Deployment Architecture

How can I prevent the deployment server from deploying an existing app?

mugurelmargarit
Explorer

Hello,

I'm setting up Splunk Enterprise 6.4.1 and I'm configuring it using Chef. I want to make use of the deployment server to use apps so the process is I check out my apps from a Git repo, which I then pack in a .tar.gz file. I only re-create that .tar.gz file when I add a new application. I then proceed to download the .tar.gz file somewhere on the server and I extract it. The old install I rename as old and the new files I extract in a directory called new, which I then rename to current after I've extracted the apps there. I then create a symlink for /opt/splunk/etc/deployment-apps to point to that directory and update serverclass.conf manually. The problem is that my Chef recipe does these steps every time and it keeps installing the apps over and over again. Here's a sample log:

07-12-2016 11:32:07.674 +0000 INFO  DeployedApplication - Checksum mismatch 9038096492216933078 <> 5784616587066482821 for app=chef_analytics_splunk_app. Will reload from='xx.xx.xxx.179:8089/services/streams/deployment?name=default:MugurelTest:chef_analytics_splunk_app'
07-12-2016 11:32:07.708 +0000 INFO  DeployedApplication - Downloaded url=xx.xx.xxx.179:8089/services/streams/deployment?name=default:MugurelTest:chef_analytics_splunk_app to file='/opt/splunk/var/run/MugurelTest/chef_analytics_splunk_app-1468323117.bundle' sizeKB=740
07-12-2016 11:32:07.715 +0000 INFO  DeployedApplication - Installing app=chef_analytics_splunk_app to='/opt/splunk/etc/master-apps/chef_analytics_splunk_app'
07-12-2016 11:32:07.738 +0000 WARN  DC:DeploymentClient - Restarting Splunkd..

I don't understand why it does that because I have set crossServerChecksum to true (and tried with false as well) in serverclass.conf:

[global]
crossServerChecksum = true

[serverClass:MugurelTest:app:chef_analytics_splunk_app]
restartSplunkWeb = 0
restartSplunkd = 1
stateOnClient = enabled

[serverClass:MugurelTest]
whitelist.0 = xx.xx.xxx.169
whitelist.1 = xx.xx.xxx.180

How can I actually force it not to reinstall already installed apps?

0 Karma
1 Solution

woodcock
Esteemed Legend

This is like saying "how can I get my car engine not to start when I turn the ignition key". This is fundamental to how the Deployment Server works. It is a pull technology, not a push technology. Both client and server maintain independent checksums for each app directory and whenever a DC requests the checksum list from the DS and receives a checksum that does not match (or notices one side has an app in the list that the other side does not), it immediately corrects by asking for a new copy from DS. That is the whole point! Now, that being said, you actually can prevent updates from happening EVER, no matter what, on an app-by-app basis, simply adding this setting to app.conf file. Doing so means that the first step in the update my app process (disable my app so nobody can use it while I am updating it) can never be achieved so the entire update process is blocked:

allows_disable = false

View solution in original post

somesoni2
SplunkTrust
SplunkTrust

May be think of updating your chef script to only publish new/updated app and not all the apps.

0 Karma

DavidHourani
Super Champion

Hello,

You could trick your deployment server by changing the permissions on the files you are manipulating. If the user running the splunkd has no permission over the files you are changing, they cannot be pushed. Once you are ready to push you can change the permissions again and set them accordingly to allow your splunkd to read the files and hence send them over.

Regards,
David

0 Karma

woodcock
Esteemed Legend

This will not work because splunk simply renames the entire app directory as something else and then creates a new directory, thus obviating the need to touch any files. It might work if you locked down all the directories.

0 Karma

woodcock
Esteemed Legend

This is like saying "how can I get my car engine not to start when I turn the ignition key". This is fundamental to how the Deployment Server works. It is a pull technology, not a push technology. Both client and server maintain independent checksums for each app directory and whenever a DC requests the checksum list from the DS and receives a checksum that does not match (or notices one side has an app in the list that the other side does not), it immediately corrects by asking for a new copy from DS. That is the whole point! Now, that being said, you actually can prevent updates from happening EVER, no matter what, on an app-by-app basis, simply adding this setting to app.conf file. Doing so means that the first step in the update my app process (disable my app so nobody can use it while I am updating it) can never be achieved so the entire update process is blocked:

allows_disable = false

mugurelmargarit
Explorer

Thanks a lot, I'll try this. I think I found a work-around using rsync but will keep the settings for app.conf in mind. Cheers.

0 Karma

woodcock
Esteemed Legend

I believe that this capability has been broken/deprecated in recent versions.

0 Karma

woodcock
Esteemed Legend

This is a chef question, not a splunk (DS) question, right?

0 Karma

mugurelmargarit
Explorer

Not necessarily - how can I actually get Splunk to ignore the checksums of the apps? Setting crossServerChecksum to false does not seem to work. I guess it would be helpful to also know how Splunk determines the checksum to see if I can find any workarounds?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...