From dcd8b9d548b1d3ec0d68721afcd0ade32160d850 Mon Sep 17 00:00:00 2001 From: Denis Gladkikh Date: Tue, 24 Apr 2018 22:46:30 -0700 Subject: [PATCH 1/4] Splunk 7.1.0 --- CONTRIBUTING.md | 2 +- enterprise/Dockerfile | 5 +++-- enterprise/README.md | 18 +++++++++--------- enterprise/build.sh | 8 ++++---- enterprise/docker-compose.yml | 6 +++--- enterprise/entrypoint.sh | 4 ++-- enterprise/publishImage.sh | 4 ++-- universalforwarder/Dockerfile | 4 ++-- universalforwarder/README.md | 14 +++++++------- universalforwarder/build.sh | 8 ++++---- universalforwarder/docker-compose.yml | 8 ++++---- universalforwarder/entrypoint.sh | 2 +- universalforwarder/publishImage.sh | 4 ++-- 13 files changed, 44 insertions(+), 43 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5c9a034..23693ed 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,7 +14,7 @@ If you experience problems or see unexpected behavior with this project, create 0. Version of this project you're using (ex: 1.5.0) 0. Platform version (ex: Windows Server 2012 R2) -0. Splunk version (ex: 7.0.2) +0. Splunk version (ex: 7.1.0) 0. Other relevant information (ex: local/remote environment, Splunk network configuration) Alternatively, if you have a Splunk question please ask on [Splunk Answers][answers]. diff --git a/enterprise/Dockerfile b/enterprise/Dockerfile index 78aa03b..b4f9cd7 100644 --- a/enterprise/Dockerfile +++ b/enterprise/Dockerfile @@ -1,10 +1,11 @@ FROM debian:jessie ENV SPLUNK_PRODUCT splunk -ENV SPLUNK_VERSION 7.0.2 -ENV SPLUNK_BUILD 03bbabbd5c0f +ENV SPLUNK_VERSION 7.1.0 +ENV SPLUNK_BUILD 2e75b3406c5b ENV SPLUNK_FILENAME splunk-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-x86_64.tgz + ENV SPLUNK_HOME /opt/splunk ENV SPLUNK_GROUP splunk ENV SPLUNK_USER splunk diff --git a/enterprise/README.md b/enterprise/README.md index 27f4620..2684b8d 100644 --- a/enterprise/README.md +++ b/enterprise/README.md @@ -1,6 +1,6 @@ # Supported tags -* `7.0.2`,`latest`- Splunk Enterprise base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile) +* `7.1.0`,`latest`- Splunk Enterprise base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile) * `6.5.3-monitor` - Splunk Enterprise with Docker Monitoring [Dockerfile](https://github.com/splunk/docker-itmonitoring/blob/master/enterprise/Dockerfile) # What is Splunk Enterprise? @@ -16,7 +16,7 @@ If you have not used Docker before, see the [Getting started tutorial](https://d 0. (Optional) Sign up for a Docker ID at [Docker Hub](https://hub.docker.com). 0. Download and install Docker on your system. 0. Open a shell prompt or Terminal window. -0. Enter the following command to pull the Splunk Enterprise version 7.0.2 image.
+0. Enter the following command to pull the Splunk Enterprise version 7.1.0 image.
```bash docker pull splunk/splunk @@ -35,10 +35,10 @@ See [How to use the Splunk Enterprise Docker image](#How-to-use-the-Splunk-Enter The following commands can be run from a shell prompt or Docker QuickStart Terminal (on Mac OS X). -### Pull an image for version 7.0.2 of Splunk Enterprise from this repository +### Pull an image for version 7.1.0 of Splunk Enterprise from this repository ```bash -docker pull splunk/splunk:7.0.2 +docker pull splunk/splunk:7.1.0 ``` ### Pull an image that uses the latest version of Splunk Enterprise from this repository @@ -52,13 +52,13 @@ docker pull splunk/splunk:latest This command starts a Splunk Enterprise instance from the Docker container in this repository, accepts the license agreement, and opens TCP port 8000 so that you can access the Splunk instance from your local machine. ```bash -docker run --name splunk --hostname splunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:7.0.2 +docker run --name splunk --hostname splunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:7.1.0 ``` ### Start a Splunk Enterprise container and mount the necessary container volumes ```bash docker run --name vsplunk -v /opt/splunk/etc -v /opt/splunk/var busybox -docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:7.0.2 +docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:7.1.0 ``` > Note: @@ -70,7 +70,7 @@ docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 - ### Start a Splunk Enterprise container and mount volumes from host ```bash -docker run --name splunk --hostname splunk -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -v /opt/splunk/etc:/opt/splunk/etc -v /opt/splunk/var:/opt/splunk/var splunk/splunk:7.0.2 +docker run --name splunk --hostname splunk -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -v /opt/splunk/etc:/opt/splunk/etc -v /opt/splunk/var:/opt/splunk/var splunk/splunk:7.1.0 ``` ### Use entrypoint.sh to execute Splunk commands @@ -102,7 +102,7 @@ services: splunkenterprise: hostname: splunkenterprise - image: splunk/splunk:7.0.2 + image: splunk/splunk:7.1.0 environment: SPLUNK_START_ARGS: --accept-license SPLUNK_ENABLE_LISTEN: 9997 @@ -129,7 +129,7 @@ services: The `splunk/splunk` image comes in several variants: -`splunk/splunk:7.0.2` +`splunk/splunk:7.1.0` This is the default Splunk Enterprise image. `splunk/splunk:6.5.3-monitor` diff --git a/enterprise/build.sh b/enterprise/build.sh index aa98bb2..3f0fcfc 100755 --- a/enterprise/build.sh +++ b/enterprise/build.sh @@ -3,7 +3,7 @@ if [ -z $CURRENT ]; then CURRENT=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) fi -docker build --no-cache=true -t splunk/splunk:7.0.2 . -docker tag splunk/splunk:7.0.2 splunk/splunk:latest -docker tag splunk/splunk:7.0.2 registry.splunk.com/splunk/splunk:latest -docker tag splunk/splunk:7.0.2 registry.splunk.com/splunk/splunk:7.0.2 +docker build --no-cache=true -t splunk/splunk:7.1.0 . +docker tag splunk/splunk:7.1.0 splunk/splunk:latest +docker tag splunk/splunk:7.1.0 registry.splunk.com/splunk/splunk:latest +docker tag splunk/splunk:7.1.0 registry.splunk.com/splunk/splunk:7.1.0 diff --git a/enterprise/docker-compose.yml b/enterprise/docker-compose.yml index 6a23b07..718686d 100644 --- a/enterprise/docker-compose.yml +++ b/enterprise/docker-compose.yml @@ -1,7 +1,7 @@ # must accept EULA the first time that the image is started -# docker run splunk/enterprise:7.0.2 +# docker run splunk/enterprise:7.1.0 # Options on how to review the EULA and accept it: -# 1. docker run -it splunk/enterprisetrial:7.0.2 +# 1. docker run -it splunk/enterprisetrial:7.1.0 # 2. Add the following environment variable: SPLUNK_START_ARGS=--accept-license # e.g., docker run -e "SPLUNK_START_ARGS=--accept-license" splunk/enterprisetrial @@ -16,7 +16,7 @@ services: splunkenterprise: #build: . hostname: splunkenterprise - image: splunk/splunk:7.0.2 + image: splunk/splunk:7.1.0 environment: SPLUNK_START_ARGS: --accept-license SPLUNK_ENABLE_LISTEN: 9997 diff --git a/enterprise/entrypoint.sh b/enterprise/entrypoint.sh index 38f7ca1..0f456ca 100644 --- a/enterprise/entrypoint.sh +++ b/enterprise/entrypoint.sh @@ -51,8 +51,8 @@ Splunk Enterprise   Usage: -    docker run -it splunk/enterprise:7.0.2 -    docker run --env SPLUNK_START_ARGS="--accept-license" splunk/enterprise:7.0.2 +    docker run -it splunk/enterprise:7.1.0 +    docker run --env SPLUNK_START_ARGS="--accept-license" splunk/enterprise:7.1.0 EOF exit 1 diff --git a/enterprise/publishImage.sh b/enterprise/publishImage.sh index 8c01ad2..3a77ccb 100755 --- a/enterprise/publishImage.sh +++ b/enterprise/publishImage.sh @@ -1,7 +1,7 @@ -docker push splunk/splunk:7.0.2 +docker push splunk/splunk:7.1.0 docker push splunk/splunk:latest -docker push registry.splunk.com/splunk/splunk:7.0.2 +docker push registry.splunk.com/splunk/splunk:7.1.0 docker push registry.splunk.com/splunk/splunk:latest diff --git a/universalforwarder/Dockerfile b/universalforwarder/Dockerfile index 2e3deb3..76e90da 100644 --- a/universalforwarder/Dockerfile +++ b/universalforwarder/Dockerfile @@ -1,8 +1,8 @@ FROM debian:jessie ENV SPLUNK_PRODUCT universalforwarder -ENV SPLUNK_VERSION 7.0.2 -ENV SPLUNK_BUILD 03bbabbd5c0f +ENV SPLUNK_VERSION 7.1.0 +ENV SPLUNK_BUILD 2e75b3406c5b ENV SPLUNK_FILENAME splunkforwarder-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-x86_64.tgz ENV SPLUNK_HOME /opt/splunk diff --git a/universalforwarder/README.md b/universalforwarder/README.md index 6f82feb..1618eb9 100644 --- a/universalforwarder/README.md +++ b/universalforwarder/README.md @@ -1,6 +1,6 @@ # Supported tags -* `7.0.2`, `latest` - Splunk universal forwarder base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile) +* `7.1.0`, `latest` - Splunk universal forwarder base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile) * `6.5.3-monitor` - Splunk universal forwarder with Docker Monitoring [Dockerfile](https://github.com/splunk/docker-itmonitoring/blob/master/universalforwarder/Dockerfile) # What is the Splunk Universal Forwarder? @@ -18,7 +18,7 @@ If you have not used Docker before, see the [Getting started tutorial](https://d 0. (Optional) Sign up for a Docker ID at [Docker Hub](https://hub.docker.com). 0. Download and install Docker on your system. 0. Open a shell prompt or Terminal window. -0. Enter the following command to pull the Splunk Enterprise version 7.0.2 image.
+0. Enter the following command to pull the Splunk Enterprise version 7.1.0 image.
```bash @@ -49,14 +49,14 @@ The universal forwarder docker image can collect data from a host and send data The following commands are examples of how to pull and run the universal forwarder Docker image. They can be run from a shell prompt or Docker QuickStart Terminal (on Mac OS X). ### Pull an image from this repository for the universal fowarder with the Docker data collection inputs -The `7.0.2-monitor` tag ensures that the universal forwarder has the data inputs you need to get stats from a Docker container. +The `7.1.0-monitor` tag ensures that the universal forwarder has the data inputs you need to get stats from a Docker container. ```bash -docker pull splunk/universalforwarder:7.0.2-monitor +docker pull splunk/universalforwarder:7.1.0-monitor ``` ### Pull the latest version of the image from this repository -The `7.0.2` and `latest` versions only have the forwarder and do not have any of the data inputs. +The `7.1.0` and `latest` versions only have the forwarder and do not have any of the data inputs. ======= The `6.5.3-monitor` tag ensures that the universal forwarder has the data inputs you need to get stats from a Docker container. @@ -112,7 +112,7 @@ services: splunkuniversalforwarder: hostname: splunkuniversalforwarder - image: splunk/universalforwarder:7.0.2 + image: splunk/universalforwarder:7.1.0 environment: SPLUNK_START_ARGS: --accept-license volumes: - opt-splunk-etc:/opt/splunk/etc @@ -135,7 +135,7 @@ services: The `splunk/universalforwarder` image comes in the following variants: -`splunk/universalforwarder:7.0.2` and `splunk/universalforwarder:latest` +`splunk/universalforwarder:7.1.0` and `splunk/universalforwarder:latest` This is the default universal forwarder image. `splunk/universalforwarder:6.5.3-monitor` diff --git a/universalforwarder/build.sh b/universalforwarder/build.sh index ef639b9..f31d57f 100755 --- a/universalforwarder/build.sh +++ b/universalforwarder/build.sh @@ -4,9 +4,9 @@ if [ -z $CURRENT ]; then fi -docker build --no-cache=true -t splunk/universalforwarder:7.0.2 $CURRENT -docker tag splunk/universalforwarder:7.0.2 splunk/universalforwarder:latest -docker tag splunk/universalforwarder:7.0.2 registry.splunk.com/splunk/universalforwarder:7.0.2 -docker tag splunk/universalforwarder:7.0.2 registry.splunk.com/splunk/universalforwarder:latest +docker build --no-cache=true -t splunk/universalforwarder:7.1.0 $CURRENT +docker tag splunk/universalforwarder:7.1.0 splunk/universalforwarder:latest +docker tag splunk/universalforwarder:7.1.0 registry.splunk.com/splunk/universalforwarder:7.1.0 +docker tag splunk/universalforwarder:7.1.0 registry.splunk.com/splunk/universalforwarder:latest diff --git a/universalforwarder/docker-compose.yml b/universalforwarder/docker-compose.yml index 54ad456..9034c8c 100644 --- a/universalforwarder/docker-compose.yml +++ b/universalforwarder/docker-compose.yml @@ -1,10 +1,10 @@ # must accept EULA the first time that the image is started -# docker run splunk/universalforwarder:7.0.2 +# docker run splunk/universalforwarder:7.1.0 # Options on how to review the EULA and accept it: -# 1. docker run -it splunk/universalforwarder:7.0.2 +# 1. docker run -it splunk/universalforwarder:7.1.0 # 2. Add the following environment variable: SPLUNK_START_ARGS=--accept-license -# e.g., docker run -e "SPLUNK_START_ARGS=--accept-license" splunk/splunkuniversalforwarder:7.0.2 +# e.g., docker run -e "SPLUNK_START_ARGS=--accept-license" splunk/splunkuniversalforwarder:7.1.0 # Support for Docker Compose v3, https://docs.docker.com/compose/overview/ version: '3' @@ -17,7 +17,7 @@ services: splunkuniversalforwarder: # build: . hostname: splunkuniversalforwarder - image: splunk/universalforwarder:7.0.2 + image: splunk/universalforwarder:7.1.0 # environment: # SPLUNK_START_ARGS: --accept-license volumes: diff --git a/universalforwarder/entrypoint.sh b/universalforwarder/entrypoint.sh index 30fd7c8..a99a8f0 100644 --- a/universalforwarder/entrypoint.sh +++ b/universalforwarder/entrypoint.sh @@ -51,7 +51,7 @@ Splunk Forwarder   Usage: -    docker run -it splunk/universalforwarder:7.0.2 +    docker run -it splunk/universalforwarder:7.1.0     docker run --env SPLUNK_START_ARGS="--accept-license" outcoldman/splunk:latest-forwarder EOF diff --git a/universalforwarder/publishImage.sh b/universalforwarder/publishImage.sh index 14768ce..f3b0cc8 100755 --- a/universalforwarder/publishImage.sh +++ b/universalforwarder/publishImage.sh @@ -1,5 +1,5 @@ #https://docs.docker.com/mac/step_six/ -docker push splunk/universalforwarder:7.0.2 +docker push splunk/universalforwarder:7.1.0 docker push splunk/universalforwarder:latest docker push registry.splunk.com/splunk/universalforwarder:latest -docker push registry.splunk.com/splunk/universalforwarder:7.0.2 +docker push registry.splunk.com/splunk/universalforwarder:7.1.0 From fa1eabb6a068b046cf3557e6570c576a501d235e Mon Sep 17 00:00:00 2001 From: Denis Gladkikh Date: Wed, 25 Apr 2018 11:27:17 -0700 Subject: [PATCH 2/4] Add gen-and-print-passwd in examples --- enterprise/README.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/enterprise/README.md b/enterprise/README.md index 2684b8d..1d25f1f 100644 --- a/enterprise/README.md +++ b/enterprise/README.md @@ -24,8 +24,9 @@ If you have not used Docker before, see the [Getting started tutorial](https://d 0. Run the Docker image. ```bash - docker run -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_USER=root" -p "8000:8000" splunk/splunk + docker run -d -e "SPLUNK_START_ARGS=--accept-license --gen-and-print-passwd" -e "SPLUNK_USER=root" -p "8000:8000" splunk/splunk ``` +0. Find randomly generated admin password in docker logs for this container. 0. Access the Splunk instance with a browser by using the Docker machine IP address and Splunk Web port. For example, ``http://localhost:8000` See [How to use the Splunk Enterprise Docker image](#How-to-use-the-Splunk-Enterprise-Docker-image) for additional example commands. @@ -52,13 +53,13 @@ docker pull splunk/splunk:latest This command starts a Splunk Enterprise instance from the Docker container in this repository, accepts the license agreement, and opens TCP port 8000 so that you can access the Splunk instance from your local machine. ```bash -docker run --name splunk --hostname splunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:7.1.0 +docker run --name splunk --hostname splunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license --gen-and-print-passwd" splunk/splunk:7.1.0 ``` ### Start a Splunk Enterprise container and mount the necessary container volumes ```bash docker run --name vsplunk -v /opt/splunk/etc -v /opt/splunk/var busybox -docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:7.1.0 +docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license --gen-and-print-passwd" splunk/splunk:7.1.0 ``` > Note: @@ -70,7 +71,7 @@ docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 - ### Start a Splunk Enterprise container and mount volumes from host ```bash -docker run --name splunk --hostname splunk -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -v /opt/splunk/etc:/opt/splunk/etc -v /opt/splunk/var:/opt/splunk/var splunk/splunk:7.1.0 +docker run --name splunk --hostname splunk -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license --gen-and-print-passwd" -v /opt/splunk/etc:/opt/splunk/etc -v /opt/splunk/var:/opt/splunk/var splunk/splunk:7.1.0 ``` ### Use entrypoint.sh to execute Splunk commands @@ -104,7 +105,7 @@ services: hostname: splunkenterprise image: splunk/splunk:7.1.0 environment: - SPLUNK_START_ARGS: --accept-license + SPLUNK_START_ARGS: --accept-license --gen-and-print-passwd SPLUNK_ENABLE_LISTEN: 9997 SPLUNK_ADD: tcp 1514 volumes: From 4cd389e23e59e17b66af8776fdfa9483680673d2 Mon Sep 17 00:00:00 2001 From: Michael Wilde Date: Tue, 17 Jul 2018 10:39:22 -0500 Subject: [PATCH 3/4] updated splunk version for 7.1.2 ent/fwrdr --- CONTRIBUTING.md | 2 +- enterprise/Dockerfile | 4 ++-- enterprise/README.md | 18 +++++++++--------- enterprise/build.sh | 8 ++++---- enterprise/docker-compose.yml | 6 +++--- enterprise/entrypoint.sh | 4 ++-- enterprise/publishImage.sh | 4 ++-- universalforwarder/Dockerfile | 4 ++-- universalforwarder/README.md | 14 +++++++------- universalforwarder/build.sh | 8 ++++---- universalforwarder/docker-compose.yml | 8 ++++---- universalforwarder/entrypoint.sh | 2 +- universalforwarder/publishImage.sh | 4 ++-- 13 files changed, 43 insertions(+), 43 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 23693ed..48edb76 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,7 +14,7 @@ If you experience problems or see unexpected behavior with this project, create 0. Version of this project you're using (ex: 1.5.0) 0. Platform version (ex: Windows Server 2012 R2) -0. Splunk version (ex: 7.1.0) +0. Splunk version (ex: 7.1.2) 0. Other relevant information (ex: local/remote environment, Splunk network configuration) Alternatively, if you have a Splunk question please ask on [Splunk Answers][answers]. diff --git a/enterprise/Dockerfile b/enterprise/Dockerfile index b4f9cd7..7549d96 100644 --- a/enterprise/Dockerfile +++ b/enterprise/Dockerfile @@ -1,8 +1,8 @@ FROM debian:jessie ENV SPLUNK_PRODUCT splunk -ENV SPLUNK_VERSION 7.1.0 -ENV SPLUNK_BUILD 2e75b3406c5b +ENV SPLUNK_VERSION 7.1.2 +ENV SPLUNK_BUILD a0c72a66db66 ENV SPLUNK_FILENAME splunk-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-x86_64.tgz diff --git a/enterprise/README.md b/enterprise/README.md index 1d25f1f..72c3622 100644 --- a/enterprise/README.md +++ b/enterprise/README.md @@ -1,6 +1,6 @@ # Supported tags -* `7.1.0`,`latest`- Splunk Enterprise base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile) +* `7.1.2`,`latest`- Splunk Enterprise base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile) * `6.5.3-monitor` - Splunk Enterprise with Docker Monitoring [Dockerfile](https://github.com/splunk/docker-itmonitoring/blob/master/enterprise/Dockerfile) # What is Splunk Enterprise? @@ -16,7 +16,7 @@ If you have not used Docker before, see the [Getting started tutorial](https://d 0. (Optional) Sign up for a Docker ID at [Docker Hub](https://hub.docker.com). 0. Download and install Docker on your system. 0. Open a shell prompt or Terminal window. -0. Enter the following command to pull the Splunk Enterprise version 7.1.0 image.
+0. Enter the following command to pull the Splunk Enterprise version 7.1.2 image.
```bash docker pull splunk/splunk @@ -36,10 +36,10 @@ See [How to use the Splunk Enterprise Docker image](#How-to-use-the-Splunk-Enter The following commands can be run from a shell prompt or Docker QuickStart Terminal (on Mac OS X). -### Pull an image for version 7.1.0 of Splunk Enterprise from this repository +### Pull an image for version 7.1.2 of Splunk Enterprise from this repository ```bash -docker pull splunk/splunk:7.1.0 +docker pull splunk/splunk:7.1.2 ``` ### Pull an image that uses the latest version of Splunk Enterprise from this repository @@ -53,13 +53,13 @@ docker pull splunk/splunk:latest This command starts a Splunk Enterprise instance from the Docker container in this repository, accepts the license agreement, and opens TCP port 8000 so that you can access the Splunk instance from your local machine. ```bash -docker run --name splunk --hostname splunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license --gen-and-print-passwd" splunk/splunk:7.1.0 +docker run --name splunk --hostname splunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license --gen-and-print-passwd" splunk/splunk:7.1.2 ``` ### Start a Splunk Enterprise container and mount the necessary container volumes ```bash docker run --name vsplunk -v /opt/splunk/etc -v /opt/splunk/var busybox -docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license --gen-and-print-passwd" splunk/splunk:7.1.0 +docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license --gen-and-print-passwd" splunk/splunk:7.1.2 ``` > Note: @@ -71,7 +71,7 @@ docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 - ### Start a Splunk Enterprise container and mount volumes from host ```bash -docker run --name splunk --hostname splunk -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license --gen-and-print-passwd" -v /opt/splunk/etc:/opt/splunk/etc -v /opt/splunk/var:/opt/splunk/var splunk/splunk:7.1.0 +docker run --name splunk --hostname splunk -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license --gen-and-print-passwd" -v /opt/splunk/etc:/opt/splunk/etc -v /opt/splunk/var:/opt/splunk/var splunk/splunk:7.1.2 ``` ### Use entrypoint.sh to execute Splunk commands @@ -103,7 +103,7 @@ services: splunkenterprise: hostname: splunkenterprise - image: splunk/splunk:7.1.0 + image: splunk/splunk:7.1.2 environment: SPLUNK_START_ARGS: --accept-license --gen-and-print-passwd SPLUNK_ENABLE_LISTEN: 9997 @@ -130,7 +130,7 @@ services: The `splunk/splunk` image comes in several variants: -`splunk/splunk:7.1.0` +`splunk/splunk:7.1.2` This is the default Splunk Enterprise image. `splunk/splunk:6.5.3-monitor` diff --git a/enterprise/build.sh b/enterprise/build.sh index 3f0fcfc..e5db56f 100755 --- a/enterprise/build.sh +++ b/enterprise/build.sh @@ -3,7 +3,7 @@ if [ -z $CURRENT ]; then CURRENT=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) fi -docker build --no-cache=true -t splunk/splunk:7.1.0 . -docker tag splunk/splunk:7.1.0 splunk/splunk:latest -docker tag splunk/splunk:7.1.0 registry.splunk.com/splunk/splunk:latest -docker tag splunk/splunk:7.1.0 registry.splunk.com/splunk/splunk:7.1.0 +docker build --no-cache=true -t splunk/splunk:7.1.2 . +docker tag splunk/splunk:7.1.2 splunk/splunk:latest +docker tag splunk/splunk:7.1.2 registry.splunk.com/splunk/splunk:latest +docker tag splunk/splunk:7.1.2 registry.splunk.com/splunk/splunk:7.1.2 diff --git a/enterprise/docker-compose.yml b/enterprise/docker-compose.yml index 718686d..0f4b473 100644 --- a/enterprise/docker-compose.yml +++ b/enterprise/docker-compose.yml @@ -1,7 +1,7 @@ # must accept EULA the first time that the image is started -# docker run splunk/enterprise:7.1.0 +# docker run splunk/enterprise:7.1.2 # Options on how to review the EULA and accept it: -# 1. docker run -it splunk/enterprisetrial:7.1.0 +# 1. docker run -it splunk/enterprisetrial:7.1.2 # 2. Add the following environment variable: SPLUNK_START_ARGS=--accept-license # e.g., docker run -e "SPLUNK_START_ARGS=--accept-license" splunk/enterprisetrial @@ -16,7 +16,7 @@ services: splunkenterprise: #build: . hostname: splunkenterprise - image: splunk/splunk:7.1.0 + image: splunk/splunk:7.1.2 environment: SPLUNK_START_ARGS: --accept-license SPLUNK_ENABLE_LISTEN: 9997 diff --git a/enterprise/entrypoint.sh b/enterprise/entrypoint.sh index 0f456ca..961566c 100644 --- a/enterprise/entrypoint.sh +++ b/enterprise/entrypoint.sh @@ -51,8 +51,8 @@ Splunk Enterprise   Usage: -    docker run -it splunk/enterprise:7.1.0 -    docker run --env SPLUNK_START_ARGS="--accept-license" splunk/enterprise:7.1.0 +    docker run -it splunk/enterprise:7.1.2 +    docker run --env SPLUNK_START_ARGS="--accept-license" splunk/enterprise:7.1.2 EOF exit 1 diff --git a/enterprise/publishImage.sh b/enterprise/publishImage.sh index 3a77ccb..4aac944 100755 --- a/enterprise/publishImage.sh +++ b/enterprise/publishImage.sh @@ -1,7 +1,7 @@ -docker push splunk/splunk:7.1.0 +docker push splunk/splunk:7.1.2 docker push splunk/splunk:latest -docker push registry.splunk.com/splunk/splunk:7.1.0 +docker push registry.splunk.com/splunk/splunk:7.1.2 docker push registry.splunk.com/splunk/splunk:latest diff --git a/universalforwarder/Dockerfile b/universalforwarder/Dockerfile index 76e90da..946d62a 100644 --- a/universalforwarder/Dockerfile +++ b/universalforwarder/Dockerfile @@ -1,8 +1,8 @@ FROM debian:jessie ENV SPLUNK_PRODUCT universalforwarder -ENV SPLUNK_VERSION 7.1.0 -ENV SPLUNK_BUILD 2e75b3406c5b +ENV SPLUNK_VERSION 7.1.2 +ENV SPLUNK_BUILD a0c72a66db66 ENV SPLUNK_FILENAME splunkforwarder-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-x86_64.tgz ENV SPLUNK_HOME /opt/splunk diff --git a/universalforwarder/README.md b/universalforwarder/README.md index 1618eb9..475e5f6 100644 --- a/universalforwarder/README.md +++ b/universalforwarder/README.md @@ -1,6 +1,6 @@ # Supported tags -* `7.1.0`, `latest` - Splunk universal forwarder base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile) +* `7.1.2`, `latest` - Splunk universal forwarder base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile) * `6.5.3-monitor` - Splunk universal forwarder with Docker Monitoring [Dockerfile](https://github.com/splunk/docker-itmonitoring/blob/master/universalforwarder/Dockerfile) # What is the Splunk Universal Forwarder? @@ -18,7 +18,7 @@ If you have not used Docker before, see the [Getting started tutorial](https://d 0. (Optional) Sign up for a Docker ID at [Docker Hub](https://hub.docker.com). 0. Download and install Docker on your system. 0. Open a shell prompt or Terminal window. -0. Enter the following command to pull the Splunk Enterprise version 7.1.0 image.
+0. Enter the following command to pull the Splunk Enterprise version 7.1.2 image.
```bash @@ -49,14 +49,14 @@ The universal forwarder docker image can collect data from a host and send data The following commands are examples of how to pull and run the universal forwarder Docker image. They can be run from a shell prompt or Docker QuickStart Terminal (on Mac OS X). ### Pull an image from this repository for the universal fowarder with the Docker data collection inputs -The `7.1.0-monitor` tag ensures that the universal forwarder has the data inputs you need to get stats from a Docker container. +The `7.1.2-monitor` tag ensures that the universal forwarder has the data inputs you need to get stats from a Docker container. ```bash -docker pull splunk/universalforwarder:7.1.0-monitor +docker pull splunk/universalforwarder:7.1.2-monitor ``` ### Pull the latest version of the image from this repository -The `7.1.0` and `latest` versions only have the forwarder and do not have any of the data inputs. +The `7.1.2` and `latest` versions only have the forwarder and do not have any of the data inputs. ======= The `6.5.3-monitor` tag ensures that the universal forwarder has the data inputs you need to get stats from a Docker container. @@ -112,7 +112,7 @@ services: splunkuniversalforwarder: hostname: splunkuniversalforwarder - image: splunk/universalforwarder:7.1.0 + image: splunk/universalforwarder:7.1.2 environment: SPLUNK_START_ARGS: --accept-license volumes: - opt-splunk-etc:/opt/splunk/etc @@ -135,7 +135,7 @@ services: The `splunk/universalforwarder` image comes in the following variants: -`splunk/universalforwarder:7.1.0` and `splunk/universalforwarder:latest` +`splunk/universalforwarder:7.1.2` and `splunk/universalforwarder:latest` This is the default universal forwarder image. `splunk/universalforwarder:6.5.3-monitor` diff --git a/universalforwarder/build.sh b/universalforwarder/build.sh index f31d57f..823b12a 100755 --- a/universalforwarder/build.sh +++ b/universalforwarder/build.sh @@ -4,9 +4,9 @@ if [ -z $CURRENT ]; then fi -docker build --no-cache=true -t splunk/universalforwarder:7.1.0 $CURRENT -docker tag splunk/universalforwarder:7.1.0 splunk/universalforwarder:latest -docker tag splunk/universalforwarder:7.1.0 registry.splunk.com/splunk/universalforwarder:7.1.0 -docker tag splunk/universalforwarder:7.1.0 registry.splunk.com/splunk/universalforwarder:latest +docker build --no-cache=true -t splunk/universalforwarder:7.1.2 $CURRENT +docker tag splunk/universalforwarder:7.1.2 splunk/universalforwarder:latest +docker tag splunk/universalforwarder:7.1.2 registry.splunk.com/splunk/universalforwarder:7.1.2 +docker tag splunk/universalforwarder:7.1.2 registry.splunk.com/splunk/universalforwarder:latest diff --git a/universalforwarder/docker-compose.yml b/universalforwarder/docker-compose.yml index 9034c8c..91b47fd 100644 --- a/universalforwarder/docker-compose.yml +++ b/universalforwarder/docker-compose.yml @@ -1,10 +1,10 @@ # must accept EULA the first time that the image is started -# docker run splunk/universalforwarder:7.1.0 +# docker run splunk/universalforwarder:7.1.2 # Options on how to review the EULA and accept it: -# 1. docker run -it splunk/universalforwarder:7.1.0 +# 1. docker run -it splunk/universalforwarder:7.1.2 # 2. Add the following environment variable: SPLUNK_START_ARGS=--accept-license -# e.g., docker run -e "SPLUNK_START_ARGS=--accept-license" splunk/splunkuniversalforwarder:7.1.0 +# e.g., docker run -e "SPLUNK_START_ARGS=--accept-license" splunk/splunkuniversalforwarder:7.1.2 # Support for Docker Compose v3, https://docs.docker.com/compose/overview/ version: '3' @@ -17,7 +17,7 @@ services: splunkuniversalforwarder: # build: . hostname: splunkuniversalforwarder - image: splunk/universalforwarder:7.1.0 + image: splunk/universalforwarder:7.1.2 # environment: # SPLUNK_START_ARGS: --accept-license volumes: diff --git a/universalforwarder/entrypoint.sh b/universalforwarder/entrypoint.sh index a99a8f0..22eeac8 100644 --- a/universalforwarder/entrypoint.sh +++ b/universalforwarder/entrypoint.sh @@ -51,7 +51,7 @@ Splunk Forwarder   Usage: -    docker run -it splunk/universalforwarder:7.1.0 +    docker run -it splunk/universalforwarder:7.1.2     docker run --env SPLUNK_START_ARGS="--accept-license" outcoldman/splunk:latest-forwarder EOF diff --git a/universalforwarder/publishImage.sh b/universalforwarder/publishImage.sh index f3b0cc8..1b24fca 100755 --- a/universalforwarder/publishImage.sh +++ b/universalforwarder/publishImage.sh @@ -1,5 +1,5 @@ #https://docs.docker.com/mac/step_six/ -docker push splunk/universalforwarder:7.1.0 +docker push splunk/universalforwarder:7.1.2 docker push splunk/universalforwarder:latest docker push registry.splunk.com/splunk/universalforwarder:latest -docker push registry.splunk.com/splunk/universalforwarder:7.1.0 +docker push registry.splunk.com/splunk/universalforwarder:7.1.2 From e6b5fa15fc7b9deb938e977b282081fa2dab5c6d Mon Sep 17 00:00:00 2001 From: Michael Wilde Date: Tue, 17 Jul 2018 11:47:43 -0500 Subject: [PATCH 4/4] updated runtime arguments and readme to support --seed-passwd --- enterprise/README.md | 486 +++++++++++++++---------------- enterprise/entrypoint.sh | 4 +- universalforwarder/README.md | 10 +- universalforwarder/entrypoint.sh | 4 +- 4 files changed, 252 insertions(+), 252 deletions(-) diff --git a/enterprise/README.md b/enterprise/README.md index 72c3622..d117dda 100644 --- a/enterprise/README.md +++ b/enterprise/README.md @@ -1,274 +1,274 @@ -# Supported tags + # Supported tags -* `7.1.2`,`latest`- Splunk Enterprise base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile) -* `6.5.3-monitor` - Splunk Enterprise with Docker Monitoring [Dockerfile](https://github.com/splunk/docker-itmonitoring/blob/master/enterprise/Dockerfile) + * `7.1.2`,`latest`- Splunk Enterprise base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile) + * `6.5.3-monitor` - Splunk Enterprise with Docker Monitoring [Dockerfile](https://github.com/splunk/docker-itmonitoring/blob/master/enterprise/Dockerfile) -# What is Splunk Enterprise? + # What is Splunk Enterprise? -Splunk Enterprise is the platform for operational intelligence. The software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results. + Splunk Enterprise is the platform for operational intelligence. The software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results. -This repository contains Dockerfiles that you can use to build [Splunk](https://splunk.com) Docker images. + This repository contains Dockerfiles that you can use to build [Splunk](https://splunk.com) Docker images. -# Get started with the Splunk Enterprise Docker Image + # Get started with the Splunk Enterprise Docker Image -If you have not used Docker before, see the [Getting started tutorial](https://docs.docker.com/mac/started) for Docker. + If you have not used Docker before, see the [Getting started tutorial](https://docs.docker.com/mac/started) for Docker. -0. (Optional) Sign up for a Docker ID at [Docker Hub](https://hub.docker.com). -0. Download and install Docker on your system. -0. Open a shell prompt or Terminal window. -0. Enter the following command to pull the Splunk Enterprise version 7.1.2 image.
- - ```bash - docker pull splunk/splunk - ``` -0. Run the Docker image. - - ```bash - docker run -d -e "SPLUNK_START_ARGS=--accept-license --gen-and-print-passwd" -e "SPLUNK_USER=root" -p "8000:8000" splunk/splunk - ``` -0. Find randomly generated admin password in docker logs for this container. -0. Access the Splunk instance with a browser by using the Docker machine IP address and Splunk Web port. For example, ``http://localhost:8000` + 0. (Optional) Sign up for a Docker ID at [Docker Hub](https://hub.docker.com). + 0. Download and install Docker on your system. + 0. Open a shell prompt or Terminal window. + 0. Enter the following command to pull the Splunk Enterprise version 7.1.2 image.
+ + ```bash + docker pull splunk/splunk + ``` + 0. Run the Docker image. + + ```bash + docker run -d -e "SPLUNK_START_ARGS=--accept-license --seed-passwd " -e "SPLUNK_USER=root" -p "8000:8000" splunk/splunk + ``` + 0. Find randomly generated admin password in docker logs for this container. + 0. Access the Splunk instance with a browser by using the Docker machine IP address and Splunk Web port. For example, ``http://localhost:8000` -See [How to use the Splunk Enterprise Docker image](#How-to-use-the-Splunk-Enterprise-Docker-image) for additional example commands. + See [How to use the Splunk Enterprise Docker image](#How-to-use-the-Splunk-Enterprise-Docker-image) for additional example commands. -# How to use the Splunk Enterprise Docker image + # How to use the Splunk Enterprise Docker image -The following commands can be run from a shell prompt or Docker QuickStart Terminal (on Mac OS X). + The following commands can be run from a shell prompt or Docker QuickStart Terminal (on Mac OS X). -### Pull an image for version 7.1.2 of Splunk Enterprise from this repository + ### Pull an image for version 7.1.2 of Splunk Enterprise from this repository -```bash -docker pull splunk/splunk:7.1.2 -``` + ```bash + docker pull splunk/splunk:7.1.2 + ``` -### Pull an image that uses the latest version of Splunk Enterprise from this repository + ### Pull an image that uses the latest version of Splunk Enterprise from this repository -```bash -docker pull splunk/splunk:latest -``` + ```bash + docker pull splunk/splunk:latest + ``` -### Start a Splunk Enterprise container and automatically accept the license agreement + ### Start a Splunk Enterprise container and automatically accept the license agreement -This command starts a Splunk Enterprise instance from the Docker container in this repository, accepts the license agreement, and opens TCP port 8000 so that you can access the Splunk instance from your local machine. + This command starts a Splunk Enterprise instance from the Docker container in this repository, accepts the license agreement, and opens TCP port 8000 so that you can access the Splunk instance from your local machine. -```bash -docker run --name splunk --hostname splunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license --gen-and-print-passwd" splunk/splunk:7.1.2 -``` -### Start a Splunk Enterprise container and mount the necessary container volumes + ```bash + docker run --name splunk --hostname splunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=---accept-license --seed-passwd " splunk/splunk:7.1.2 + ``` + ### Start a Splunk Enterprise container and mount the necessary container volumes -```bash -docker run --name vsplunk -v /opt/splunk/etc -v /opt/splunk/var busybox -docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license --gen-and-print-passwd" splunk/splunk:7.1.2 -``` + ```bash + docker run --name vsplunk -v /opt/splunk/etc -v /opt/splunk/var busybox + docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license --seed-passwd " splunk/splunk:7.1.2 + ``` -> Note: -> -> When using data volumes containers, docker will provision the image required volumes automatically under /var/lib/docker/volumes/... -> -> Please, refer to the link for further information: [link to Docker documentation](https://docs.docker.com/engine/tutorials/dockervolumes/#locating-a-volume) + > Note: + > + > When using data volumes containers, docker will provision the image required volumes automatically under /var/lib/docker/volumes/... + > + > Please, refer to the link for further information: [link to Docker documentation](https://docs.docker.com/engine/tutorials/dockervolumes/#locating-a-volume) -### Start a Splunk Enterprise container and mount volumes from host + ### Start a Splunk Enterprise container and mount volumes from host -```bash -docker run --name splunk --hostname splunk -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license --gen-and-print-passwd" -v /opt/splunk/etc:/opt/splunk/etc -v /opt/splunk/var:/opt/splunk/var splunk/splunk:7.1.2 -``` + ```bash + docker run --name splunk --hostname splunk -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license --seed-passwd " -v /opt/splunk/etc:/opt/splunk/etc -v /opt/splunk/var:/opt/splunk/var splunk/splunk:7.1.2 + ``` -### Use entrypoint.sh to execute Splunk commands + ### Use entrypoint.sh to execute Splunk commands -You can execute commands in the container by typing in the following command, for example: + You can execute commands in the container by typing in the following command, for example: -``` -docker exec splunk entrypoint.sh splunk version -``` + ``` + docker exec splunk entrypoint.sh splunk version + ``` -To learn about the commands you can use with entrypoint.sh, see [Administrative CLI commands](https://docs.splunk.com/Documentation/Splunk/latest/Admin/CLIadmincommands) in the Splunk documentation. + To learn about the commands you can use with entrypoint.sh, see [Administrative CLI commands](https://docs.splunk.com/Documentation/Splunk/latest/Admin/CLIadmincommands) in the Splunk documentation. -You can also use entrypoint.sh to configure Splunk services with environment variables. See [Basic configuration with environment variables](#basic-configuration-with-environment-variables). + You can also use entrypoint.sh to configure Splunk services with environment variables. See [Basic configuration with environment variables](#basic-configuration-with-environment-variables). -# Configure the Splunk Enterprise Docker container with [docker-compose](https://docs.docker.com/compose/) + # Configure the Splunk Enterprise Docker container with [docker-compose](https://docs.docker.com/compose/) -1. At a shell prompt, create a text file `docker-compose.yml` if it does not already exist. -2. Open `docker-compose.yml` for editing. -3. Insert the following block of text into the file. - -``` -version: '3' + 1. At a shell prompt, create a text file `docker-compose.yml` if it does not already exist. + 2. Open `docker-compose.yml` for editing. + 3. Insert the following block of text into the file. + + ``` + version: '3' -volumes: - opt-splunk-etc: - opt-splunk-var: - -services: - splunkenterprise: - - hostname: splunkenterprise - image: splunk/splunk:7.1.2 - environment: - SPLUNK_START_ARGS: --accept-license --gen-and-print-passwd - SPLUNK_ENABLE_LISTEN: 9997 - SPLUNK_ADD: tcp 1514 volumes: - - opt-splunk-etc:/opt/splunk/etc - - opt-splunk-var:/opt/splunk/var - ports: - - "8000:8000" - - "9997:9997" - - "8088:8088" - - "1514:1514" - ``` -4. Save the file and close it. -5. Run the `docker-compose` utility in the same directory. - - ``` - docker-compose up - ``` - -## Configuration - -### Image Variants - -The `splunk/splunk` image comes in several variants: - -`splunk/splunk:7.1.2` -This is the default Splunk Enterprise image. - -`splunk/splunk:6.5.3-monitor` -This image comes with some data inputs activated (e.g., file monitor of docker host JSON logs, HTTP Event Collector, Syslog, etc.). It also includes the Docker app which has dashboards to help you analyze collected logs and docker information such as stats, events, tops, and inspect from your running images. - -### Data Store - -This Docker image has two data volumes: - -* `/opt/splunk/etc` - stores Splunk configurations, including applications and lookups -* `/opt/splunk/var` - stores indexed data, logs and internal Splunk data - -### User - -All Splunk processes by default runs as the `splunk` user. The user can be changed by setting the SPLUNK_USER env variable. - -### Ports - -This Docker container exposes the following network ports: - -* `8000/tcp` - Splunk Web interface -* `8088/tcp` - HTTP Event Collector -* `8088/tcp` - Splunk Services -* `8191/tcp` - Application Key Value Store -* `9997/tcp` - Splunk receiving Port (not used by default) typically used by the Splunk Universal Forwarder -* `1514/tcp` - Network Input (not used by default) typically used to collect syslog TCP data - -This Docker image uses port 1514 instead of the standard port 514 for the syslog port because network ports below 1024 require root access. See [Run Splunk Enterprise as a different or non-root user](http://docs.splunk.com/Documentation/Splunk/latest/Installation/RunSplunkasadifferentornon-rootuser). - -### Hostname - -When you use this Docker image, set a `hostname` for it. If you recreate the instance later, the image retains the hostname. - -### Basic configuration with Environment Variables - -You can use environment variables for basic configuration of the indexer and forwarder. For more advanced configuration, create configuration files within the container or use a Splunk deployment server to deliver configurations to the instance. - -- `SPLUNK_ENABLE_DEPLOY_SERVER='true'` - Enables deployment server on Indexer. -- `SPLUNK_DEPLOYMENT_SERVER=':` - [configure deployment client](http://docs.splunk.com/Documentation/Splunk/latest/Updating/Configuredeploymentclients). - Set deployment server url. - - Example: `--env SPLUNK_DEPLOYMENT_SERVER='splunkdeploymentserver:8089'`. -- `SPLUNK_ENABLE_LISTEN=` - enable [receiving](http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Enableareceiver). - - Additional configuration is available using `SPLUNK_ENABLE_LISTEN_ARGS` - environment variable. -- `SPLUNK_FORWARD_SERVER=:` - [forward](http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Deployanixdfmanually) - data to indexer. - - Additional configuration is available using `SPLUNK_FORWARD_SERVER_ARGS` - environment variable. - - Additional forwarders can be set up using `SPLUNK_FORWARD_SERVER_<1..30>` - and `SPLUNK_FORWARD_SERVER_<1..30>_ARGS`. - - Example: `--env SPLUNK_FORWARD_SERVER='splunkindexer:9997' --env - SPLUNK_FORWARD_SERVER_ARGS='method clone' --env - SPLUNK_FORWARD_SERVER_1='splunkindexer2:9997' --env - SPLUNK_FORWARD_SERVER_1_ARGS='-method clone'`. -- `SPLUNK_ADD=' '` - execute add command, - for example to [monitor files](http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesanddirectoriesusingtheCLI) - or [listen](http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports) on specific ports. - - Additional add commands can be executed (up to 30) using - `SPLUNK_ADD_<1..30>`. - - Example `--env SPLUNK_ADD='udp 1514' --env SPLUNK_ADD_1='monitor /var/log/*'`. -- `SPLUNK_CMD='any splunk command'` - execute any splunk command. - - Additional commands can be executed (up to 30) using - `SPLUNK_CMD_<1..30>`. - - Example `--env SPLUNK_CMD='edit user admin -password random_password -role - admin -auth admin:changeme'`. - -#### Example - -Following is an example of how to configure Splunk Enterprise and the Splunk universal forwarder in Docker. - -``` -> echo "Creating docker network, so all containers will see each other" -> docker network create splunk -> echo "Starting deployment server for forwarders" -> docker run -d --net splunk \ - --hostname splunkdeploymentserver \ - --name splunkdeploymentserver \ - --publish 8000 \ - --env SPLUNK_ENABLE_DEPLOY_SERVER=true \ - splunk/splunk -> echo "Starting Splunk Enterprise" -> docker run -d --net splunk \ - --hostname splunkenterprise \ - --name splunkenterprise \ - --publish 8000 \ - --env SPLUNK_ENABLE_LISTEN=9997 \ - splunk/splunk -> echo "Starting forwarder, which forwards data to Splunk" -> docker run -d --net splunk \ - --name forwarder \ - --hostname forwarder \ - --env SPLUNK_FORWARD_SERVER='splunkenterprise:9997' \ - --env SPLUNK_FORWARD_SERVER_ARGS='-method clone' \ - --env SPLUNK_ADD='udp 1514' \ - --env SPLUNK_DEPLOYMENT_SERVER='splunkdeploymentserver:8089' \ - splunk/universalforwarder -``` - -After this script executes, you can forward syslog data to the *udp* -port of container *forwarder* (for internal containers only, as Splunk -does not publish the port). Data should arrive in Splunk Enterprise and -you should see the forwarder registered with the deployment server. - -# Troubleshoot problems with the image - -## Basic troubleshooting - -If you do not see data when you load the Docker Overview app in the Docker app, confirm that: - -* You have started the container with the right environment variables. In particular, you must have the proper access control to the mount points to read the default JSON log files that the docker host collects. See [Required Permissions](#required-permissions) for more detail. -* You have included the necessary volumes for the Docker image. -* Your Docker container has the correct filesystem permissions. - -### Required Permisssions -The following mount points require special permissions: -- `/var/lib/docker/containers`: By default, the Docker host only exposes read access to the root user. Read access to the volume could be changed for any users that start the Splunk process. -- `/var/run/docker.sock` - Requires access to the [Docker Remote API](https://docs.docker.com/engine/reference/api/docker_remote_api/) to collect information such as docker stats, tops, events, and inspect. - -Overriding the SPLUNK_USER envrionment variable to an authorized user (such as "root") gives you the required access to the mount points that the Docker app needs to analyze the collected Docker information. - -## Troubleshoot upgrade problems with docker-compose - -If you use `docker-compose` (or reference an existing volume with `docker run`) to configure and run your Docker image and the Splunk Enterprise Docker container detects an upgrade after you make a change to `docker-compose.yml`, complete the following procedure to make the image ignore the upgrade prompt: - -0. Open `docker-compose.yml` for editing. -0. In the `Environment:` section for the Splunk Enterprise image, add the following line: - - ``` - SPLUNK_START_ARGS: --accept-license --answer-yes - ``` -0. Save `docker-compose.yml` and close it. -0. Run `docker-compose up` again. - -## If you still need help - -If you still have trouble collecting or analyzing data with the Splunk Enterprise Docker image, use one of the following options: - -* Post a question to [Splunk Answers](http://answers.splunk.com) -* Join the [Splunk Slack channel](http://splunk-usergroups.slack.com) -* Visit the #splunk channel on [EFNet Internet Relay Chat](http://www.efnet.org) -* Send an email to [docker-maint@splunk.com](mailto:docker-maint@splunk.com) + opt-splunk-etc: + opt-splunk-var: + + services: + splunkenterprise: + + hostname: splunkenterprise + image: splunk/splunk:7.1.2 + environment: + SPLUNK_START_ARGS: --accept-license --seed-passwd + SPLUNK_ENABLE_LISTEN: 9997 + SPLUNK_ADD: tcp 1514 + volumes: + - opt-splunk-etc:/opt/splunk/etc + - opt-splunk-var:/opt/splunk/var + ports: + - "8000:8000" + - "9997:9997" + - "8088:8088" + - "1514:1514" + ``` + 4. Save the file and close it. + 5. Run the `docker-compose` utility in the same directory. + + ``` + docker-compose up + ``` + + ## Configuration + + ### Image Variants + + The `splunk/splunk` image comes in several variants: + + `splunk/splunk:7.1.2` + This is the default Splunk Enterprise image. + + `splunk/splunk:6.5.3-monitor` + This image comes with some data inputs activated (e.g., file monitor of docker host JSON logs, HTTP Event Collector, Syslog, etc.). It also includes the Docker app which has dashboards to help you analyze collected logs and docker information such as stats, events, tops, and inspect from your running images. + + ### Data Store + + This Docker image has two data volumes: + + * `/opt/splunk/etc` - stores Splunk configurations, including applications and lookups + * `/opt/splunk/var` - stores indexed data, logs and internal Splunk data + + ### User + + All Splunk processes by default runs as the `splunk` user. The user can be changed by setting the SPLUNK_USER env variable. + + ### Ports + + This Docker container exposes the following network ports: + + * `8000/tcp` - Splunk Web interface + * `8088/tcp` - HTTP Event Collector + * `8088/tcp` - Splunk Services + * `8191/tcp` - Application Key Value Store + * `9997/tcp` - Splunk receiving Port (not used by default) typically used by the Splunk Universal Forwarder + * `1514/tcp` - Network Input (not used by default) typically used to collect syslog TCP data + + This Docker image uses port 1514 instead of the standard port 514 for the syslog port because network ports below 1024 require root access. See [Run Splunk Enterprise as a different or non-root user](http://docs.splunk.com/Documentation/Splunk/latest/Installation/RunSplunkasadifferentornon-rootuser). + + ### Hostname + + When you use this Docker image, set a `hostname` for it. If you recreate the instance later, the image retains the hostname. + + ### Basic configuration with Environment Variables + + You can use environment variables for basic configuration of the indexer and forwarder. For more advanced configuration, create configuration files within the container or use a Splunk deployment server to deliver configurations to the instance. + + - `SPLUNK_ENABLE_DEPLOY_SERVER='true'` - Enables deployment server on Indexer. + - `SPLUNK_DEPLOYMENT_SERVER=':` - [configure deployment client](http://docs.splunk.com/Documentation/Splunk/latest/Updating/Configuredeploymentclients). + Set deployment server url. + - Example: `--env SPLUNK_DEPLOYMENT_SERVER='splunkdeploymentserver:8089'`. + - `SPLUNK_ENABLE_LISTEN=` - enable [receiving](http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Enableareceiver). + - Additional configuration is available using `SPLUNK_ENABLE_LISTEN_ARGS` + environment variable. + - `SPLUNK_FORWARD_SERVER=:` - [forward](http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Deployanixdfmanually) + data to indexer. + - Additional configuration is available using `SPLUNK_FORWARD_SERVER_ARGS` + environment variable. + - Additional forwarders can be set up using `SPLUNK_FORWARD_SERVER_<1..30>` + and `SPLUNK_FORWARD_SERVER_<1..30>_ARGS`. + - Example: `--env SPLUNK_FORWARD_SERVER='splunkindexer:9997' --env + SPLUNK_FORWARD_SERVER_ARGS='method clone' --env + SPLUNK_FORWARD_SERVER_1='splunkindexer2:9997' --env + SPLUNK_FORWARD_SERVER_1_ARGS='-method clone'`. + - `SPLUNK_ADD=' '` - execute add command, + for example to [monitor files](http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesanddirectoriesusingtheCLI) + or [listen](http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports) on specific ports. + - Additional add commands can be executed (up to 30) using + `SPLUNK_ADD_<1..30>`. + - Example `--env SPLUNK_ADD='udp 1514' --env SPLUNK_ADD_1='monitor /var/log/*'`. + - `SPLUNK_CMD='any splunk command'` - execute any splunk command. + - Additional commands can be executed (up to 30) using + `SPLUNK_CMD_<1..30>`. + - Example `--env SPLUNK_CMD='edit user admin -password random_password -role + admin -auth admin:changeme'`. + + #### Example + + Following is an example of how to configure Splunk Enterprise and the Splunk universal forwarder in Docker. + + ``` + > echo "Creating docker network, so all containers will see each other" + > docker network create splunk + > echo "Starting deployment server for forwarders" + > docker run -d --net splunk \ + --hostname splunkdeploymentserver \ + --name splunkdeploymentserver \ + --publish 8000 \ + --env SPLUNK_ENABLE_DEPLOY_SERVER=true \ + splunk/splunk + > echo "Starting Splunk Enterprise" + > docker run -d --net splunk \ + --hostname splunkenterprise \ + --name splunkenterprise \ + --publish 8000 \ + --env SPLUNK_ENABLE_LISTEN=9997 \ + splunk/splunk + > echo "Starting forwarder, which forwards data to Splunk" + > docker run -d --net splunk \ + --name forwarder \ + --hostname forwarder \ + --env SPLUNK_FORWARD_SERVER='splunkenterprise:9997' \ + --env SPLUNK_FORWARD_SERVER_ARGS='-method clone' \ + --env SPLUNK_ADD='udp 1514' \ + --env SPLUNK_DEPLOYMENT_SERVER='splunkdeploymentserver:8089' \ + splunk/universalforwarder + ``` + + After this script executes, you can forward syslog data to the *udp* + port of container *forwarder* (for internal containers only, as Splunk + does not publish the port). Data should arrive in Splunk Enterprise and + you should see the forwarder registered with the deployment server. + + # Troubleshoot problems with the image + + ## Basic troubleshooting + + If you do not see data when you load the Docker Overview app in the Docker app, confirm that: + + * You have started the container with the right environment variables. In particular, you must have the proper access control to the mount points to read the default JSON log files that the docker host collects. See [Required Permissions](#required-permissions) for more detail. + * You have included the necessary volumes for the Docker image. + * Your Docker container has the correct filesystem permissions. + + ### Required Permisssions + The following mount points require special permissions: + - `/var/lib/docker/containers`: By default, the Docker host only exposes read access to the root user. Read access to the volume could be changed for any users that start the Splunk process. + - `/var/run/docker.sock` - Requires access to the [Docker Remote API](https://docs.docker.com/engine/reference/api/docker_remote_api/) to collect information such as docker stats, tops, events, and inspect. + + Overriding the SPLUNK_USER envrionment variable to an authorized user (such as "root") gives you the required access to the mount points that the Docker app needs to analyze the collected Docker information. + + ## Troubleshoot upgrade problems with docker-compose + + If you use `docker-compose` (or reference an existing volume with `docker run`) to configure and run your Docker image and the Splunk Enterprise Docker container detects an upgrade after you make a change to `docker-compose.yml`, complete the following procedure to make the image ignore the upgrade prompt: + + 0. Open `docker-compose.yml` for editing. + 0. In the `Environment:` section for the Splunk Enterprise image, add the following line: + + ``` + SPLUNK_START_ARGS: --accept-license --seed-passwd + ``` + 0. Save `docker-compose.yml` and close it. + 0. Run `docker-compose up` again. + + ## If you still need help + + If you still have trouble collecting or analyzing data with the Splunk Enterprise Docker image, use one of the following options: + + * Post a question to [Splunk Answers](http://answers.splunk.com) + * Join the [Splunk Slack channel](http://splunk-usergroups.slack.com) + * Visit the #splunk channel on [EFNet Internet Relay Chat](http://www.efnet.org) + * Send an email to [docker-maint@splunk.com](mailto:docker-maint@splunk.com) diff --git a/enterprise/entrypoint.sh b/enterprise/entrypoint.sh index 961566c..9fe99e9 100644 --- a/enterprise/entrypoint.sh +++ b/enterprise/entrypoint.sh @@ -47,12 +47,12 @@ Splunk Enterprise         end user license agreement       - If you have reviewed and accepted the license, start container         with the environment variable: -            SPLUNK_START_ARGS=--accept-license +            SPLUNK_START_ARGS=--accept-license --seed-passwd   Usage:     docker run -it splunk/enterprise:7.1.2 -    docker run --env SPLUNK_START_ARGS="--accept-license" splunk/enterprise:7.1.2 +    docker run --env SPLUNK_START_ARGS="--accept-license --seed-passwd " splunk/enterprise:7.1.2 EOF exit 1 diff --git a/universalforwarder/README.md b/universalforwarder/README.md index 475e5f6..cd7eaea 100644 --- a/universalforwarder/README.md +++ b/universalforwarder/README.md @@ -28,7 +28,7 @@ If you have not used Docker before, see the [Getting started tutorial](https://d ```bash docker run --name splunkuniversalforwarder \ - --env SPLUNK_START_ARGS=--accept-license \ + --env SPLUNK_START_ARGS="--accept-license --seed-passwd " \ --env SPLUNK_FORWARD_SERVER=splunk_ip:9997 \ --env SPLUNK_USER=root \ --volume /var/lib/docker/containers:/host/containers:ro \ @@ -74,13 +74,13 @@ docker pull splunk/universalforwarder:latest This command starts a universal forwarder instance from the Docker container in this repository, accepts the license agreement, and opens TCP port 8000 so that you can access the Splunk instance from your local machine. ```bash -docker run --name splunk --hostname splunk -d -e "SPLUNK_START_ARGS=--accept-license" splunk/universalforwarder +docker run --name splunk --hostname splunk -d -e "SPLUNK_START_ARGS=--accept-license --seed-passwd " splunk/universalforwarder ``` ### Start a universal forwarder container and mount the necessary container volumes ```bash docker run --name vsplunk -v /opt/splunk/etc -v /opt/splunk/var busybox -docker run --hostname splunk --name splunk --volumes-from=vsplunk -d -e "SPLUNK_START_ARGS=--accept-license" splunk/universalforwarder +docker run --hostname splunk --name splunk --volumes-from=vsplunk -d -e "SPLUNK_START_ARGS=--accept-license --seed-passwd " splunk/universalforwarder ``` ### Use entrypoint.sh to execute Splunk commands @@ -113,7 +113,7 @@ services: hostname: splunkuniversalforwarder image: splunk/universalforwarder:7.1.2 - environment: SPLUNK_START_ARGS: --accept-license + environment: SPLUNK_START_ARGS: --accept-license --seed-passwd volumes: - opt-splunk-etc:/opt/splunk/etc - opt-splunk-var:/opt/splunk/var @@ -259,7 +259,7 @@ If you use `docker-compose` (or reference an existing volume with `docker run`) 0. In the `Environment:` section for the universal forwarder image, add the following line: ``` - SPLUNK_START_ARGS: --accept-license --answer-yes + SPLUNK_START_ARGS: --accept-license --seed-passwd --answer-yes ``` 0. Save `docker-compose.yml` and close it. 0. Run `docker-compose up` again. diff --git a/universalforwarder/entrypoint.sh b/universalforwarder/entrypoint.sh index 22eeac8..0950155 100644 --- a/universalforwarder/entrypoint.sh +++ b/universalforwarder/entrypoint.sh @@ -47,12 +47,12 @@ Splunk Forwarder         end user license agreement       - If you have reviewed and accepted the license, start container         with the environment variable: -            SPLUNK_START_ARGS=--accept-license +            SPLUNK_START_ARGS=--accept-license --seed-passwd   Usage:     docker run -it splunk/universalforwarder:7.1.2 -    docker run --env SPLUNK_START_ARGS="--accept-license" outcoldman/splunk:latest-forwarder +    docker run --env SPLUNK_START_ARGS="--accept-license --seed-passwd " splunk/universalforwarder:7.1.2 EOF exit 1