Hey, Pete! You keep rambling about the SMF. Can we see your manifest?
Why sure!
This manifest runs splunk on solaris systems, as the user 'splunk', and grants it the net_privaddr (allowing it to bind to ports < 1024) and file_dac_read (allowing it to read any file on the system) privileges.
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<service_bundle type='manifest' name='export'>
  <service name='site/splunk' type='service' version='0'>
    <create_default_instance enabled='false'/>
    <single_instance/>
    <dependency name='fs-local' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/system/filesystem/local'/>
    </dependency>
    <dependency name='splunk_multi-user' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/milestone/multi-user'/>
    </dependency>
    <dependency name='splunk_network' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/milestone/network'/>
    </dependency>
    <dependency name='splunk-binary' grouping='require_all' restart_on='refresh' type='path'>
      <service_fmri value='file://localhost/opt/splunk/bin/splunk'/>
    </dependency>
    <dependency name='splunk-license' grouping='require_all' restart_on='refresh' type='path'>
      <service_fmri value='file://localhost/opt/splunk/etc/splunk.license'/>
    </dependency>
    <dependent name='splunk_multi-user-server' restart_on='none' grouping='optional_all'>
      <service_fmri value='svc:/milestone/multi-user-server'/>
    </dependent>
    <method_context project=':default' resource_pool=':default' working_directory=':default'>
      <method_credential group='splunk' limit_privileges=':default' privileges='basic,file_dac_read,net_privaddr' supp_groups=':default' user='splunk'/>
      <method_environment>
        <envvar name='HOME' value='/opt/splunk'/>
      </method_environment>
    </method_context>
    <exec_method name='start' type='method' exec='/opt/splunk/bin/splunk %m --accept-license' timeout_seconds='300'>
      <method_context/>
    </exec_method>
    <exec_method name='stop' type='method' exec='/opt/splunk/bin/splunk %m' timeout_seconds='300'>
      <method_context/>
    </exec_method>
    <exec_method name='refresh' type='method' exec='/opt/splunk/bin/splunk restart' timeout_seconds='600'>
      <method_context/>
    </exec_method>
    <stability value='Unstable'/>
    <template>
      <common_name>
        <loctext xml:lang='C'>splunk log server</loctext>
      </common_name>
    </template>
  </service>
</service_bundle>
if you change your shell to BASH, you will be able to use tab to auto-complete
I found this page useful and want to share the results of my own maiden try of solaris 10 /intel x64 box. did all this as root.
Splunk's guide for solaris install is rather vague. It won't even cover on how to use the file in the 1st place.
here's the real steps.
In your solaris box. Download splunk (assuming firefox is used and puts it in to a folder called /Download) then open terminal.
cd /Downloads
Uncompress it
uncompress splunk.(whatever version+build u use).intel.pkg.Z
Install it
pkgadd -d (name of the extracted file.pkg)
When you screw up, this is helpful. uninstall command.
pkgrm splunk
For SMF to work, I had to:
1) make sure that splunk is not enabled at boot start. 2) splunk license accepted. 3) i did not have to create another user account and elevate splunk's rights
Useful commands to know for use in terminal of solaris.
svcs splunk
svcadm enable splunk
svcadm disable splunk
A similar reference that i had used to create the SMF service.
http://pluto.potsdam.edu/ezproxywiki/index.php/Solaris_SMF_Manifest_for_EZproxy
I can't remember the times i had to refer to this doc.
One more tip. in solaris, download the pkg.Z file and rename it to something shorter (keeping pkg.z, of course). Wished i had done it earlier because would have saved me a lot of time typing in the filename. You can't use the tab key to auto-complete in solaris, unlike ubuntu. (maybe some one can shed a light on this?)
This is awesome stuff! Thanks for taking the time to post this. When referencing the link you provided to ezproxy, as it compares to splunk, if the machine splunk is on (as a forwarder), for /lib/svc/method, should I simply create an empty file called splunkforwarder and link this to the binary for splunk in /opt/splunkforwarder/bin?
As djalton mentions as a separate answer, using bash will allow tab-completion.
Solaris's default shell is still Bourne, which doesn't have that functionality.
Why sure!
This manifest runs splunk on solaris systems, as the user 'splunk', and grants it the net_privaddr (allowing it to bind to ports < 1024) and file_dac_read (allowing it to read any file on the system) privileges.
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<service_bundle type='manifest' name='export'>
  <service name='site/splunk' type='service' version='0'>
    <create_default_instance enabled='false'/>
    <single_instance/>
    <dependency name='fs-local' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/system/filesystem/local'/>
    </dependency>
    <dependency name='splunk_multi-user' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/milestone/multi-user'/>
    </dependency>
    <dependency name='splunk_network' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/milestone/network'/>
    </dependency>
    <dependency name='splunk-binary' grouping='require_all' restart_on='refresh' type='path'>
      <service_fmri value='file://localhost/opt/splunk/bin/splunk'/>
    </dependency>
    <dependency name='splunk-license' grouping='require_all' restart_on='refresh' type='path'>
      <service_fmri value='file://localhost/opt/splunk/etc/splunk.license'/>
    </dependency>
    <dependent name='splunk_multi-user-server' restart_on='none' grouping='optional_all'>
      <service_fmri value='svc:/milestone/multi-user-server'/>
    </dependent>
    <method_context project=':default' resource_pool=':default' working_directory=':default'>
      <method_credential group='splunk' limit_privileges=':default' privileges='basic,file_dac_read,net_privaddr' supp_groups=':default' user='splunk'/>
      <method_environment>
        <envvar name='HOME' value='/opt/splunk'/>
      </method_environment>
    </method_context>
    <exec_method name='start' type='method' exec='/opt/splunk/bin/splunk %m --accept-license' timeout_seconds='300'>
      <method_context/>
    </exec_method>
    <exec_method name='stop' type='method' exec='/opt/splunk/bin/splunk %m' timeout_seconds='300'>
      <method_context/>
    </exec_method>
    <exec_method name='refresh' type='method' exec='/opt/splunk/bin/splunk restart' timeout_seconds='600'>
      <method_context/>
    </exec_method>
    <stability value='Unstable'/>
    <template>
      <common_name>
        <loctext xml:lang='C'>splunk log server</loctext>
      </common_name>
    </template>
  </service>
</service_bundle>
For bonus points PDE, any creative solutions to still using restartSplunkd=true in my Deployment Server's serverclass.conf and not ending up with all my forwarders in SMF maintenance mode every time I want to push a change?
 
		
		
		
		
		
	
			
		
		
			
					
		This post used to have an unnecessary DEBUG flag that I just removed.
