Deployment Architecture

Can someone explain Apps deployed via deployment server (indexer cluster) vs Apps deployed via deployer (shcluster)?

gkas99
Explorer

For those of you who have both indexer cluster and search head cluster, I assume you have both "deployment server" which is deploy server for indexer and "deployer" which is deploy server for search head cluster.

What types of apps do you deploy via each of these two? What is the best practice?

Labels (2)
0 Karma

gkas99
Explorer

Thanks for your reply, so I read into this a bit more.

Am I correct to say following?

- Any apps/configurations for indexers are deployed via indexer cluster master

- Any apps/configurations for search head cluster members are deployed via deployer

- Any apps/configurations for forwarders are deployed via deployment server

 

gcusello
SplunkTrust
SplunkTrust

Hi @gkas99,

yes, its correct.

If you like, you can deploy apps to Master Node from the Deployment Server directly updating the "master-apps" folder on the Master Node.

Anyway I don't like this: I prefer to manually manage apps on Master Node

Ciao.

Giuseppe

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @gkas99,

at first App to an Indexer Cluster are deployed by Master Node and not by Deployment Server.

You can deploy Apps to the Master Node by Deployment Server, but anyway, deployment to Indexers is only by Master Node.

Anyway, my hint is to manually deploy Apps to the Deployer (SHC) because because after the first deploy , apps are maintained by Captain and not by the Deployer.

About Indexers Custer, as I said, you can use Deployment Server to deploy apps to the Master Node, but it's a so delicate operation that I'd prefer to maintain it manually.

Ciao.

Giuseppe

miketAtNYS
Engager

Hi, gcusello.

Would you please expand on your comment "...it's a so delicate operation".  We have just upgraded our standalone to an indexer cluster+master+search head and we are struggling with developing good/best practices for properly deploying apps, indexes and inputs.  Frankly I don't think we understand how apps from the master and the _cluster configurations work together.  Any guidance would be greatly appreciated.

Thanks.

Mike T.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @miketAtNYS ,

as you know, clustered Indexers and Search Heads cannot be managed by the Deployment Server, but by Master Node and Deployer.

But it's also possible to configure Deployment Server to deploy apps to Master Node and Deployer not in the $SPLUNK_HOME/etc/apps folder as usual, but in the folders for deployment to the clusters ("master-apps" for the Indexers Cluster and "shcluster" for the Search Heads Cluster).

This is the delicate configuration I mentioned.

In few words (as you can read at https://docs.splunk.com/Documentation/Splunk/9.0.2/Admin/Serverclassconf), you have to create a dedicated serverclass for Master Node and one for Deployer, indicating for each one the location for deploying apps on the client

targetRepositoryLocation = <path>
* The location on the deployment client where the deployment server
  should install the apps.
* If this value is unset, or set to empty, the repositoryLocation path is used.
* Can be overridden at the [serverClass:<name>] level.
* Useful only with complex (for example, tiered) deployment strategies.
* Default: $SPLUNK_HOME/etc/apps, the live
  configuration directory for a Splunk Enterprise instance.

("master-apps" for the Indexers Cluster and "shcluster" for the Search Heads Cluster.

But every change in apps configuration causes a reload of the Master Node and Deployer.

For these reasons, as I said, I prefer less automation and more control on Apps deployment on Indexers and Search Heads.

Ciao.

Giuseppe

miketAtNYS
Engager

Thank you, Giuseppi.  I can see I misread your comment.  I was thinking the "delicate" process was for master-apps and _cluster but, from your description of the steps, it's clear that using deployment to set up the contents of a bundle is the delicate process with more ways to end badly.  I'll post a new question that more clearly describes our points of confusion.

Regards.

Mike T.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @miketAtNYS ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...