Deployment Architecture

How to update a deployment server deployment-apps?

JScordo
Path Finder

I want to update an app that gets pushed out from the deployment server to my forwarders, but i have made changes in the local directory and don't want these overwritten. Is there a simple way to update the apps from SplunkBase and push them out without having the local directory overwritten.

Currently my process includes:

1) downloading and installing the new app on the Deployment Server (which puts it in the /apps/ directory)
- ./splunk install app < app_package_filename > -update 1

2)Copying /$SPLUNK_HOME/etc/deployment-apps/< app-name >/local/ to /$SPLUNK_HOME/etc/apps/< app-name >/local/

3) removing the app from /$SPLUNK_HOME/etc/deployment-apps/

4) moving /$SPLUNK_HOME/etc/apps/< app-name >/ to /$SPLUNK_HOME/etc/deployment-apps/

1 Solution

martin_mueller
SplunkTrust
SplunkTrust

Unpacking the .spl/.tar.gz file should not overwrite the existing local directory, so you should be able to unpack that right into your deployment-apps directory - after making a backup, of course.

If you're unsure, you can unpack to a temporary location, and use the steps you described in the question to keep your local configurations. No need to install and remove the app from the DS itself.

View solution in original post

vgollapudi
Communicator

Splunk has made the upgrade process of the app and add-on much simpler. If you're using deployment server as the origin to distribute among the clients, then there is easy way to do it.

Follow these steps

Access UI of the deployment server. In the Manage Apps window, you have an option to upgrade necessary apps and add-ons when available in the Splunkbase marketplace. Make sure if the existing Splunk version is not compatible with the Apps and Add-ons then deployment server will not give update option for those especially.

In this way, the local configuration will not be disturbed in /etc/deployment and updated content will be in /etc/apps for the updated app which you will override by moving into /etc/deployment-apps by.

In this way, you don't have to untar any file to update the apps.

I tried with this approach on Heavy Forwarder, I got an update for Splunk AWS Add-on which was not managed by Deployment server. I did have custom files inside local directory of this Add-on, I went ahead and updated the Add-on through Heavy Forwarder UI. After the updating add-on, files inside local directory are preserved, default directory is updated with configuration files.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Unpacking the .spl/.tar.gz file should not overwrite the existing local directory, so you should be able to unpack that right into your deployment-apps directory - after making a backup, of course.

If you're unsure, you can unpack to a temporary location, and use the steps you described in the question to keep your local configurations. No need to install and remove the app from the DS itself.

joe_kraxner
Explorer

For future reference (as I'm asked a lot), the syntax is:

Standard Apps:
tar -zxf /some/location/splunk-db-connect_314.tgz -C /opt/splunk/etc/apps/

Deployment Server:
tar -zxf /some/location/splunk-db-connect_314.tgz -C /opt/splunk/etc/deployment-apps/

I hope this helps with future us.

JScordo
Path Finder

unpacking the .tar file to the deployment-apps/ directory overwrote the the old files with new while leaving the local directory alone. Thank you for the help!

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...