splunk · nwang92 · Feb 13, 2020 · Dec 14, 2019 · Dec 17, 2019 · Dec 18, 2019
@@ -7,8 +7,8 @@ SPLUNK_ANSIBLE_BRANCH ?= develop
 SPLUNK_COMPOSE ?= cluster_absolute_unit.yaml
 # Set Splunk version/build parameters here to define downstream URLs and file names
 SPLUNK_PRODUCT := splunk
-SPLUNK_VERSION := 8.0.1
-SPLUNK_BUILD := 6db836e2fb9e
+SPLUNK_VERSION := 8.0.2
+SPLUNK_BUILD := a7f645ddaf91
 ifeq ($(shell arch), s390x)
 	SPLUNK_ARCH = s390x
 else

@@ -16,7 +16,7 @@
 # the container catalog moved from registry.access.redhat.com to registry.redhat.io
 # So at some point before they deprecate the old registry we have to make sure that
 # we have access to the new registry and change where we pull the ubi image from.
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.0-213
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1-328
 LABEL name="splunk" \
       maintainer="support@splunk.com" \
       vendor="splunk" \

@@ -15,6 +15,8 @@
 
 set -e
 
+# Per: https://github.com/rpm-software-management/microdnf/issues/50
+mkdir -p /run/user/$UID
 # reinstalling local en def for now, removed in minimal image https://bugzilla.redhat.com/show_bug.cgi?id=1665251
 microdnf -y --nodocs install glibc-langpack-en
 
@@ -25,7 +27,8 @@ microdnf -y --nodocs install glibc-langpack-en
 #We get around the gen above by forcing the language install, and then point to it.
 export LANG=en_US.utf8
 
-microdnf -y --nodocs install wget sudo shadow-utils procps tar
+rpm -e --nodeps tzdata
+microdnf -y --nodocs install wget sudo shadow-utils procps tar tzdata
 #install busybox direct from the multiarch since epel isn't availible yet for redhat8
 wget -O /bin/busybox https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-`arch`
 chmod +x /bin/busybox

@@ -18,6 +18,7 @@ Let's dive into the nitty-gritty on how to tweak the setup of your containerized
 * [Enable SmartStore](#enable-smartstore)
 * [Using deployment servers](#using-deployment-servers)
 * [Deploy distributed topology](#deploy-distributed-topology)
+* [Enable SSL internal communication](#enable-ssl-internal-communication)
 * [Build from source](#build-from-source)
     * [base-debian-9](#base-debian-9)
     * [splunk-debian-9](#splunk-debian-9)
@@ -248,6 +249,25 @@ While running a standalone Splunk instance may be fine for testing and developme
 
 See the [instructions on standing up a distributed environment](advanced/DISTRIBUTED_TOPOLOGY.md) to understand how to get started.
 
+## Enable SSL Internal Communication
+For users looking to secure the network traffic from one Splunk instance to another Splunk instance (ex: forwarders to indexers), you can enable forwarding and receiving to use SSL certificates. 
+
+If you wish to enable SSL on one tier of your Splunk topology, it's very likely all instances will need it. To achieve this, we recommend you generate your server and CA certificates and add them to the `default.yml` which gets shared across all Splunk docker containers. Use this example `default.yml` snippet for the configuration of Splunk TCP with SSL.  
+```
+splunk:
+  ...
+  s2s:
+    ca: /mnt/certs/ca.pem
+    cert: /mnt/certs/cert.pem
+    enable: true
+    password: abcd1234
+    port: 9997
+    ssl: true
+  ...
+```
+
+For more instructions on how to bring your own certificates, please see: https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcertificates
+
 ## Build from source
 While we don't support or recommend you building your own images from source, it is entirely possible. This can be useful if you want to incorporate very experimental features, test new features, and if you have your own registry for persistent images.
 

@@ -2,6 +2,7 @@
 
 ## Navigation
 
+* [8.0.2](#802)
 * [8.0.1](#801)
 * [8.0.0](#800)
 * [7.3.4](#734)
@@ -23,6 +24,26 @@
 
 ---
 
+## 8.0.2
+
+#### What's New?
+* New Splunk Enterprise release of 8.0.2
+
+#### docker-splunk changes:
+* Bumping Splunk version. For details, see: https://docs.splunk.com/Documentation/Splunk/8.0.2/ReleaseNotes/Fixedissues
+* Bugfixes and increasing test coverage for new features
+
+#### splunk-ansible changes:
+* * Revised Splunk forwarding/receiving plays to optionally support SSL (see documentation on [securing data from forwarders](https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutsecuringdatafromforwarders))
+* Initial support for forwarder management using [Splunk Monitoring Console](https://docs.splunk.com/Documentation/Splunk/latest/DMC/DMCoverview)
+* New environment variables exposed to control replication/search factor for clusters, key/value pairs written to `splunk-launch.conf`, and replacing default security key (pass4SymmKey)
+
+**NOTE** Changes made to support new features may break backwards-compatibility with former versions of the `default.yml` schema. This was deemed necessary for maintainability and extensibility for these additional features requested by the community. While we do test and make an effort to support previous schemas, it is strongly advised to regenerate the `default.yml` if you plan on upgrading to this version.
+
+**DEPRECATION WARNING** As mentioned in the changelog, the environment variables `SPLUNK_SHC_SECRET` and `SPLUNK_IDXC_SECRET` will now be replaced by `SPLUNK_SHC_PASS4SYMMKEY` and `SPLUNK_IDXC_PASS4SYMMKEY` respectively. Both are currently supported and will be mapped to the same setting now, but in the future we will likely remove both `SPLUNK_SHC_SECRET` and `SPLUNK_IDXC_SECRET`
+
+---
+
 ## 8.0.1
 
 #### What's New?

@@ -25,7 +25,9 @@
 splunk_hec_token = os.environ.get("SPLUNK_HEC_TOKEN", None)
 splunk_password = os.environ.get("SPLUNK_PASSWORD", None)
 splunk_idxc_secret = os.environ.get("SPLUNK_IDXC_SECRET", None)
+splunk_idxc_pass4SymmKey = os.environ.get("SPLUNK_IDXC_PASS4SYMMKEY", None)
 splunk_shc_secret = os.environ.get("SPLUNK_SHC_SECRET", None)
+splunk_shc_pass4SymmKey = os.environ.get("SPLUNK_SHC_PASS4SYMMKEY", None)
 
 def random_generator(size=24):
     # Use System Random for
@@ -41,10 +43,18 @@ def random_generator(size=24):
     os.environ["SPLUNK_HEC_TOKEN"] = str(tempuuid)
 if not splunk_password:
     os.environ["SPLUNK_PASSWORD"] = random_generator()
-if not splunk_idxc_secret:
-    os.environ["SPLUNK_IDXC_SECRET"] = random_generator()
-if not splunk_shc_secret:
-    os.environ["SPLUNK_SHC_SECRET"] = random_generator()
+if splunk_idxc_pass4SymmKey:
+    os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = splunk_idxc_pass4SymmKey
+elif splunk_idxc_secret:
+    os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = splunk_idxc_secret
+else:
+    os.environ["SPLUNK_IDXC_PASS4SYMMKEY"] = os.environ["SPLUNK_IDXC_SECRET"] = random_generator()
+if splunk_shc_secret:
+    os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = splunk_shc_pass4SymmKey
+elif splunk_shc_pass4SymmKey:
+    os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = splunk_shc_secret
+else:
+    os.environ["SPLUNK_SHC_PASS4SYMMKEY"] = os.environ["SPLUNK_SHC_SECRET"] = random_generator()
 sys.argv.append("--write-to-stdout")
 import environ
 environ.main()