Deployment Architecture

Using Deployment Server as Search Head Deployer

keerthana_k
Communicator

Hi,

We currently have a distributed setup with a Deployment Server, Indexer Cluster Master, Peer Indexers and a single Search Head. We are trying to migrate to Search head clustering.

Currently, we are distributing apps using Deployment Server to the Search Head as well. However, in the SH clustering documentation, it has been mentioned that the Deployer should be used for distributing apps to the SH cluster. But this would involve moving the Search head related apps to a new location /etc/shcluster/apps/ which would complicate things for distributed deployment. We tested app distribution using the Deployment Server configuration to the new SH cluster and it is working fine.

I would like to know the reason why the use of Deployment Server is discouraged in SH clustering.

Thanks in advance,
Keerthana

0 Karma
1 Solution

strive
Influencer

Hi Keerthana,

You can use deployment server to push apps to Search Head cluster nodes. It will definitely work.

Whether to use deployment server or dedicated deployer dependents on your distributed architecture. If your default apps are not going to get updated during runtime, then using deployment server should be fine.

If there are any run time updates then those changes will be overwritten if you use deployment server. This link clear explains how deployer helps in this case -- http://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/PropagateSHCconfigurationchanges#Where_...

Definitely deployer has some benefits which can be handy. If you do not need those for your architecture then that should be absolutely fine.

One drawback in deployer is: The configuration bundle must contain all previously pushed apps, as well as any new ones. If you delete an app from the bundle, the next time you push the bundle, the app will get deleted from the cluster members.

One more point, you can make your deployment server itself to play the role of deployer.

Regards,
Strive

View solution in original post

strive
Influencer

Hi Keerthana,

You can use deployment server to push apps to Search Head cluster nodes. It will definitely work.

Whether to use deployment server or dedicated deployer dependents on your distributed architecture. If your default apps are not going to get updated during runtime, then using deployment server should be fine.

If there are any run time updates then those changes will be overwritten if you use deployment server. This link clear explains how deployer helps in this case -- http://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/PropagateSHCconfigurationchanges#Where_...

Definitely deployer has some benefits which can be handy. If you do not need those for your architecture then that should be absolutely fine.

One drawback in deployer is: The configuration bundle must contain all previously pushed apps, as well as any new ones. If you delete an app from the bundle, the next time you push the bundle, the app will get deleted from the cluster members.

One more point, you can make your deployment server itself to play the role of deployer.

Regards,
Strive

strive
Influencer

I answered this question but my answer is not seen. In the activity tracker it says this question was answered by me but its missing.. Answering again

Hi Keerthana,

Yes, you can use deployment server to push baseline apps to the search head cluster members. Whether you need a dedicated deployer depends on your Distributed Deployment Architecture.

Suppose if there are going to be runtime updates to the baseline apps then it is good to go with a deployer. Read more here -- http://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/PropagateSHCconfigurationchanges#App_co...

While having a deployer has got its own benefits, it should be absolutely fine to not have one when your architecture and functioning of your application needs just a deployment server.

One draw back of deployer is: The configuration bundle must contain all previously pushed apps, as well as any new ones. If you delete an app from the bundle, the next time you push the bundle, the app will get deleted from the cluster members.

If there wont be any runtime updates to your baseline apps then i think you can ignore deployer.

Note: Instead of deploying one more node and making it a deployer, you can make your deployment server to play the role of deployer.

Thanks,
Strive

0 Karma

adonio
Ultra Champion

hello Keerthana_k
Deployment Server in not discouraged for SH Clustering, it just will not work. in order to deploy the SHC you need to have a Deployer. read more here: http://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/SHCdeploymentoverview

0 Karma

keerthana_k
Communicator

We tested the apps distribution through the deployment server and it did work.

0 Karma

adonio
Ultra Champion

but where the members clustered? or just separate 3 search heads?
kindly refer to the docs suggested here and in the answer

0 Karma

dineshraj9
Builder

For Search head clustering, you require at least 3 search head instances. If you have a single search head, use the deployment server to move apps to it.

http://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/SHCarchitecture

*Captain election process has deployment implications
The need of a majority vote for a successful election has these deployment implications:

A cluster should consist of a minimum of three members. A two-member cluster cannot tolerate any node failure. Failure of either member will prevent the cluster from electing a captain and continuing to function. Captain election requires majority (51%) assent of all members, which, in the case of a two-member cluster, means that both nodes must be running. You therefore forfeit the high availability benefits of a search head cluster if you limit it to two members.
If you are deploying the cluster across two sites, your primary site must contain a majority of the nodes. If there is a network disruption between the sites, only the site with a majority can elect a new captain. See Important considerations when deploying a search head cluster across multiple sites.*

0 Karma

keerthana_k
Communicator

I think you misunderstood my question. We are going to have 3 search head instances as cluster. My question is whether Deployer is really required or whether we can continue to use the Deployment Server to distribute apps across the cluster. Is there any drawback of using deployment server or any added benefits in using a Deployer?

0 Karma

adonio
Ultra Champion

Deployer is a required piece of SHC. please read the docs.
you can not enable the SHC without the deployer. you cannot deploy apps from Deployment Server to SHC members
the answer @dineshraj9 provided is valid

0 Karma

dineshraj9
Builder

I am sorry I thought you are proceeding with the same set of servers.

as @adonio said, Deployer is an essential component of the SHC architecture. I will generate the bundle and push it using one of the SHC members. The replication to all the members will have to done from peer.

Here are more on the role of a deployer - http://docs.splunk.com/Documentation/Splunk/6.5.3/DistSearch/PropagateSHCconfigurationchanges

More from answers forum - https://answers.splunk.com/answers/268768/deployment-server-vs-deployer.html

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...