Merge pull request #244 from splunk/develop

Syncing develop with master

Author: nwang92

.circleci/config.yml

@@ -1,6 +1,6 @@
 version: 2
 jobs:
-  docker-splunk-test:
+  security-scanning:
     machine:
       image: circleci/classic:latest
     steps:
@@ -21,10 +21,6 @@ jobs:
           name: Build Container
           command: |
             make all
-      - run:
-          name: Export Build Images for Artifacts
-          command: |
-            make save_containers
       - run:
           name: Run Vulnerability Scanner
           command: |
@@ -33,29 +29,121 @@ jobs:
           name: Store Scanner Logs
           path: clair-scanner-logs
           destintation: clair-scanner-logs
+      - store_artifacts:
+          path: test-results
+          destination: test-results
+  debian10-testing:
+    machine:
+      image: circleci/classic:latest
+    steps:
+      - checkout
       - run:
-          name: Test Python3 installation
-          command: make test_python3_all
+          name: Setup python3
+          command: |
+            pyenv global 2.7.12 3.5.2
+            python --version
+            pip --version
+            python3 --version
+            pip3 --version
       - run:
-          name: Test Python2 as the default
-          command: make test_python2_all
+          name: Setup Tests / Scanner Requirements
+          command: |
+            make test_setup
+      - run:
+          name: Build Debian 10 Splunk
+          command: |
+            make splunk-debian-10
+      - run:
+          name: Build Debian 10 UF
+          command: |
+            make uf-debian-10
       - run:
           name: Test if image size increase
-          command: make test_debian9_image_size
+          command: make test_debian10_image_size
       - run:
-          name: Running debian9 CI Tests
+          name: Run Debian 10 image tests
           command: make run_tests_debian10
           no_output_timeout: 20m
       - store_artifacts:
           path: test-results
           destination: test-results
       - store_test_results:
           path: test-results
-
+  redhat8-testing:
+    machine:
+      image: circleci/classic:latest
+    steps:
+      - checkout
+      - run:
+          name: Setup python3
+          command: |
+            pyenv global 2.7.12 3.5.2
+            python --version
+            pip --version
+            python3 --version
+            pip3 --version
+      - run:
+          name: Setup Tests / Scanner Requirements
+          command: |
+            make test_setup
+      - run:
+          name: Build Redhat 8 Splunk
+          command: |
+            make splunk-redhat-8
+      - run:
+          name: Build Redhat 8 UF
+          command: |
+            make uf-redhat-8
+      - run:
+          name: Run Redhat 8 image tests
+          command: make run_tests_redhat8
+          no_output_timeout: 20m
+      - store_artifacts:
+          path: test-results
+          destination: test-results
+      - store_test_results:
+          path: test-results
+  container-validation:
+    machine:
+      image: circleci/classic:latest
+    steps:
+      - checkout
+      - run:
+          name: Setup python3
+          command: |
+            pyenv global 2.7.12 3.5.2
+            python --version
+            pip --version
+            python3 --version
+            pip3 --version
+      - run:
+          name: Setup Tests / Scanner Requirements
+          command: |
+            make test_setup
+      - run:
+          name: Build Container
+          command: |
+            make all
+      - run:
+          name: Export Build Images for Artifacts
+          command: |
+            make save_containers
+      - run:
+          name: Test Python3 installation
+          command: make test_python3_all
+      - run:
+          name: Test Python2 as the default
+          command: make test_python2_all
+      - store_artifacts:
+          path: test-results
+          destination: test-results
 workflows:
   version: 2
-  run_tests:
+  build:
     jobs:
-      - docker-splunk-test
+      - security-scanning
+      - debian10-testing
+      - container-validation
+      - redhat8-testing
 
 

Makefile

@@ -400,16 +400,16 @@ docker exec -it $1 bash -c 'if [[ $$(python -V 2>&1) =~ "Python 2" ]] ; then ech
 docker kill $1
 endef
 
-test_debian9_image_size:
-	$(call test_image_size,splunk-debian-9)
+test_debian10_image_size:
+	$(call test_image_size,splunk-debian-10)
 
 define test_image_size
 docker pull splunk/splunk:edge
 CUR_SIZE=$$(docker image inspect $1:latest --format='{{.Size}}') ; \
 EDGE_SIZE=$$(docker image inspect splunk/splunk:edge --format='{{.Size}}') ; \
 echo "current $1 image size = "$$CUR_SIZE ; \
 echo "edge image size = "$$EDGE_SIZE ; \
-if [[ $$CUR_SIZE -gt $$EDGE_SIZE*102/100 ]] ; then echo "current image size is 2% more than edge image" ; exit 1 ; fi
+if [[ $$CUR_SIZE -gt $$EDGE_SIZE*120/100 ]] ; then echo "current image size is 20% more than edge image" ; exit 1 ; fi
 endef
 
 setup_clair_scanner:

base/redhat-8/Dockerfile

@@ -25,9 +25,9 @@ LABEL name="splunk" \
       summary="UBI 8 Docker image of Splunk Enterprise" \
       description="Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results."
 
-RUN mkdir /licenses; \
-	curl -o /licenses/apache-2.0.txt https://www.apache.org/licenses/LICENSE-2.0.txt; \
-	curl -o /licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf
-
 COPY install.sh /install.sh
-RUN /install.sh && rm -rf /install.sh
+
+RUN mkdir /licenses \
+    && curl -o /licenses/apache-2.0.txt https://www.apache.org/licenses/LICENSE-2.0.txt \
+    && curl -o /licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf \
+    && /install.sh && rm -rf /install.sh

base/redhat-8/install.sh

@@ -16,6 +16,7 @@
 set -e
 
 # reinstalling local en def for now, removed in minimal image https://bugzilla.redhat.com/show_bug.cgi?id=1665251
+microdnf -y update
 microdnf -y --nodocs install glibc-langpack-en
 
 #Currently there is no access to the UTF-8 char map, the following command is commented out until
@@ -27,24 +28,26 @@ export LANG=en_US.utf8
 
 microdnf -y --nodocs install wget sudo shadow-utils procps
 #install busybox direct from the multiarch since epel isn't availible yet for redhat8
-wget https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-x86_64
-mv busybox-x86_64 /bin/busybox
+wget -O /bin/busybox https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-`arch`
 chmod +x /bin/busybox
-microdnf -y --nodocs install python2 tar
-pip2 -q --no-cache-dir install requests ansible
+microdnf -y --nodocs install gcc redhat-rpm-config python2-devel libffi-devel openssl-devel tar
+pip2 --no-cache-dir install requests ansible
+microdnf -y remove gcc libffi-devel openssl-devel
+microdnf clean all
 
 cd /bin
-ln -s busybox diff
-ln -s busybox hostname
-ln -s busybox killall
-ln -s busybox netstat
-ln -s busybox nslookup
-ln -s busybox ping
-ln -s busybox ping6
-ln -s busybox readline
-ln -s busybox route
-ln -s busybox syslogd
-ln -s busybox traceroute
+ln -s python2 python || true
+ln -s busybox diff || true
+ln -s busybox hostname || true
+ln -s busybox killall || true
+ln -s busybox netstat || true
+ln -s busybox nslookup || true
+ln -s busybox ping || true
+ln -s busybox ping6 || true
+ln -s busybox readline || true
+ln -s busybox route || true
+ln -s busybox syslogd || true
+ln -s busybox traceroute || true
 chmod u+s /bin/ping
 groupadd sudo
 

docs/EXAMPLES.md

@@ -13,6 +13,7 @@ Note that for more complex scenarios, we will opt to use a [Docker compose file]
     * [...with HEC](#create-standalone-with-hec)
     * [...with any app](#create-standalone-with-app)
     * [...with a SplunkBase app](#create-standalone-with-splunkbase-app)
+    * [...with SSL enabled](#create-standalone-with-ssl-enabled)
 * [Create standalone and universal forwarder](#create-standalone-and-universal-forwarder)
 * [Create heavy forwarder](#create-heavy-forwarder)
 * [Create heavy forwarder and deployment server](#create-heavy-forwarder-and-deployment-server)
@@ -186,6 +187,26 @@ Execute the following to bring up your deployment:
 $ SPLUNKBASE_PASSWORD=<splunkbase_password> SPLUNK_PASSWORD=<password> docker-compose up -d
 ```
 
+## Create standalone with SSL enabled
+
+To enable SSL over SplunkWeb, you'll first need to generate your self-signed certificates. Please see the [Splunk docs](https://docs.splunk.com/Documentation/Splunk/latest/Security/Self-signcertificatesforSplunkWeb) on how to go about doing this. For the purposes of local development, you can use:
+```
+openssl req -x509 -newkey rsa:4096 -passout pass:abcd1234 -keyout /home/key.pem -out /home/cert.pem -days 365 -subj /CN=localhost
+```
+
+Once you have your certificates available, you can execute the following to bring up your deployment with SSL enabled on the Splunk Web UI:
+```
+$ docker run --name so1 --hostname so1 -p 8000:8000 \
+              -e "SPLUNK_HTTP_ENABLESSL=true" \
+              -e "SPLUNK_HTTP_ENABLESSL_CERT=/home/cert.pem" \
+              -e "SPLUNK_HTTP_ENABLESSL_PRIVKEY=/home/key.pem" \
+              -e "SPLUNK_HTTP_ENABLESSL_PRIVKEY_PASSWORD=abcd1234" \
+              -e "SPLUNK_PASSWORD=<password>" \
+              -e "SPLUNK_START_ARGS=--accept-license" \
+              -v /home:/home \ 
+              -it splunk/splunk:latest
+```
+
 ## Create standalone and universal forwarder
 You can also enable distributed deployments. In this case, we can create a Splunk universal forwarder running in a container to stream logs to a Splunk standalone, also running in a container.
 

docs/SETUP.md

@@ -52,7 +52,7 @@ Let's break down what this command does:
 After the container starts up successfully, you should be able to access SplunkWeb at http://localhost:8000 with `admin:<password>`.
 
 ##### Splunk Universal Forwarder
-Use the following command to start a single standalone instance of Splunk Enterprise:
+Use the following command to start a single standalone instance of Splunk Universal Forwarder:
 ```
 $ docker run --network skynet --name uf1 --hostname uf1 -e "SPLUNK_PASSWORD=<password>" -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_STANDALONE_URL=so1" -it splunk/universalforwarder:latest
 ```

splunk/common-files/Dockerfile

@@ -97,12 +97,12 @@ COPY splunk-ansible ${SPLUNK_ANSIBLE_HOME}
 # Set sudo rights
 RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers \
     && sudo echo -e '\nansible ALL=(splunk)NOPASSWD:ALL' >> /etc/sudoers \
-    # Create the ansible user/group
+    && echo 'Create the ansible user/group' \
     && groupadd -r ${ANSIBLE_GROUP} \
     && useradd -r -m -g ${ANSIBLE_GROUP} ${ANSIBLE_USER} \
     && usermod -aG sudo ${ANSIBLE_USER} \
     && usermod -aG ${ANSIBLE_GROUP} ${SPLUNK_USER} \
-    # Container Artifact Directory is a place for all artifacts and logs that are generated by the provisioning process. The directory is owned by the user "ansible".
+    && echo 'Container Artifact Directory is a place for all artifacts and logs that are generated by the provisioning process. The directory is owned by the user "ansible".' \
     && mkdir ${CONTAINER_ARTIFACT_DIR} \
     && chown -R ${ANSIBLE_USER}:${ANSIBLE_GROUP} ${CONTAINER_ARTIFACT_DIR} \
     && chmod -R 775 ${CONTAINER_ARTIFACT_DIR} \

splunk/common-files/entrypoint.sh

@@ -163,7 +163,7 @@ case "$1" in
 		configure_multisite $0
 		;;
 	create-defaults)
-	  create_defaults
+		create_defaults
 		;;
 	restart)
 		shift