Deployment Architecture

Deployment App file structure

chris94089
Path Finder

Greetings,

I'm looking for documentation on how to structure a deployment server app, the part that goes into deployment-apps/myapp directory.  

I want to know if there's a specific way to do it.   For example, I want to set up a remote universal forwarder.  Can all the files I want to send go in the myapp/ directory?  Or should they be split up in a certain way?

Example: I need to send down a splunk.secret file: this file lives in $SPLUNK_HOME/SplunkForwarder/etc, would I put this file in deployment-apps/myapp/etc/?  or can it just go into deployment-apps/myapp/ along with all the other files I need to send down and the Deployment Client will know what to do with it when it restarts?

 

Thanks in advance

 

 

Labels (2)
Tags (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @chris94089,

you should before deeply read all the doc at https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Aboutdeploymentserver

Anyway, you have to take from Splunkbase the apps to deploy or create your custom.

In the second case the folder structure is always the same of all Splunk apps:

  • bin,
  • default,
  • local,
  • metadata.

Then you have to put these apps in %SPLUNK_HOME/etc/deployment-apps of your Deployment Server.

I prefer to have different apps and not a great fully comprehensive one.

Remember that if you have to manage more than 50 target servers, you need a dedicated DS.

Then, I hint to plan you deployment on paper (or Excel) listing all the apps for each target server and grouping them to find the rules for your  ServerClasses.

A ServerClass is, in few words, a table that correlates servers and apps to deploy.

E.G. if you have to deploy the TA_Windows App to all the Windows servers with name "winsrv*" you can group these servers using this rule to create the ServerClass.

When you fully planned your deployment, you can create, using the web GUI, your ServerClasses to deploy apps applyng the planned rules.

Remember to flag the "Splunk restart" for each app otherwise the updates will not be taken.

On final hint: create an app (called e.g. TA_Forwarders) dedicated to contain only information about Deployment Server and Indexers to deploy to all the target servers (no inputs): in this app there will be only three files:

  • apps.conf, containing the name of the app,
  • outputs.conf containing the addresses of Indexers,
  • deploymentclient containing the address of the Deployment Server.

for more infos you can also see my answer https://community.splunk.com/t5/Deployment-Architecture/How-to-set-up-new-deployment-server-in-a-clu...

Ciao and happy splunking.

Giuseppe

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @chris94089,

you should before deeply read all the doc at https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Aboutdeploymentserver

Anyway, you have to take from Splunkbase the apps to deploy or create your custom.

In the second case the folder structure is always the same of all Splunk apps:

  • bin,
  • default,
  • local,
  • metadata.

Then you have to put these apps in %SPLUNK_HOME/etc/deployment-apps of your Deployment Server.

I prefer to have different apps and not a great fully comprehensive one.

Remember that if you have to manage more than 50 target servers, you need a dedicated DS.

Then, I hint to plan you deployment on paper (or Excel) listing all the apps for each target server and grouping them to find the rules for your  ServerClasses.

A ServerClass is, in few words, a table that correlates servers and apps to deploy.

E.G. if you have to deploy the TA_Windows App to all the Windows servers with name "winsrv*" you can group these servers using this rule to create the ServerClass.

When you fully planned your deployment, you can create, using the web GUI, your ServerClasses to deploy apps applyng the planned rules.

Remember to flag the "Splunk restart" for each app otherwise the updates will not be taken.

On final hint: create an app (called e.g. TA_Forwarders) dedicated to contain only information about Deployment Server and Indexers to deploy to all the target servers (no inputs): in this app there will be only three files:

  • apps.conf, containing the name of the app,
  • outputs.conf containing the addresses of Indexers,
  • deploymentclient containing the address of the Deployment Server.

for more infos you can also see my answer https://community.splunk.com/t5/Deployment-Architecture/How-to-set-up-new-deployment-server-in-a-clu...

Ciao and happy splunking.

Giuseppe

0 Karma

chris94089
Path Finder

So I saw this post here about deployment apps:

https://dev.splunk.com/enterprise/docs/developapps/createapps/appdirectorystructure/

 

Getting to the root question about deployment app structure (my ds is up and running already), would the link above be an appropriate way to structure the app files in the deployment-apps/myapp directory?  

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @chris94089,

yes it's correct, even if usually in TAs less folders are used.

I hint to explore the Splunk Add-On Builder (https://splunkbase.splunk.com/app/2962/) that can guide you in TA creation.

Ciao.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...