Deployment Architecture

Deployment Server vs. Deployer

shandman
Path Finder

I am having a hard time trying to understand the difference between the two. I wonder if Splunk can make future name changes to make this more clear.

i.e.
Caution: You must use the deployer, not the deployment server, to distribute apps to cluster members. Use of the deployer eliminates the possibility of conflict with the run-time updates that the cluster replicates automatically by means of the mechanism described in "Configuration updates that the cluster replicates."
= This is a snip it from http://docs.splunk.com/Documentation/Splunk/6.2.3/DistSearch/PropagateSHCconfigurationchanges

What I am trying to do.
1. Deploy LDAP to Search Head Cluster (going from an old architecture which used just a stand alone splunk server. single authentication.conf works with LDAP).
2. From what I"m reading, I need to create an application, and use my Cluster Master (which is secretly also called the deployer / correct me if I'm wrong) to push the app by placing in :
$SPLUNK_HOME/etc/shcluster/
apps/
/
/
3. I can not find anywhere, steps on how to create an app by using the Cluster Master / Deployer. I CAN find instructions on how to create apps using the deployment server.... which is different than the Cluster Master / Deployer.

Can Splunk make this any more unclear?

acharlieh
Influencer
  • A deployer is used to deploy apps to a search head cluster.
  • A cluster master is used to deploy apps and manage replication within an indexer cluster (single or multi-site)
  • A deployment server is used to deploy apps to forwarders (and technically could be used to deploy apps to other Splunk servers as well but with a number of caveats)

A Splunk instance can play any set of these roles (and a few others) simultaneously, but they are distinctly different things. And could be deployed on separate Splunk instances.

"Can Splunk make this any more unclear?"
- Be careful what you wish for since it might come true. 🙂

shandman
Path Finder

Thank you for the response acharlieh.

The server I am using as my Cluster Master is, cmgr1.splunk.hq1.xxx.com (stands for cluster master).

In my directory structure I have:
/opt/splunk/etc
/master-apps - this is for my index cluster
/shcluster - this is for my search head cluster ... no?

So is my server cmgr1.splunk.hq1.xxx.com, serving as both a deployer, and cluster master?
Is this normal? I just followed standard setup for my new splunk architecture.

My architecture is:
Search Head Cluster = fe1.splunk.hq1.xxx.com, fe2.splunk.hq1.xxx.com, fe3.splunk.hq1.xxx.com
Index Cluster = idx1.splunk.hq1.xxx.com, idx2.splunk.hq1.xxx.com, idx3.splunk.hq1.xxx.com, idx4.splunk.hq1.xxx.com, idx5.splunk.hq1.xxx.com
Cluster Master = cmgr1.splunk.hq1.xxx.com
License Master = lmgr1.splunk.hq1.xxx.com
Deployment Server = dply1.splunk.hq1.xxx.com

0 Karma

shandman
Path Finder

In follow up, I just want to know how to deploy an app to my search head cluster. Is it just a matter of creating a directory with the authentication.conf file into the /opt/splunk/etc/shcluster directory and then run the splunk apply schcluster-bundle command?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...