Splunk Enterprise

Distributing APP from the deployment server to the index server

masakazu
Explorer

I'm trying to distribute an app from the deployment server to the index server via the cluster manager.

In the cluster manager's deploymentclient.conf,
it uses serverRepositoryLocationPolicy and repositoryLocation to receive the app in $SPLUNK_HOME$/etc/manager-apps
and pushes it to peer-apps on the index server for distribution.

Distribution to the index server was successful, but an install error message appears in the deployment server's internal log.
Is there a setting to prevent items distributed to manager-apps from being installed?

Labels (1)
Tags (1)
0 Karma

masakazu
Explorer

 

Hi, Tom-san!

Thank you for the advice.
It seems the problem was that the "stateOnClient" setting was also in the app specification.
When I removed that setting the error went away.

[serverClass:<serverClassName>:app:<AppName>]
stateOnClient = noop   ←★
restartSplunkWeb = 0
restartsplunkd = 1

[serverClass:<serverClassName>]
stateOnClient = noop
whitelist.0 = server1

For reference, I would like to know if there is any other setting.
As mentioned above, the DS server specifies serverRepositoryLocationPolicy and repositoryLocation for the cluster manager, so the DS-app is saved in manager-app.
Is it possible to deploy the APP to the manager?

 

0 Karma

Tom_Lundie
Contributor

If you want to dynamically deploy the app to either the manager-apps or apps directory, you can use serverclass.conf on the deployment server to do this.

Note that this is quite a complex deployment structure, make sure you keep your serverclass.conf well documented.

Firstly, restore the CM's deploymentclient.conf's repository settings to default to enable the serverClass to control the target repository:

 

[deployment-client]
repositoryLocation = $SPLUNK_HOME/etc/apps
serverRepositoryLocationPolicy = acceptSplunkHome

 

Then on the DS you can then dynamically set the repositoryLocation using the targetRepositoryLocation  directive within serverclass.conf  at the serverClass level:

For example you could have something like this:

 

[serverClass:CM_Deploy_to_Apps]
whitelist.0 = cm.yourcompany.com
targetRepositoryLocation = $SPLUNK_HOME/etc/apps
stateOnClient = enabled

[serverClass:CM_Deploy_to_Apps:app:example_app_1]
restartSplunkd = true

[serverClass:CM_Deploy_to_Apps:app:example_app_2]
issueReload=true
restartIfNeeded=true

[serverClass:CM_Deploy_to_Manager_Apps]
whitelist.0 = cm.yourcompany.com
targetRepositoryLocation = $SPLUNK_HOME/etc/manager-apps
stateOnClient = noop

[serverClass:CM_Deploy_to_Apps:app:example_manager_app_1]

[serverClass:CM_Deploy_to_Apps:app:example_manager_app_2]

 

0 Karma

Tom_Lundie
Contributor

Hi,

Have a look at these docs.

On the DS make sure you've included noop for the CM serverclass.conf entry:

[serverClass:<serverClassName>]
stateOnClient = noop

Also, ensure you're not overriding it on the app-level too.

If you've already got this covered, can you share the error message please?

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...