Deployment Architecture

What is the process of moving locally installed app to a deployment server?

jason0
Path Finder

Hello,

I have inherited a set of splunk servers, and three are search heads.  Some of the apps on the search heads  are installed directly.  I would prefer to manage those apps from the deployment server.  

I have found lots of information about deploying apps via single-instance/distributed, but not a lot on how to move an app from a single instance to a deployment server.

In my brain, the procedure looks like this:

  1. On the search head, tar up the app from $SPLUNK/etc/apps/<appname>
  2. copy the tar file to the deployment server
  3. untar the file into the $SPLUNK/etc/deployment-apps
  4. uninstall or disable the original app on the original searchhead
  5. Map the new  app to serverclass and to the client system (original search head)

Is this correct? 

--jason

 

 

Labels (2)
0 Karma

venkatasri
SplunkTrust
SplunkTrust

@jason0  - https://community.splunk.com/t5/Deployment-Architecture/Using-Deployment-Server-as-Search-Head-Deplo... 

You can certainly do it, SH requires deploymentclient.conf file pointing to (deployment server)DS. 

I never tested after the first-time deployment of apps  from DS --> SH, the subsequent changes to the apps done locally by user will stay on SH.. however if you push the same app once again from  DS might get override the app on SH which might remove the local changes.

Where as with SH deployer they get merged with local changes!

jason0
Path Finder

Hello venkatasri, 

Thank you for your reply.

Here's the interesting point of note: these search heads (not an SHC) are already managed by a deployment server.   The SH also happen to have individually installed apps.  i want to pull those apps into the deployment server because I dislike snowflake systems.

So if I understand your note correctly, it is not clear what will happen to the local changes on the SH when the deployment server first deploys the (recently moved) app.   it sounds like I need to experiment.

After re-reading your response, I went to find the difference between SH deployer vs deployment server, and found the following link: looks like I have more learning to do...  🙂

https://community.splunk.com/t5/Deployment-Architecture/Deployment-Server-vs-Deployer/m-p/111600

 

 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...