Deployment Architecture

Deployment App file structure

chris94089
Path Finder

Greetings,

I'm looking for documentation on how to structure a deployment server app, the part that goes into deployment-apps/myapp directory.  

I want to know if there's a specific way to do it.   For example, I want to set up a remote universal forwarder.  Can all the files I want to send go in the myapp/ directory?  Or should they be split up in a certain way?

Example: I need to send down a splunk.secret file: this file lives in $SPLUNK_HOME/SplunkForwarder/etc, would I put this file in deployment-apps/myapp/etc/?  or can it just go into deployment-apps/myapp/ along with all the other files I need to send down and the Deployment Client will know what to do with it when it restarts?

 

Thanks in advance

 

 

Labels (2)
Tags (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @chris94089,

you should before deeply read all the doc at https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Aboutdeploymentserver

Anyway, you have to take from Splunkbase the apps to deploy or create your custom.

In the second case the folder structure is always the same of all Splunk apps:

  • bin,
  • default,
  • local,
  • metadata.

Then you have to put these apps in %SPLUNK_HOME/etc/deployment-apps of your Deployment Server.

I prefer to have different apps and not a great fully comprehensive one.

Remember that if you have to manage more than 50 target servers, you need a dedicated DS.

Then, I hint to plan you deployment on paper (or Excel) listing all the apps for each target server and grouping them to find the rules for your  ServerClasses.

A ServerClass is, in few words, a table that correlates servers and apps to deploy.

E.G. if you have to deploy the TA_Windows App to all the Windows servers with name "winsrv*" you can group these servers using this rule to create the ServerClass.

When you fully planned your deployment, you can create, using the web GUI, your ServerClasses to deploy apps applyng the planned rules.

Remember to flag the "Splunk restart" for each app otherwise the updates will not be taken.

On final hint: create an app (called e.g. TA_Forwarders) dedicated to contain only information about Deployment Server and Indexers to deploy to all the target servers (no inputs): in this app there will be only three files:

  • apps.conf, containing the name of the app,
  • outputs.conf containing the addresses of Indexers,
  • deploymentclient containing the address of the Deployment Server.

for more infos you can also see my answer https://community.splunk.com/t5/Deployment-Architecture/How-to-set-up-new-deployment-server-in-a-clu...

Ciao and happy splunking.

Giuseppe

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @chris94089,

you should before deeply read all the doc at https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Aboutdeploymentserver

Anyway, you have to take from Splunkbase the apps to deploy or create your custom.

In the second case the folder structure is always the same of all Splunk apps:

  • bin,
  • default,
  • local,
  • metadata.

Then you have to put these apps in %SPLUNK_HOME/etc/deployment-apps of your Deployment Server.

I prefer to have different apps and not a great fully comprehensive one.

Remember that if you have to manage more than 50 target servers, you need a dedicated DS.

Then, I hint to plan you deployment on paper (or Excel) listing all the apps for each target server and grouping them to find the rules for your  ServerClasses.

A ServerClass is, in few words, a table that correlates servers and apps to deploy.

E.G. if you have to deploy the TA_Windows App to all the Windows servers with name "winsrv*" you can group these servers using this rule to create the ServerClass.

When you fully planned your deployment, you can create, using the web GUI, your ServerClasses to deploy apps applyng the planned rules.

Remember to flag the "Splunk restart" for each app otherwise the updates will not be taken.

On final hint: create an app (called e.g. TA_Forwarders) dedicated to contain only information about Deployment Server and Indexers to deploy to all the target servers (no inputs): in this app there will be only three files:

  • apps.conf, containing the name of the app,
  • outputs.conf containing the addresses of Indexers,
  • deploymentclient containing the address of the Deployment Server.

for more infos you can also see my answer https://community.splunk.com/t5/Deployment-Architecture/How-to-set-up-new-deployment-server-in-a-clu...

Ciao and happy splunking.

Giuseppe

0 Karma

chris94089
Path Finder

So I saw this post here about deployment apps:

https://dev.splunk.com/enterprise/docs/developapps/createapps/appdirectorystructure/

 

Getting to the root question about deployment app structure (my ds is up and running already), would the link above be an appropriate way to structure the app files in the deployment-apps/myapp directory?  

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @chris94089,

yes it's correct, even if usually in TAs less folders are used.

I hint to explore the Splunk Add-On Builder (https://splunkbase.splunk.com/app/2962/) that can guide you in TA creation.

Ciao.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Get Updates on the Splunk Community!

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...