diff --git a/_config.yml b/_config.yml index cc35c1df..e187b51b 100644 --- a/_config.yml +++ b/_config.yml @@ -1 +1,7 @@ -theme: jekyll-theme-modernist \ No newline at end of file +theme: jekyll-theme-modernist +relative_links: + enabled: true + collections: true +markdown: kramdown +kramdown: + parse_block_html: true diff --git a/base/redhat-8/Dockerfile b/base/redhat-8/Dockerfile index 9e01aa39..aec43604 100644 --- a/base/redhat-8/Dockerfile +++ b/base/redhat-8/Dockerfile @@ -12,9 +12,22 @@ # See the License for the specific language governing permissions and # limitations under the License. +# NOTE that since OpenShift Container Platform 3.11 +# the container catalog moved from registry.access.redhat.com to registry.redhat.io +# So at some point before they deprecate the old registry we have to make sure that +# we have access to the new registry and change where we pull the ubi image from. FROM registry.access.redhat.com/ubi8/ubi-minimal -LABEL maintainer="support@splunk.com" +LABEL name="splunk" \ + maintainer="support@splunk.com" \ + vendor="splunk" \ + version="7.3.1" \ + release="1" \ + summary="UBI 8 Docker image of Splunk Enterprise" \ + description="Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results." + +RUN mkdir /licenses; \ + curl -o /licenses/apache-2.0.txt https://www.apache.org/licenses/LICENSE-2.0.txt; \ + curl -o /licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf COPY install.sh /install.sh -COPY EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf /EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf RUN /install.sh && rm -rf /install.sh diff --git a/base/redhat-8/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf b/base/redhat-8/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf deleted file mode 100644 index 3a32abd7..00000000 Binary files a/base/redhat-8/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf and /dev/null differ diff --git a/docs/EXAMPLES.md b/docs/EXAMPLES.md index 7cfb47ad..c941c45d 100644 --- a/docs/EXAMPLES.md +++ b/docs/EXAMPLES.md @@ -30,9 +30,10 @@ $ docker run --name so1 --hostname so1 -p 8000:8000 -e "SPLUNK_PASSWORD=docker-compose.yml

-``` +

docker-compose.yml + +```yaml version: "3.6" services: @@ -45,7 +46,7 @@ services: ports: - 8000 ``` -

+ Execute the following to bring up your deployment: ``` @@ -55,9 +56,9 @@ $ SPLUNK_PASSWORD= docker-compose up -d ## Create standalone with license Adding a Splunk Enterprise license can be done in multiple ways. Please review the following compose files below to see how it can be achieved, either with a license hosted on a webserver or with a license file as a direct mount. -
docker-compose.yml - license from URL

+

docker-compose.yml - license from URL -``` +```yaml version: "3.6" services: @@ -71,11 +72,11 @@ services: ports: - 8000 ``` -

+
-
docker-compose.yml - license from file

+

docker-compose.yml - license from file -``` +```yaml version: "3.6" services: @@ -91,7 +92,7 @@ services: volumes: - ./splunk.lic:/tmp/license/splunk.lic ``` -

+
Execute the following to bring up your deployment: @@ -102,9 +103,9 @@ $ SPLUNK_PASSWORD= docker-compose up -d ## Create standalone with HEC To learn more about what the HTTP event collector (HEC) is and how to use it, please review the documentation [here](https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector). -
docker-compose.yml

+

docker-compose.yml -``` +```yaml version: "3.6" services: @@ -118,7 +119,7 @@ services: ports: - 8000 ``` -

+
Execute the following to bring up your deployment: ``` @@ -132,9 +133,11 @@ $ curl -k https://localhost:8088/services/collector/event -H "Authorization: Spl ``` ## Create standalone with app -
docker-compose.yml

+Splunk apps can also be installed using this Docker image. -``` +

docker-compose.yml + +```yaml version: "3.6" services: @@ -148,7 +151,7 @@ services: ports: - 8000 ``` -

+
Execute the following to bring up your deployment: ``` @@ -156,9 +159,11 @@ $ SPLUNK_PASSWORD= docker-compose up -d ``` ## Create standalone with SplunkBase app -
docker-compose.yml

+Apps showcased on SplunkBase can also be installed using this Docker image. -``` +

docker-compose.yml + +```yaml version: "3.6" services: @@ -174,7 +179,7 @@ services: ports: - 8000 ``` -

+
Execute the following to bring up your deployment: ``` @@ -182,9 +187,11 @@ $ SPLUNKBASE_PASSWORD= SPLUNK_PASSWORD= docker-co ``` ## Create standalone and universal forwarder -
docker-compose.yml

+You can also enable distributed deployments. In this case, we can create a Splunk universal forwarder running in a container to stream logs to a Splunk standalone, also running in a container. -``` +

docker-compose.yml + +```yaml version: "3.6" networks: @@ -225,7 +232,7 @@ services: - 8000 - 8089 ``` -

+
Execute the following to bring up your deployment: ``` @@ -235,9 +242,9 @@ $ SPLUNK_PASSWORD= docker-compose up -d ## Create heavy forwarder The following will allow you spin up a forwarder, and stream its logs to an independent, external indexer located at `idx1-splunk.company.internal`, as long as that hostname is reachable on your network. -
docker-compose.yml

+

docker-compose.yml -``` +```yaml version: "3.6" networks: @@ -263,7 +270,7 @@ services: ports: - 1514 ``` -

+
Execute the following to bring up your deployment: ``` @@ -273,9 +280,9 @@ $ SPLUNK_PASSWORD= docker-compose up -d ## Create heavy forwarder and deployment server The following will allow you spin up a forwarder, and stream its logs to an independent, external indexer located at `idx1-splunk.company.internal`, as long as that hostname is reachable on your network. Additionally, it brings up a deployment server, which will download an app and distribute it to the heavy forwarder. -
docker-compose.yml

+

docker-compose.yml -``` +```yaml version: "3.6" networks: @@ -316,7 +323,7 @@ services: - SPLUNK_APPS_URL=https://artifact.company.internal/splunk_app.tgz - SPLUNK_PASSWORD ``` -

+
Execute the following to bring up your deployment: ``` @@ -330,9 +337,9 @@ $ docker run -it -e SPLUNK_PASSWORD= splunk/splunk:latest create-defau ``` Additionally, review the `docker-compose.yml` below to understand how linking Splunk instances together through roles and environment variables is accomplished: -
docker-compose.yml

+

docker-compose.yml -``` +```yaml version: "3.6" networks: @@ -445,7 +452,7 @@ services: volumes: - ./default.yml:/tmp/defaults/default.yml ``` -

+
Execute the following to bring up your deployment: ``` @@ -459,9 +466,9 @@ $ docker run -it -e SPLUNK_PASSWORD= splunk/splunk:latest create-defau ``` Additionally, review the `docker-compose.yml` below to understand how linking Splunk instances together through roles and environment variables is accomplished: -
docker-compose.yml

+

docker-compose.yml -``` +```yaml version: "3.6" networks: @@ -575,7 +582,7 @@ services: volumes: - ./default.yml:/tmp/defaults/default.yml ``` -

+
Execute the following to bring up your deployment: ``` @@ -589,9 +596,9 @@ $ docker run -it -e SPLUNK_PASSWORD= splunk/splunk:latest create-defau ``` Additionally, review the `docker-compose.yml` below to understand how linking Splunk instances together through roles and environment variables is accomplished: -
docker-compose.yml

+

docker-compose.yml -``` +```yaml version: "3.6" networks: @@ -776,7 +783,7 @@ services: volumes: - ./default.yml:/tmp/defaults/default.yml ``` -

+
Execute the following to bring up your deployment: ``` @@ -784,9 +791,9 @@ $ docker-compose up -d ``` ## Enable root endpoint on SplunkWeb -
docker-compose.yml

+

docker-compose.yml -``` +```yaml version: "3.6" services: @@ -800,7 +807,7 @@ services: ports: - 8000 ``` -

+
Execute the following to bring up your deployment: ``` @@ -810,9 +817,9 @@ $ SPLUNK_PASSWORD= docker-compose up -d Then, visit SplunkWeb on your browser with the root endpoint in the URL, such as `http://localhost:8000/splunkweb`. ## Create sidecar forwarder -
k8s-sidecar.yml

+

k8s-sidecar.yml -``` +```yaml apiVersion: v1 kind: Pod metadata: @@ -842,7 +849,7 @@ spec: - name: shared-data emptyDir: {} ``` -

+
Execute the following to bring up your deployment: ``` diff --git a/test_scenarios/1sh1idx_dfs.yaml b/test_scenarios/1sh1idx_dfs.yaml new file mode 100644 index 00000000..871e5815 --- /dev/null +++ b/test_scenarios/1sh1idx_dfs.yaml @@ -0,0 +1,101 @@ +version: "3.6" + +networks: + splunknet: + driver: bridge + attachable: true + +volumes: + mnt-spark: + mnt-jdk: + +services: + init: + image: ${SPARK_IMAGE:-splunk/spark:latest} + entrypoint: [ "sh", "-c" ] + command: [ "cp -r /opt/jdk /mnt && cp -r /opt/spark /mnt" ] + hostname: init + container_name: init + networks: + splunknet: + aliases: + - init + volumes: + - mnt-spark:/mnt/spark + - mnt-jdk:/mnt/jdk + + sh1: + networks: + splunknet: + aliases: + - sh1 + image: ${SPLUNK_IMAGE:-splunk/splunk:latest} + command: start + hostname: sh1 + container_name: sh1 + environment: + - SPLUNK_START_ARGS=--accept-license + - SPLUNK_SEARCH_HEAD_URL=sh1 + - SPLUNK_INDEXER_URL=idx1 + - SPLUNK_ROLE=splunk_search_head + - SPLUNK_LICENSE_URI + - SPLUNK_PASSWORD + - DEBUG=true + - SPLUNK_ENABLE_DFS=true + - SPARK_MASTER_HOST=spark-master + - SPARK_MASTER_WEBUI_PORT=8009 + - JAVA_HOME=/mnt/jdk + - SPARK_HOME=/mnt/spark + - SPLUNK_DFW_NUM_SLOTS_ENABLED=false + ports: + - 8000 + - 8089 + depends_on: + - init + volumes: + - mnt-spark:/mnt/spark + - mnt-jdk:/mnt/jdk + + idx1: + networks: + splunknet: + aliases: + - idx1 + image: ${SPLUNK_IMAGE:-splunk/splunk:latest} + command: start + hostname: idx1 + container_name: idx1 + environment: + - SPLUNK_START_ARGS=--accept-license + - SPLUNK_SEARCH_HEAD_URL=sh1 + - SPLUNK_INDEXER_URL=idx1 + - SPLUNK_ROLE=splunk_indexer + - SPLUNK_LICENSE_URI + - SPLUNK_PASSWORD + - DEBUG=true + ports: + - 8000 + - 8089 + + spark-master: + image: ${SPARK_IMAGE:-splunk/spark:latest} + hostname: spark-master + container_name: spark-master + networks: + splunknet: + aliases: + - spark-master + environment: + - SPLUNK_ROLE=splunk_spark_master + + spark-worker: + image: ${SPARK_IMAGE:-splunk/spark:latest} + hostname: spark-worker + container_name: spark-worker + networks: + splunknet: + aliases: + - spark-worker + environment: + - SPLUNK_ROLE=splunk_spark_worker + - SPARK_MASTER_HOSTNAME=spark-master