Merge branch 'develop' into squash-redhat-layers

nwang92 · web-flow · commit d4d5cf85ebca · 2019-09-24T12:12:43.000-07:00
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -44,7 +44,7 @@ jobs:
           command: make test_debian9_image_size
       - run:
           name: Running debian9 CI Tests
-          command: make run_tests_debian9
+          command: make run_tests_debian10
           no_output_timeout: 20m
       - store_artifacts:
           path: test-results
diff --git a/Makefile b/Makefile
@@ -7,8 +7,8 @@ SPLUNK_ANSIBLE_BRANCH ?= develop
 SPLUNK_COMPOSE ?= cluster_absolute_unit.yaml
 # Set Splunk version/build parameters here to define downstream URLs and file names
 SPLUNK_PRODUCT := splunk
-SPLUNK_VERSION := 7.3.0
-SPLUNK_BUILD := 657388c7a488
+SPLUNK_VERSION := 7.3.1.1
+SPLUNK_BUILD := 7651b7244cf2
 ifeq ($(shell arch), s390x)
 	SPLUNK_ARCH = s390x
 else
diff --git a/_config.yml b/_config.yml
@@ -1 +1,7 @@
-theme: jekyll-theme-modernist
+theme: jekyll-theme-modernist
+relative_links:
+  enabled: true
+  collections: true
+markdown: kramdown
+kramdown:
+  parse_block_html: true
diff --git a/base/debian-10/install.sh b/base/debian-10/install.sh
@@ -31,7 +31,7 @@ ln -sf /usr/share/zoneinfo/UTC /etc/localtime
 apt update
 
 # put back tools for customer support
-apt-get install -y --no-install-recommends curl sudo libgssapi-krb5-2 busybox procps acl
+apt-get install -y --no-install-recommends curl sudo libgssapi-krb5-2 busybox procps acl gcc libssl-dev libffi-dev python2-dev
 apt-get install -y --no-install-recommends python-pip python-setuptools python-requests python-yaml
 pip --no-cache-dir install ansible
 
diff --git a/base/redhat-8/Dockerfile b/base/redhat-8/Dockerfile
@@ -20,7 +20,7 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal
 LABEL name="splunk" \
       maintainer="support@splunk.com" \
       vendor="splunk" \
-      version="7.3.0" \
+      version="7.3.1.1" \
       release="1" \
       summary="UBI 8 Docker image of Splunk Enterprise" \
       description="Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results."
diff --git a/docs/EXAMPLES.md b/docs/EXAMPLES.md
@@ -13,6 +13,7 @@ Note that for more complex scenarios, we will opt to use a [Docker compose file]
     * [...with HEC](#create-standalone-with-hec)
     * [...with any app](#create-standalone-with-app)
     * [...with a SplunkBase app](#create-standalone-with-splunkbase-app)
+    * [...with SSL enabled](#create-standalone-with-ssl-enabled)
 * [Create standalone and universal forwarder](#create-standalone-and-universal-forwarder)
 * [Create heavy forwarder](#create-heavy-forwarder)
 * [Create heavy forwarder and deployment server](#create-heavy-forwarder-and-deployment-server)
@@ -30,9 +31,10 @@ $ docker run --name so1 --hostname so1 -p 8000:8000 -e "SPLUNK_PASSWORD=<passwor
 ```
 
 ## Create standalone from compose
-<details><summary>docker-compose.yml</summary><p>
 
-```
+<details><summary markdown="span">docker-compose.yml</summary>
+
+```yaml
 version: "3.6"
 
 services:
@@ -45,7 +47,7 @@ services:
     ports:
       - 8000
 ```
-</p></details>
+</details>
 
 Execute the following to bring up your deployment:
 ```
@@ -55,9 +57,9 @@ $ SPLUNK_PASSWORD=<password> docker-compose up -d
 ## Create standalone with license
 Adding a Splunk Enterprise license can be done in multiple ways. Please review the following compose files below to see how it can be achieved, either with a license hosted on a webserver or with a license file as a direct mount.
 
-<details><summary>docker-compose.yml - license from URL</summary><p>
+<details><summary>docker-compose.yml - license from URL</summary>
 
-```
+```yaml
 version: "3.6"
 
 services:
@@ -71,11 +73,11 @@ services:
     ports:
       - 8000
 ```
-</p></details>
+</details>
 
-<details><summary>docker-compose.yml - license from file</summary><p>
+<details><summary>docker-compose.yml - license from file</summary>
 
-```
+```yaml
 version: "3.6"
 
 services:
@@ -91,7 +93,7 @@ services:
     volumes:
       - ./splunk.lic:/tmp/license/splunk.lic
 ```
-</p></details>
+</details>
 
 
 Execute the following to bring up your deployment:
@@ -102,9 +104,9 @@ $ SPLUNK_PASSWORD=<password> docker-compose up -d
 ## Create standalone with HEC
 To learn more about what the HTTP event collector (HEC) is and how to use it, please review the documentation [here](https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector).
 
-<details><summary>docker-compose.yml</summary><p>
+<details><summary>docker-compose.yml</summary>
 
-```
+```yaml
 version: "3.6"
 
 services:
@@ -118,7 +120,7 @@ services:
     ports:
       - 8000
 ```
-</p></details>
+</details>
 
 Execute the following to bring up your deployment:
 ```
@@ -132,9 +134,11 @@ $ curl -k https://localhost:8088/services/collector/event -H "Authorization: Spl
 ```
 
 ## Create standalone with app
-<details><summary>docker-compose.yml</summary><p>
+Splunk apps can also be installed using this Docker image.
 
-```
+<details><summary>docker-compose.yml</summary>
+
+```yaml
 version: "3.6"
 
 services:
@@ -148,17 +152,19 @@ services:
     ports:
       - 8000
 ```
-</p></details>
+</details>
 
 Execute the following to bring up your deployment:
 ```
 $ SPLUNK_PASSWORD=<password> docker-compose up -d
 ```
 
 ## Create standalone with SplunkBase app
-<details><summary>docker-compose.yml</summary><p>
+Apps showcased on SplunkBase can also be installed using this Docker image.
 
-```
+<details><summary>docker-compose.yml</summary>
+
+```yaml
 version: "3.6"
 
 services:
@@ -174,17 +180,39 @@ services:
     ports:
       - 8000
 ```
-</p></details>
+</details>
 
 Execute the following to bring up your deployment:
 ```
 $ SPLUNKBASE_PASSWORD=<splunkbase_password> SPLUNK_PASSWORD=<password> docker-compose up -d
 ```
 
-## Create standalone and universal forwarder
-<details><summary>docker-compose.yml</summary><p>
+## Create standalone with SSL enabled
+
+To enable SSL over SplunkWeb, you'll first need to generate your self-signed certificates. Please see the [Splunk docs](https://docs.splunk.com/Documentation/Splunk/latest/Security/Self-signcertificatesforSplunkWeb) on how to go about doing this. For the purposes of local development, you can use:
+```
+openssl req -x509 -newkey rsa:4096 -passout pass:abcd1234 -keyout /home/key.pem -out /home/cert.pem -days 365 -subj /CN=localhost
+```
 
+Once you have your certificates available, you can execute the following to bring up your deployment with SSL enabled on the Splunk Web UI:
 ```
+$ docker run --name so1 --hostname so1 -p 8000:8000 \
+              -e "SPLUNK_HTTP_ENABLESSL=true" \
+              -e "SPLUNK_HTTP_ENABLESSL_CERT=/home/cert.pem" \
+              -e "SPLUNK_HTTP_ENABLESSL_PRIVKEY=/home/key.pem" \
+              -e "SPLUNK_HTTP_ENABLESSL_PRIVKEY_PASSWORD=abcd1234" \
+              -e "SPLUNK_PASSWORD=<password>" \
+              -e "SPLUNK_START_ARGS=--accept-license" \
+              -v /home:/home \ 
+              -it splunk/splunk:latest
+```
+
+## Create standalone and universal forwarder
+You can also enable distributed deployments. In this case, we can create a Splunk universal forwarder running in a container to stream logs to a Splunk standalone, also running in a container.
+
+<details><summary>docker-compose.yml</summary>
+
+```yaml
 version: "3.6"
 
 networks:
@@ -225,7 +253,7 @@ services:
       - 8000
       - 8089
 ```
-</p></details>
+</details>
 
 Execute the following to bring up your deployment:
 ```
@@ -235,9 +263,9 @@ $ SPLUNK_PASSWORD=<password> docker-compose up -d
 ## Create heavy forwarder
 The following will allow you spin up a forwarder, and stream its logs to an independent, external indexer located at `idx1-splunk.company.internal`, as long as that hostname is reachable on your network.
 
-<details><summary>docker-compose.yml</summary><p>
+<details><summary>docker-compose.yml</summary>
 
-```
+```yaml
 version: "3.6"
 
 networks:
@@ -263,7 +291,7 @@ services:
     ports:
       - 1514
 ```
-</p></details>
+</details>
 
 Execute the following to bring up your deployment:
 ```
@@ -273,9 +301,9 @@ $ SPLUNK_PASSWORD=<password> docker-compose up -d
 ## Create heavy forwarder and deployment server
 The following will allow you spin up a forwarder, and stream its logs to an independent, external indexer located at `idx1-splunk.company.internal`, as long as that hostname is reachable on your network. Additionally, it brings up a deployment server, which will download an app and distribute it to the heavy forwarder.
 
-<details><summary>docker-compose.yml</summary><p>
+<details><summary>docker-compose.yml</summary>
 
-```
+```yaml
 version: "3.6"
 
 networks:
@@ -316,7 +344,7 @@ services:
       - SPLUNK_APPS_URL=https://artifact.company.internal/splunk_app.tgz
       - SPLUNK_PASSWORD
 ```
-</p></details>
+</details>
 
 Execute the following to bring up your deployment:
 ```
@@ -330,9 +358,9 @@ $ docker run -it -e SPLUNK_PASSWORD=<password> splunk/splunk:latest create-defau
 ```
 
 Additionally, review the `docker-compose.yml` below to understand how linking Splunk instances together through roles and environment variables is accomplished:
-<details><summary>docker-compose.yml</summary><p>
+<details><summary>docker-compose.yml</summary>
 
-```
+```yaml
 version: "3.6"
 
 networks:
@@ -445,7 +473,7 @@ services:
     volumes:
       - ./default.yml:/tmp/defaults/default.yml
 ```
-</p></details>
+</details>
 
 Execute the following to bring up your deployment:
 ```
@@ -459,9 +487,9 @@ $ docker run -it -e SPLUNK_PASSWORD=<password> splunk/splunk:latest create-defau
 ```
 
 Additionally, review the `docker-compose.yml` below to understand how linking Splunk instances together through roles and environment variables is accomplished:
-<details><summary>docker-compose.yml</summary><p>
+<details><summary>docker-compose.yml</summary>
 
-```
+```yaml
 version: "3.6"
 
 networks:
@@ -575,7 +603,7 @@ services:
     volumes:
       - ./default.yml:/tmp/defaults/default.yml
 ```
-</p></details>
+</details>
 
 Execute the following to bring up your deployment:
 ```
@@ -589,9 +617,9 @@ $ docker run -it -e SPLUNK_PASSWORD=<password> splunk/splunk:latest create-defau
 ```
 
 Additionally, review the `docker-compose.yml` below to understand how linking Splunk instances together through roles and environment variables is accomplished:
-<details><summary>docker-compose.yml</summary><p>
+<details><summary>docker-compose.yml</summary>
 
-```
+```yaml
 version: "3.6"
 
 networks:
@@ -776,17 +804,17 @@ services:
     volumes:
       - ./default.yml:/tmp/defaults/default.yml
 ```
-</p></details>
+</details>
 
 Execute the following to bring up your deployment:
 ```
 $ docker-compose up -d
 ```
 
 ## Enable root endpoint on SplunkWeb
-<details><summary>docker-compose.yml</summary><p>
+<details><summary>docker-compose.yml</summary>
 
-```
+```yaml
 version: "3.6"
 
 services:
@@ -800,7 +828,7 @@ services:
     ports:
       - 8000
 ```
-</p></details>
+</details>
 
 Execute the following to bring up your deployment:
 ```
@@ -810,9 +838,9 @@ $ SPLUNK_PASSWORD=<password> docker-compose up -d
 Then, visit SplunkWeb on your browser with the root endpoint in the URL, such as `http://localhost:8000/splunkweb`.
 
 ## Create sidecar forwarder
-<details><summary>k8s-sidecar.yml</summary><p>
+<details><summary>k8s-sidecar.yml</summary>
 
-```
+```yaml
 apiVersion: v1
 kind: Pod
 metadata:
@@ -842,7 +870,7 @@ spec:
   - name: shared-data
     emptyDir: {}
 ```
-</p></details>
+</details>
 
 Execute the following to bring up your deployment:
 ```
diff --git a/splunk/common-files/Dockerfile b/splunk/common-files/Dockerfile
@@ -97,12 +97,12 @@ COPY splunk-ansible ${SPLUNK_ANSIBLE_HOME}
 # Set sudo rights
 RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers \
     && sudo echo -e '\nansible ALL=(splunk)NOPASSWD:ALL' >> /etc/sudoers \
-    # Create the ansible user/group
+    && echo 'Create the ansible user/group' \
     && groupadd -r ${ANSIBLE_GROUP} \
     && useradd -r -m -g ${ANSIBLE_GROUP} ${ANSIBLE_USER} \
     && usermod -aG sudo ${ANSIBLE_USER} \
     && usermod -aG ${ANSIBLE_GROUP} ${SPLUNK_USER} \
-    # Container Artifact Directory is a place for all artifacts and logs that are generated by the provisioning process. The directory is owned by the user "ansible".
+    && echo 'Container Artifact Directory is a place for all artifacts and logs that are generated by the provisioning process. The directory is owned by the user "ansible".' \
     && mkdir ${CONTAINER_ARTIFACT_DIR} \
     && chown -R ${ANSIBLE_USER}:${ANSIBLE_GROUP} ${CONTAINER_ARTIFACT_DIR} \
     && chmod -R 775 ${CONTAINER_ARTIFACT_DIR} \
diff --git a/splunk/common-files/make-minimal-exclude.py b/splunk/common-files/make-minimal-exclude.py
@@ -31,7 +31,7 @@
 */share/splunk/pdf*
 *mrsparkle*"""
 
-m = re.match(".*splunk-([0-9]+)\.([0-9]+)\.[0-9]+-[0-9a-z]+-Linux-[0-9a-z_-]+.tgz", sys.argv[1])
+m = re.match(".*splunk-([0-9]+)\.([0-9]+)\.[0-9]+\.?[0-9]?-[0-9a-z]+-Linux-[0-9a-z_-]+.tgz", sys.argv[1])
 
 if m and m.group(1):
     if m.group(1) == "7":
