Release/8.0.2.1 (#334)

* Bugfix/uf uid gid (#320)

* Fixing uid/gid on UF images; adding tests

* Fixed tests for changes in splunk-ansible (#323)

* Adding tests for peered standalones (#326)

* update exec commands w/ splunk user (#329)

* Updating image for upgrade test (#330)

* Feature/adhoc search head (#327)

* Adding example scenario using free-standing search head

* Fixing scenario env var

* Adding new test for idempotent changes to HEC configuration (#328)

* Adding new test for idempotent changes to HEC configuration

* Fixing other HEC tests

* Updating to latest redhat ubi-minimal (#332)

* Updating changelog for release/8021 (#333)

Co-authored-by: Nelson Wang <nwang92@users.noreply.github.com>
Co-authored-by: mikedickey <mdickey@splunk.com>
Co-authored-by: Jack Meixensperger <jackm@splunk.com>

Author: 4 people

Makefile

@@ -7,8 +7,8 @@ SPLUNK_ANSIBLE_BRANCH ?= develop
 SPLUNK_COMPOSE ?= cluster_absolute_unit.yaml
 # Set Splunk version/build parameters here to define downstream URLs and file names
 SPLUNK_PRODUCT := splunk
-SPLUNK_VERSION := 8.0.2
-SPLUNK_BUILD := a7f645ddaf91
+SPLUNK_VERSION := 8.0.2.1
+SPLUNK_BUILD := f002026bad55
 ifeq ($(shell arch), s390x)
 	SPLUNK_ARCH = s390x
 else

README.md

@@ -2,7 +2,7 @@
 
 [![Build Status](https://circleci.com/gh/splunk/docker-splunk/tree/develop.svg?style=svg)](https://circleci.com/gh/splunk/docker-splunk/tree/develop)
 
-Welcome to Splunk's official repository containing Dockerfiles for building Splunk Enterprise and Universal Forwarder images using containerization technology. This repository supports all Splunk roles and deployment topologies, and currently works on any Linux-based platform. 
+Welcome to Splunk's official repository containing Dockerfiles for building Splunk Enterprise and Universal Forwarder images using containerization technology.
 
 The provisioning of these disjoint containers is handled by the [splunk-ansible](https://github.com/splunk/splunk-ansible) project. Please refer to [Ansible documentation](http://docs.ansible.com/) for more details about Ansible concepts and how it works. 
 
@@ -26,9 +26,7 @@ Splunk Enterprise is a platform for operational intelligence. Our software lets
 Please refer to [Splunk products](https://www.splunk.com/en_us/software.html) for more knowledge about the features and capabilities of Splunk, and how you can bring it into your organization.
 
 ##### What is docker-splunk?
-This is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk and its other product offerings.
-
-This repository should be used by people interested in running Splunk in their container orchestration environments. With this Docker image, we support running a standalone development Splunk instance as easily as running a full-fledged distributed production cluster, all while maintaining the best practices and recommended standards of operating Splunk at scale.
+This is the official source code repository for building Docker images of Splunk Enterprise and Splunk Universal Forwarder. By introducing containerization, we can marry the ideals of infrastructure-as-code and declarative directives to manage and run Splunk Enterprise.
 
 ## Quickstart
 Use the following command to start a single standalone instance of Splunk Enterprise:

base/redhat-8/Dockerfile

@@ -16,7 +16,7 @@
 # the container catalog moved from registry.access.redhat.com to registry.redhat.io
 # So at some point before they deprecate the old registry we have to make sure that
 # we have access to the new registry and change where we pull the ubi image from.
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1-328
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1
 LABEL name="splunk" \
       maintainer="support@splunk.com" \
       vendor="splunk" \

docs/CHANGELOG.md

@@ -2,9 +2,11 @@
 
 ## Navigation
 
+* [8.0.2.1](#8021)
 * [8.0.2](#802)
 * [8.0.1](#801)
 * [8.0.0](#800)
+* [7.3.4.2](#7342)
 * [7.3.4](#734)
 * [7.3.3](#733)
 * [7.3.2](#732)
@@ -24,6 +26,23 @@
 
 ---
 
+## 8.0.2.1
+
+#### What's New?
+* Releasing new images to support Splunk Enterprise maintenance patch.
+
+#### docker-splunk changes:
+* Bumping Splunk version. For details, see [Fixed issues](https://docs.splunk.com/Documentation/Splunk/8.0.2/ReleaseNotes/Fixedissues) in 8.0.2.1.
+* Bugfixes and additional tests for new features
+
+#### splunk-ansible changes:
+* Added support for reading `SPLUNK_PASSWORD` from a file
+* License master and cluster master URLs are now also configurable in the `default.yml` config, as well as with the `LICENSE_MASTER_URL` and `CLUSTER_MASTER_URL` environment variables
+* Added support for auto-detecting the `service_name` for SplunkForwarder and allowing manual configuration with `splunk.service_name`
+* All HEC related variables were revised to follow a nested dict format in `default.yml`, i.e. `splunk.hec_enableSSL` is now `splunk.hec.ssl`. See the [Provision HEC](https://github.com/splunk/splunk-ansible/blob/develop/docs/EXAMPLES.md#provision-hec) example in the docs.
+
+---
+
 ## 8.0.2
 
 #### What's New?
@@ -34,7 +53,7 @@
 * Bugfixes and increasing test coverage for new features
 
 #### splunk-ansible changes:
-* * Revised Splunk forwarding/receiving plays to optionally support SSL (see documentation on [securing data from forwarders](https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutsecuringdatafromforwarders))
+* Revised Splunk forwarding/receiving plays to optionally support SSL (see documentation on [securing data from forwarders](https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutsecuringdatafromforwarders))
 * Initial support for forwarder management using [Splunk Monitoring Console](https://docs.splunk.com/Documentation/Splunk/latest/DMC/DMCoverview)
 * New environment variables exposed to control replication/search factor for clusters, key/value pairs written to `splunk-launch.conf`, and replacing default security key (pass4SymmKey)
 
@@ -78,17 +97,32 @@
 
 ---
 
+## 7.3.4.2
+
+#### What's New?
+* Releasing new images to support Splunk Enterprise maintenance patch.
+* Bundling in changes to be consistent with the release of [8.0.2.1](#8021).
+
+#### docker-splunk changes:
+* Bumping Splunk version. For details, see [Fixed issues](https://docs.splunk.com/Documentation/Splunk/7.3.4/ReleaseNotes/Fixedissues) in 7.3.4.2.
+* See [8.0.2.1](#8021) changes.
+
+#### splunk-ansible changes:
+* See [8.0.2.1](#8021) changes.
+
+---
+
 ## 7.3.4
 
 #### What's New?
 * New Splunk Enterprise release of 7.3.4
 
 #### docker-splunk changes:
-* Bumping Splunk version. For details, see: https://docs.splunk.com/Documentation/Splunk/7.3.4/ReleaseNotes/Fixedissues
-* See [8.0.1](#801) changes
+* Bumping Splunk version. For details, see [Fixed issues](https://docs.splunk.com/Documentation/Splunk/7.3.4/ReleaseNotes/Fixedissues).
+* See [8.0.1](#801) changes.
 
 #### splunk-ansible changes:
-* See [8.0.1](#801) changes
+* See [8.0.1](#801) changes.
 
 ---
 

docs/TROUBLESHOOTING.md

@@ -52,9 +52,9 @@ $ docker logs -f <container_name/container_id>
 If your container is still running but in a bad state, you can try to debug by putting yourself within the context of that process. 
 
 
-To gain interactive shell access to the container's runtime, you can run:
+To gain interactive shell access to the container's runtime as the splunk user, you can run:
 ```
-$ docker exec -it <container_name/container_id> /bin/bash
+$ docker exec -it -u splunk <container_name/container_id> /bin/bash
 ```
 
 #### Debug variables
@@ -142,17 +142,17 @@ Generating a diag is only an option if:
 
 To create this diag, run the following command:
 ```
-$ docker exec -it <container_name/container_id> ${SPLUNK_HOME}/bin/splunk diag
+$ docker exec -it -u splunk <container_name/container_id> "${SPLUNK_HOME}/bin/splunk diag"
 ```
 
 Additionally, if your Docker container/hosts have access to https://www.splunk.com you can now send the file directly to Splunk Support by using the following command:
 ```
-$ docker exec -it <container_name/container_id> ${SPLUNK_HOME}/bin/splunk diag --upload --case-number=<case_num> --upload-user=<your_splunk_id> --upload-password=<passwd> --upload-description="Monday diag, as requested"
+$ docker exec -it -u splunk <container_name/container_id> "${SPLUNK_HOME}/bin/splunk diag --upload --case-number=<case_num> --upload-user=<your_splunk_id> --upload-password=<passwd> --upload-description='Monday diag, as requested'"
 ```
 
 However, if you don't have direct access, you can manually copy the diag back to your host via `docker cp`:
 ```
-$ docker cp <container_name/container_id>:/opt/splunk/var/run/diags/<filename> <location on your local machine>
+$ docker cp <container_name/container_id>:/opt/splunk/<filename> <location on your local machine>
 ```
 
 ## Contact

test_scenarios/1sh1cm.yaml

@@ -0,0 +1,42 @@
+version: "3.6"
+
+networks:
+  splunknet:
+    driver: bridge
+    attachable: true
+
+services:
+  sh1:
+    networks:
+      splunknet:
+        aliases:
+          - sh1
+    image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
+    hostname: sh1
+    container_name: sh1
+    environment:
+      - SPLUNK_START_ARGS=--accept-license
+      - SPLUNK_CLUSTER_MASTER_URL=cm1
+      - SPLUNK_ROLE=splunk_search_head
+      - SPLUNK_PASSWORD
+      - DEBUG=true
+    ports:
+      - 8000
+      - 8089
+
+  cm1:
+    networks:
+      splunknet:
+        aliases:
+          - cm1
+    image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
+    hostname: cm1
+    container_name: cm1
+    environment:
+      - SPLUNK_START_ARGS=--accept-license
+      - SPLUNK_ROLE=splunk_cluster_master
+      - SPLUNK_PASSWORD
+      - DEBUG=true
+    ports:
+      - 8000
+      - 8089

test_scenarios/1so1cm_connected.yaml

@@ -0,0 +1,41 @@
+version: "3.6"
+
+networks:
+  splunknet:
+    driver: bridge
+    attachable: true
+
+services:
+  cm1:
+    networks:
+      splunknet:
+        aliases:
+          - cm1
+    image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
+    hostname: cm1
+    container_name: cm1
+    environment:
+      - SPLUNK_START_ARGS=--accept-license
+      - SPLUNK_ROLE=splunk_cluster_master
+      - DEBUG=true
+      - SPLUNK_PASSWORD
+    ports:
+      - 8000
+      - 8089
+
+  so1:
+    networks:
+      splunknet:
+        aliases:
+          - so1
+    image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
+    hostname: so1
+    container_name: so1
+    environment:
+      - SPLUNK_START_ARGS=--accept-license
+      - SPLUNK_CLUSTER_MASTER_URL=cm1
+      - DEBUG=true
+      - SPLUNK_PASSWORD
+    ports:
+      - 8000
+      - 8089

test_scenarios/1so1cm_unconnected.yaml

@@ -0,0 +1,40 @@
+version: "3.6"
+
+networks:
+  splunknet:
+    driver: bridge
+    attachable: true
+
+services:
+  cm1:
+    networks:
+      splunknet:
+        aliases:
+          - cm1
+    image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
+    hostname: cm1
+    container_name: cm1
+    environment:
+      - SPLUNK_START_ARGS=--accept-license
+      - SPLUNK_ROLE=splunk_cluster_master
+      - DEBUG=true
+      - SPLUNK_PASSWORD
+    ports:
+      - 8000
+      - 8089
+
+  so1:
+    networks:
+      splunknet:
+        aliases:
+          - so1
+    image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
+    hostname: so1
+    container_name: so1
+    environment:
+      - SPLUNK_START_ARGS=--accept-license
+      - DEBUG=true
+      - SPLUNK_PASSWORD
+    ports:
+      - 8000
+      - 8089

tests/fixtures/pwfile

@@ -0,0 +1 @@
+changeme123