNK_PASSWORD
19 | - DEBUG=true
20 | ports:
21 | - 8000
22 | - 8089
23 |
--------------------------------------------------------------------------------
/test_scenarios/1so_hec.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | so1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - so1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | environment:
16 | - SPLUNK_START_ARGS=--accept-license
17 | - SPLUNK_PASSWORD
18 | - SPLUNK_HEC_TOKEN=abcd1234
19 | - DEBUG=true
20 | ports:
21 | - 8000
22 | - 8089
23 | - 8088
24 |
--------------------------------------------------------------------------------
/test_scenarios/1so_java_openjdk11.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | so1:
10 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
11 | hostname: so1
12 | environment:
13 | - SPLUNK_START_ARGS=--accept-license
14 | - SPLUNK_PASSWORD
15 | - DEBUG=true
16 | - JAVA_VERSION=openjdk:11
17 | ports:
18 | - 8000
19 | - 8089
20 |
--------------------------------------------------------------------------------
/test_scenarios/1so_java_openjdk8.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | so1:
10 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
11 | hostname: so1
12 | environment:
13 | - SPLUNK_START_ARGS=--accept-license
14 | - SPLUNK_PASSWORD
15 | - DEBUG=true
16 | - JAVA_VERSION=openjdk:8
17 | ports:
18 | - 8000
19 | - 8089
20 |
--------------------------------------------------------------------------------
/test_scenarios/1so_java_oracle.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | so1:
10 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
11 | hostname: so1
12 | environment:
13 | - SPLUNK_START_ARGS=--accept-license
14 | - SPLUNK_PASSWORD
15 | - DEBUG=true
16 | - JAVA_VERSION=oracle:8
17 | ports:
18 | - 8000
19 | - 8089
20 |
--------------------------------------------------------------------------------
/test_scenarios/1so_license_secret.yml:
--------------------------------------------------------------------------------
1 | version: "3.1"
2 |
3 | networks:
4 | splunknet:
5 | driver: overlay
6 |
7 | services:
8 | so1:
9 | networks:
10 | splunknet:
11 | aliases:
12 | - so1
13 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
14 | hostname: so1
15 | environment:
16 | - SPLUNK_START_ARGS=--accept-license
17 | - SPLUNK_LICENSE_URI=/run/secrets/splunk_license
18 | - SPLUNK_PASSWORD
19 | ports:
20 | - 8000
21 | - 8089
22 | secrets:
23 | - splunk_license
24 |
25 | secrets:
26 | splunk_license:
27 | external: true
28 |
--------------------------------------------------------------------------------
/test_scenarios/1so_namedvolumes.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | volumes:
9 | so1-etc:
10 | so1-var:
11 |
12 | services:
13 | so1:
14 | networks:
15 | splunknet:
16 | aliases:
17 | - so1
18 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
19 | environment:
20 | - SPLUNK_START_ARGS=--accept-license
21 | - SPLUNK_PASSWORD
22 | - DEBUG=true
23 | ports:
24 | - 8000
25 | - 8089
26 | volumes:
27 | - so1-etc:/opt/splunk/etc
28 | - so1-var:/opt/splunk/var
29 |
--------------------------------------------------------------------------------
/test_scenarios/1so_namedvolumes_upgrade.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | volumes:
9 | so1-etc:
10 | so1-var:
11 |
12 | services:
13 | so1:
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | hostname: so1
16 | container_name: so1
17 | environment:
18 | - SPLUNK_START_ARGS=--accept-license
19 | - SPLUNK_PASSWORD
20 | - DEBUG=true
21 | - SPLUNK_UPGRADE=true
22 | ports:
23 | - 8000
24 | - 8089
25 | volumes:
26 | - so1-etc:/opt/splunk/etc
27 | - so1-var:/opt/splunk/var
28 |
--------------------------------------------------------------------------------
/test_scenarios/1so_splunk_add_user.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | so1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - so1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | environment:
16 | - SPLUNK_START_ARGS=--accept-license
17 | - SPLUNK_ADD=user newman -password changemepls -role admin
18 | - SPLUNK_PASSWORD
19 | - DEBUG=true
20 | ports:
21 | - 8089
22 |
--------------------------------------------------------------------------------
/test_scenarios/1so_trial.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | so1:
10 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
11 | hostname: so1
12 | environment:
13 | - SPLUNK_START_ARGS=--accept-license
14 | - SPLUNK_PASSWORD
15 | - DEBUG=true
16 | ports:
17 | - 8000
18 | - 8089
19 |
--------------------------------------------------------------------------------
/test_scenarios/1uf.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | uf1:
10 | image: ${UF_IMAGE:-splunk/universalforwarder:latest}
11 | hostname: uf1
12 | container_name: uf1
13 | environment:
14 | - SPLUNK_START_ARGS=--accept-license
15 | - SPLUNK_PASSWORD
16 | - DEBUG=true
17 | ports:
18 | - 8089
--------------------------------------------------------------------------------
/test_scenarios/1uf1dmc.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | uf1:
10 | image: ${UF_IMAGE:-splunk/universalforwarder:latest}
11 | hostname: uf1
12 | container_name: uf1
13 | environment:
14 | - SPLUNK_START_ARGS=--accept-license
15 | - SPLUNK_PASSWORD
16 | - DEBUG=true
17 | ports:
18 | - 8089
19 |
20 | dmc:
21 | networks:
22 | splunknet:
23 | aliases:
24 | - dmc
25 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
26 | command: start
27 | hostname: dmc
28 | container_name: dmc
29 | environment:
30 | - SPLUNK_START_ARGS=--accept-license
31 | - SPLUNK_ROLE=splunk_monitor
32 | - SPLUNK_LICENSE_URI
33 | - SPLUNK_PASSWORD
34 | - DEBUG=true
35 | ports:
36 | - 8000
37 | - 8089
--------------------------------------------------------------------------------
/test_scenarios/1uf1so.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | uf1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - uf1
14 | image: ${UF_IMAGE:-splunk/universalforwarder:latest}
15 | hostname: uf1
16 | environment:
17 | - SPLUNK_START_ARGS=--accept-license
18 | - SPLUNK_STANDALONE_URL=so1
19 | - DEBUG=true
20 | - SPLUNK_ADD=udp 1514,monitor /var/log/*
21 | - SPLUNK_PASSWORD
22 | ports:
23 | - 8089
24 |
25 | so1:
26 | networks:
27 | splunknet:
28 | aliases:
29 | - so1
30 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
31 | hostname: so1
32 | environment:
33 | - SPLUNK_START_ARGS=--accept-license
34 | - SPLUNK_STANDALONE_URL=so1
35 | - DEBUG=true
36 | - SPLUNK_PASSWORD
37 | ports:
38 | - 8000
39 | - 8089
40 |
--------------------------------------------------------------------------------
/test_scenarios/1uf1so1dmc.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | uf1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - uf1
14 | image: ${UF_IMAGE:-splunk/universalforwarder:latest}
15 | hostname: uf1
16 | environment:
17 | - SPLUNK_START_ARGS=--accept-license
18 | - SPLUNK_STANDALONE_URL=so1
19 | - DEBUG=true
20 | - SPLUNK_ADD=udp 1514,monitor /var/log/*
21 | - SPLUNK_PASSWORD
22 | ports:
23 | - 8089
24 |
25 | so1:
26 | networks:
27 | splunknet:
28 | aliases:
29 | - so1
30 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
31 | hostname: so1
32 | environment:
33 | - SPLUNK_START_ARGS=--accept-license
34 | - SPLUNK_STANDALONE_URL=so1
35 | - DEBUG=true
36 | - SPLUNK_PASSWORD
37 | ports:
38 | - 8000
39 | - 8089
40 |
41 | dmc:
42 | networks:
43 | splunknet:
44 | aliases:
45 | - dmc
46 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
47 | command: start
48 | hostname: dmc
49 | environment:
50 | - SPLUNK_START_ARGS=--accept-license
51 | - SPLUNK_STANDALONE_URL=so1
52 | - SPLUNK_ROLE=splunk_monitor
53 | - SPLUNK_LICENSE_URI
54 | - SPLUNK_PASSWORD
55 | - DEBUG=true
56 | ports:
57 | - 8000
58 | - 8089
59 |
--------------------------------------------------------------------------------
/test_scenarios/1uf_apps.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | appserver:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - appserver
14 | image: nwang92/nginx-mitm
15 | hostname: appserver
16 | ports:
17 | - 80
18 | volumes:
19 | - ../tests/fixtures:/www/data
20 |
21 | uf1:
22 | networks:
23 | splunknet:
24 | aliases:
25 | - uf1
26 | image: ${UF_IMAGE:-splunk/universalforwarder:latest}
27 | hostname: uf1
28 | environment:
29 | - SPLUNK_START_ARGS=--accept-license
30 | - SPLUNK_PASSWORD
31 | - SPLUNK_APPS_URL
32 | - DEBUG=true
33 | ports:
34 | - 8089
35 |
--------------------------------------------------------------------------------
/test_scenarios/1uf_before_start_cmd.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | uf1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - uf1
14 | image: ${UF_IMAGE:-splunk/universalforwarder:latest}
15 | environment:
16 | - SPLUNK_START_ARGS=--accept-license
17 | - SPLUNK_BEFORE_START_CMD=add user normalplebe -password newpassword -role user
18 | - SPLUNK_PASSWORD
19 | - DEBUG=true
20 | ports:
21 | - 8089
22 |
--------------------------------------------------------------------------------
/test_scenarios/1uf_enable_service.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | uf1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - uf1
14 | image: ${UF_IMAGE:-splunk/universalforwarder:latest}
15 | environment:
16 | - SPLUNK_START_ARGS=--accept-license
17 | - SPLUNK_ENABLE_SERVICE=true
18 | - SPLUNK_PASSWORD
19 | - DEBUG=true
20 | ports:
21 | - 8089
22 |
--------------------------------------------------------------------------------
/test_scenarios/1uf_hec.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | uf1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - uf1
14 | image: ${UF_IMAGE:-splunk/universalforwarder:latest}
15 | hostname: uf1
16 | environment:
17 | - SPLUNK_START_ARGS=--accept-license
18 | - SPLUNK_PASSWORD
19 | - SPLUNK_HEC_TOKEN=abcd1234
20 | - DEBUG=true
21 | ports:
22 | - 8089
23 | - 8088
24 |
--------------------------------------------------------------------------------
/test_scenarios/1uf_splunk_add_user.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | uf1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - uf1
14 | image: ${UF_IMAGE:-splunk/universalforwarder:latest}
15 | environment:
16 | - SPLUNK_START_ARGS=--accept-license
17 | - SPLUNK_ADD=user elaine -password changemepls -role admin,user kramer -password changemepls -role admin
18 | - SPLUNK_PASSWORD
19 | - DEBUG=true
20 | ports:
21 | - 8089
22 |
--------------------------------------------------------------------------------
/test_scenarios/1uf_splunk_cmd.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | uf1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - uf1
14 | image: ${UF_IMAGE:-splunk/universalforwarder:latest}
15 | environment:
16 | - SPLUNK_START_ARGS=--accept-license
17 | - SPLUNK_CMD=add user jerry -password changemepls -role admin,add user george -password changemepls -role admin
18 | - SPLUNK_PASSWORD
19 | - DEBUG=true
20 | ports:
21 | - 8089
22 |
--------------------------------------------------------------------------------
/test_scenarios/2idx2sh.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | sh1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - sh1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | command: start
16 | hostname: sh1
17 | environment:
18 | - SPLUNK_START_ARGS=--accept-license
19 | - SPLUNK_INDEXER_URL=idx1,idx2
20 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
21 | - SPLUNK_ROLE=splunk_search_head
22 | - SPLUNK_LICENSE_URI
23 | - SPLUNK_PASSWORD
24 | - DEBUG=true
25 | ports:
26 | - 8000
27 | - 8089
28 |
29 | sh2:
30 | networks:
31 | splunknet:
32 | aliases:
33 | - sh2
34 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
35 | command: start
36 | hostname: sh2
37 | environment:
38 | - SPLUNK_START_ARGS=--accept-license
39 | - SPLUNK_INDEXER_URL=idx1,idx2
40 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
41 | - SPLUNK_ROLE=splunk_search_head
42 | - SPLUNK_LICENSE_URI
43 | - SPLUNK_PASSWORD
44 | - DEBUG=true
45 | ports:
46 | - 8000
47 | - 8089
48 |
49 | idx1:
50 | networks:
51 | splunknet:
52 | aliases:
53 | - idx1
54 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
55 | command: start
56 | hostname: idx1
57 | environment:
58 | - SPLUNK_START_ARGS=--accept-license
59 | - SPLUNK_INDEXER_URL=idx1,idx2
60 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
61 | - SPLUNK_ROLE=splunk_indexer
62 | - SPLUNK_LICENSE_URI
63 | - SPLUNK_PASSWORD
64 | - DEBUG=true
65 | ports:
66 | - 8000
67 | - 8089
68 |
69 | idx2:
70 | networks:
71 | splunknet:
72 | aliases:
73 | - idx2
74 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
75 | command: start
76 | hostname: idx2
77 | environment:
78 | - SPLUNK_START_ARGS=--accept-license
79 | - SPLUNK_INDEXER_URL=idx1,idx2
80 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
81 | - SPLUNK_ROLE=splunk_indexer
82 | - SPLUNK_LICENSE_URI
83 | - SPLUNK_PASSWORD
84 | - DEBUG=true
85 | ports:
86 | - 8000
87 | - 8089
88 |
89 |
90 |
--------------------------------------------------------------------------------
/test_scenarios/2idx2sh1cm.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | sh1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - sh1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | command: start
16 | hostname: sh1
17 | environment:
18 | - SPLUNK_START_ARGS=--accept-license
19 | - SPLUNK_INDEXER_URL=idx1,idx2
20 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
21 | - SPLUNK_CLUSTER_MASTER_URL=cm1
22 | - SPLUNK_ROLE=splunk_search_head
23 | - SPLUNK_IDXC_PASS4SYMMKEY=asdf1234
24 | - SPLUNK_LICENSE_URI
25 | - DEBUG=true
26 | - SPLUNK_PASSWORD
27 | ports:
28 | - 8000
29 | - 8089
30 |
31 | sh2:
32 | networks:
33 | splunknet:
34 | aliases:
35 | - sh2
36 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
37 | command: start
38 | hostname: sh2
39 | environment:
40 | - SPLUNK_START_ARGS=--accept-license
41 | - SPLUNK_INDEXER_URL=idx1,idx2
42 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
43 | - SPLUNK_CLUSTER_MASTER_URL=cm1
44 | - SPLUNK_ROLE=splunk_search_head
45 | - SPLUNK_IDXC_PASS4SYMMKEY=asdf1234
46 | - SPLUNK_LICENSE_URI
47 | - DEBUG=true
48 | - SPLUNK_PASSWORD
49 | ports:
50 | - 8000
51 | - 8089
52 |
53 | cm1:
54 | networks:
55 | splunknet:
56 | aliases:
57 | - cm1
58 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
59 | command: start
60 | hostname: cm1
61 | environment:
62 | - SPLUNK_START_ARGS=--accept-license
63 | - SPLUNK_INDEXER_URL=idx1,idx2
64 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
65 | - SPLUNK_CLUSTER_MASTER_URL=cm1
66 | - SPLUNK_ROLE=splunk_cluster_master
67 | - SPLUNK_IDXC_PASS4SYMMKEY=asdf1234
68 | - SPLUNK_LICENSE_URI
69 | - DEBUG=true
70 | - SPLUNK_PASSWORD
71 | ports:
72 | - 8000
73 | - 8089
74 |
75 | idx1:
76 | networks:
77 | splunknet:
78 | aliases:
79 | - idx1
80 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
81 | command: start
82 | hostname: idx1
83 | environment:
84 | - SPLUNK_START_ARGS=--accept-license
85 | - SPLUNK_INDEXER_URL=idx1,idx2
86 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
87 | - SPLUNK_CLUSTER_MASTER_URL=cm1
88 | - SPLUNK_ROLE=splunk_indexer
89 | - SPLUNK_IDXC_PASS4SYMMKEY=asdf1234
90 | - SPLUNK_LICENSE_URI
91 | - DEBUG=true
92 | - SPLUNK_PASSWORD
93 | ports:
94 | - 8000
95 | - 8089
96 |
97 | idx2:
98 | networks:
99 | splunknet:
100 | aliases:
101 | - idx2
102 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
103 | command: start
104 | hostname: idx2
105 | environment:
106 | - SPLUNK_START_ARGS=--accept-license
107 | - SPLUNK_INDEXER_URL=idx1,idx2
108 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
109 | - SPLUNK_CLUSTER_MASTER_URL=cm1
110 | - SPLUNK_ROLE=splunk_indexer
111 | - SPLUNK_IDXC_PASS4SYMMKEY=asdf1234
112 | - SPLUNK_LICENSE_URI
113 | - DEBUG=true
114 | - SPLUNK_PASSWORD
115 | ports:
116 | - 8000
117 | - 8089
118 |
--------------------------------------------------------------------------------
/test_scenarios/2idx2sh1cm1dmc.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | sh1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - sh1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | command: start
16 | hostname: sh1
17 | container_name: sh1
18 | environment:
19 | - SPLUNK_START_ARGS=--accept-license
20 | - SPLUNK_INDEXER_URL=idx1,idx2
21 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
22 | - SPLUNK_CLUSTER_MASTER_URL=cm1
23 | - SPLUNK_ROLE=splunk_search_head
24 | - SPLUNK_LICENSE_URI
25 | - DEBUG=true
26 | - SPLUNK_PASSWORD
27 | ports:
28 | - 8000
29 | - 8089
30 |
31 | sh2:
32 | networks:
33 | splunknet:
34 | aliases:
35 | - sh2
36 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
37 | command: start
38 | hostname: sh2
39 | container_name: sh2
40 | environment:
41 | - SPLUNK_START_ARGS=--accept-license
42 | - SPLUNK_INDEXER_URL=idx1,idx2
43 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
44 | - SPLUNK_CLUSTER_MASTER_URL=cm1
45 | - SPLUNK_ROLE=splunk_search_head
46 | - SPLUNK_LICENSE_URI
47 | - DEBUG=true
48 | - SPLUNK_PASSWORD
49 | ports:
50 | - 8000
51 | - 8089
52 |
53 | cm1:
54 | networks:
55 | splunknet:
56 | aliases:
57 | - cm1
58 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
59 | command: start
60 | hostname: cm1
61 | container_name: cm1
62 | environment:
63 | - SPLUNK_START_ARGS=--accept-license
64 | - SPLUNK_INDEXER_URL=idx1,idx2
65 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
66 | - SPLUNK_CLUSTER_MASTER_URL=cm1
67 | - SPLUNK_ROLE=splunk_cluster_master
68 | - SPLUNK_LICENSE_URI
69 | - DEBUG=true
70 | - SPLUNK_PASSWORD
71 | ports:
72 | - 8000
73 | - 8089
74 |
75 | idx1:
76 | networks:
77 | splunknet:
78 | aliases:
79 | - idx1
80 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
81 | command: start
82 | hostname: idx1
83 | container_name: idx1
84 | environment:
85 | - SPLUNK_START_ARGS=--accept-license
86 | - SPLUNK_INDEXER_URL=idx1,idx2
87 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
88 | - SPLUNK_CLUSTER_MASTER_URL=cm1
89 | - SPLUNK_ROLE=splunk_indexer
90 | - SPLUNK_LICENSE_URI
91 | - DEBUG=true
92 | - SPLUNK_PASSWORD
93 | ports:
94 | - 8000
95 | - 8089
96 |
97 | idx2:
98 | networks:
99 | splunknet:
100 | aliases:
101 | - idx2
102 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
103 | command: start
104 | hostname: idx2
105 | container_name: idx2
106 | environment:
107 | - SPLUNK_START_ARGS=--accept-license
108 | - SPLUNK_INDEXER_URL=idx1,idx2
109 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
110 | - SPLUNK_CLUSTER_MASTER_URL=cm1
111 | - SPLUNK_ROLE=splunk_indexer
112 | - SPLUNK_LICENSE_URI
113 | - DEBUG=true
114 | - SPLUNK_PASSWORD
115 | ports:
116 | - 8000
117 | - 8089
118 |
119 | dmc:
120 | networks:
121 | splunknet:
122 | aliases:
123 | - dmc
124 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
125 | command: start
126 | hostname: dmc
127 | container_name: dmc
128 | environment:
129 | - SPLUNK_START_ARGS=--accept-license
130 | - SPLUNK_INDEXER_URL=idx1,idx2
131 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
132 | - SPLUNK_CLUSTER_MASTER_URL=cm1
133 | - SPLUNK_ROLE=splunk_monitor
134 | - SPLUNK_LICENSE_URI
135 | - SPLUNK_PASSWORD
136 | - DEBUG=true
137 | ports:
138 | - 8000
139 | - 8089
--------------------------------------------------------------------------------
/test_scenarios/2idx2sh1cm_idx3.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | idx3:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - idx3
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | command: start
16 | hostname: idx3
17 | environment:
18 | - SPLUNK_START_ARGS=--accept-license
19 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
20 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
21 | - SPLUNK_CLUSTER_MASTER_URL=cm1
22 | - SPLUNK_ROLE=splunk_indexer
23 | - SPLUNK_IDXC_PASS4SYMMKEY=asdf1234
24 | - SPLUNK_LICENSE_URI
25 | - SPLUNK_PASSWORD
26 | - DEBUG=true
27 | ports:
28 | - 8000
29 | - 8089
30 |
--------------------------------------------------------------------------------
/test_scenarios/2idx2sh1dmc.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | sh1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - sh1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | command: start
16 | hostname: sh1
17 | environment:
18 | - SPLUNK_START_ARGS=--accept-license
19 | - SPLUNK_INDEXER_URL=idx1,idx2
20 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
21 | - SPLUNK_ROLE=splunk_search_head
22 | - SPLUNK_LICENSE_URI
23 | - SPLUNK_PASSWORD
24 | - DEBUG=true
25 | ports:
26 | - 8000
27 | - 8089
28 |
29 | sh2:
30 | networks:
31 | splunknet:
32 | aliases:
33 | - sh2
34 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
35 | command: start
36 | hostname: sh2
37 | environment:
38 | - SPLUNK_START_ARGS=--accept-license
39 | - SPLUNK_INDEXER_URL=idx1,idx2
40 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
41 | - SPLUNK_ROLE=splunk_search_head
42 | - SPLUNK_LICENSE_URI
43 | - SPLUNK_PASSWORD
44 | - DEBUG=true
45 | ports:
46 | - 8000
47 | - 8089
48 |
49 | idx1:
50 | networks:
51 | splunknet:
52 | aliases:
53 | - idx1
54 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
55 | command: start
56 | hostname: idx1
57 | environment:
58 | - SPLUNK_START_ARGS=--accept-license
59 | - SPLUNK_INDEXER_URL=idx1,idx2
60 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
61 | - SPLUNK_ROLE=splunk_indexer
62 | - SPLUNK_LICENSE_URI
63 | - SPLUNK_PASSWORD
64 | - DEBUG=true
65 | ports:
66 | - 8000
67 | - 8089
68 |
69 | idx2:
70 | networks:
71 | splunknet:
72 | aliases:
73 | - idx2
74 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
75 | command: start
76 | hostname: idx2
77 | environment:
78 | - SPLUNK_START_ARGS=--accept-license
79 | - SPLUNK_INDEXER_URL=idx1,idx2
80 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
81 | - SPLUNK_ROLE=splunk_indexer
82 | - SPLUNK_LICENSE_URI
83 | - SPLUNK_PASSWORD
84 | - DEBUG=true
85 | ports:
86 | - 8000
87 | - 8089
88 |
89 | dmc:
90 | networks:
91 | splunknet:
92 | aliases:
93 | - dmc
94 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
95 | command: start
96 | hostname: dmc
97 | environment:
98 | - SPLUNK_START_ARGS=--accept-license
99 | - SPLUNK_INDEXER_URL=idx1,idx2
100 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2
101 | - SPLUNK_ROLE=splunk_monitor
102 | - SPLUNK_LICENSE_URI
103 | - SPLUNK_PASSWORD
104 | - DEBUG=true
105 | ports:
106 | - 8000
107 | - 8089
108 |
--------------------------------------------------------------------------------
/test_scenarios/2so2hf.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | so1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - so1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | command: start
16 | hostname: so1
17 | container_name: so1
18 | environment:
19 | - SPLUNK_START_ARGS=--accept-license
20 | - SPLUNK_STANDALONE_URL=so1,so2
21 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
22 | - SPLUNK_ROLE=splunk_standalone
23 | - SPLUNK_LICENSE_URI
24 | - DEBUG=true
25 | ports:
26 | - 8000
27 | - 8089
28 | volumes:
29 | - ./defaults:/tmp/defaults
30 |
31 | so2:
32 | networks:
33 | splunknet:
34 | aliases:
35 | - so2
36 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
37 | command: start
38 | hostname: so2
39 | container_name: so2
40 | environment:
41 | - SPLUNK_START_ARGS=--accept-license
42 | - SPLUNK_STANDALONE_URL=so1,so2
43 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
44 | - SPLUNK_ROLE=splunk_standalone
45 | - SPLUNK_LICENSE_URI
46 | - DEBUG=true
47 | ports:
48 | - 8000
49 | - 8089
50 | volumes:
51 | - ./defaults:/tmp/defaults
52 |
53 | so2:
54 | networks:
55 | splunknet:
56 | aliases:
57 | - so2
58 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
59 | command: start
60 | hostname: so2
61 | container_name: so2
62 | environment:
63 | - SPLUNK_START_ARGS=--accept-license
64 | - SPLUNK_STANDALONE_URL=so1,so2
65 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
66 | - SPLUNK_ROLE=splunk_standalone
67 | - SPLUNK_LICENSE_URI
68 | - DEBUG=true
69 | ports:
70 | - 8000
71 | - 8089
72 | volumes:
73 | - ./defaults:/tmp/defaults
74 |
75 |
76 | hf1:
77 | networks:
78 | splunknet:
79 | aliases:
80 | - hf1
81 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
82 | command: start
83 | hostname: hf1
84 | container_name: hf1
85 | environment:
86 | - SPLUNK_START_ARGS=--accept-license
87 | - SPLUNK_STANDALONE_URL=so1,so2
88 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
89 | - SPLUNK_ROLE=splunk_heavy_forwarder
90 | - SPLUNK_LICENSE_URI
91 | - DEBUG=true
92 | ports:
93 | - 8000
94 | - 8089
95 | volumes:
96 | - ./defaults:/tmp/defaults
97 |
98 | hf2:
99 | networks:
100 | splunknet:
101 | aliases:
102 | - hf2
103 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
104 | command: start
105 | hostname: hf2
106 | container_name: hf2
107 | environment:
108 | - SPLUNK_START_ARGS=--accept-license
109 | - SPLUNK_STANDALONE_URL=so1,so2
110 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
111 | - SPLUNK_ROLE=splunk_heavy_forwarder
112 | - SPLUNK_LICENSE_URI
113 | - DEBUG=true
114 | ports:
115 | - 8000
116 | - 8089
117 | volumes:
118 | - ./defaults:/tmp/defaults
119 |
--------------------------------------------------------------------------------
/test_scenarios/2so2hf1dmc.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | so1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - so1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | hostname: so1
16 | container_name: so1
17 | environment:
18 | - SPLUNK_START_ARGS=--accept-license
19 | - SPLUNK_STANDALONE_URL=so1, so2
20 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
21 | - DEBUG=true
22 | - SPLUNK_PASSWORD
23 | ports:
24 | - 8000
25 | - 8089
26 |
27 | so2:
28 | networks:
29 | splunknet:
30 | aliases:
31 | - so2
32 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
33 | hostname: so2
34 | container_name: so2
35 | environment:
36 | - SPLUNK_START_ARGS=--accept-license
37 | - SPLUNK_STANDALONE_URL=so1, so2
38 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
39 | - DEBUG=true
40 | - SPLUNK_PASSWORD
41 | ports:
42 | - 8000
43 | - 8089
44 |
45 | hf1:
46 | networks:
47 | splunknet:
48 | aliases:
49 | - hf1
50 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
51 | command: start
52 | hostname: hf1
53 | container_name: hf1
54 | environment:
55 | - SPLUNK_START_ARGS=--accept-license
56 | - SPLUNK_STANDALONE_URL=so1,so2
57 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
58 | - SPLUNK_ROLE=splunk_heavy_forwarder
59 | - SPLUNK_LICENSE_URI
60 | - DEBUG=true
61 | ports:
62 | - 8000
63 | - 8089
64 | volumes:
65 | - ./defaults:/tmp/defaults
66 |
67 | hf2:
68 | networks:
69 | splunknet:
70 | aliases:
71 | - hf2
72 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
73 | command: start
74 | hostname: hf2
75 | container_name: hf2
76 | environment:
77 | - SPLUNK_START_ARGS=--accept-license
78 | - SPLUNK_STANDALONE_URL=so1,so2
79 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
80 | - SPLUNK_ROLE=splunk_heavy_forwarder
81 | - SPLUNK_LICENSE_URI
82 | - DEBUG=true
83 | ports:
84 | - 8000
85 | - 8089
86 | volumes:
87 | - ./defaults:/tmp/defaults
88 |
89 | dmc:
90 | networks:
91 | splunknet:
92 | aliases:
93 | - dmc
94 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
95 | command: start
96 | hostname: dmc
97 | container_name: dmc
98 | environment:
99 | - SPLUNK_START_ARGS=--accept-license
100 | - SPLUNK_STANDALONE_URL=so1,so2
101 | - SPLUNK_HEAVY_FORWARDER_URL=hf1,hf2
102 | - SPLUNK_ROLE=splunk_monitor
103 | - SPLUNK_LICENSE_URI
104 | - SPLUNK_PASSWORD
105 | - DEBUG=true
106 | ports:
107 | - 8000
108 | - 8089
109 |
--------------------------------------------------------------------------------
/test_scenarios/3idx1cm.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | cm1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - cm1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | command: start
16 | hostname: cm1
17 | environment:
18 | - SPLUNK_START_ARGS=--accept-license
19 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
20 | - SPLUNK_CLUSTER_MASTER_URL=cm1
21 | - SPLUNK_ROLE=splunk_cluster_master
22 | - SPLUNK_LICENSE_URI
23 | - DEBUG=true
24 | - SPLUNK_PASSWORD
25 | - SPLUNK_DEFAULTS_URL
26 | ports:
27 | - 8000
28 | - 8089
29 | volumes:
30 | - ./defaults:/tmp/defaults
31 |
32 | idx1:
33 | networks:
34 | splunknet:
35 | aliases:
36 | - idx1
37 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
38 | command: start
39 | hostname: idx1
40 | environment:
41 | - SPLUNK_START_ARGS=--accept-license
42 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
43 | - SPLUNK_CLUSTER_MASTER_URL=cm1
44 | - SPLUNK_ROLE=splunk_indexer
45 | - SPLUNK_LICENSE_URI
46 | - DEBUG=true
47 | - SPLUNK_PASSWORD
48 | - SPLUNK_DEFAULTS_URL
49 | ports:
50 | - 8000
51 | - 8089
52 | volumes:
53 | - ./defaults:/tmp/defaults
54 |
55 | idx2:
56 | networks:
57 | splunknet:
58 | aliases:
59 | - idx2
60 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
61 | command: start
62 | hostname: idx2
63 | environment:
64 | - SPLUNK_START_ARGS=--accept-license
65 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
66 | - SPLUNK_CLUSTER_MASTER_URL=cm1
67 | - SPLUNK_ROLE=splunk_indexer
68 | - SPLUNK_LICENSE_URI
69 | - DEBUG=true
70 | - SPLUNK_PASSWORD
71 | - SPLUNK_DEFAULTS_URL
72 | ports:
73 | - 8000
74 | - 8089
75 | volumes:
76 | - ./defaults:/tmp/defaults
77 |
78 | idx3:
79 | networks:
80 | splunknet:
81 | aliases:
82 | - idx3
83 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
84 | command: start
85 | hostname: idx3
86 | environment:
87 | - SPLUNK_START_ARGS=--accept-license
88 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
89 | - SPLUNK_CLUSTER_MASTER_URL=cm1
90 | - SPLUNK_ROLE=splunk_indexer
91 | - SPLUNK_LICENSE_URI
92 | - DEBUG=true
93 | - SPLUNK_PASSWORD
94 | - SPLUNK_DEFAULTS_URL
95 | ports:
96 | - 8000
97 | - 8089
98 | volumes:
99 | - ./defaults:/tmp/defaults
100 |
--------------------------------------------------------------------------------
/test_scenarios/3idx1cm1dmc.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | cm1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - cm1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | command: start
16 | hostname: cm1
17 | environment:
18 | - SPLUNK_START_ARGS=--accept-license
19 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
20 | - SPLUNK_CLUSTER_MASTER_URL=cm1
21 | - SPLUNK_ROLE=splunk_cluster_master
22 | - SPLUNK_LICENSE_URI
23 | - DEBUG=true
24 | - SPLUNK_PASSWORD
25 | ports:
26 | - 8000
27 | - 8089
28 | volumes:
29 | - ./defaults:/tmp/defaults
30 |
31 | idx1:
32 | networks:
33 | splunknet:
34 | aliases:
35 | - idx1
36 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
37 | command: start
38 | hostname: idx1
39 | environment:
40 | - SPLUNK_START_ARGS=--accept-license
41 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
42 | - SPLUNK_CLUSTER_MASTER_URL=cm1
43 | - SPLUNK_ROLE=splunk_indexer
44 | - SPLUNK_LICENSE_URI
45 | - DEBUG=true
46 | - SPLUNK_PASSWORD
47 | ports:
48 | - 8000
49 | - 8089
50 | volumes:
51 | - ./defaults:/tmp/defaults
52 |
53 | idx2:
54 | networks:
55 | splunknet:
56 | aliases:
57 | - idx2
58 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
59 | command: start
60 | hostname: idx2
61 | environment:
62 | - SPLUNK_START_ARGS=--accept-license
63 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
64 | - SPLUNK_CLUSTER_MASTER_URL=cm1
65 | - SPLUNK_ROLE=splunk_indexer
66 | - SPLUNK_LICENSE_URI
67 | - DEBUG=true
68 | - SPLUNK_PASSWORD
69 | ports:
70 | - 8000
71 | - 8089
72 | volumes:
73 | - ./defaults:/tmp/defaults
74 |
75 | idx3:
76 | networks:
77 | splunknet:
78 | aliases:
79 | - idx3
80 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
81 | command: start
82 | hostname: idx3
83 | environment:
84 | - SPLUNK_START_ARGS=--accept-license
85 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
86 | - SPLUNK_CLUSTER_MASTER_URL=cm1
87 | - SPLUNK_ROLE=splunk_indexer
88 | - SPLUNK_LICENSE_URI
89 | - DEBUG=true
90 | - SPLUNK_PASSWORD
91 | ports:
92 | - 8000
93 | - 8089
94 | volumes:
95 | - ./defaults:/tmp/defaults
96 |
97 | dmc:
98 | networks:
99 | splunknet:
100 | aliases:
101 | - dmc
102 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
103 | command: start
104 | hostname: dmc
105 | environment:
106 | - SPLUNK_START_ARGS=--accept-license
107 | - SPLUNK_CLUSTER_MASTER_URL=cm1
108 | - SPLUNK_ROLE=splunk_monitor
109 | - SPLUNK_LICENSE_URI
110 | - SPLUNK_PASSWORD
111 | - DEBUG=true
112 | ports:
113 | - 8000
114 | - 8089
--------------------------------------------------------------------------------
/test_scenarios/3idx3sh1cm.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | sh1:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - sh1
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | command: start
16 | hostname: sh1
17 | container_name: sh1
18 | environment:
19 | - SPLUNK_START_ARGS=--accept-license
20 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
21 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2,sh3
22 | - SPLUNK_CLUSTER_MASTER_URL=cm1
23 | - SPLUNK_ROLE=splunk_search_head
24 | - SPLUNK_LICENSE_URI
25 | - DEBUG=true
26 | - SPLUNK_PASSWORD
27 | ports:
28 | - 8000
29 | - 8089
30 | volumes:
31 | - ./defaults:/tmp/defaults
32 |
33 | sh2:
34 | networks:
35 | splunknet:
36 | aliases:
37 | - sh2
38 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
39 | command: start
40 | hostname: sh2
41 | container_name: sh2
42 | environment:
43 | - SPLUNK_START_ARGS=--accept-license
44 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
45 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2,sh3
46 | - SPLUNK_CLUSTER_MASTER_URL=cm1
47 | - SPLUNK_ROLE=splunk_search_head
48 | - SPLUNK_LICENSE_URI
49 | - DEBUG=true
50 | - SPLUNK_PASSWORD
51 | ports:
52 | - 8000
53 | - 8089
54 | volumes:
55 | - ./defaults:/tmp/defaults
56 |
57 | sh3:
58 | networks:
59 | splunknet:
60 | aliases:
61 | - sh3
62 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
63 | command: start
64 | hostname: sh3
65 | container_name: sh3
66 | environment:
67 | - SPLUNK_START_ARGS=--accept-license
68 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
69 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2,sh3
70 | - SPLUNK_CLUSTER_MASTER_URL=cm1
71 | - SPLUNK_ROLE=splunk_search_head
72 | - SPLUNK_LICENSE_URI
73 | - DEBUG=true
74 | - SPLUNK_PASSWORD
75 | ports:
76 | - 8000
77 | - 8089
78 | volumes:
79 | - ./defaults:/tmp/defaults
80 |
81 | cm1:
82 | networks:
83 | splunknet:
84 | aliases:
85 | - cm1
86 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
87 | command: start
88 | hostname: cm1
89 | container_name: cm1
90 | environment:
91 | - SPLUNK_START_ARGS=--accept-license
92 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
93 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2,sh3
94 | - SPLUNK_CLUSTER_MASTER_URL=cm1
95 | - SPLUNK_ROLE=splunk_cluster_master
96 | - SPLUNK_LICENSE_URI
97 | - DEBUG=true
98 | - SPLUNK_PASSWORD
99 | ports:
100 | - 8000
101 | - 8089
102 | volumes:
103 | - ./defaults:/tmp/defaults
104 |
105 | idx1:
106 | networks:
107 | splunknet:
108 | aliases:
109 | - idx1
110 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
111 | command: start
112 | hostname: idx1
113 | container_name: idx1
114 | environment:
115 | - SPLUNK_START_ARGS=--accept-license
116 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
117 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2,sh3
118 | - SPLUNK_CLUSTER_MASTER_URL=cm1
119 | - SPLUNK_ROLE=splunk_indexer
120 | - SPLUNK_LICENSE_URI
121 | - DEBUG=true
122 | - SPLUNK_PASSWORD
123 | ports:
124 | - 8000
125 | - 8089
126 | volumes:
127 | - ./defaults:/tmp/defaults
128 |
129 | idx2:
130 | networks:
131 | splunknet:
132 | aliases:
133 | - idx2
134 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
135 | command: start
136 | hostname: idx2
137 | container_name: idx2
138 | environment:
139 | - SPLUNK_START_ARGS=--accept-license
140 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
141 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2,sh3
142 | - SPLUNK_CLUSTER_MASTER_URL=cm1
143 | - SPLUNK_ROLE=splunk_indexer
144 | - SPLUNK_LICENSE_URI
145 | - DEBUG=true
146 | - SPLUNK_PASSWORD
147 | ports:
148 | - 8000
149 | - 8089
150 | volumes:
151 | - ./defaults:/tmp/defaults
152 |
153 | idx3:
154 | networks:
155 | splunknet:
156 | aliases:
157 | - idx3
158 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
159 | command: start
160 | hostname: idx3
161 | container_name: idx3
162 | environment:
163 | - SPLUNK_START_ARGS=--accept-license
164 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3
165 | - SPLUNK_SEARCH_HEAD_URL=sh1,sh2,sh3
166 | - SPLUNK_CLUSTER_MASTER_URL=cm1
167 | - SPLUNK_ROLE=splunk_indexer
168 | - SPLUNK_LICENSE_URI
169 | - DEBUG=true
170 | - SPLUNK_PASSWORD
171 | ports:
172 | - 8000
173 | - 8089
174 | volumes:
175 | - ./defaults:/tmp/defaults
176 |
--------------------------------------------------------------------------------
/test_scenarios/cluster_absolute_unit_idx5.yaml:
--------------------------------------------------------------------------------
1 | version: "3.6"
2 |
3 | networks:
4 | splunknet:
5 | driver: bridge
6 | attachable: true
7 |
8 | services:
9 | idx5:
10 | networks:
11 | splunknet:
12 | aliases:
13 | - idx5
14 | image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
15 | command: start
16 | hostname: idx5
17 | container_name: idx5
18 | environment:
19 | - SPLUNK_START_ARGS=--accept-license
20 | - SPLUNK_INDEXER_URL=idx1,idx2,idx3,idx4,idx5
21 | - SPLUNK_SEARCH_HEAD_URL=sh2,sh3
22 | - SPLUNK_SEARCH_HEAD_CAPTAIN_URL=sh1
23 | - SPLUNK_CLUSTER_MASTER_URL=cm1
24 | - SPLUNK_ROLE=splunk_indexer
25 | - SPLUNK_DEPLOYER_URL=dep1
26 | - SPLUNK_LICENSE_URI
27 | - SPLUNK_PASSWORD
28 | - DEBUG=true
29 | ports:
30 | - 8000
31 | - 8089
32 |
--------------------------------------------------------------------------------
/test_scenarios/defaults/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/splunk/docker-splunk/83df4dfa1ad4b18f15b3cdb253ee3f05b93da5ba/test_scenarios/defaults/.gitkeep
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idx1sh1cm-pvc/splunk-indexer-statefulset-persistent.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: StatefulSet
3 | metadata:
4 | name: indexer
5 | labels:
6 | app: splunk
7 | role: splunk_indexer
8 | tier: indexer
9 | spec:
10 | selector:
11 | matchLabels:
12 | app: splunk
13 | role: splunk_indexer
14 | tier: indexer
15 | replicas: 3
16 | serviceName: indexer
17 | volumeClaimTemplates:
18 | - metadata:
19 | name: splunk-idxcluster-data
20 | labels:
21 | app: splunk
22 | role: splunk_indexer
23 | tier: indexer
24 | spec:
25 | accessModes: [ "ReadWriteOnce" ]
26 | resources:
27 | requests:
28 | storage: 100Gi
29 | - metadata:
30 | name: splunk-idxcluster-config
31 | labels:
32 | app: splunk
33 | role: splunk_indexer
34 | tier: indexer
35 | spec:
36 | accessModes: [ "ReadWriteOnce" ]
37 | resources:
38 | requests:
39 | storage: 10Gi
40 | template:
41 | metadata:
42 | labels:
43 | app: splunk
44 | role: splunk_indexer
45 | tier: indexer
46 | spec:
47 | dnsPolicy: ClusterFirst
48 | dnsConfig:
49 | searches:
50 | - indexer.splunk.svc.cluster.local
51 | containers:
52 | - name: indexer
53 | image: splunk/splunk:latest
54 | env:
55 | - name: SPLUNK_HOME
56 | value: /opt/splunk
57 | - name: SPLUNK_DEFAULTS_URL
58 | value: http://splunk-defaults/default.yml
59 | - name: SPLUNK_START_ARGS
60 | value: "--accept-license"
61 | - name: SPLUNK_ROLE
62 | value: splunk_indexer
63 | - name: SPLUNK_CLUSTER_MASTER_URL
64 | value: master
65 | - name: SPLUNK_INDEXER_URL
66 | value: indexer-0,indexer-1,indexer-2
67 | - name: SPLUNK_SEARCH_HEAD_URL
68 | value: search
69 | - name: SPLUNK_PASSWORD
70 | value: helloworld
71 | - name: DEBUG
72 | value: "true"
73 | ports:
74 | - containerPort: 8088
75 | - containerPort: 8089
76 | - containerPort: 9997
77 | - containerPort: 4001
78 | volumeMounts:
79 | - name: splunk-idxcluster-config
80 | mountPath: /opt/splunk/etc
81 | - name: splunk-idxcluster-data
82 | mountPath: /opt/splunk/var
83 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idx1sh1cm-pvc/splunk-indexer-statefulset-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: indexer
6 | labels:
7 | app: splunk
8 | role: splunk_indexer
9 | tier: indexer
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_indexer
14 | tier: indexer
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | - name: replication
23 | port: 4001
24 | targetPort: 4001
25 | - name: s2s
26 | port: 9997
27 | targetPort: 9997
28 | clusterIP: None
29 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idx1sh1cm-pvc/splunk-master-deploy-persistent.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: master
6 | labels:
7 | app: splunk
8 | role: splunk_cluster_master
9 | tier: management
10 | spec:
11 | replicas: 1
12 | selector:
13 | matchLabels:
14 | app: splunk
15 | role: splunk_cluster_master
16 | tier: management
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_cluster_master
22 | tier: management
23 | spec:
24 | hostname: master
25 | dnsPolicy: ClusterFirst
26 | dnsConfig:
27 | searches:
28 | - indexer.splunk.svc.cluster.local
29 | containers:
30 | - name: master
31 | image: splunk/splunk:latest
32 | env:
33 | - name: SPLUNK_HOME
34 | value: /opt/splunk
35 | - name: SPLUNK_DEFAULTS_URL
36 | value: http://splunk-defaults/default.yml
37 | - name: SPLUNK_ROLE
38 | value: splunk_cluster_master
39 | - name: SPLUNK_PASSWORD
40 | value: helloworld
41 | - name: SPLUNK_START_ARGS
42 | value: "--accept-license"
43 | - name: SPLUNK_CLUSTER_MASTER_URL
44 | value: master
45 | - name: SPLUNK_INDEXER_URL
46 | value: indexer-0,indexer-1,indexer-2
47 | - name: SPLUNK_SEARCH_HEAD_URL
48 | value: search
49 | - name: DEBUG
50 | value: "true"
51 | ports:
52 | - name: web
53 | containerPort: 8000
54 | - name: mgmt
55 | containerPort: 8089
56 | - name: kv
57 | containerPort: 8191
58 | volumeMounts:
59 | - name: splunk-master-data
60 | mountPath: /opt/splunk/var
61 | - name: splunk-master-config
62 | mountPath: /opt/splunk/etc
63 | volumes:
64 | - name: splunk-master-config
65 | persistentVolumeClaim:
66 | claimName: splunk-master-config
67 | - name: splunk-master-data
68 | persistentVolumeClaim:
69 | claimName: splunk-master-data
70 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idx1sh1cm-pvc/splunk-master-pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: splunk-master-data
6 | labels:
7 | app: splunk
8 | role: splunk_cluster_master
9 | tier: management
10 | spec:
11 | accessModes:
12 | - ReadWriteOnce
13 | resources:
14 | requests:
15 | storage: 50Gi
16 | ---
17 | apiVersion: v1
18 | kind: PersistentVolumeClaim
19 | metadata:
20 | name: splunk-master-config
21 | labels:
22 | app: splunk
23 | role: splunk_cluster_master
24 | tier: management
25 | spec:
26 | accessModes:
27 | - ReadWriteOnce
28 | resources:
29 | requests:
30 | storage: 10Gi
31 |
32 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idx1sh1cm-pvc/splunk-master-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: master
6 | labels:
7 | app: splunk
8 | role: splunk_cluster_master
9 | tier: management
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_cluster_master
14 | tier: management
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | clusterIP: None
23 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idx1sh1cm-pvc/splunk-search-deploy-persistent.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: search
6 | labels:
7 | app: splunk
8 | role: splunk_search_head
9 | tier: search
10 | spec:
11 | replicas: 1
12 | selector:
13 | matchLabels:
14 | app: splunk
15 | role: splunk_search_head
16 | tier: search
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_search_head
22 | tier: search
23 | spec:
24 | hostname: search
25 | dnsPolicy: ClusterFirst
26 | dnsConfig:
27 | searches:
28 | - indexer.splunk.svc.cluster.local
29 | containers:
30 | - name: search
31 | image: splunk/splunk:latest
32 | env:
33 | - name: SPLUNK_HOME
34 | value: /opt/splunk
35 | - name: SPLUNK_DEFAULTS_URL
36 | value: http://splunk-defaults/default.yml
37 | - name: SPLUNK_ROLE
38 | value: splunk_search_head
39 | - name: SPLUNK_PASSWORD
40 | value: helloworld
41 | - name: SPLUNK_START_ARGS
42 | value: "--accept-license"
43 | - name: SPLUNK_CLUSTER_MASTER_URL
44 | value: master
45 | - name: SPLUNK_INDEXER_URL
46 | value: indexer-0,indexer-1,indexer-2
47 | - name: SPLUNK_SEARCH_HEAD_URL
48 | value: search
49 | - name: DEBUG
50 | value: "true"
51 | ports:
52 | - name: web
53 | containerPort: 8000
54 | - name: mgmt
55 | containerPort: 8089
56 | - name: kv
57 | containerPort: 8191
58 | volumeMounts:
59 | - name: splunk-search-data
60 | mountPath: /opt/splunk/var
61 | - name: splunk-search-config
62 | mountPath: /opt/splunk/etc
63 | volumes:
64 | - name: splunk-search-config
65 | persistentVolumeClaim:
66 | claimName: splunk-search-config
67 | - name: splunk-search-data
68 | persistentVolumeClaim:
69 | claimName: splunk-search-data
70 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idx1sh1cm-pvc/splunk-search-pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: splunk-search-data
6 | labels:
7 | app: splunk
8 | role: splunk_search_head
9 | tier: search
10 | spec:
11 | accessModes:
12 | - ReadWriteOnce
13 | resources:
14 | requests:
15 | storage: 50Gi
16 | ---
17 | apiVersion: v1
18 | kind: PersistentVolumeClaim
19 | metadata:
20 | name: splunk-search-config
21 | labels:
22 | app: splunk
23 | role: splunk_search_head
24 | tier: search
25 | spec:
26 | accessModes:
27 | - ReadWriteOnce
28 | resources:
29 | requests:
30 | storage: 10Gi
31 |
32 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idx1sh1cm-pvc/splunk-search-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: search
6 | labels:
7 | app: splunk
8 | role: splunk_search_head
9 | tier: search
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_search_head
14 | tier: search
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | - name: kv
23 | port: 8191
24 | targetPort: 8191
25 | clusterIP: None
26 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idx1sh1cm/splunk-indexer-statefulset-emptydir.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: StatefulSet
3 | metadata:
4 | name: indexer
5 | labels:
6 | app: splunk
7 | role: splunk_indexer
8 | tier: indexer
9 | spec:
10 | selector:
11 | matchLabels:
12 | app: splunk
13 | role: splunk_indexer
14 | tier: indexer
15 | replicas: 3
16 | serviceName: indexer
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_indexer
22 | tier: indexer
23 | spec:
24 | dnsPolicy: ClusterFirst
25 | dnsConfig:
26 | searches:
27 | - indexer.splunk.svc.cluster.local
28 | containers:
29 | - name: indexer
30 | image: splunk/splunk:latest
31 | env:
32 | - name: SPLUNK_HOME
33 | value: /opt/splunk
34 | - name: SPLUNK_DEFAULTS_URL
35 | value: http://splunk-defaults/default.yml
36 | - name: SPLUNK_START_ARGS
37 | value: "--accept-license"
38 | - name: SPLUNK_ROLE
39 | value: splunk_indexer
40 | - name: SPLUNK_CLUSTER_MASTER_URL
41 | value: master
42 | - name: SPLUNK_INDEXER_URL
43 | value: indexer-0,indexer-1,indexer-2
44 | - name: SPLUNK_SEARCH_HEAD_URL
45 | value: search
46 | - name: SPLUNK_PASSWORD
47 | value: helloworld
48 | - name: DEBUG
49 | value: "true"
50 | ports:
51 | - containerPort: 8088
52 | - containerPort: 8089
53 | - containerPort: 9997
54 | - containerPort: 4001
55 | volumeMounts:
56 | - name: splunk-idxcluster-config
57 | mountPath: /opt/splunk/etc
58 | - name: splunk-idxcluster-data
59 | mountPath: /opt/splunk/var
60 | volumes:
61 | - name: splunk-idxcluster-config
62 | emptyDir: {}
63 | - name: splunk-idxcluster-data
64 | emptyDir: {}
65 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idx1sh1cm/splunk-indexer-statefulset-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: indexer
6 | labels:
7 | app: splunk
8 | role: splunk_indexer
9 | tier: indexer
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_indexer
14 | tier: indexer
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | - name: replication
23 | port: 4001
24 | targetPort: 4001
25 | - name: s2s
26 | port: 9997
27 | targetPort: 9997
28 | clusterIP: None
29 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idx1sh1cm/splunk-master-deploy-emptydir.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: master
6 | labels:
7 | app: splunk
8 | role: splunk_cluster_master
9 | tier: management
10 | spec:
11 | replicas: 1
12 | selector:
13 | matchLabels:
14 | app: splunk
15 | role: splunk_cluster_master
16 | tier: management
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_cluster_master
22 | tier: management
23 | spec:
24 | hostname: master
25 | dnsPolicy: ClusterFirst
26 | dnsConfig:
27 | searches:
28 | - indexer.splunk.svc.cluster.local
29 | containers:
30 | - name: master
31 | image: splunk/splunk:latest
32 | env:
33 | - name: SPLUNK_HOME
34 | value: /opt/splunk
35 | - name: SPLUNK_DEFAULTS_URL
36 | value: http://splunk-defaults/default.yml
37 | - name: SPLUNK_ROLE
38 | value: splunk_cluster_master
39 | - name: SPLUNK_PASSWORD
40 | value: helloworld
41 | - name: SPLUNK_START_ARGS
42 | value: "--accept-license"
43 | - name: SPLUNK_CLUSTER_MASTER_URL
44 | value: master
45 | - name: SPLUNK_INDEXER_URL
46 | value: indexer-0,indexer-1,indexer-2
47 | - name: SPLUNK_SEARCH_HEAD_URL
48 | value: search
49 | - name: DEBUG
50 | value: "true"
51 | ports:
52 | - name: web
53 | containerPort: 8000
54 | - name: mgmt
55 | containerPort: 8089
56 | - name: kv
57 | containerPort: 8191
58 | volumeMounts:
59 | - name: splunk-master-data
60 | mountPath: /opt/splunk/var
61 | - name: splunk-master-config
62 | mountPath: /opt/splunk/etc
63 | volumes:
64 | - name: splunk-master-config
65 | emptyDir: {}
66 | - name: splunk-master-data
67 | emptyDir: {}
68 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idx1sh1cm/splunk-master-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: master
6 | labels:
7 | app: splunk
8 | role: splunk_cluster_master
9 | tier: management
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_cluster_master
14 | tier: management
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | clusterIP: None
23 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idx1sh1cm/splunk-search-deploy-emptydir.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: search
6 | labels:
7 | app: splunk
8 | role: splunk_search_head
9 | tier: search
10 | spec:
11 | replicas: 1
12 | selector:
13 | matchLabels:
14 | app: splunk
15 | role: splunk_search_head
16 | tier: search
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_search_head
22 | tier: search
23 | spec:
24 | hostname: search
25 | dnsPolicy: ClusterFirst
26 | dnsConfig:
27 | searches:
28 | - indexer.splunk.svc.cluster.local
29 | containers:
30 | - name: search
31 | image: splunk/splunk:latest
32 | env:
33 | - name: SPLUNK_HOME
34 | value: /opt/splunk
35 | - name: SPLUNK_DEFAULTS_URL
36 | value: http://splunk-defaults/default.yml
37 | - name: SPLUNK_ROLE
38 | value: splunk_search_head
39 | - name: SPLUNK_PASSWORD
40 | value: helloworld
41 | - name: SPLUNK_START_ARGS
42 | value: "--accept-license"
43 | - name: SPLUNK_CLUSTER_MASTER_URL
44 | value: master
45 | - name: SPLUNK_INDEXER_URL
46 | value: indexer-0,indexer-1,indexer-2
47 | - name: SPLUNK_SEARCH_HEAD_URL
48 | value: search
49 | - name: DEBUG
50 | value: "true"
51 | ports:
52 | - name: web
53 | containerPort: 8000
54 | - name: mgmt
55 | containerPort: 8089
56 | - name: kv
57 | containerPort: 8191
58 | volumeMounts:
59 | - name: splunk-search-data
60 | mountPath: /opt/splunk/var
61 | - name: splunk-search-config
62 | mountPath: /opt/splunk/etc
63 | volumes:
64 | - name: splunk-search-config
65 | emptyDir: {}
66 | - name: splunk-search-data
67 | emptyDir: {}
68 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idx1sh1cm/splunk-search-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: search
6 | labels:
7 | app: splunk
8 | role: splunk_search_head
9 | tier: search
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_search_head
14 | tier: search
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | - name: kv
23 | port: 8191
24 | targetPort: 8191
25 | clusterIP: None
26 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-deployer-deploy-persistent.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: deployer
6 | labels:
7 | app: splunk
8 | role: splunk_deployer
9 | tier: management
10 | spec:
11 | replicas: 1
12 | selector:
13 | matchLabels:
14 | app: splunk
15 | role: splunk_deployer
16 | tier: management
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_deployer
22 | tier: management
23 | spec:
24 | hostname: deployer
25 | dnsPolicy: ClusterFirst
26 | dnsConfig:
27 | searches:
28 | - indexer.splunk.svc.cluster.local
29 | - search.splunk.svc.cluster.local
30 | containers:
31 | - name: deployer
32 | image: splunk/splunk:latest
33 | env:
34 | - name: SPLUNK_HOME
35 | value: /opt/splunk
36 | - name: SPLUNK_DEFAULTS_URL
37 | value: http://splunk-defaults/default.yml
38 | - name: SPLUNK_ROLE
39 | value: splunk_deployer
40 | - name: SPLUNK_SEARCH_HEAD_URL
41 | value: search-0,search-1
42 | - name: SPLUNK_DEPLOYER_URL
43 | value: deployer
44 | - name: SPLUNK_SEARCH_HEAD_CAPTAIN_URL
45 | value: captain
46 | - name: SPLUNK_PASSWORD
47 | value: helloworld
48 | - name: SPLUNK_START_ARGS
49 | value: "--accept-license"
50 | - name: SPLUNK_CLUSTER_MASTER_URL
51 | value: master
52 | - name: SPLUNK_INDEXER_URL
53 | value: indexer-0,indexer-1,indexer-2
54 | - name: DEBUG
55 | value: "true"
56 | ports:
57 | - name: web
58 | containerPort: 8000
59 | - name: mgmt
60 | containerPort: 8089
61 | - name: kv
62 | containerPort: 8191
63 | volumeMounts:
64 | - name: splunk-deployer-data
65 | mountPath: /opt/splunk/var
66 | - name: splunk-deployer-config
67 | mountPath: /opt/splunk/etc
68 | volumes:
69 | - name: splunk-deployer-config
70 | persistentVolumeClaim:
71 | claimName: splunk-deployer-config
72 | - name: splunk-deployer-data
73 | persistentVolumeClaim:
74 | claimName: splunk-deployer-data
75 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-deployer-pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: splunk-deployer-data
6 | labels:
7 | app: splunk
8 | role: splunk_deployer
9 | tier: management
10 | spec:
11 | accessModes:
12 | - ReadWriteOnce
13 | resources:
14 | requests:
15 | storage: 50Gi
16 | ---
17 | apiVersion: v1
18 | kind: PersistentVolumeClaim
19 | metadata:
20 | name: splunk-deployer-config
21 | labels:
22 | app: splunk
23 | role: splunk_deployer
24 | tier: management
25 | spec:
26 | accessModes:
27 | - ReadWriteOnce
28 | resources:
29 | requests:
30 | storage: 10Gi
31 |
32 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-deployer-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: deployer
6 | labels:
7 | app: splunk
8 | role: splunk_deployer
9 | tier: management
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_deployer
14 | tier: management
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | - name: kv
23 | port: 8191
24 | targetPort: 8191
25 | clusterIP: None
26 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-indexer-statefulset-persistent.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: StatefulSet
3 | metadata:
4 | name: indexer
5 | labels:
6 | app: splunk
7 | role: splunk_indexer
8 | tier: indexer
9 | spec:
10 | selector:
11 | matchLabels:
12 | app: splunk
13 | role: splunk_indexer
14 | tier: indexer
15 | replicas: 3
16 | serviceName: indexer
17 | volumeClaimTemplates:
18 | - metadata:
19 | name: splunk-idxcluster-data
20 | labels:
21 | app: splunk
22 | role: splunk_indexer
23 | tier: indexer
24 | spec:
25 | accessModes: [ "ReadWriteOnce" ]
26 | resources:
27 | requests:
28 | storage: 100Gi
29 | - metadata:
30 | name: splunk-idxcluster-config
31 | labels:
32 | app: splunk
33 | role: splunk_indexer
34 | tier: indexer
35 | spec:
36 | accessModes: [ "ReadWriteOnce" ]
37 | resources:
38 | requests:
39 | storage: 10Gi
40 | template:
41 | metadata:
42 | labels:
43 | app: splunk
44 | role: splunk_indexer
45 | tier: indexer
46 | spec:
47 | dnsPolicy: ClusterFirst
48 | dnsConfig:
49 | searches:
50 | - indexer.splunk.svc.cluster.local
51 | - search.splunk.svc.cluster.local
52 | containers:
53 | - name: indexer
54 | image: splunk/splunk:latest
55 | env:
56 | - name: SPLUNK_HOME
57 | value: /opt/splunk
58 | - name: SPLUNK_DEFAULTS_URL
59 | value: http://splunk-defaults/default.yml
60 | - name: SPLUNK_START_ARGS
61 | value: "--accept-license"
62 | - name: SPLUNK_PASSWORD
63 | value: helloworld
64 | - name: SPLUNK_ROLE
65 | value: splunk_indexer
66 | - name: SPLUNK_CLUSTER_MASTER_URL
67 | value: master
68 | - name: SPLUNK_INDEXER_URL
69 | value: indexer-0,indexer-1,indexer-2
70 | - name: SPLUNK_SEARCH_HEAD_URL
71 | value: search-0,search-1
72 | - name: SPLUNK_DEPLOYER_URL
73 | value: deployer
74 | - name: SPLUNK_SEARCH_HEAD_CAPTAIN_URL
75 | value: captain
76 | - name: DEBUG
77 | value: "true"
78 | ports:
79 | - containerPort: 8000
80 | - containerPort: 8088
81 | - containerPort: 8089
82 | - containerPort: 9997
83 | - containerPort: 4001
84 | volumeMounts:
85 | - name: splunk-idxcluster-config
86 | mountPath: /opt/splunk/etc
87 | - name: splunk-idxcluster-data
88 | mountPath: /opt/splunk/var
89 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-indexer-statefulset-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: indexer
6 | labels:
7 | app: splunk
8 | role: splunk_indexer
9 | tier: indexer
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_indexer
14 | tier: indexer
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | - name: replication
23 | port: 4001
24 | targetPort: 4001
25 | - name: s2s
26 | port: 9997
27 | targetPort: 9997
28 | - name: hec
29 | port: 8088
30 | targetPort: 8088
31 | clusterIP: None
32 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-license-deploy-persistent.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: license-master
6 | labels:
7 | app: splunk
8 | role: splunk_license_master
9 | tier: management
10 | spec:
11 | replicas: 1
12 | selector:
13 | matchLabels:
14 | app: splunk
15 | role: splunk_license_master
16 | tier: management
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_license_master
22 | tier: management
23 | spec:
24 | hostname: license-master
25 | dnsPolicy: ClusterFirst
26 | dnsConfig:
27 | searches:
28 | - indexer.splunk.svc.cluster.local
29 | - search.splunk.svc.cluster.local
30 | containers:
31 | - name: license-master
32 | image: splunk/splunk:latest
33 | env:
34 | - name: SPLUNK_HOME
35 | value: /opt/splunk
36 | - name: SPLUNK_DEFAULTS_URL
37 | value: http://splunk-defaults/default.yml
38 | - name: SPLUNK_ROLE
39 | value: splunk_license_master
40 | - name: SPLUNK_LICENSE_URI
41 | value: http://splunk-defaults/mySplunkLicense.lic
42 | - name: SPLUNK_PASSWORD
43 | value: helloworld
44 | - name: SPLUNK_START_ARGS
45 | value: "--accept-license"
46 | - name: SPLUNK_CLUSTER_MASTER_URL
47 | value: master
48 | - name: SPLUNK_INDEXER_URL
49 | value: indexer-0,indexer-1,indexer-2
50 | - name: SPLUNK_SEARCH_HEAD_URL
51 | value: search-0,search-1
52 | - name: SPLUNK_DEPLOYER_URL
53 | value: deployer
54 | - name: SPLUNK_SEARCH_HEAD_CAPTAIN_URL
55 | value: captain
56 | - name: DEBUG
57 | value: "true"
58 | ports:
59 | - name: web
60 | containerPort: 8000
61 | - name: mgmt
62 | containerPort: 8089
63 | volumeMounts:
64 | - name: splunk-license-data
65 | mountPath: /opt/splunk/var
66 | - name: splunk-license-config
67 | mountPath: /opt/splunk/etc
68 | volumes:
69 | - name: splunk-license-config
70 | persistentVolumeClaim:
71 | claimName: splunk-license-config
72 | - name: splunk-license-data
73 | persistentVolumeClaim:
74 | claimName: splunk-license-data
75 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-license-pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: splunk-license-data
6 | labels:
7 | app: splunk
8 | role: splunk_license_master
9 | tier: management
10 | spec:
11 | accessModes:
12 | - ReadWriteOnce
13 | resources:
14 | requests:
15 | storage: 50Gi
16 | ---
17 | apiVersion: v1
18 | kind: PersistentVolumeClaim
19 | metadata:
20 | name: splunk-license-config
21 | labels:
22 | app: splunk
23 | role: splunk_license_master
24 | tier: management
25 | spec:
26 | accessModes:
27 | - ReadWriteOnce
28 | resources:
29 | requests:
30 | storage: 10Gi
31 |
32 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-license-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: license-master
6 | labels:
7 | app: splunk
8 | role: splunk_license_master
9 | tier: management
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_license_master
14 | tier: management
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | clusterIP: None
23 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-master-deploy-persistent.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: master
6 | labels:
7 | app: splunk
8 | role: splunk_cluster_master
9 | tier: management
10 | spec:
11 | replicas: 1
12 | selector:
13 | matchLabels:
14 | app: splunk
15 | role: splunk_cluster_master
16 | tier: management
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_cluster_master
22 | tier: management
23 | spec:
24 | hostname: master
25 | dnsPolicy: ClusterFirst
26 | dnsConfig:
27 | searches:
28 | - indexer.splunk.svc.cluster.local
29 | - search.splunk.svc.cluster.local
30 | containers:
31 | - name: master
32 | image: splunk/splunk:latest
33 | env:
34 | - name: SPLUNK_HOME
35 | value: /opt/splunk
36 | - name: SPLUNK_DEFAULTS_URL
37 | value: http://splunk-defaults/default.yml
38 | - name: SPLUNK_ROLE
39 | value: splunk_cluster_master
40 | - name: SPLUNK_PASSWORD
41 | value: helloworld
42 | - name: SPLUNK_START_ARGS
43 | value: "--accept-license"
44 | - name: SPLUNK_CLUSTER_MASTER_URL
45 | value: master
46 | - name: SPLUNK_INDEXER_URL
47 | value: indexer-0,indexer-1,indexer-2
48 | - name: SPLUNK_SEARCH_HEAD_URL
49 | value: search-0,search-1
50 | - name: SPLUNK_DEPLOYER_URL
51 | value: deployer
52 | - name: SPLUNK_SEARCH_HEAD_CAPTAIN_URL
53 | value: captain
54 | - name: DEBUG
55 | value: "true"
56 | ports:
57 | - name: web
58 | containerPort: 8000
59 | - name: mgmt
60 | containerPort: 8089
61 | volumeMounts:
62 | - name: splunk-master-data
63 | mountPath: /opt/splunk/var
64 | - name: splunk-master-config
65 | mountPath: /opt/splunk/etc
66 | volumes:
67 | - name: splunk-master-config
68 | persistentVolumeClaim:
69 | claimName: splunk-master-config
70 | - name: splunk-master-data
71 | persistentVolumeClaim:
72 | claimName: splunk-master-data
73 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-master-pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: splunk-master-data
6 | labels:
7 | app: splunk
8 | role: splunk_cluster_master
9 | tier: management
10 | spec:
11 | accessModes:
12 | - ReadWriteOnce
13 | resources:
14 | requests:
15 | storage: 50Gi
16 | ---
17 | apiVersion: v1
18 | kind: PersistentVolumeClaim
19 | metadata:
20 | name: splunk-master-config
21 | labels:
22 | app: splunk
23 | role: splunk_cluster_master
24 | tier: management
25 | spec:
26 | accessModes:
27 | - ReadWriteOnce
28 | resources:
29 | requests:
30 | storage: 10Gi
31 |
32 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-master-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: master
6 | labels:
7 | app: splunk
8 | role: splunk_cluster_master
9 | tier: management
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_cluster_master
14 | tier: management
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | clusterIP: None
23 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-search-captain-deploy-persistent.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: captain
6 | labels:
7 | app: splunk
8 | role: splunk_search_head_captain
9 | tier: search
10 | spec:
11 | replicas: 1
12 | selector:
13 | matchLabels:
14 | app: splunk
15 | role: splunk_search_head_captain
16 | tier: search
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_search_head_captain
22 | tier: search
23 | spec:
24 | hostname: captain
25 | dnsPolicy: ClusterFirst
26 | dnsConfig:
27 | searches:
28 | - indexer.splunk.svc.cluster.local
29 | - search.splunk.svc.cluster.local
30 | containers:
31 | - name: captain
32 | image: splunk/splunk:latest
33 | env:
34 | - name: SPLUNK_HOME
35 | value: /opt/splunk
36 | - name: SPLUNK_DEFAULTS_URL
37 | value: http://splunk-defaults/default.yml
38 | - name: SPLUNK_ROLE
39 | value: splunk_search_head_captain
40 | - name: SPLUNK_PASSWORD
41 | value: helloworld
42 | - name: SPLUNK_START_ARGS
43 | value: "--accept-license"
44 | - name: SPLUNK_CLUSTER_MASTER_URL
45 | value: master
46 | - name: SPLUNK_INDEXER_URL
47 | value: indexer-0,indexer-1,indexer-2
48 | - name: SPLUNK_SEARCH_HEAD_URL
49 | value: search-0,search-1
50 | - name: SPLUNK_DEPLOYER_URL
51 | value: deployer
52 | - name: SPLUNK_SEARCH_HEAD_CAPTAIN_URL
53 | value: captain
54 | - name: DEBUG
55 | value: "true"
56 | ports:
57 | - name: web
58 | containerPort: 8000
59 | - name: mgmt
60 | containerPort: 8089
61 | - name: shc
62 | containerPort: 4001
63 | - name: kv
64 | containerPort: 8191
65 | volumeMounts:
66 | - name: splunk-captain-data
67 | mountPath: /opt/splunk/var
68 | - name: splunk-captain-config
69 | mountPath: /opt/splunk/etc
70 | volumes:
71 | - name: splunk-captain-config
72 | persistentVolumeClaim:
73 | claimName: splunk-captain-config
74 | - name: splunk-captain-data
75 | persistentVolumeClaim:
76 | claimName: splunk-captain-data
77 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-search-captain-pvc.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: PersistentVolumeClaim
4 | metadata:
5 | name: splunk-captain-data
6 | labels:
7 | app: splunk
8 | role: splunk_search_head_captain
9 | tier: search
10 | spec:
11 | accessModes:
12 | - ReadWriteOnce
13 | resources:
14 | requests:
15 | storage: 50Gi
16 | ---
17 | apiVersion: v1
18 | kind: PersistentVolumeClaim
19 | metadata:
20 | name: splunk-captain-config
21 | labels:
22 | app: splunk
23 | role: splunk_search_head_captain
24 | tier: search
25 | spec:
26 | accessModes:
27 | - ReadWriteOnce
28 | resources:
29 | requests:
30 | storage: 10Gi
31 |
32 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-search-captain-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: captain
6 | labels:
7 | app: splunk
8 | role: splunk_search_head_captain
9 | tier: search
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_search_head_captain
14 | tier: search
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | - name: replication
23 | port: 4001
24 | targetPort: 4001
25 | - name: kv
26 | port: 8191
27 | targetPort: 8191
28 | clusterIP: None
29 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-search-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: search
6 | labels:
7 | app: splunk
8 | role: splunk_search_head
9 | tier: search
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_search_head
14 | tier: search
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | - name: replication
23 | port: 4001
24 | targetPort: 4001
25 | - name: kv
26 | port: 8191
27 | targetPort: 8191
28 | clusterIP: None
29 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep-pvc/splunk-search-statefulset-persistent.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: StatefulSet
3 | metadata:
4 | name: search
5 | labels:
6 | app: splunk
7 | role: splunk_search_head
8 | tier: search
9 | spec:
10 | selector:
11 | matchLabels:
12 | app: splunk
13 | role: splunk_search_head
14 | tier: search
15 | replicas: 2
16 | serviceName: search
17 | volumeClaimTemplates:
18 | - metadata:
19 | name: splunk-search-data
20 | spec:
21 | accessModes: [ "ReadWriteOnce" ]
22 | resources:
23 | requests:
24 | storage: 100Gi
25 | - metadata:
26 | name: splunk-search-config
27 | spec:
28 | accessModes: [ "ReadWriteOnce" ]
29 | resources:
30 | requests:
31 | storage: 10Gi
32 | template:
33 | metadata:
34 | labels:
35 | app: splunk
36 | role: splunk_search_head
37 | tier: search
38 | spec:
39 | dnsPolicy: ClusterFirst
40 | dnsConfig:
41 | searches:
42 | - indexer.splunk.svc.cluster.local
43 | - search.splunk.svc.cluster.local
44 | containers:
45 | - name: search
46 | image: splunk/splunk:latest
47 | env:
48 | - name: SPLUNK_HOME
49 | value: /opt/splunk
50 | - name: SPLUNK_DEFAULTS_URL
51 | value: http://splunk-defaults/default.yml
52 | - name: SPLUNK_PASSWORD
53 | value: helloworld
54 | - name: SPLUNK_START_ARGS
55 | value: "--accept-license"
56 | - name: SPLUNK_ROLE
57 | value: splunk_search_head
58 | - name: SPLUNK_CLUSTER_MASTER_URL
59 | value: master
60 | - name: SPLUNK_INDEXER_URL
61 | value: indexer-0,indexer-1,indexer-2
62 | - name: SPLUNK_SEARCH_HEAD_URL
63 | value: search-0,search-1
64 | - name: SPLUNK_DEPLOYER_URL
65 | value: deployer
66 | - name: SPLUNK_SEARCH_HEAD_CAPTAIN_URL
67 | value: captain
68 | - name: DEBUG
69 | value: "true"
70 | ports:
71 | - containerPort: 8088
72 | - containerPort: 8089
73 | - containerPort: 8191
74 | - containerPort: 4001
75 | volumeMounts:
76 | - name: splunk-search-config
77 | mountPath: /opt/splunk/etc
78 | - name: splunk-search-data
79 | mountPath: /opt/splunk/var
80 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep/splunk-deployer-deploy-emptydir.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: deployer
6 | labels:
7 | app: splunk
8 | role: splunk_deployer
9 | tier: management
10 | spec:
11 | replicas: 1
12 | selector:
13 | matchLabels:
14 | app: splunk
15 | role: splunk_deployer
16 | tier: management
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_deployer
22 | tier: management
23 | spec:
24 | hostname: deployer
25 | dnsPolicy: ClusterFirst
26 | dnsConfig:
27 | searches:
28 | - indexer.splunk.svc.cluster.local
29 | - search.splunk.svc.cluster.local
30 | containers:
31 | - name: deployer
32 | image: splunk/splunk:latest
33 | env:
34 | - name: SPLUNK_HOME
35 | value: /opt/splunk
36 | - name: SPLUNK_DEFAULTS_URL
37 | value: http://splunk-defaults/default.yml
38 | - name: SPLUNK_ROLE
39 | value: splunk_deployer
40 | - name: SPLUNK_SEARCH_HEAD_URL
41 | value: search-0,search-1
42 | - name: SPLUNK_DEPLOYER_URL
43 | value: deployer
44 | - name: SPLUNK_SEARCH_HEAD_CAPTAIN_URL
45 | value: captain
46 | - name: SPLUNK_PASSWORD
47 | value: helloworld
48 | - name: SPLUNK_START_ARGS
49 | value: "--accept-license"
50 | - name: SPLUNK_CLUSTER_MASTER_URL
51 | value: master
52 | - name: SPLUNK_INDEXER_URL
53 | value: indexer-0,indexer-1,indexer-2
54 | - name: DEBUG
55 | value: "true"
56 | ports:
57 | - name: web
58 | containerPort: 8000
59 | - name: mgmt
60 | containerPort: 8089
61 | - name: kv
62 | containerPort: 8191
63 | volumeMounts:
64 | - name: splunk-deployer-data
65 | mountPath: /opt/splunk/var
66 | - name: splunk-deployer-config
67 | mountPath: /opt/splunk/etc
68 | volumes:
69 | - name: splunk-deployer-config
70 | emptyDir: {}
71 | - name: splunk-deployer-data
72 | emptyDir: {}
73 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep/splunk-deployer-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: deployer
6 | labels:
7 | app: splunk
8 | role: splunk_deployer
9 | tier: management
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_deployer
14 | tier: management
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | - name: kv
23 | port: 8191
24 | targetPort: 8191
25 | clusterIP: None
26 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep/splunk-indexer-statefulset-emptydir.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: StatefulSet
3 | metadata:
4 | name: indexer
5 | labels:
6 | app: splunk
7 | role: splunk_indexer
8 | tier: indexer
9 | spec:
10 | selector:
11 | matchLabels:
12 | app: splunk
13 | role: splunk_indexer
14 | tier: indexer
15 | replicas: 3
16 | serviceName: indexer
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_indexer
22 | tier: indexer
23 | spec:
24 | dnsPolicy: ClusterFirst
25 | dnsConfig:
26 | searches:
27 | - indexer.splunk.svc.cluster.local
28 | - search.splunk.svc.cluster.local
29 | containers:
30 | - name: indexer
31 | image: splunk/splunk:latest
32 | env:
33 | - name: SPLUNK_HOME
34 | value: /opt/splunk/
35 | - name: SPLUNK_DEFAULTS_URL
36 | value: http://splunk-defaults/default.yml
37 | - name: SPLUNK_START_ARGS
38 | value: "--accept-license"
39 | - name: SPLUNK_PASSWORD
40 | value: helloworld
41 | - name: SPLUNK_ROLE
42 | value: splunk_indexer
43 | - name: SPLUNK_CLUSTER_MASTER_URL
44 | value: master
45 | - name: SPLUNK_INDEXER_URL
46 | value: indexer-0,indexer-1,indexer-2
47 | - name: SPLUNK_SEARCH_HEAD_URL
48 | value: search-0,search-1
49 | - name: SPLUNK_DEPLOYER_URL
50 | value: deployer
51 | - name: SPLUNK_SEARCH_HEAD_CAPTAIN_URL
52 | value: captain
53 | - name: DEBUG
54 | value: "true"
55 | ports:
56 | - containerPort: 8000
57 | - containerPort: 8088
58 | - containerPort: 8089
59 | - containerPort: 9997
60 | - containerPort: 4001
61 | volumeMounts:
62 | - name: splunk-idxcluster-config
63 | mountPath: /opt/splunk/etc
64 | - name: splunk-idxcluster-data
65 | mountPath: /opt/splunk/var
66 | volumes:
67 | - name: splunk-idxcluster-config
68 | emptyDir: {}
69 | - name: splunk-idxcluster-data
70 | emptyDir: {}
71 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep/splunk-indexer-statefulset-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: indexer
6 | labels:
7 | app: splunk
8 | role: splunk_indexer
9 | tier: indexer
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_indexer
14 | tier: indexer
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | - name: replication
23 | port: 4001
24 | targetPort: 4001
25 | - name: s2s
26 | port: 9997
27 | targetPort: 9997
28 | - name: hec
29 | port: 8088
30 | targetPort: 8088
31 | clusterIP: None
32 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep/splunk-license-deploy-emptydir.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: license-master
6 | labels:
7 | app: splunk
8 | role: splunk_license_master
9 | tier: management
10 | spec:
11 | replicas: 1
12 | selector:
13 | matchLabels:
14 | app: splunk
15 | role: splunk_license_master
16 | tier: management
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_license_master
22 | tier: management
23 | spec:
24 | hostname: license-master
25 | dnsPolicy: ClusterFirst
26 | dnsConfig:
27 | searches:
28 | - indexer.splunk.svc.cluster.local
29 | - search.splunk.svc.cluster.local
30 | containers:
31 | - name: license-master
32 | image: splunk/splunk:latest
33 | env:
34 | - name: SPLUNK_HOME
35 | value: /opt/splunk
36 | - name: SPLUNK_DEFAULTS_URL
37 | value: http://splunk-defaults/default.yml
38 | - name: SPLUNK_ROLE
39 | value: splunk_license_master
40 | - name: SPLUNK_LICENSE_URI
41 | value: http://splunk-defaults/mySplunkLicense.lic
42 | - name: SPLUNK_PASSWORD
43 | value: helloworld
44 | - name: SPLUNK_START_ARGS
45 | value: "--accept-license"
46 | - name: SPLUNK_CLUSTER_MASTER_URL
47 | value: master
48 | - name: SPLUNK_INDEXER_URL
49 | value: indexer-0,indexer-1,indexer-2
50 | - name: SPLUNK_SEARCH_HEAD_URL
51 | value: search-0,search-1
52 | - name: SPLUNK_DEPLOYER_URL
53 | value: deployer
54 | - name: SPLUNK_SEARCH_HEAD_CAPTAIN_URL
55 | value: captain
56 | - name: DEBUG
57 | value: "true"
58 | ports:
59 | - name: web
60 | containerPort: 8000
61 | - name: mgmt
62 | containerPort: 8089
63 | volumeMounts:
64 | - name: splunk-license-data
65 | mountPath: /opt/splunk/var
66 | - name: splunk-license-config
67 | mountPath: /opt/splunk/etc
68 | volumes:
69 | - name: splunk-license-config
70 | emptyDir: {}
71 | - name: splunk-license-data
72 | emptyDir: {}
73 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep/splunk-license-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: license-master
6 | labels:
7 | app: splunk
8 | role: splunk_license_master
9 | tier: management
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_license_master
14 | tier: management
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | clusterIP: None
23 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep/splunk-master-deploy-emptydir.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: master
6 | labels:
7 | app: splunk
8 | role: splunk_cluster_master
9 | tier: management
10 | spec:
11 | replicas: 1
12 | selector:
13 | matchLabels:
14 | app: splunk
15 | role: splunk_cluster_master
16 | tier: management
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_cluster_master
22 | tier: management
23 | spec:
24 | hostname: master
25 | #serviceAccountName: splunk
26 | dnsPolicy: ClusterFirst
27 | dnsConfig:
28 | searches:
29 | - indexer.splunk.svc.cluster.local
30 | - search.splunk.svc.cluster.local
31 | containers:
32 | - name: master
33 | image: splunk/splunk:latest
34 | env:
35 | - name: SPLUNK_HOME
36 | value: /opt/splunk
37 | - name: SPLUNK_DEFAULTS_URL
38 | value: http://splunk-defaults/default.yml
39 | - name: SPLUNK_ROLE
40 | value: splunk_cluster_master
41 | - name: SPLUNK_PASSWORD
42 | value: helloworld
43 | - name: SPLUNK_START_ARGS
44 | value: "--accept-license"
45 | - name: SPLUNK_CLUSTER_MASTER_URL
46 | value: master
47 | - name: SPLUNK_INDEXER_URL
48 | value: indexer-0,indexer-1,indexer-2
49 | - name: SPLUNK_SEARCH_HEAD_URL
50 | value: search-0,search-1
51 | - name: SPLUNK_DEPLOYER_URL
52 | value: deployer
53 | - name: SPLUNK_SEARCH_HEAD_CAPTAIN_URL
54 | value: captain
55 | - name: DEBUG
56 | value: "true"
57 | ports:
58 | - name: web
59 | containerPort: 8000
60 | - name: mgmt
61 | containerPort: 8089
62 | volumeMounts:
63 | - name: splunk-master-data
64 | mountPath: /opt/splunk/var
65 | - name: splunk-master-config
66 | mountPath: /opt/splunk/etc
67 | volumes:
68 | - name: splunk-master-config
69 | emptyDir: {}
70 | - name: splunk-master-data
71 | emptyDir: {}
72 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep/splunk-master-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: master
6 | labels:
7 | app: splunk
8 | role: splunk_cluster_master
9 | tier: management
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_cluster_master
14 | tier: management
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | clusterIP: None
23 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep/splunk-search-captain-deploy-emptydir.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: captain
6 | labels:
7 | app: splunk
8 | role: splunk_search_head_captain
9 | tier: search
10 | spec:
11 | replicas: 1
12 | selector:
13 | matchLabels:
14 | app: splunk
15 | role: splunk_search_head_captain
16 | tier: search
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_search_head_captain
22 | tier: search
23 | spec:
24 | hostname: captain
25 | dnsPolicy: ClusterFirst
26 | dnsConfig:
27 | searches:
28 | - indexer.splunk.svc.cluster.local
29 | - search.splunk.svc.cluster.local
30 | containers:
31 | - name: captain
32 | image: splunk/splunk:latest
33 | env:
34 | - name: SPLUNK_HOME
35 | value: /opt/splunk
36 | - name: SPLUNK_DEFAULTS_URL
37 | value: http://splunk-defaults/default.yml
38 | - name: SPLUNK_ROLE
39 | value: splunk_search_head_captain
40 | - name: SPLUNK_PASSWORD
41 | value: helloworld
42 | - name: SPLUNK_START_ARGS
43 | value: "--accept-license"
44 | - name: SPLUNK_CLUSTER_MASTER_URL
45 | value: master
46 | - name: SPLUNK_INDEXER_URL
47 | value: indexer-0,indexer-1,indexer-2
48 | - name: SPLUNK_SEARCH_HEAD_URL
49 | value: search-0,search-1
50 | - name: SPLUNK_DEPLOYER_URL
51 | value: deployer
52 | - name: SPLUNK_SEARCH_HEAD_CAPTAIN_URL
53 | value: captain
54 | - name: DEBUG
55 | value: "true"
56 | ports:
57 | - name: web
58 | containerPort: 8000
59 | - name: mgmt
60 | containerPort: 8089
61 | - name: shc
62 | containerPort: 4001
63 | - name: kv
64 | containerPort: 8191
65 | volumeMounts:
66 | - name: splunk-captain-data
67 | mountPath: /opt/splunk/var
68 | - name: splunk-captain-config
69 | mountPath: /opt/splunk/etc
70 | volumes:
71 | - name: splunk-captain-config
72 | emptyDir: {}
73 | - name: splunk-captain-data
74 | emptyDir: {}
75 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep/splunk-search-captain-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: captain
6 | labels:
7 | app: splunk
8 | role: splunk_search_head_captain
9 | tier: search
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_search_head_captain
14 | tier: search
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | - name: replication
23 | port: 4001
24 | targetPort: 4001
25 | - name: kv
26 | port: 8191
27 | targetPort: 8191
28 | clusterIP: None
29 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep/splunk-search-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: search
6 | labels:
7 | app: splunk
8 | role: splunk_search_head
9 | tier: search
10 | spec:
11 | selector:
12 | app: splunk
13 | role: splunk_search_head
14 | tier: search
15 | ports:
16 | - name: splunkweb
17 | port: 8000
18 | targetPort: 8000
19 | - name: splunkd
20 | port: 8089
21 | targetPort: 8089
22 | - name: replication
23 | port: 4001
24 | targetPort: 4001
25 | - name: kv
26 | port: 8191
27 | targetPort: 8191
28 | clusterIP: None
29 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/3idxc3shc1cm1lm1dep/splunk-search-statefulset-emptydir.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: StatefulSet
3 | metadata:
4 | name: search
5 | labels:
6 | app: splunk
7 | role: splunk_search_head
8 | tier: search
9 | spec:
10 | selector:
11 | matchLabels:
12 | app: splunk
13 | role: splunk_search_head
14 | tier: search
15 | replicas: 2
16 | serviceName: search
17 | template:
18 | metadata:
19 | labels:
20 | app: splunk
21 | role: splunk_search_head
22 | tier: search
23 | spec:
24 | dnsPolicy: ClusterFirst
25 | dnsConfig:
26 | searches:
27 | - indexer.splunk.svc.cluster.local
28 | - search.splunk.svc.cluster.local
29 | containers:
30 | - name: search
31 | image: splunk/splunk:latest
32 | env:
33 | - name: SPLUNK_HOME
34 | value: /opt/splunk
35 | - name: SPLUNK_DEFAULTS_URL
36 | value: http://splunk-defaults/default.yml
37 | - name: SPLUNK_PASSWORD
38 | value: helloworld
39 | - name: SPLUNK_START_ARGS
40 | value: "--accept-license"
41 | - name: SPLUNK_ROLE
42 | value: splunk_search_head
43 | - name: SPLUNK_CLUSTER_MASTER_URL
44 | value: master
45 | - name: SPLUNK_INDEXER_URL
46 | value: indexer-0,indexer-1,indexer-2
47 | - name: SPLUNK_SEARCH_HEAD_URL
48 | value: search-0,search-1
49 | - name: SPLUNK_DEPLOYER_URL
50 | value: deployer
51 | - name: SPLUNK_SEARCH_HEAD_CAPTAIN_URL
52 | value: captain
53 | - name: DEBUG
54 | value: "true"
55 | ports:
56 | - containerPort: 8088
57 | - containerPort: 8089
58 | - containerPort: 8191
59 | - containerPort: 4001
60 | volumeMounts:
61 | - name: splunk-search-config
62 | mountPath: /opt/splunk/etc
63 | - name: splunk-search-data
64 | mountPath: /opt/splunk/var
65 | volumes:
66 | - name: splunk-search-config
67 | emptyDir: {}
68 | - name: splunk-search-data
69 | emptyDir: {}
70 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/nginx/manifests/nginx-splunk-defaults-service.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Service
4 | metadata:
5 | name: splunk-defaults
6 | labels:
7 | app: splunk
8 | role: splunk-defaults
9 | tier: management
10 | spec:
11 | selector:
12 | name: splunk-defaults
13 | ports:
14 | - name: nginx-web
15 | port: 80
16 | targetPort: 80
17 | clusterIP: None
18 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/nginx/manifests/nginx-splunk-defaults.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: splunk-defaults
5 | labels:
6 | app: splunk
7 | role: splunk-defaults
8 | tier: management
9 | spec:
10 | selector:
11 | matchLabels:
12 | name: splunk-defaults
13 | replicas: 1
14 | template:
15 | metadata:
16 | labels:
17 | app: splunk
18 | role: splunk-defaults
19 | tier: management
20 | name: splunk-defaults
21 | spec:
22 | containers:
23 | - name: splunk-defaults
24 | image: nginx
25 | ports:
26 | - containerPort: 80
27 | volumeMounts:
28 | - name: nginx-config
29 | mountPath: /etc/nginx/conf.d
30 | - name: nginx-data-www
31 | mountPath: /data/www
32 | volumes:
33 | - name: nginx-config
34 | configMap:
35 | name: nginx-config
36 | - name: nginx-data-www
37 | configMap:
38 | name: nginx-data-www
39 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/nginx/nginx-data-www/default.yml:
--------------------------------------------------------------------------------
1 | #INSERT YOUR DEFAULT.YML HERE!
2 |
3 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/nginx/nginx-data-www/mySplunkLicense.lic:
--------------------------------------------------------------------------------
1 | #INSERT YOUR SPLUNK LICENSE XML HERE!
2 |
3 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/nginx/nginx-static.conf:
--------------------------------------------------------------------------------
1 | server {
2 |
3 | listen 80;
4 |
5 | location / {
6 | root /data/www;
7 | autoindex on;
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/test_scenarios/kubernetes/splunk_ns.yaml:
--------------------------------------------------------------------------------
1 | {
2 | "kind": "Namespace",
3 | "apiVersion": "v1",
4 | "metadata": {
5 | "name": "splunk",
6 | "labels": {
7 | "name": "splunk"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/tests/conftest.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # encoding: utf-8
3 |
4 | import pytest
5 |
6 |
7 | def pytest_addoption(parser):
8 | parser.addoption("--platform", default="debian-9", action="store", help="Define which platform of images to run tests again (default: debian-9)")
9 |
--------------------------------------------------------------------------------
/tests/fixtures/pwfile:
--------------------------------------------------------------------------------
1 | changeme123
2 |
--------------------------------------------------------------------------------
/tests/fixtures/splunk_app_example/default/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | is_configured = 0
3 | build = 0
4 |
5 | [ui]
6 | is_visible = 1
7 | label = Example App
8 |
9 | [launcher]
10 | author = Splunk
11 | description = Example app
12 | version = 0.0.1
13 |
--------------------------------------------------------------------------------
/tests/fixtures/splunk_app_example/local/savedsearches.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/splunk/docker-splunk/83df4dfa1ad4b18f15b3cdb253ee3f05b93da5ba/tests/fixtures/splunk_app_example/local/savedsearches.conf
--------------------------------------------------------------------------------
/tests/fixtures/splunk_app_example/metadata/default.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ * ]
3 |
--------------------------------------------------------------------------------
/tests/fixtures/sudo_touch_dummy_file.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create a dummy file
3 | copy:
4 | content: 'batman'
5 | dest: /tmp/i-am
6 | owner: root
7 | group: root
8 | mode: 0666
9 | become: yes
10 | become_user: root
11 |
--------------------------------------------------------------------------------
/tests/fixtures/touch_dummy_file.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create a dummy file
3 | copy:
4 | content: 'batman'
5 | dest: /tmp/i-am
6 |
--------------------------------------------------------------------------------
/tests/pytest.ini:
--------------------------------------------------------------------------------
1 | [pytest]
2 | filterwarnings =
3 | ignore::urllib3.exceptions.InsecureRequestWarning
4 | markers =
5 | large
6 |
--------------------------------------------------------------------------------
/tests/requirements.txt:
--------------------------------------------------------------------------------
1 | pytest==4.4.0
2 | pyrsistent==0.16.1
3 | requests
4 | docker
5 | PyYAML
6 | docker-compose
7 | pyasn1
8 | junit-xml
9 | pytest-xdist
10 | pytest-rerunfailures==8.0
11 |
--------------------------------------------------------------------------------
/uf/common-files/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2018-2021 Splunk
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ARG SPLUNK_BASE_IMAGE=base-debian-10
16 |
17 | #
18 | # Download and unpack Splunk Universal Forwarder
19 | #
20 | FROM ${SPLUNK_BASE_IMAGE}:latest as package
21 | ARG SPLUNK_BUILD_URL
22 | ENV SPLUNK_HOME=/opt/splunkforwarder
23 | RUN echo "Downloading Splunk and validating the checksum at: ${SPLUNK_BUILD_URL}" \
24 | && wget -qO /tmp/`basename ${SPLUNK_BUILD_URL}` ${SPLUNK_BUILD_URL} \
25 | && wget -qO /tmp/splunk.tgz.sha512 ${SPLUNK_BUILD_URL}.sha512 \
26 | && cd /tmp \
27 | && echo "$(cat /tmp/splunk.tgz.sha512)" | sha512sum --check --status \
28 | && rm /tmp/splunk.tgz.sha512 \
29 | && tar -C /opt -zxf /tmp/`basename ${SPLUNK_BUILD_URL}` \
30 | && mv ${SPLUNK_HOME}/etc ${SPLUNK_HOME}-etc \
31 | && mkdir -p ${SPLUNK_HOME}/etc ${SPLUNK_HOME}/var
32 | COPY uf/common-files/apps ${SPLUNK_HOME}-etc/apps/
33 |
34 |
35 | #
36 | # Bare Splunk Universal Forwarder Image without Ansible (BYO entrypoint)
37 | #
38 | FROM ${SPLUNK_BASE_IMAGE}:latest as bare
39 | LABEL maintainer="support@splunk.com"
40 |
41 | # Currently kubernetes only accepts UID and not USER field to
42 | # start a container as a particular user. So we create Splunk
43 | # user with pre-determined UID.
44 | ARG UID=41812
45 | ARG GID=41812
46 |
47 | ENV SPLUNK_HOME=/opt/splunkforwarder \
48 | SPLUNK_GROUP=splunk \
49 | SPLUNK_USER=splunk
50 |
51 | # Simple script used to populate/upgrade splunk/etc directory
52 | COPY [ "uf/common-files/updateetc.sh", "/sbin/"]
53 |
54 | # Setup users and groups
55 | RUN groupadd -r -g ${GID} ${SPLUNK_GROUP} \
56 | && useradd -r -m -u ${UID} -g ${GID} -s /bin/bash ${SPLUNK_USER} \
57 | && chmod 755 /sbin/updateetc.sh
58 |
59 | # Copy files from package
60 | COPY --from=package --chown=splunk:splunk /opt /opt
61 |
62 | USER ${SPLUNK_USER}
63 | WORKDIR ${SPLUNK_HOME}
64 | EXPOSE 8089 8088 9997
65 | VOLUME [ "/opt/splunkforwarder/etc", "/opt/splunkforwarder/var" ]
66 |
67 |
68 |
69 | #
70 | # Full Splunk Universal Forwarder Image with Ansible
71 | #
72 | FROM bare
73 |
74 | ARG SPLUNK_DEFAULTS_URL
75 |
76 | ENV SPLUNK_ROLE=splunk_universal_forwarder \
77 | SPLUNK_DEFAULTS_URL=${SPLUNK_DEFAULTS_URL} \
78 | SPLUNK_ANSIBLE_HOME=/opt/ansible \
79 | SPLUNK_OPT=/opt \
80 | ANSIBLE_USER=ansible \
81 | ANSIBLE_GROUP=ansible \
82 | CONTAINER_ARTIFACT_DIR=/opt/container_artifact
83 |
84 | # Copy ansible playbooks
85 | COPY splunk-ansible ${SPLUNK_ANSIBLE_HOME}
86 |
87 | # Copy scripts
88 | COPY [ "uf/common-files/entrypoint.sh", "uf/common-files/checkstate.sh", "uf/common-files/createdefaults.py", "/sbin/"]
89 |
90 | USER root
91 |
92 | # Setup users and groups
93 | RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL\nansible ALL=(splunk)NOPASSWD:ALL/g' /etc/sudoers \
94 | && microdnf install -y systemd \
95 | && echo 'Create the ansible user/group' \
96 | && groupadd -r ${ANSIBLE_GROUP} \
97 | && useradd -r -m -g ${ANSIBLE_GROUP} -s /bin/bash ${ANSIBLE_USER} \
98 | && usermod -aG sudo ${ANSIBLE_USER} \
99 | && usermod -aG ${ANSIBLE_GROUP} ${SPLUNK_USER} \
100 | && echo 'Container Artifact Directory is a place for all artifacts and logs that are generated by the provisioning process. The directory is owned by the user "ansible".' \
101 | && mkdir ${CONTAINER_ARTIFACT_DIR} \
102 | && chown -R ${ANSIBLE_USER}:${ANSIBLE_GROUP} ${CONTAINER_ARTIFACT_DIR} \
103 | && chmod -R 775 ${CONTAINER_ARTIFACT_DIR} \
104 | && chmod -R 555 ${SPLUNK_ANSIBLE_HOME} \
105 | && chgrp ${ANSIBLE_GROUP} ${SPLUNK_ANSIBLE_HOME} ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \
106 | && chmod 775 ${SPLUNK_ANSIBLE_HOME} \
107 | && chmod 664 ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \
108 | && sed -i '/^\[defaults\]/a\interpreter_python = /usr/bin/python3' ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \
109 | && chmod 755 /sbin/entrypoint.sh /sbin/createdefaults.py /sbin/checkstate.sh
110 |
111 | USER ${ANSIBLE_USER}
112 | HEALTHCHECK --interval=30s --timeout=30s --start-period=3m --retries=5 CMD /sbin/checkstate.sh || exit 1
113 | ENTRYPOINT [ "/sbin/entrypoint.sh" ]
114 | CMD [ "start-service" ]
115 |
--------------------------------------------------------------------------------
/uf/common-files/apps/splunk_forwarder_on_docker/default/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | is_configured = 1
3 |
4 | [ui]
5 | is_visible = 0
6 | label = Splunk Forwarder On Docker
7 |
8 | [launcher]
9 | author = Splunk
10 | description = When telemetry is enabled, this app is used to help Splunk understand how many customers are running our products within Docker containers.
11 | version = 1.0.0
12 |
13 |
--------------------------------------------------------------------------------
/uf/common-files/checkstate.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright 2018 Splunk
4 |
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 |
18 | #This script is used to retrieve and report the state of the container
19 | #Although not actively in the container, it can be used to check the health
20 | #of the splunk instance
21 | #NOTE: If you plan on running the splunk container while keeping Splunk
22 | # inactive for long periods of time, this script may give misleading
23 | # health results
24 | if [ -n "$NO_HEALTHCHECK" ]
25 | then
26 | #If NO_HEALTHCHECK is NOT defined, then we want the healthcheck
27 | state="$(< $CONTAINER_ARTIFACT_DIR/splunk-container.state)"
28 |
29 | case "$state" in
30 | running|started)
31 | curl -m 30 -f -k https://localhost:8089/
32 | exit $?
33 | ;;
34 | *)
35 | exit 1
36 | esac
37 | else
38 | #If NO_HEALTHCHECK is defined, ignore the healthcheck
39 | exit 0
40 | fi
41 |
--------------------------------------------------------------------------------
/uf/common-files/createdefaults.py:
--------------------------------------------------------------------------------
1 | #! /usr/bin/python
2 | # Copyright 2018-2020 Splunk
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | import os
16 | import six
17 | import sys
18 | import uuid
19 | import random
20 | import base64
21 |
22 | splunk_ansible_home = os.environ.get('SPLUNK_ANSIBLE_HOME')
23 | splunk_ansible_inventory = os.path.join(splunk_ansible_home, "inventory")
24 | sys.path.append(os.path.abspath(splunk_ansible_inventory))
25 |
26 | splunk_hec_token = os.environ.get("SPLUNK_HEC_TOKEN", None)
27 | splunk_password = os.environ.get("SPLUNK_PASSWORD", None)
28 | splunk_idxc_secret = os.environ.get("SPLUNK_IDXC_SECRET", None)
29 | splunk_idxc_pass4SymmKey = os.environ.get("SPLUNK_IDXC_PASS4SYMMKEY", None)
30 | splunk_shc_secret = os.environ.get("SPLUNK_SHC_SECRET", None)
31 | splunk_shc_pass4SymmKey = os.environ.get("SPLUNK_SHC_PASS4SYMMKEY", None)
32 |
33 | def random_generator(size=24):
34 | # Use System Random for
35 | rng = random.SystemRandom()
36 | b = [chr(rng.randrange(256)) for i in range(size)]
37 | s = ''.join(b)
38 | if six.PY2:
39 | s = base64.b64encode(s)
40 | else:
41 | s = base64.b64encode(s.encode()).decode()
42 | return s
43 |
44 |
45 | # if there are no environment vars set, lets make some safe defaults
46 | if not splunk_hec_token:
47 | tempuuid=uuid.uuid4()
48 | os.environ["SPLUNK_HEC_TOKEN"] = str(tempuuid)
49 | if not splunk_password:
50 | os.environ["SPLUNK_PASSWORD"] = random_generator()
51 | if splunk_idxc_pass4SymmKey:
52 | os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = splunk_idxc_pass4SymmKey
53 | elif splunk_idxc_secret:
54 | os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = splunk_idxc_secret
55 | else:
56 | os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = random_generator()
57 | if splunk_shc_secret:
58 | os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = splunk_shc_pass4SymmKey
59 | elif splunk_shc_pass4SymmKey:
60 | os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = splunk_shc_secret
61 | else:
62 | os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = random_generator()
63 | sys.argv.append("--write-to-stdout")
64 | import environ
65 | environ.main()
66 |
67 |
--------------------------------------------------------------------------------
/uf/common-files/updateetc.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright 2018-2020 Splunk
4 |
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 |
18 | SPLUNK_ETC_BAK="${SPLUNK_ETC_BAK:-/opt/splunkforwarder-etc}"
19 |
20 | if [[ -f "${SPLUNK_ETC_BAK}/splunk.version" ]]; then
21 | IMAGE_VERSION_SHA=`cat ${SPLUNK_ETC_BAK}/splunk.version | sha512sum`
22 |
23 | if [[ -f "${SPLUNK_HOME}/etc/splunk.version" ]]; then
24 | ETC_VERSION_SHA=`cat ${SPLUNK_HOME}/etc/splunk.version | sha512sum`
25 | fi
26 |
27 | if [[ "x${IMAGE_VERSION_SHA}" != "x${ETC_VERSION_SHA}" ]]; then
28 | echo Updating ${SPLUNK_HOME}/etc
29 | (cd ${SPLUNK_ETC_BAK}; tar cf - *) | (cd ${SPLUNK_HOME}/etc; tar xf -)
30 | fi
31 | fi
32 |
--------------------------------------------------------------------------------