We have successfully built an environment for Splunk Enterprise using manual and publicly available Docker images. Next, I would like to create and build a docker file by myself.
/splunk
/Dockerfile
/files
/splunk-launch.conf
./Dockerfile
Try building the installation destination with "/ usr / local / splunk" and the initial password for the admin user with "change me".
FROM ubuntu:18.04
RUN apt-get update -y
RUN apt-get install -y \
wget
RUN wget -P /usr/local/src -O splunk-8.0.6-152fb4b2bb96-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.6&product=splunk&filename=splunk-8.0.6-152fb4b2bb96-Linux-x86_64.tgz&wget=true'
RUN tar zxvf splunk-8.0.6-152fb4b2bb96-Linux-x86_64.tgz -C /usr/local/
COPY ./files/splunk-launch.conf /usr/local/splunk/etc
RUN /usr/local/splunk/bin/splunk start --accept-license --answer-yes --seed-passwd changeme
./files/splunk-launch.conf
# Version 8.0.6
# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory containing the splunk
# CLI executable.
#
# SPLUNK_HOME=/opt/splunk-home
SPLUNK_HOME=/usr/local/splunk
# By default, Splunk stores its indexes under SPLUNK_HOME in the
# var/lib/splunk subdirectory. This can be overridden
# here:
#
# SPLUNK_DB=/opt/splunk-home/var/lib/splunk
# Splunkd daemon name
SPLUNK_SERVER_NAME=Splunkd
# If SPLUNK_OS_USER is set, then Splunk service will only start
# if the 'splunk [re]start [splunkd]' command is invoked by a user who
# is, or can effectively become via setuid(2), $SPLUNK_OS_USER.
# (This setting can be specified as username or as UID.)
#
# SPLUNK_OS_USER
OPTIMISTIC_ABOUT_FILE_LOCKING=1
$ docker build -t splunk .
$ docker run -itd -p 8000:8000 --name splunk splunk
※(Task)Splunk didn't start with just this, so I intentionally restarted it.
$ docker exec splunk sh -c "/usr/local/splunk/bin/splunk restart"
$ docker exec -it splunk /bin/bash
$ docker exec splunk sh -c "/usr/local/splunk/bin/splunk diag"
Collecting components: conf_replication_summary, consensus, dispatch, etc, file_validate, index_files, index_listing, kvstore, log, searchpeers, suppression_listing
Skipping components: rest
Selected diag name of: diag-7ffffbe066aa-2020-09-11_07-32-48
Starting splunk diag...
:
Cleaning up...
Splunk diagnosis file created: /usr/local/splunk/diag-7ffffbe066aa-2020-09-11_07-32-48.tar.gz
Copy the file to the folder on the host side mounted at startup (If you can set the output destination of diag, you do not need to execute this command)
$ docker exec splunk sh -c "cp /usr/local/splunk/diag-f03a58497527-2020-09-11_07-42-14.tar.gz /tmp"
* Confirmation of copy result
$ ll ./Volumes/tmp/
total 15M
drwxrwxr-x 2 xxxxx xxxxx 4.0K Sep 11 16:42 ./
drwxrwxr-x 3 xxxxx xxxxx 4.0K Sep 11 16:35 ../
-rw------- 1 root root 15M Sep 11 16:42 diag-f03a58497527-2020-09-11_07-42-14.tar.gz
Or copy the file from inside the container to the host with the following command
$ docker cp splunk://usr/local/splunk/diag-f03a58497527-2020-09-11_07-42-14.tar.gz ./
$ ll
total 15M
drwxrwxr-x 4 xxxxx xxxxx 4.0K Sep 11 16:47 ./
drwxrwxr-x 11 xxxxx xxxxx 4.0K Sep 11 11:25 ../
-rw------- 1 xxxxx xxxxx 15M Sep 11 16:42 diag-f03a58497527-2020-09-11_07-42-14.tar.gz
-rw-rw-r-- 1 xxxxx xxxxx 551 Sep 11 16:26 Dockerfile
drwxrwxr-x 2 xxxxx xxxxx 4.0K Sep 11 16:09 files/
drwxrwxr-x 3 xxxxx xxxxx 4.0K Sep 11 16:35 Volumes/
Splunk didn't start when I just started the container, and I still had the problem of having to restart it manually, but I was able to start Splunk inside the container without polluting the host.
Recommended Posts