I'm looking to create an admin-like account which basically has ALL the privileges the admin account has, except it can't assign the can_delete role. Is such a thing even possible? Thanks.
... View more
We are trying to achieve one-click deployments with Splunk applications. Our desired workflow is below:
1) we develop the app and push the changes to the develop branch
2) we have a pipeline listening for any changes on the branch and when changes are pushed, deployment is triggered on a WIP environment
3) we pack the Splunk applications for the search head and deployment server in tar.gz archives which are extracted on the search head/deployment server (in etc/apps on the search head and etc/deployment-apps on the deployment server) and rsynced using the --delete flag so that if an app has been removed from git, it will also be removed from the search head/deployment server apps - this process is being executed by Chef
4) we manually reload the deployment server or, in the case of adding a new index, we manually apply the cluster bundle
We are facing the following difficulties:
we plan on testing the applications before pushing them to live and that entitles using live data - since we're using AWS I've created a snapshot of the live Splunk server, mounted the snapshot on the WIP environment, put the cluster in maintenance mode and symlinked /opt/splunk/var/lib from the snapshot and started the indexers and disabled maintenance mode. This worked just fine however, if there is new data in Splunk, we need to repeat the process. Q: What is the best way of replicating live data on the WIP environment?
when we deploy applications, we don't want the WIP apps to interact w/ the live environment at all. This means that if we develop an app and we create an outputs.conf or anything referring to the WIP infrastructure, we will use something like wip-domain.com. This defeats our purpose as if we develop an application we will need to maintain an additional Git repo for live so that we reference live-domain.com. Q: How do we overcome the environment naming convention issue so that we only maintain one repository?
how can we run tests on our apps? is there a framework that can be used?
we have some apps on the search head that are pretty static and those are maintained through Chef - our developers don't have access to the Chef repo so if they make a change to an existing app, they need to rely on a sysadmin. Q: Is there any reason why we shouldn't deploy applications on the search head using serverclass.conf?
There are just some of the challenges we've faced so far. Is anyone using CI/CD (Continuous Integration / Continuous Deployment) to deploy Splunk applications? We are using GoCD if this helps.
Thanks in advance.
... View more
Not necessarily - how can I actually get Splunk to ignore the checksums of the apps? Setting crossServerChecksum to false does not seem to work. I guess it would be helpful to also know how Splunk determines the checksum to see if I can find any workarounds?
... View more
I'm setting up Splunk Enterprise 6.4.1 and I'm configuring it using Chef. I want to make use of the deployment server to use apps so the process is I check out my apps from a Git repo, which I then pack in a .tar.gz file. I only re-create that .tar.gz file when I add a new application. I then proceed to download the .tar.gz file somewhere on the server and I extract it. The old install I rename as old and the new files I extract in a directory called new, which I then rename to current after I've extracted the apps there. I then create a symlink for /opt/splunk/etc/deployment-apps to point to that directory and update serverclass.conf manually. The problem is that my Chef recipe does these steps every time and it keeps installing the apps over and over again. Here's a sample log:
07-12-2016 11:32:07.674 +0000 INFO DeployedApplication - Checksum mismatch 9038096492216933078 <> 5784616587066482821 for app=chef_analytics_splunk_app. Will reload from='xx.xx.xxx.179:8089/services/streams/deployment?name=default:MugurelTest:chef_analytics_splunk_app'
07-12-2016 11:32:07.708 +0000 INFO DeployedApplication - Downloaded url=xx.xx.xxx.179:8089/services/streams/deployment?name=default:MugurelTest:chef_analytics_splunk_app to file='/opt/splunk/var/run/MugurelTest/chef_analytics_splunk_app-1468323117.bundle' sizeKB=740
07-12-2016 11:32:07.715 +0000 INFO DeployedApplication - Installing app=chef_analytics_splunk_app to='/opt/splunk/etc/master-apps/chef_analytics_splunk_app'
07-12-2016 11:32:07.738 +0000 WARN DC:DeploymentClient - Restarting Splunkd..
I don't understand why it does that because I have set crossServerChecksum to true (and tried with false as well) in serverclass.conf:
crossServerChecksum = true
restartSplunkWeb = 0
restartSplunkd = 1
stateOnClient = enabled
whitelist.0 = xx.xx.xxx.169
whitelist.1 = xx.xx.xxx.180
How can I actually force it not to reinstall already installed apps?
... View more