Deployment Architecture

What configuration setting will allow the cluster master to regularly apply cluster bundles to peers?

arunraoExp
New Member

Hello,

I am looking for Splunk configuration setting that allows cluster master to push cluster bundles (asynchronously) to peers.

Currently, I have apps folder syncing from git to Deployment server every 15 mins and then propogated to Clustermaster (etc/master-apps). Then, I have to splunk apply cluster-bundle everytime I had to push to Indexers (peers). There is the possibility of peers restarting if certain configurations are updated in indexes.conf, but that is very rare in my setup.

Anyone know of a splunk CM setting that applies cluster bundles whenever there is a change detected.

Thanks!

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

There is no mechanism to do this automatically. Changes to the CM's master-apps should be infrequent.

You could apply the changes in the folder, via copy or sync, and then hit a rest endpoint to apply the bundle as part of your script...

 curl -k -u admin:changeme https://localhost:8089/services/cluster/master/control/control/apply -d skip-validation=true -X POST

This seems to work, even though undocumented...

See here : https://answers.splunk.com/answers/146998/is-there-a-way-to-distribute-cluster-bundle-through-rest-a...

0 Karma

adonio
Ultra Champion

first i will say that i am not aware of such a configuration and would love to know if exist however, it seems like something that is pretty straightforward to script. with that being said, what is the drive behind that need?
I find the CM changes to indexers even in very active environment does not happen very often,. i also find teh CM mechanism of detecting bad configurations and warning about them very helpful and not something i would like to bypass. (although if you script it, you can tell it to let you know if that flag is raised)
hope it helps a little

0 Karma

arunraoExp
New Member

Thanks adonio for your reply. Yes, Indexer apps does not change very often, but i wanted to know if there is a straightforward way of doing it. I already have "sync_bundle_replication" set to auto as per defaults. I see that async bundle replication happens when i apply but I wanted that apply to be automated.

I hope someone from Splunk reply or update documentation, if this can or cannot be done.

Thanks!

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...