From 1d3458b33b433a2cd2f8216ccad0feef70f3c92b Mon Sep 17 00:00:00 2001 From: Nelson Wang Date: Tue, 17 Dec 2019 00:22:04 -0800 Subject: [PATCH 01/11] Adding tests for splunktcp-ssl --- tests/test_docker_splunk.py | 157 ++++++++++++++++++++++++++++++++++++ 1 file changed, 157 insertions(+) diff --git a/tests/test_docker_splunk.py b/tests/test_docker_splunk.py index bc9ba9ee..d894e94f 100644 --- a/tests/test_docker_splunk.py +++ b/tests/test_docker_splunk.py @@ -102,6 +102,15 @@ def teardown_method(self, method): self.compose_file_name, self.project_name = None, None self._clean_docker_env() + def cleanup_files(self, files): + try: + for file in files: + os.remove(file) + except OSError as e: + pass + except Exception as e: + raise e + def _clean_docker_env(self): # Remove anything spun up by docker-compose containers = self.client.containers(filters={"label": "com.docker.compose.version"}) @@ -1224,6 +1233,154 @@ def test_adhoc_1uf_hec_ssl_disabled(self): except OSError: pass + def test_adhoc_1so_splunktcp_ssl(self): + # Generate default.yml + cid = self.client.create_container(self.SPLUNK_IMAGE_NAME, tty=True, command="create-defaults") + self.client.start(cid.get("Id")) + output = self.get_container_logs(cid.get("Id")) + self.client.remove_container(cid.get("Id"), v=True, force=True) + # Get the password + password = re.search(" password: (.*)", output).group(1).strip() + assert password + # Commands to generate self-signed certificates for Splunk here: https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcertificates + passphrase = "abcd1234" + cmds = [ + "openssl genrsa -aes256 -passout pass:{pw} -out {path}/ca.key 2048".format(pw=passphrase, path=FIXTURES_DIR), + "openssl req -new -key {path}/ca.key -passin pass:{pw} -out {path}/ca.csr -subj /CN=localhost".format(pw=passphrase, path=FIXTURES_DIR), + "openssl x509 -req -in {path}/ca.csr -sha512 -passin pass:{pw} -signkey {path}/ca.key -CAcreateserial -out {path}/ca.pem -days 3".format(pw=passphrase, path=FIXTURES_DIR), + "openssl genrsa -aes256 -passout pass:{pw} -out {path}/server.key 2048".format(pw=passphrase, path=FIXTURES_DIR), + "openssl req -new -passin pass:{pw} -key {path}/server.key -out {path}/server.csr -subj /CN=localhost".format(pw=passphrase, path=FIXTURES_DIR), + "openssl x509 -req -passin pass:{pw} -in {path}/server.csr -SHA256 -CA {path}/ca.pem -CAkey {path}/ca.key -CAcreateserial -out {path}/server.pem -days 3".format(pw=passphrase, path=FIXTURES_DIR), + "cat {path}/server.pem {path}/server.key {path}/ca.pem > {path}/cert.pem".format(path=FIXTURES_DIR) + ] + for cmd in cmds: + execute_cmd = subprocess.check_output(["/bin/sh", "-c", cmd]) + # Update s2s ssl settings + output = re.sub(r''' s2s:.*?ssl: false''', r''' s2s: + ca: /tmp/defaults/ca.pem + cert: /tmp/defaults/cert.pem + enable: true + password: {} + port: 9997 + ssl: true'''.format(passphrase), output, flags=re.DOTALL) + # Write the default.yml to a file + with open(os.path.join(FIXTURES_DIR, "default.yml"), "w") as f: + f.write(output) + # Create the container and mount the default.yml + cid = None + try: + splunk_container_name = generate_random_string() + cid = self.client.create_container(self.SPLUNK_IMAGE_NAME, tty=True, ports=[8000, 8089], + volumes=["/tmp/defaults/"], name=splunk_container_name, + environment={"DEBUG": "true", + "SPLUNK_START_ARGS": "--accept-license", + "SPLUNK_PASSWORD": password}, + host_config=self.client.create_host_config(binds=[FIXTURES_DIR + ":/tmp/defaults/"], + port_bindings={8089: ("0.0.0.0",), 8000: ("0.0.0.0",)}) + ) + cid = cid.get("Id") + self.client.start(cid) + # Poll for the container to be ready + assert self.wait_for_containers(1, name=splunk_container_name) + # Check splunkd + assert self.check_splunkd("admin", password) + # Check if the created file exists + exec_command = self.client.exec_create(cid, "cat /opt/splunk/etc/system/local/inputs.conf", user="splunk") + std_out = self.client.exec_start(exec_command) + assert "[splunktcp-ssl:9997]" in std_out + assert "serverCert = /tmp/defaults/cert.pem" in std_out + except Exception as e: + self.logger.error(e) + raise e + finally: + if cid: + self.client.remove_container(cid, v=True, force=True) + files = [ + os.path.join(FIXTURES_DIR, "ca.key"), + os.path.join(FIXTURES_DIR, "ca.csr"), + os.path.join(FIXTURES_DIR, "ca.pem"), + os.path.join(FIXTURES_DIR, "server.key"), + os.path.join(FIXTURES_DIR, "server.csr"), + os.path.join(FIXTURES_DIR, "server.pem"), + os.path.join(FIXTURES_DIR, "cert.pem"), + os.path.join(FIXTURES_DIR, "default.yml") + ] + self.cleanup_files(files) + + def test_adhoc_1uf_splunktcp_ssl(self): + # Generate default.yml + cid = self.client.create_container(self.UF_IMAGE_NAME, tty=True, command="create-defaults") + self.client.start(cid.get("Id")) + output = self.get_container_logs(cid.get("Id")) + self.client.remove_container(cid.get("Id"), v=True, force=True) + # Get the password + password = re.search(" password: (.*)", output).group(1).strip() + assert password + # Commands to generate self-signed certificates for Splunk here: https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcertificates + passphrase = "abcd1234" + cmds = [ + "openssl genrsa -aes256 -passout pass:{pw} -out {path}/ca.key 2048".format(pw=passphrase, path=FIXTURES_DIR), + "openssl req -new -key {path}/ca.key -passin pass:{pw} -out {path}/ca.csr -subj /CN=localhost".format(pw=passphrase, path=FIXTURES_DIR), + "openssl x509 -req -in {path}/ca.csr -sha512 -passin pass:{pw} -signkey {path}/ca.key -CAcreateserial -out {path}/ca.pem -days 3".format(pw=passphrase, path=FIXTURES_DIR), + "openssl genrsa -aes256 -passout pass:{pw} -out {path}/server.key 2048".format(pw=passphrase, path=FIXTURES_DIR), + "openssl req -new -passin pass:{pw} -key {path}/server.key -out {path}/server.csr -subj /CN=localhost".format(pw=passphrase, path=FIXTURES_DIR), + "openssl x509 -req -passin pass:{pw} -in {path}/server.csr -SHA256 -CA {path}/ca.pem -CAkey {path}/ca.key -CAcreateserial -out {path}/server.pem -days 3".format(pw=passphrase, path=FIXTURES_DIR), + "cat {path}/server.pem {path}/server.key {path}/ca.pem > {path}/cert.pem".format(path=FIXTURES_DIR) + ] + for cmd in cmds: + execute_cmd = subprocess.check_output(["/bin/sh", "-c", cmd]) + # Update s2s ssl settings + output = re.sub(r''' s2s:.*?ssl: false''', r''' s2s: + ca: /tmp/defaults/ca.pem + cert: /tmp/defaults/cert.pem + enable: true + password: {} + port: 9997 + ssl: true'''.format(passphrase), output, flags=re.DOTALL) + # Write the default.yml to a file + with open(os.path.join(FIXTURES_DIR, "default.yml"), "w") as f: + f.write(output) + # Create the container and mount the default.yml + cid = None + try: + splunk_container_name = generate_random_string() + cid = self.client.create_container(self.UF_IMAGE_NAME, tty=True, ports=[8000, 8089], + volumes=["/tmp/defaults/"], name=splunk_container_name, + environment={"DEBUG": "true", + "SPLUNK_START_ARGS": "--accept-license", + "SPLUNK_PASSWORD": password}, + host_config=self.client.create_host_config(binds=[FIXTURES_DIR + ":/tmp/defaults/"], + port_bindings={8089: ("0.0.0.0",), 8000: ("0.0.0.0",)}) + ) + cid = cid.get("Id") + self.client.start(cid) + # Poll for the container to be ready + assert self.wait_for_containers(1, name=splunk_container_name) + # Check splunkd + assert self.check_splunkd("admin", password) + # Check if the created file exists + exec_command = self.client.exec_create(cid, "cat /opt/splunkforwarder/etc/system/local/inputs.conf", user="splunk") + std_out = self.client.exec_start(exec_command) + assert "[splunktcp-ssl:9997]" in std_out + assert "serverCert = /tmp/defaults/cert.pem" in std_out + except Exception as e: + self.logger.error(e) + raise e + finally: + if cid: + self.client.remove_container(cid, v=True, force=True) + files = [ + os.path.join(FIXTURES_DIR, "ca.key"), + os.path.join(FIXTURES_DIR, "ca.csr"), + os.path.join(FIXTURES_DIR, "ca.pem"), + os.path.join(FIXTURES_DIR, "server.key"), + os.path.join(FIXTURES_DIR, "server.csr"), + os.path.join(FIXTURES_DIR, "server.pem"), + os.path.join(FIXTURES_DIR, "cert.pem"), + os.path.join(FIXTURES_DIR, "default.yml") + ] + self.cleanup_files(files) + def test_adhoc_1so_web_ssl(self): # Generate a password password = generate_random_string() From 17050208565cd4c842b150b9b27e79dfb6836b01 Mon Sep 17 00:00:00 2001 From: Nelson Wang Date: Tue, 17 Dec 2019 16:38:09 -0800 Subject: [PATCH 02/11] Adding docs for splunktcp-ssl --- docs/ADVANCED.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/docs/ADVANCED.md b/docs/ADVANCED.md index 5d774602..3103daef 100644 --- a/docs/ADVANCED.md +++ b/docs/ADVANCED.md @@ -18,6 +18,7 @@ Let's dive into the nitty-gritty on how to tweak the setup of your containerized * [Enable SmartStore](#enable-smartstore) * [Using deployment servers](#using-deployment-servers) * [Deploy distributed topology](#deploy-distributed-topology) +* [Enable SSL internal communication](#enable-ssl-internal-communication) * [Build from source](#build-from-source) * [base-debian-9](#base-debian-9) * [splunk-debian-9](#splunk-debian-9) @@ -248,6 +249,25 @@ While running a standalone Splunk instance may be fine for testing and developme See the [instructions on standing up a distributed environment](advanced/DISTRIBUTED_TOPOLOGY.md) to understand how to get started. +## Enable SSL Internal Communication +For users looking to secure the network traffic from one Splunk instance to another Splunk instance (ex: forwarders to indexers), you can enable forwarding and receiving to use SSL certificates. + +If you wish to enable SSL on one tier of your Splunk topology, it's very likely all instances will need it. To achieve this, we recommend you generate your server and CA certificates and add them to the `default.yml` which gets shared across all Splunk docker containers. Use this example `default.yml` snippet for the configuration of Splunk TCP with SSL. +``` +splunk: + ... + s2s: + ca: /mnt/certs/ca.pem + cert: /mnt/certs/cert.pem + enable: true + password: abcd1234 + port: 9997 + ssl: true + ... +``` + +For more instructions on how to bring your own certificates, please see: https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcertificates + ## Build from source While we don't support or recommend you building your own images from source, it is entirely possible. This can be useful if you want to incorporate very experimental features, test new features, and if you have your own registry for persistent images. From 1ec8aef2422f872f9a8d15034484aef8c7ba959e Mon Sep 17 00:00:00 2001 From: Nelson Wang Date: Fri, 3 Jan 2020 13:17:00 -0800 Subject: [PATCH 03/11] Updating test assertions for changes in retry/delay handling --- tests/test_docker_splunk.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/test_docker_splunk.py b/tests/test_docker_splunk.py index d894e94f..38a26ce5 100644 --- a/tests/test_docker_splunk.py +++ b/tests/test_docker_splunk.py @@ -302,8 +302,10 @@ def check_common_keys(self, log_output, role): assert log_output["all"]["vars"]["ansible_ssh_user"] == "splunk" assert log_output["all"]["vars"]["ansible_pre_tasks"] == None assert log_output["all"]["vars"]["ansible_post_tasks"] == None - assert log_output["all"]["vars"]["retry_num"] == 50 - assert log_output["all"]["vars"]["delay_num"] == 3 + assert log_output["all"]["vars"]["retry_num"] == 60 + assert log_output["all"]["vars"]["retry_delay"] == 3 + assert log_output["all"]["vars"]["wait_for_splunk_retry_num"] == 60 + assert log_output["all"]["vars"]["shc_sync_retry_num"] == 60 assert log_output["all"]["vars"]["splunk"]["group"] == "splunk" assert log_output["all"]["vars"]["splunk"]["license_download_dest"] == "/tmp/splunk.lic" assert log_output["all"]["vars"]["splunk"]["nfr_license"] == "/tmp/nfr_enterprise.lic" From c1f063a75c42276162bba9efffb0eb5d3552ed7c Mon Sep 17 00:00:00 2001 From: Nelson Wang Date: Fri, 10 Jan 2020 12:27:12 -0800 Subject: [PATCH 04/11] Support for tzdata in UBI redhat images --- base/redhat-8/Dockerfile | 2 +- base/redhat-8/install.sh | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/base/redhat-8/Dockerfile b/base/redhat-8/Dockerfile index c34b396d..5c9cc528 100644 --- a/base/redhat-8/Dockerfile +++ b/base/redhat-8/Dockerfile @@ -16,7 +16,7 @@ # the container catalog moved from registry.access.redhat.com to registry.redhat.io # So at some point before they deprecate the old registry we have to make sure that # we have access to the new registry and change where we pull the ubi image from. -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.0-213 +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1 LABEL name="splunk" \ maintainer="support@splunk.com" \ vendor="splunk" \ diff --git a/base/redhat-8/install.sh b/base/redhat-8/install.sh index db67be8f..c2c41c90 100755 --- a/base/redhat-8/install.sh +++ b/base/redhat-8/install.sh @@ -15,6 +15,8 @@ set -e +# Per: https://github.com/rpm-software-management/microdnf/issues/50 +mkdir -p /run/user/$UID # reinstalling local en def for now, removed in minimal image https://bugzilla.redhat.com/show_bug.cgi?id=1665251 microdnf -y --nodocs install glibc-langpack-en @@ -25,7 +27,8 @@ microdnf -y --nodocs install glibc-langpack-en #We get around the gen above by forcing the language install, and then point to it. export LANG=en_US.utf8 -microdnf -y --nodocs install wget sudo shadow-utils procps tar +rpm -e --nodeps tzdata +microdnf -y --nodocs install wget sudo shadow-utils procps tar tzdata #install busybox direct from the multiarch since epel isn't availible yet for redhat8 wget -O /bin/busybox https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-`arch` chmod +x /bin/busybox From c73053bba0194231de9173c9e3b65155dcdea62a Mon Sep 17 00:00:00 2001 From: James Rigassio Date: Thu, 23 Jan 2020 17:42:00 -0800 Subject: [PATCH 05/11] modify create defaults for pass4symmkey change --- splunk/common-files/createdefaults.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/splunk/common-files/createdefaults.py b/splunk/common-files/createdefaults.py index fcf3da6b..48c5566e 100755 --- a/splunk/common-files/createdefaults.py +++ b/splunk/common-files/createdefaults.py @@ -25,7 +25,9 @@ splunk_hec_token = os.environ.get("SPLUNK_HEC_TOKEN", None) splunk_password = os.environ.get("SPLUNK_PASSWORD", None) splunk_idxc_secret = os.environ.get("SPLUNK_IDXC_SECRET", None) +splunk_idxc_pass4SymmKey = os.environ.get("SPLUNK_SHC_PASS4SYMMKEY", None) splunk_shc_secret = os.environ.get("SPLUNK_SHC_SECRET", None) +splunk_shc_pass4SymmKey = os.environ.get("SPLUNK_SHC_PASS4SYMMKEY", None) def random_generator(size=24): # Use System Random for @@ -43,8 +45,13 @@ def random_generator(size=24): os.environ["SPLUNK_PASSWORD"] = random_generator() if not splunk_idxc_secret: os.environ["SPLUNK_IDXC_SECRET"] = random_generator() +if not splunk_idxc_pass4SymmKey: + os.environ["SPLUNK_IDXC_SECRET"] = os.environ["SPLUNK_IDXC_SECRET"] if not splunk_shc_secret: os.environ["SPLUNK_SHC_SECRET"] = random_generator() +if not splunk_shc_pass4SymmKey: + os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] + sys.argv.append("--write-to-stdout") import environ environ.main() From 73a7d3eb85f47883fe3fe66b6f6f81b8400b05a5 Mon Sep 17 00:00:00 2001 From: James Rigassio Date: Fri, 24 Jan 2020 11:59:46 -0800 Subject: [PATCH 06/11] addressing comment and change for variable deprecation --- splunk/common-files/createdefaults.py | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/splunk/common-files/createdefaults.py b/splunk/common-files/createdefaults.py index 48c5566e..944c83c7 100755 --- a/splunk/common-files/createdefaults.py +++ b/splunk/common-files/createdefaults.py @@ -25,7 +25,7 @@ splunk_hec_token = os.environ.get("SPLUNK_HEC_TOKEN", None) splunk_password = os.environ.get("SPLUNK_PASSWORD", None) splunk_idxc_secret = os.environ.get("SPLUNK_IDXC_SECRET", None) -splunk_idxc_pass4SymmKey = os.environ.get("SPLUNK_SHC_PASS4SYMMKEY", None) +splunk_idxc_pass4SymmKey = os.environ.get("SPLUNK_IDXC_PASS4SYMMKEY", None) splunk_shc_secret = os.environ.get("SPLUNK_SHC_SECRET", None) splunk_shc_pass4SymmKey = os.environ.get("SPLUNK_SHC_PASS4SYMMKEY", None) @@ -43,15 +43,18 @@ def random_generator(size=24): os.environ["SPLUNK_HEC_TOKEN"] = str(tempuuid) if not splunk_password: os.environ["SPLUNK_PASSWORD"] = random_generator() -if not splunk_idxc_secret: - os.environ["SPLUNK_IDXC_SECRET"] = random_generator() -if not splunk_idxc_pass4SymmKey: - os.environ["SPLUNK_IDXC_SECRET"] = os.environ["SPLUNK_IDXC_SECRET"] -if not splunk_shc_secret: - os.environ["SPLUNK_SHC_SECRET"] = random_generator() -if not splunk_shc_pass4SymmKey: - os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] - +if splunk_idxc_pass4SymmKey: + os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = splunk_idxc_pass4SymmKey +elif splunk_idxc_secret: + os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = splunk_idxc_secret +else: + os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = random_generator() +if splunk_shc_secret: + os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = splunk_shc_pass4SymmKey +elif splunk_shc_pass4SymmKey: + os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = splunk_shc_secret +else: + os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = random_generator() sys.argv.append("--write-to-stdout") import environ environ.main() From 7ef7ef02525b8b950d10b3de84bfd03b3cd1521d Mon Sep 17 00:00:00 2001 From: Nelson Wang Date: Thu, 30 Jan 2020 23:11:20 -0800 Subject: [PATCH 07/11] Adding test to ensure java install persists during restarts --- tests/test_docker_splunk.py | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/tests/test_docker_splunk.py b/tests/test_docker_splunk.py index 38a26ce5..bb516362 100644 --- a/tests/test_docker_splunk.py +++ b/tests/test_docker_splunk.py @@ -308,7 +308,6 @@ def check_common_keys(self, log_output, role): assert log_output["all"]["vars"]["shc_sync_retry_num"] == 60 assert log_output["all"]["vars"]["splunk"]["group"] == "splunk" assert log_output["all"]["vars"]["splunk"]["license_download_dest"] == "/tmp/splunk.lic" - assert log_output["all"]["vars"]["splunk"]["nfr_license"] == "/tmp/nfr_enterprise.lic" assert log_output["all"]["vars"]["splunk"]["opt"] == "/opt" assert log_output["all"]["vars"]["splunk"]["user"] == "splunk" @@ -1889,6 +1888,13 @@ def test_compose_1so_java_oracle(self): exec_command = self.client.exec_create("so1", "java -version") std_out = self.client.exec_start(exec_command) assert "java version \"1.8.0" in std_out + # Restart the container and make sure java is still installed + self.client.restart("so1") + assert self.wait_for_containers(container_count, label="com.docker.compose.project={}".format(self.project_name)) + assert self.check_splunkd("admin", self.password) + exec_command = self.client.exec_create("so1", "java -version") + std_out = self.client.exec_start(exec_command) + assert "java version \"1.8.0" in std_out def test_compose_1so_java_openjdk8(self): # Standup deployment @@ -1915,6 +1921,13 @@ def test_compose_1so_java_openjdk8(self): exec_command = self.client.exec_create("so1", "java -version") std_out = self.client.exec_start(exec_command) assert "openjdk version \"1.8.0" in std_out + # Restart the container and make sure java is still installed + self.client.restart("so1") + assert self.wait_for_containers(container_count, label="com.docker.compose.project={}".format(self.project_name)) + assert self.check_splunkd("admin", self.password) + exec_command = self.client.exec_create("so1", "java -version") + std_out = self.client.exec_start(exec_command) + assert "openjdk version \"1.8.0" in std_out def test_compose_1so_java_openjdk11(self): # Standup deployment @@ -1941,6 +1954,13 @@ def test_compose_1so_java_openjdk11(self): exec_command = self.client.exec_create("so1", "java -version") std_out = self.client.exec_start(exec_command) assert "openjdk version \"11.0.2" in std_out + # Restart the container and make sure java is still installed + self.client.restart("so1") + assert self.wait_for_containers(container_count, label="com.docker.compose.project={}".format(self.project_name)) + assert self.check_splunkd("admin", self.password) + exec_command = self.client.exec_create("so1", "java -version") + std_out = self.client.exec_start(exec_command) + assert "openjdk version \"11.0.2" in std_out def test_compose_1so_hec(self): # Standup deployment From 6d0fe8c35c86bac4c048545d15f1221eb03b89c3 Mon Sep 17 00:00:00 2001 From: Nelson Wang Date: Fri, 31 Jan 2020 13:31:16 -0800 Subject: [PATCH 08/11] Test updates per splunk-ansible changes --- tests/test_docker_splunk.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_docker_splunk.py b/tests/test_docker_splunk.py index bb516362..d85dc9eb 100644 --- a/tests/test_docker_splunk.py +++ b/tests/test_docker_splunk.py @@ -303,7 +303,7 @@ def check_common_keys(self, log_output, role): assert log_output["all"]["vars"]["ansible_pre_tasks"] == None assert log_output["all"]["vars"]["ansible_post_tasks"] == None assert log_output["all"]["vars"]["retry_num"] == 60 - assert log_output["all"]["vars"]["retry_delay"] == 3 + assert log_output["all"]["vars"]["retry_delay"] == 6 assert log_output["all"]["vars"]["wait_for_splunk_retry_num"] == 60 assert log_output["all"]["vars"]["shc_sync_retry_num"] == 60 assert log_output["all"]["vars"]["splunk"]["group"] == "splunk" From 95464a35e0620a3bbff6ae8787ba45db881239d2 Mon Sep 17 00:00:00 2001 From: Nelson Wang Date: Tue, 4 Feb 2020 10:35:34 -0800 Subject: [PATCH 09/11] Adding test for SPLUNK_LAUNCH_CONF env var --- tests/test_docker_splunk.py | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/tests/test_docker_splunk.py b/tests/test_docker_splunk.py index d85dc9eb..7e657647 100644 --- a/tests/test_docker_splunk.py +++ b/tests/test_docker_splunk.py @@ -703,6 +703,42 @@ def test_adhoc_1so_preplaybook(self): except OSError: pass + def test_adhoc_1so_splunk_launch_conf(self): + # Create a splunk container + cid = None + try: + splunk_container_name = generate_random_string() + cid = self.client.create_container(self.SPLUNK_IMAGE_NAME, tty=True, ports=[8089], name=splunk_container_name, + environment={ + "DEBUG": "true", + "SPLUNK_START_ARGS": "--accept-license", + "SPLUNK_PASSWORD": self.password, + "SPLUNK_LAUNCH_CONF": "OPTIMISTIC_ABOUT_FILE_LOCKING=1,HELLO=WORLD" + }, + host_config=self.client.create_host_config(port_bindings={8089: ("0.0.0.0",)}) + ) + cid = cid.get("Id") + self.client.start(cid) + # Poll for the container to be ready + assert self.wait_for_containers(1, name=splunk_container_name) + # Check splunkd + splunkd_port = self.client.port(cid, 8089)[0]["HostPort"] + url = "https://localhost:{}/services/server/info".format(splunkd_port) + kwargs = {"auth": ("admin", self.password), "verify": False} + status, content = self.handle_request_retry("GET", url, kwargs) + assert status == 200 + # Check splunk-launch.conf + exec_command = self.client.exec_create(cid, r'cat /opt/splunk/etc/splunk-launch.conf', user="splunk") + std_out = self.client.exec_start(exec_command) + assert "OPTIMISTIC_ABOUT_FILE_LOCKING=1" in std_out + assert "HELLO=WORLD" in std_out + except Exception as e: + self.logger.error(e) + raise e + finally: + if cid: + self.client.remove_container(cid, v=True, force=True) + def test_adhoc_1so_change_tailed_files(self): # Create a splunk container cid = None From 3af57652b0b0b20287539f67899bacc6405e29d0 Mon Sep 17 00:00:00 2001 From: Nelson Wang Date: Tue, 4 Feb 2020 10:54:02 -0800 Subject: [PATCH 10/11] Pinning ubi8.1 to former tag --- base/redhat-8/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/redhat-8/Dockerfile b/base/redhat-8/Dockerfile index 5c9cc528..21c0d708 100644 --- a/base/redhat-8/Dockerfile +++ b/base/redhat-8/Dockerfile @@ -16,7 +16,7 @@ # the container catalog moved from registry.access.redhat.com to registry.redhat.io # So at some point before they deprecate the old registry we have to make sure that # we have access to the new registry and change where we pull the ubi image from. -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1 +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1-328 LABEL name="splunk" \ maintainer="support@splunk.com" \ vendor="splunk" \ From b5a27497d9756d4585f18b7af9a522b7d915569e Mon Sep 17 00:00:00 2001 From: Nelson Wang Date: Wed, 12 Feb 2020 11:55:08 -0800 Subject: [PATCH 11/11] Updating changelog --- Makefile | 4 ++-- docs/CHANGELOG.md | 21 +++++++++++++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index e9deec02..4d9ae281 100644 --- a/Makefile +++ b/Makefile @@ -7,8 +7,8 @@ SPLUNK_ANSIBLE_BRANCH ?= develop SPLUNK_COMPOSE ?= cluster_absolute_unit.yaml # Set Splunk version/build parameters here to define downstream URLs and file names SPLUNK_PRODUCT := splunk -SPLUNK_VERSION := 8.0.1 -SPLUNK_BUILD := 6db836e2fb9e +SPLUNK_VERSION := 8.0.2 +SPLUNK_BUILD := a7f645ddaf91 ifeq ($(shell arch), s390x) SPLUNK_ARCH = s390x else diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index aaf908b6..b1b3f8d4 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -2,6 +2,7 @@ ## Navigation +* [8.0.2](#802) * [8.0.1](#801) * [8.0.0](#800) * [7.3.4](#734) @@ -23,6 +24,26 @@ --- +## 8.0.2 + +#### What's New? +* New Splunk Enterprise release of 8.0.2 + +#### docker-splunk changes: +* Bumping Splunk version. For details, see: https://docs.splunk.com/Documentation/Splunk/8.0.2/ReleaseNotes/Fixedissues +* Bugfixes and increasing test coverage for new features + +#### splunk-ansible changes: +* * Revised Splunk forwarding/receiving plays to optionally support SSL (see documentation on [securing data from forwarders](https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutsecuringdatafromforwarders)) +* Initial support for forwarder management using [Splunk Monitoring Console](https://docs.splunk.com/Documentation/Splunk/latest/DMC/DMCoverview) +* New environment variables exposed to control replication/search factor for clusters, key/value pairs written to `splunk-launch.conf`, and replacing default security key (pass4SymmKey) + +**NOTE** Changes made to support new features may break backwards-compatibility with former versions of the `default.yml` schema. This was deemed necessary for maintainability and extensibility for these additional features requested by the community. While we do test and make an effort to support previous schemas, it is strongly advised to regenerate the `default.yml` if you plan on upgrading to this version. + +**DEPRECATION WARNING** As mentioned in the changelog, the environment variables `SPLUNK_SHC_SECRET` and `SPLUNK_IDXC_SECRET` will now be replaced by `SPLUNK_SHC_PASS4SYMMKEY` and `SPLUNK_IDXC_PASS4SYMMKEY` respectively. Both are currently supported and will be mapped to the same setting now, but in the future we will likely remove both `SPLUNK_SHC_SECRET` and `SPLUNK_IDXC_SECRET` + +--- + ## 8.0.1 #### What's New?