From 494757a44b5b79de088351f9c81247374bc2af3a Mon Sep 17 00:00:00 2001 From: "Michael S. Wilde" Date: Fri, 21 Jul 2017 15:14:50 -0500 Subject: [PATCH 1/3] Updated for splunk version 6.6.2 All changes made to modify this to 6.6.2 --- CONTRIBUTING.md | 2 +- enterprise/Dockerfile | 4 ++-- enterprise/README.md | 18 +++++++++--------- enterprise/build.sh | 8 ++++---- enterprise/docker-compose.yml | 6 +++--- enterprise/entrypoint.sh | 4 ++-- enterprise/publishImage.sh | 4 ++-- universalforwarder/Dockerfile | 4 ++-- universalforwarder/README.md | 12 ++++++------ universalforwarder/build.sh | 8 ++++---- universalforwarder/docker-compose.yml | 10 +++++----- universalforwarder/entrypoint.sh | 2 +- universalforwarder/publishImage.sh | 4 ++-- 13 files changed, 43 insertions(+), 43 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 09c6b37..e24f29f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,7 +14,7 @@ If you experience problems or see unexpected behavior with this project, create 0. Version of this project you're using (ex: 1.5.0) 0. Platform version (ex: Windows Server 2012 R2) -0. Splunk version (ex: 6.6.1) +0. Splunk version (ex: 6.6.2) 0. Other relevant information (ex: local/remote environment, Splunk network configuration) Alternatively, if you have a Splunk question please ask on [Splunk Answers][answers]. diff --git a/enterprise/Dockerfile b/enterprise/Dockerfile index 5276d5d..01b4f2c 100644 --- a/enterprise/Dockerfile +++ b/enterprise/Dockerfile @@ -1,8 +1,8 @@ FROM debian:jessie ENV SPLUNK_PRODUCT splunk -ENV SPLUNK_VERSION 6.6.1 -ENV SPLUNK_BUILD aeae3fe0c5af +ENV SPLUNK_VERSION 6.6.2 +ENV SPLUNK_BUILD 4b804538c686 ENV SPLUNK_FILENAME splunk-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-x86_64.tgz ENV SPLUNK_HOME /opt/splunk diff --git a/enterprise/README.md b/enterprise/README.md index 6485716..607c900 100644 --- a/enterprise/README.md +++ b/enterprise/README.md @@ -1,6 +1,6 @@ # Supported tags -* `6.6.1`,`latest`- Splunk Enterprise base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile) +* `6.6.2`,`latest`- Splunk Enterprise base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile) * `6.5.3-monitor` - Splunk Enterprise with Docker Monitoring [Dockerfile](https://github.com/splunk/docker-itmonitoring/blob/master/enterprise/Dockerfile) # What is Splunk Enterprise? @@ -16,7 +16,7 @@ If you have not used Docker before, see the [Getting started tutorial](https://d 0. (Optional) Sign up for a Docker ID at [Docker Hub](https://hub.docker.com). 0. Download and install Docker on your system. 0. Open a shell prompt or Terminal window. -0. Enter the following command to pull the Splunk Enterprise version 6.6.1 image.
+0. Enter the following command to pull the Splunk Enterprise version 6.6.2 image.
```bash docker pull splunk/splunk @@ -35,10 +35,10 @@ See [How to use the Splunk Enterprise Docker image](#How-to-use-the-Splunk-Enter The following commands can be run from a shell prompt or Docker QuickStart Terminal (on Mac OS X). -### Pull an image for version 6.6.1 of Splunk Enterprise from this repository +### Pull an image for version 6.6.2 of Splunk Enterprise from this repository ```bash -docker pull splunk/splunk:6.6.1 +docker pull splunk/splunk:6.6.2 ``` ### Pull an image that uses the latest version of Splunk Enterprise from this repository @@ -52,13 +52,13 @@ docker pull splunk/splunk:latest This command starts a Splunk Enterprise instance from the Docker container in this repository, accepts the license agreement, and opens TCP port 8000 so that you can access the Splunk instance from your local machine. ```bash -docker run --name splunk --hostname splunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:6.6.1 +docker run --name splunk --hostname splunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:6.6.2 ``` ### Start a Splunk Enterprise container and mount the necessary container volumes ```bash docker run --name vsplunk -v /opt/splunk/etc -v /opt/splunk/var busybox -docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:6.6.1 +docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 -d -e "SPLUNK_START_ARGS=--accept-license" splunk/splunk:6.6.2 ``` > Note: @@ -70,7 +70,7 @@ docker run --hostname splunk --name splunk --volumes-from=vsplunk -p 8000:8000 - ### Start a Splunk Enterprise container and mount volumes from host ```bash -docker run --name splunk --hostname splunk -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -v /opt/splunk/etc:/opt/splunk/etc -v /opt/splunk/var:/opt/splunk/var splunk/splunk:6.6.1 +docker run --name splunk --hostname splunk -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -v /opt/splunk/etc:/opt/splunk/etc -v /opt/splunk/var:/opt/splunk/var splunk/splunk:6.6.2 ``` ### Use entrypoint.sh to execute Splunk commands @@ -92,7 +92,7 @@ You can also use entrypoint.sh to configure Splunk services with environment var 3. Insert the following block of text into the file. ``` - version: '2' + version: '3' services: vsplunk: image: busybox @@ -131,7 +131,7 @@ You can also use entrypoint.sh to configure Splunk services with environment var The `splunk/splunk` image comes in several variants: -`splunk/splunk:6.6.1` +`splunk/splunk:6.6.2` This is the default Splunk Enterprise image. `splunk/splunk:6.5.3-monitor` diff --git a/enterprise/build.sh b/enterprise/build.sh index 3abf822..3a94a51 100755 --- a/enterprise/build.sh +++ b/enterprise/build.sh @@ -3,7 +3,7 @@ if [ -z $CURRENT ]; then CURRENT=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) fi -docker build --no-cache=true -t splunk/splunk:6.6.1 . -docker tag splunk/splunk:6.6.1 splunk/splunk:latest -docker tag splunk/splunk:6.6.1 registry.splunk.com/splunk/splunk:latest -docker tag splunk/splunk:6.6.1 registry.splunk.com/splunk/splunk:6.6.1 \ No newline at end of file +docker build --no-cache=true -t splunk/splunk:6.6.2 . +docker tag splunk/splunk:6.6.2 splunk/splunk:latest +docker tag splunk/splunk:6.6.2 registry.splunk.com/splunk/splunk:latest +docker tag splunk/splunk:6.6.2 registry.splunk.com/splunk/splunk:6.6.2 \ No newline at end of file diff --git a/enterprise/docker-compose.yml b/enterprise/docker-compose.yml index 3411841..3a3a333 100644 --- a/enterprise/docker-compose.yml +++ b/enterprise/docker-compose.yml @@ -1,7 +1,7 @@ # must accept EULA the first time that the image is started -# docker run splunk/enterprise:6.6.1 +# docker run splunk/enterprise:6.6.2 # Options on how to review the EULA and accept it: -# 1. docker run -it splunk/enterprisetrial:6.6.1 +# 1. docker run -it splunk/enterprisetrial:6.6.2 # 2. Add the following environment variable: SPLUNK_START_ARGS=--accept-license # e.g., docker run -e "SPLUNK_START_ARGS=--accept-license" splunk/enterprisetrial @@ -16,7 +16,7 @@ services: splunkenterprise: #build: . hostname: splunkenterprise - image: splunk/splunk:6.6.1 + image: splunk/splunk:6.6.2 environment: SPLUNK_START_ARGS: --accept-license SPLUNK_ENABLE_LISTEN: 9997 diff --git a/enterprise/entrypoint.sh b/enterprise/entrypoint.sh index d5577f5..1a59c30 100644 --- a/enterprise/entrypoint.sh +++ b/enterprise/entrypoint.sh @@ -51,8 +51,8 @@ Splunk Enterprise   Usage: -    docker run -it splunk/enterprise:6.6.1 -    docker run --env SPLUNK_START_ARGS="--accept-license" splunk/enterprise:6.6.1 +    docker run -it splunk/enterprise:6.6.2 +    docker run --env SPLUNK_START_ARGS="--accept-license" splunk/enterprise:6.6.2 EOF exit 1 diff --git a/enterprise/publishImage.sh b/enterprise/publishImage.sh index 873f19e..ee1c3c0 100755 --- a/enterprise/publishImage.sh +++ b/enterprise/publishImage.sh @@ -1,7 +1,7 @@ -docker push splunk/splunk:6.6.1 +docker push splunk/splunk:6.6.2 docker push splunk/splunk:latest -docker push registry.splunk.com/splunk/splunk:6.6.1 +docker push registry.splunk.com/splunk/splunk:6.6.2 docker push registry.splunk.com/splunk/splunk:latest diff --git a/universalforwarder/Dockerfile b/universalforwarder/Dockerfile index 2e380db..ef04f64 100644 --- a/universalforwarder/Dockerfile +++ b/universalforwarder/Dockerfile @@ -1,8 +1,8 @@ FROM debian:jessie ENV SPLUNK_PRODUCT universalforwarder -ENV SPLUNK_VERSION 6.6.1 -ENV SPLUNK_BUILD aeae3fe0c5af +ENV SPLUNK_VERSION 6.6.2 +ENV SPLUNK_BUILD 4b804538c686 ENV SPLUNK_FILENAME splunkforwarder-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-x86_64.tgz ENV SPLUNK_HOME /opt/splunk diff --git a/universalforwarder/README.md b/universalforwarder/README.md index 421fc77..6d99652 100644 --- a/universalforwarder/README.md +++ b/universalforwarder/README.md @@ -1,6 +1,6 @@ # Supported tags -* `6.6.1`, `latest` - Splunk universal forwarder base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile) +* `6.6.2`, `latest` - Splunk universal forwarder base image [Dockerfile](https://github.com/splunk/docker-splunk/blob/master/enterprise/Dockerfile) * `6.5.3-monitor` - Splunk universal forwarder with Docker Monitoring [Dockerfile](https://github.com/splunk/docker-itmonitoring/blob/master/universalforwarder/Dockerfile) # What is the Splunk Universal Forwarder? @@ -18,7 +18,7 @@ If you have not used Docker before, see the [Getting started tutorial](https://d 0. (Optional) Sign up for a Docker ID at [Docker Hub](https://hub.docker.com). 0. Download and install Docker on your system. 0. Open a shell prompt or Terminal window. -0. Enter the following command to pull the Splunk Enterprise version 6.6.1 image.
+0. Enter the following command to pull the Splunk Enterprise version 6.6.2 image.
```bash @@ -49,14 +49,14 @@ The universal forwarder docker image can collect data from a host and send data The following commands are examples of how to pull and run the universal forwarder Docker image. They can be run from a shell prompt or Docker QuickStart Terminal (on Mac OS X). ### Pull an image from this repository for the universal fowarder with the Docker data collection inputs -The `6.6.1-monitor` tag ensures that the universal forwarder has the data inputs you need to get stats from a Docker container. +The `6.6.2-monitor` tag ensures that the universal forwarder has the data inputs you need to get stats from a Docker container. ```bash -docker pull splunk/universalforwarder:6.6.1-monitor +docker pull splunk/universalforwarder:6.6.2-monitor ``` ### Pull the latest version of the image from this repository -The `6.6.1` and `latest` versions only have the forwarder and do not have any of the data inputs. +The `6.6.2` and `latest` versions only have the forwarder and do not have any of the data inputs. ======= The `6.5.3-monitor` tag ensures that the universal forwarder has the data inputs you need to get stats from a Docker container. @@ -136,7 +136,7 @@ You can also use entrypoint.sh to configure Splunk services with environment var The `splunk/universalforwarder` image comes in the following variants: -`splunk/universalforwarder:6.6.1` and `splunk/universalforwarder:latest` +`splunk/universalforwarder:6.6.2` and `splunk/universalforwarder:latest` This is the default universal forwarder image. `splunk/universalforwarder:6.5.3-monitor` diff --git a/universalforwarder/build.sh b/universalforwarder/build.sh index e4ffea3..bad2b65 100755 --- a/universalforwarder/build.sh +++ b/universalforwarder/build.sh @@ -4,9 +4,9 @@ if [ -z $CURRENT ]; then fi -docker build --no-cache=true -t splunk/universalforwarder:6.6.1 $CURRENT -docker tag splunk/universalforwarder:6.6.1 splunk/universalforwarder:latest -docker tag splunk/universalforwarder:6.6.1 registry.splunk.com/splunk/universalforwarder:6.6.1 -docker tag splunk/universalforwarder:6.6.1 registry.splunk.com/splunk/universalforwarder:latest +docker build --no-cache=true -t splunk/universalforwarder:6.6.2 $CURRENT +docker tag splunk/universalforwarder:6.6.2 splunk/universalforwarder:latest +docker tag splunk/universalforwarder:6.6.2 registry.splunk.com/splunk/universalforwarder:6.6.2 +docker tag splunk/universalforwarder:6.6.2 registry.splunk.com/splunk/universalforwarder:latest diff --git a/universalforwarder/docker-compose.yml b/universalforwarder/docker-compose.yml index 052f5c3..5eae251 100644 --- a/universalforwarder/docker-compose.yml +++ b/universalforwarder/docker-compose.yml @@ -1,12 +1,12 @@ # must accept EULA the first time that the image is started -# docker run splunk/universalforwarder:6.6.1 +# docker run splunk/universalforwarder:6.6.2 # Options on how to review the EULA and accept it: -# 1. docker run -it splunk/universalforwarder:6.6.1 +# 1. docker run -it splunk/universalforwarder:6.6.2 # 2. Add the following environment variable: SPLUNK_START_ARGS=--accept-license -# e.g., docker run -e "SPLUNK_START_ARGS=--accept-license" splunk/splunkuniversalforwarder:6.6.1 +# e.g., docker run -e "SPLUNK_START_ARGS=--accept-license" splunk/splunkuniversalforwarder:6.6.2 -version: '2' +version: '3' services: vsplunk_uf: image: busybox @@ -16,7 +16,7 @@ services: splunkuniversalforwarder: # build: . hostname: splunkuniversalforwarder - image: splunk/universalforwarder:6.6.1 + image: splunk/universalforwarder:6.6.2 # environment: # SPLUNK_START_ARGS: --accept-license volumes_from: diff --git a/universalforwarder/entrypoint.sh b/universalforwarder/entrypoint.sh index b336f61..8bcb727 100644 --- a/universalforwarder/entrypoint.sh +++ b/universalforwarder/entrypoint.sh @@ -51,7 +51,7 @@ Splunk Forwarder   Usage: -    docker run -it splunk/universalforwarder:6.6.1 +    docker run -it splunk/universalforwarder:6.6.2     docker run --env SPLUNK_START_ARGS="--accept-license" outcoldman/splunk:latest-forwarder EOF diff --git a/universalforwarder/publishImage.sh b/universalforwarder/publishImage.sh index 2534b4b..0fb26d8 100755 --- a/universalforwarder/publishImage.sh +++ b/universalforwarder/publishImage.sh @@ -1,5 +1,5 @@ #https://docs.docker.com/mac/step_six/ -docker push splunk/universalforwarder:6.6.1 +docker push splunk/universalforwarder:6.6.2 docker push splunk/universalforwarder:latest docker push registry.splunk.com/splunk/universalforwarder:latest -docker push registry.splunk.com/splunk/universalforwarder:6.6.1 +docker push registry.splunk.com/splunk/universalforwarder:6.6.2 From d9ef1d5b9c61733eac7ff62b7adbceb5f7d993b9 Mon Sep 17 00:00:00 2001 From: "Michael S. Wilde" Date: Fri, 21 Jul 2017 15:26:28 -0500 Subject: [PATCH 2/3] trying with slimmer version of debian stretch-slim, vs jessie --- enterprise/Dockerfile | 2 +- universalforwarder/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/enterprise/Dockerfile b/enterprise/Dockerfile index 01b4f2c..0e331a4 100644 --- a/enterprise/Dockerfile +++ b/enterprise/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:jessie +FROM debian:stretch-slim ENV SPLUNK_PRODUCT splunk ENV SPLUNK_VERSION 6.6.2 diff --git a/universalforwarder/Dockerfile b/universalforwarder/Dockerfile index ef04f64..7e1e881 100644 --- a/universalforwarder/Dockerfile +++ b/universalforwarder/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:jessie +FROM debian:stretch-slim ENV SPLUNK_PRODUCT universalforwarder ENV SPLUNK_VERSION 6.6.2 From a59de31e76116b9d7f043f64e3dd9d773ace3fc6 Mon Sep 17 00:00:00 2001 From: "Michael S. Wilde" Date: Sun, 23 Jul 2017 09:17:12 -0500 Subject: [PATCH 3/3] tried with debian:jessie-slim, stretch-slim, stretch. splunk only seems to work with debian:jessie --- enterprise/Dockerfile | 10 +++++----- universalforwarder/Dockerfile | 12 ++++++++---- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/enterprise/Dockerfile b/enterprise/Dockerfile index 0e331a4..7499d23 100644 --- a/enterprise/Dockerfile +++ b/enterprise/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:stretch-slim +FROM debian:jessie ENV SPLUNK_PRODUCT splunk ENV SPLUNK_VERSION 6.6.2 @@ -16,16 +16,16 @@ RUN groupadd -r ${SPLUNK_GROUP} \ && useradd -r -m -g ${SPLUNK_GROUP} ${SPLUNK_USER} # make the "en_US.UTF-8" locale so splunk will be utf-8 enabled by default -RUN apt-get update && apt-get install -y locales \ - && localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +RUN apt-get update && apt-get install -y --no-install-recommends apt-utils && apt-get install -y locales && rm -rf /var/lib/apt/lists/* \ + && localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 # pdfgen dependency -RUN apt-get install -y libgssapi-krb5-2 +RUN apt-get update && apt-get install -y libgssapi-krb5-2 && rm -rf /var/lib/apt/lists/* # Download official Splunk release, verify checksum and unzip in /opt/splunk # Also backup etc folder, so it will be later copied to the linked volume -RUN apt-get install -y wget sudo \ +RUN apt-get update && apt-get install -y wget sudo \ && mkdir -p ${SPLUNK_HOME} \ && wget -qO /tmp/${SPLUNK_FILENAME} https://download.splunk.com/products/${SPLUNK_PRODUCT}/releases/${SPLUNK_VERSION}/linux/${SPLUNK_FILENAME} \ && wget -qO /tmp/${SPLUNK_FILENAME}.md5 https://download.splunk.com/products/${SPLUNK_PRODUCT}/releases/${SPLUNK_VERSION}/linux/${SPLUNK_FILENAME}.md5 \ diff --git a/universalforwarder/Dockerfile b/universalforwarder/Dockerfile index 7e1e881..5cd2090 100644 --- a/universalforwarder/Dockerfile +++ b/universalforwarder/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:stretch-slim +FROM debian:jessie ENV SPLUNK_PRODUCT universalforwarder ENV SPLUNK_VERSION 6.6.2 @@ -16,13 +16,17 @@ RUN groupadd -r ${SPLUNK_GROUP} \ && useradd -r -m -g ${SPLUNK_GROUP} ${SPLUNK_USER} # make the "en_US.UTF-8" locale so splunk will be utf-8 enabled by default -RUN apt-get update && apt-get install -y locales \ - && localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +#RUN apt-get update && apt-get install -y locales \ +# && localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +#ENV LANG en_US.utf8 + +RUN apt-get update && apt-get install -y locales && rm -rf /var/lib/apt/lists/* \ + && localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 ENV LANG en_US.utf8 # Download official Splunk release, verify checksum and unzip in /opt/splunk # Also backup etc folder, so it will be later copied to the linked volume -RUN apt-get install -y wget sudo \ +RUN apt-get update && apt-get install -y wget sudo \ && mkdir -p ${SPLUNK_HOME} \ && wget -qO /tmp/${SPLUNK_FILENAME} https://download.splunk.com/products/${SPLUNK_PRODUCT}/releases/${SPLUNK_VERSION}/linux/${SPLUNK_FILENAME} \ && wget -qO /tmp/${SPLUNK_FILENAME}.md5 https://download.splunk.com/products/${SPLUNK_PRODUCT}/releases/${SPLUNK_VERSION}/linux/${SPLUNK_FILENAME}.md5 \