Deployment Architecture

Can other users verify if this is the proper procedure to update TAs in a distributed environment?

Path Finder

I would appreciate if the following procedure could be verified.

I am planning to do the following when updating TAs:

  1. Make a backup copy of the TA folder (Splunk_TA_cisco-asa for example) located in /opt/splunk/etc/deployment-apps/ or /opt/splunk/etc/master-apps
  2. Copy the folder containing the updated version of the TA into /opt/splunk/etc/deployment-apps/ or /opt/splunk/etc/master-apps, overwriting the contents of the current version.
  3. Issue either the ./splunk reload deploy-server or ./splunk apply cluster-bundle depending on whether it is a deployment-app or master-app.

If/when changes are made to the "local" folder of an app, it is currently being made on the distribution server, not the client. That said, is there a need for me to "excludeFromUpdate = $app_root$/local"?

Thank you.

0 Karma
1 Solution

Splunk Employee
Splunk Employee

Deployment servers do NOT exclude the local app. It is sent along with everything else under the app directory.

Changes should never be made to default (baseline configurations), but to local.

When a deployer deploys to a cluster, default and local are merged to default.

View solution in original post

0 Karma

Splunk Employee
Splunk Employee

Deployment servers do NOT exclude the local app. It is sent along with everything else under the app directory.

Changes should never be made to default (baseline configurations), but to local.

When a deployer deploys to a cluster, default and local are merged to default.

View solution in original post

0 Karma