Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure compatibility with Splunk 9.2.0.1 and 9.0.0 #350

Merged
merged 4 commits into from
Mar 22, 2024

Conversation

siegy22
Copy link
Contributor

@siegy22 siegy22 commented Nov 19, 2023

Pull Request (PR) description

Multiple fixes/improvements to ensure compatibility to install Splunk 9, due to Splunk 7 and 8 being EOL.

This Pull Request (PR) fixes the following issues

Fixes #348

@luedderd
Copy link
Contributor

@siegy22 can you retrigger the CI checks by either closing/reopening this PR or doing the following:

git commit -m "retrigger checks" --allow-empty
git push

#348 is blocking an upgrade deployment in my environment, I'd troubleshoot the failed checks here to help contribute towards a merge but the logs have since expired. Thanks!

@siegy22
Copy link
Contributor Author

siegy22 commented Mar 15, 2024

@luedderd I amended and force pushed, CI is running once again 😄

@luedderd
Copy link
Contributor

I haven't worked with these kind of Puppet CI tests before but it seems they're failing in all current PRs for a different issue related to the seed admin password.

@kenyon @bastelfreak seem to be the most active approvers, is there anything else holding this from being approved/merged? Thanks in advance

@siegy22
Copy link
Contributor Author

siegy22 commented Mar 15, 2024

@luedderd I spent some hours debugging the GitHub actions. Finally found out what's the problem, I opened a separate PR: #356
After this is merged, we can probably rebase and go on here. 🎉

@siegy22 siegy22 force-pushed the master branch 3 times, most recently from 15886b3 to 7b48d2f Compare March 16, 2024 13:28
@siegy22
Copy link
Contributor Author

siegy22 commented Mar 16, 2024

@luedderd I rebased onto my other branch and also added tests.
As of now, you could set splunk::enterprise::enterprise_package_src to the full URL to make it work. E.g. https://download.splunk.com/products/splunk/releases/9.2.0/linux/splunk-9.2.0-1fff88043d5f.x86_64.rpm for 9.2.0

@bastelfreak
Copy link
Member

With this change, is it still required that net-tools are explicitly installed?

# Required for splunk 7.2.4.2
if $splunk::params::manage_net_tools and $facts['kernel'] == 'Linux' and (versioncmp($splunk::forwarder::version, '7.2.4.2') >= 0) {
stdlib::ensure_packages(['net-tools'], {
'ensure' => 'present',
})
Package['net-tools'] -> Package[$splunk::forwarder::package_name]
}

that's really legacy tooling and the rpm should depend on it if it's an actual dependency. Do we need to explicitly install it?

@siegy22
Copy link
Contributor Author

siegy22 commented Mar 17, 2024

@bastelfreak Didn't check that yet. It's possible that this is not needed anymore. But I'd down to check that in a separate branch/PR. We need to ensure that Splunk 9.x can be installed and upgraded. As of now, even 8.2 is EOL and thus we should probably set the focus to be 9.x compatible for the future.

This change just fixes the URL that is being generated to download splunk.

@bastelfreak bastelfreak self-requested a review March 17, 2024 16:52
@bastelfreak
Copy link
Member

We have acceptance tests at: https://github.com/voxpupuli/puppet-splunk/tree/master/spec/acceptance

can you add one with the new version so we can verify that it works?
If you don't know beaker: The tests are actual puppet code, executed in different docker containers. duplicate one of the existing blocks and add the correct version.

@siegy22
Copy link
Contributor Author

siegy22 commented Mar 17, 2024

There seems to be a issue unrelated to this change when installing 9.2.0.1. The package is downloaded and installed correctly (so this change is working) but the default parameters don't make sense with the newer versions.

I would suggest opening another PR to test the installation and upgrade of 9.x versions on all the platforms. I can do that.

@bastelfreak
Copy link
Member

shouldn't that go into this PR as well? We currently don't support version 9 at all and this PR now implements it in parts, but it's not really usable because of the wrong parameters?

@siegy22 siegy22 force-pushed the master branch 9 times, most recently from 8e2a8f7 to 820fe5b Compare March 17, 2024 20:43
@siegy22 siegy22 changed the title Fix linux-2.6 in download URL for RedHat x86_64 Ensure compatibility with Splunk 9.2.0.1 Mar 17, 2024
Copy link
Member

@kenyon kenyon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

net-tools is actually only required for the Splunk Add-on for Unix and Linux, which collects data on hosts where the splunk forwarder is installed, but I think this add-on is typically always installed on hosts where the forwarder is installed. The docs at https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/Requirements say it's only needed on EL 7 and EL 8, but I wonder if that just hasn't been updated to include EL 9 also.

I wonder if we should just remove everything related to net-tools from this module and leave that up to the user, though.

Related: #308

@siegy22
Copy link
Contributor Author

siegy22 commented Mar 17, 2024

@kenyon I tried it before with a RHEL 9 instance, installing some 8.x versions and 9.x versions. No issues without having net-tools installed. The only version that didn't install that I tried was 7.2.4.2 that said net-tools needed to be installed. Maybe they included the "Splunk Add-on for Unix and Linux" before? But it's no longer relevant for 8.x and 9.x as far as I can tell.

siegy22 added 2 commits March 18, 2024 14:54
Starting with 9.0.5 Splunk changed the filename of the RPM. It no longer includes
"linux-2.6", thus we need to adapt to this change.
Also make sure to not install net-tools for splunk enterprise on Solaris.

#335
This was just added to the splunk forwarder, not for splunk enterprise.
@siegy22 siegy22 changed the title Ensure compatibility with Splunk 9.2.0.1 Ensure compatibility with Splunk 9.2.0.1 and 8.2.12 Mar 18, 2024
@siegy22 siegy22 changed the title Ensure compatibility with Splunk 9.2.0.1 and 8.2.12 Ensure compatibility with Splunk 9.2.0.1 and 9.0.0 Mar 18, 2024
@siegy22
Copy link
Contributor Author

siegy22 commented Mar 19, 2024

@bastelfreak @kenyon Can you review this?

manifests/forwarder.pp Outdated Show resolved Hide resolved
manifests/params.pp Outdated Show resolved Hide resolved
siegy22 added 2 commits March 21, 2024 08:47
A fresh install of the module should probably install a current version of
Splunk, not an already EOL version like 7.2.4.2 before.

Fix user handling:
  Splunk Enterprise uses "splunk". https://docs.splunk.com/Documentation/Splunk/latest/Installation/RunSplunkasadifferentornon-rootuser
  Splunk Forwarder used "splunk" until 9.1.0, then they changed it to "splunkfwd", see https://community.splunk.com/t5/Splunk-Enterprise/Why-did-Universal-forwarder-9-1-0-linux-change-owner/m-p/655673
Also include basic testing for old versions:
- 7.4.2.4 (EOL)
- 8.2.9 (EOL)
- 9.0.0
@luedderd
Copy link
Contributor

Thanks everyone for working on this! I've tested the forked module and it's worked so far on my handful of testing servers, as soon as this is merged/released I look forward to promoting it to the rest of my node inventory. 🎉

@bastelfreak bastelfreak added the enhancement New feature or request label Mar 22, 2024
@bastelfreak bastelfreak merged commit 6fd47b8 into voxpupuli:master Mar 22, 2024
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Splunk 9.0.5+ Package Not Found on RedHat x86_64
4 participants