Deployment Architecture

How can I prevent the deployment server from deploying an existing app?

mugurelmargarit
Explorer

Hello,

I'm setting up Splunk Enterprise 6.4.1 and I'm configuring it using Chef. I want to make use of the deployment server to use apps so the process is I check out my apps from a Git repo, which I then pack in a .tar.gz file. I only re-create that .tar.gz file when I add a new application. I then proceed to download the .tar.gz file somewhere on the server and I extract it. The old install I rename as old and the new files I extract in a directory called new, which I then rename to current after I've extracted the apps there. I then create a symlink for /opt/splunk/etc/deployment-apps to point to that directory and update serverclass.conf manually. The problem is that my Chef recipe does these steps every time and it keeps installing the apps over and over again. Here's a sample log:

07-12-2016 11:32:07.674 +0000 INFO  DeployedApplication - Checksum mismatch 9038096492216933078 <> 5784616587066482821 for app=chef_analytics_splunk_app. Will reload from='xx.xx.xxx.179:8089/services/streams/deployment?name=default:MugurelTest:chef_analytics_splunk_app'
07-12-2016 11:32:07.708 +0000 INFO  DeployedApplication - Downloaded url=xx.xx.xxx.179:8089/services/streams/deployment?name=default:MugurelTest:chef_analytics_splunk_app to file='/opt/splunk/var/run/MugurelTest/chef_analytics_splunk_app-1468323117.bundle' sizeKB=740
07-12-2016 11:32:07.715 +0000 INFO  DeployedApplication - Installing app=chef_analytics_splunk_app to='/opt/splunk/etc/master-apps/chef_analytics_splunk_app'
07-12-2016 11:32:07.738 +0000 WARN  DC:DeploymentClient - Restarting Splunkd..

I don't understand why it does that because I have set crossServerChecksum to true (and tried with false as well) in serverclass.conf:

[global]
crossServerChecksum = true

[serverClass:MugurelTest:app:chef_analytics_splunk_app]
restartSplunkWeb = 0
restartSplunkd = 1
stateOnClient = enabled

[serverClass:MugurelTest]
whitelist.0 = xx.xx.xxx.169
whitelist.1 = xx.xx.xxx.180

How can I actually force it not to reinstall already installed apps?

0 Karma
1 Solution

woodcock
Esteemed Legend

This is like saying "how can I get my car engine not to start when I turn the ignition key". This is fundamental to how the Deployment Server works. It is a pull technology, not a push technology. Both client and server maintain independent checksums for each app directory and whenever a DC requests the checksum list from the DS and receives a checksum that does not match (or notices one side has an app in the list that the other side does not), it immediately corrects by asking for a new copy from DS. That is the whole point! Now, that being said, you actually can prevent updates from happening EVER, no matter what, on an app-by-app basis, simply adding this setting to app.conf file. Doing so means that the first step in the update my app process (disable my app so nobody can use it while I am updating it) can never be achieved so the entire update process is blocked:

allows_disable = false

View solution in original post

somesoni2
SplunkTrust
SplunkTrust

May be think of updating your chef script to only publish new/updated app and not all the apps.

0 Karma

DavidHourani
Super Champion

Hello,

You could trick your deployment server by changing the permissions on the files you are manipulating. If the user running the splunkd has no permission over the files you are changing, they cannot be pushed. Once you are ready to push you can change the permissions again and set them accordingly to allow your splunkd to read the files and hence send them over.

Regards,
David

0 Karma

woodcock
Esteemed Legend

This will not work because splunk simply renames the entire app directory as something else and then creates a new directory, thus obviating the need to touch any files. It might work if you locked down all the directories.

0 Karma

woodcock
Esteemed Legend

This is like saying "how can I get my car engine not to start when I turn the ignition key". This is fundamental to how the Deployment Server works. It is a pull technology, not a push technology. Both client and server maintain independent checksums for each app directory and whenever a DC requests the checksum list from the DS and receives a checksum that does not match (or notices one side has an app in the list that the other side does not), it immediately corrects by asking for a new copy from DS. That is the whole point! Now, that being said, you actually can prevent updates from happening EVER, no matter what, on an app-by-app basis, simply adding this setting to app.conf file. Doing so means that the first step in the update my app process (disable my app so nobody can use it while I am updating it) can never be achieved so the entire update process is blocked:

allows_disable = false

mugurelmargarit
Explorer

Thanks a lot, I'll try this. I think I found a work-around using rsync but will keep the settings for app.conf in mind. Cheers.

0 Karma

woodcock
Esteemed Legend

I believe that this capability has been broken/deprecated in recent versions.

0 Karma

woodcock
Esteemed Legend

This is a chef question, not a splunk (DS) question, right?

0 Karma

mugurelmargarit
Explorer

Not necessarily - how can I actually get Splunk to ignore the checksums of the apps? Setting crossServerChecksum to false does not seem to work. I guess it would be helpful to also know how Splunk determines the checksum to see if I can find any workarounds?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...