Deployment Architecture

deployment server affecting apps not defined on it?

igne
Observer

I have a deployment server, and I get that apps defined in the serverclass.conf will be removed or deployed based on the machines listed in the serverclass.conf white and blacklists.  But I'm seeing inconsistencies regarding apps that aren't defined on the serverclass / deployment server being removed (or not) on the client side.
Example - I have 3 serverclass + apps defined on the serverclass.conf.  outputs, which goes to everyone, ta_windows which goes to windows machines and ta_linux which goes to linux boxes.  The linux boxes also have a custom apps locally configured named varlogs.  Varlogs has never been added or defined to the deployment server.  When I hook a new linux box that has varlogs on it to the deployment server, varlogs vanishes.  However, some of the linux boxes also have a custom app named sri, and that /doesn't/ vanish even though it also isn't defined in serverclass.
What's the appropriate behavior?  Should hooking up to a deployment server wipe the installed apps down to what the deployment server is trying to send them or not?  And if it is supposed to reset to nothing but things defined in serverclass, is there a way to not have that happen?  We'd like to let folks keep their customized apps if possible. 

thanks

 

 

Labels (2)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @igne,

Deployment Server deployes or removes apps based on the serverclasses.conf file.

This means that if you have an app non listed in serverclasses.conf, it will be removed  from a server managed by DS.

I don't know why (if you want, we could debug it!) the sri app is in a server (managed by DS) and it isn't listed in serverclasses.conf that's still in the server.

Anyway the rule is:

if a server is managed by DS, you have to manage all the apps in that server in serverclasses.conf, otherwise they will be removed.

Obviously we don't speak about Search Head Clusters and Indexers Clusters.

Ciao.

Giuseppe

0 Karma

igne
Observer

It looks like the linux team had a very old deployment server everyone had forgotten about, and the missing apps were the ones originally deployed by it.  So when the new deployment server got involved, the clients evaluated their prexisting serverclass.xml, couldn't find the older apps, and promptly removed them.  The reason only some apps were affected was because the newer ones had never been part of the old deployment. 
We wiped the out of date serverclass.xml before hooking into the new server, and things went as expected - by which I mean the apps defined in the serverclass.conf on the deployment server were added or removed as based on their stanza, and anything not defined in the serverclass.conf were left alone and not removed or changed.
Thanks!

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @igne,

good! please accept the answer fo the other people of the Community.

Ciao and Next time.

Giuseppe

P.S.: Karma Points are appreciated

0 Karma

igne
Observer
@gcusello - you answer was inaccurate.   Apps not mentioned in the serverconf are not removed from clients.   The behavior I was experiencing was unrelated to my current deployment server's serverclass. 
 

 

 
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...