Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Serverclass.conf - Using the same app name under different classes and repositoryLocations now appears broken in v6.0

Lucas_K
Motivator
‎12-09-2013 04:31 PM

I've been trying to upgrade our Splunk v5.0.4 deployment server to v6.0.

It appears that our existing serverclass is now broken under v6.0

The situation is that we have a few base configurations that are pushed out to all clients and are based on their client type. forwarders, indexers, search heads, job servers and so on. These contain such things as where the deployment server is. Where to forward internal logs (very useful for sos) etc.

We used a naming standard in which they were all called the same name. ie. "sys_conf".
They used the respositoryLocation parameter per class definition (which is a still supported configuration according to current v6.0 documentation - http://docs.splunk.com/Documentation/Splunk/6.0/Admin/Serverclassconf#serverclass.conf.example ).

So an example config.

INDEXERS - ONLY indexers should get this app.
[serverClass:sys_indexer]
filterType= blacklist
blacklist.0=*
whitelist.0=idx
restartSplunkd = true
repositoryLocation = $SPLUNK_HOME/etc/deployment-apps/sys_config/indexer/
[serverClass:sys_indexer:app:sys_conf]

FORWARDERS - ONLY forwarders should get this app.
[serverClass:sys_forwarder]
filterType= blacklist
blacklist.0=*
whitelist.0=fwder
restartSplunkd = true
repositoryLocation = $SPLUNK_HOME/etc/deployment-apps/sys_config/forwarder/
[serverClass:sys_forwarder:app:sys_conf]

Each unique repository location contains a "sys_conf" system app containing unique base configurations for that platform type.

In each clients deploymentclient.conf they have their clientName set to "idx" or "fwder". Checking splunkd.log shows they the correct endpoint is called.

However on the deployment server if we check /opt/splunk/var/run/tmp/ we will find all bundles for sys_conf.xxxxx will be identical and will only contain the contents of the very first defined repository location for a that unique app name.

A splunk btool serverclass list output shows the correct order of black listing and classes.

The issue I have is that its not just for base splunk configurations we have this for but right across various apps and TA's also!

I can verify this behaviour by picking a previously broken base app and calling the app something unique.

Has this functionality of being able to use the same app name in different classes and repository locations changed in v6.0?

Reply
1 Solution
Solved! Jump to solution
Solution

Lucas_K
Motivator
‎12-12-2013 08:08 PM

Support confirms this as a reproducible v6.0 issue so I will just have to wait on a fix.

View solution in original post

Reply
Solved! Jump to solution
Solution

Lucas_K
Motivator
‎12-12-2013 08:08 PM

Support confirms this as a reproducible v6.0 issue so I will just have to wait on a fix.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...