diff --git a/.circleci/anchore-policy.json b/.circleci/anchore-policy.json deleted file mode 100644 index 249c7857..00000000 --- a/.circleci/anchore-policy.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "name": "IgnoreUnfixablePkgs", - "version": "1_0", - "comment": "Policy for basic checks", - "id": "ba6daa06-da3b-46d3-9e22-f01f07b0489a", - "rules": [ - { - "action": "STOP", - "gate": "vulnerabilities", - "id": "80569900-d6b3-4391-b2a0-bf34cf6d813d", - "params": [ - { "name": "package_type", "value": "all" }, - { "name": "severity_comparison", "value": ">" }, - { "name": "severity", "value": "medium" }, - { "name": "fix_available", "value": "true"} - ], - "trigger": "package" - } - ] -} diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 79ec6a5c..00000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,276 +0,0 @@ -version: 2.1 - -executors: - py3: - docker: - - image: cimg/python:3.7 - circleci_large: - machine: - image: ubuntu-1604:202007-01 - resource_class: large - circleci_xlarge: - machine: - image: ubuntu-1604:202007-01 - resource_class: xlarge - -orbs: - anchore: anchore/anchore-engine@1.8.2 - -jobs: - build_debian_10: - executor: py3 - steps: - - checkout - - setup_remote_docker - - attach_workspace: - at: workspace_cache - - run: - name: Build images - command: make splunk-debian-10 uf-debian-10 - - run: - name: Save images - command: | - docker save -o workspace_cache/splunk-debian-10.tar splunk-debian-10:latest - docker save -o workspace_cache/uf-debian-10.tar uf-debian-10:latest - docker save -o workspace_cache/base-debian-10.tar base-debian-10:latest - - persist_to_workspace: - root: workspace_cache - paths: - - splunk-debian-10.tar - - uf-debian-10.tar - - base-debian-10.tar - - build_redhat_8: - executor: py3 - steps: - - checkout - - setup_remote_docker - - attach_workspace: - at: workspace_cache - - run: - name: Build images - command: make splunk-redhat-8 uf-redhat-8 - - run: - name: Save images - command: | - docker save -o workspace_cache/splunk-redhat-8.tar splunk-redhat-8:latest - docker save -o workspace_cache/uf-redhat-8.tar uf-redhat-8:latest - docker save -o workspace_cache/base-redhat-8.tar base-redhat-8:latest - - persist_to_workspace: - root: workspace_cache - paths: - - splunk-redhat-8.tar - - uf-redhat-8.tar - - base-redhat-8.tar - - scan_images_trivy: - executor: py3 - steps: - - checkout - - setup_remote_docker - - attach_workspace: - at: workspace_cache - - run: - name: Install trivy - command: | - VERSION=$( - curl --silent "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | \ - grep '"tag_name":' | \ - sed -E 's/.*"v([^"]+)".*/\1/' - ) - wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz - tar zxvf trivy_${VERSION}_Linux-64bit.tar.gz - - run: - name: Scan images - command: | - mkdir -p trivy-results - for image in ./workspace_cache/*.tar; do - [ -e "$image" ] || continue - ./trivy image --exit-code 1 --format template --vuln-type os --template "@contrib/junit.tpl" -o trivy-results/`basename $image`.xml --ignore-unfixed --severity "HIGH,CRITICAL" --no-progress -i "$image" - done - - store_test_results: - path: trivy-results - - scan_images_anchore: - executor: anchore/anchore_engine - steps: - - checkout - - setup_remote_docker - - attach_workspace: - at: workspace_cache - - run: - name: Load images - command: | - for image in ./workspace_cache/*.tar; do - [ -e "$image" ] || continue - docker load --input "$image" - done - - anchore/analyze_local_image: - image_name: 'splunk-redhat-8 uf-redhat-8 base-redhat-8 splunk-debian-10 uf-debian-10 base-debian-10' - policy_bundle_file_path: .circleci/anchore-policy.json - timeout: '600' - - anchore/parse_reports - - store_artifacts: - path: anchore-reports - - test_redhat_8_small: - executor: circleci_large - steps: - - checkout - - attach_workspace: - at: workspace_cache - - run: - name: Setup python3 - command: | - pyenv global 2.7.18 3.7.8 - python --version - pip --version - python3 --version - pip3 --version - - run: - name: Load images - command: | - docker load -i workspace_cache/splunk-redhat-8.tar - docker load -i workspace_cache/uf-redhat-8.tar - - run: - name: Setup - command: make test_setup - - run: - name: Run small tests - command: make run_small_tests_redhat8 - no_output_timeout: 20m - - store_artifacts: - path: test-results - destination: test-results - - store_test_results: - path: test-results - - test_redhat_8_large: - executor: circleci_xlarge - steps: - - checkout - - attach_workspace: - at: workspace_cache - - run: - name: Setup python3 - command: | - pyenv global 2.7.18 3.7.8 - python --version - pip --version - python3 --version - pip3 --version - - run: - name: Load images - command: | - docker load -i workspace_cache/splunk-redhat-8.tar - docker load -i workspace_cache/uf-redhat-8.tar - - run: - name: Setup - command: make test_setup - - run: - name: Run large tests - command: make run_large_tests_redhat8 - no_output_timeout: 1h - - store_artifacts: - path: test-results - destination: test-results - - store_test_results: - path: test-results - - test_debian_10_small: - executor: circleci_large - steps: - - checkout - - attach_workspace: - at: workspace_cache - - run: - name: Setup python3 - command: | - pyenv global 2.7.18 3.7.8 - python --version - pip --version - python3 --version - pip3 --version - - run: - name: Load images - command: | - docker load -i workspace_cache/splunk-debian-10.tar - docker load -i workspace_cache/uf-debian-10.tar - - run: - name: Setup - command: make test_setup - - run: - name: Check image size - command: make test_debian10_image_size - - run: - name: Run small tests - command: make run_small_tests_debian10 - no_output_timeout: 20m - - store_artifacts: - path: test-results - destination: test-results - - store_test_results: - path: test-results - - test_debian_10_large: - executor: circleci_xlarge - steps: - - checkout - - attach_workspace: - at: workspace_cache - - run: - name: Setup python3 - command: | - pyenv global 2.7.18 3.7.8 - python --version - pip --version - python3 --version - pip3 --version - - run: - name: Load images - command: | - docker load -i workspace_cache/splunk-debian-10.tar - docker load -i workspace_cache/uf-debian-10.tar - - run: - name: Setup - command: make test_setup - - run: - name: Run large tests - command: make run_large_tests_debian10 - no_output_timeout: 1h - - store_artifacts: - path: test-results - destination: test-results - - store_test_results: - path: test-results - -workflows: - version: 2 - pipeline: - jobs: - - build_debian_10 - - build_redhat_8 - - scan_images_trivy: - requires: - - build_debian_10 - - build_redhat_8 - - scan_images_anchore: - requires: - - build_debian_10 - - build_redhat_8 - - test_redhat_8_small: - requires: - - build_debian_10 - - build_redhat_8 - - test_redhat_8_large: - requires: - - build_debian_10 - - build_redhat_8 - - test_debian_10_small: - requires: - - build_debian_10 - - build_redhat_8 - - test_debian_10_large: - requires: - - build_debian_10 - - build_redhat_8 diff --git a/CODEOWNERS b/CODEOWNERS index 24744095..b3177646 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -7,10 +7,10 @@ # Default owners for everything in docker-splunk: # * @splunk/if-01 -* @alishamayor @jrigassio-splunk @jmeixensperger @hendolim @bb03 @sarahotis @martinluo22 @ngood97-splunk @adityapinglesf +* @alishamayor @jmeixensperger @hendolim @sarahotis @martinluo22 @ngood97-splunk @adityapinglesf # Docs-only pull requests: -/docs/ @alishamayor @bb03 +/docs/ @alishamayor # Release changelog -docs/CHANGELOG.md @alishamayor @jrigassio-splunk @jmeixensperger @hendolim @bb03 @sarahotis @ngood97-splunk @adityapinglesf +docs/CHANGELOG.md @alishamayor @jmeixensperger @hendolim @sarahotis @ngood97-splunk @adityapinglesf diff --git a/Makefile b/Makefile index 8f523f3e..282066df 100644 --- a/Makefile +++ b/Makefile @@ -7,8 +7,8 @@ SPLUNK_ANSIBLE_BRANCH ?= develop SPLUNK_COMPOSE ?= cluster_absolute_unit.yaml # Set Splunk version/build parameters here to define downstream URLs and file names SPLUNK_PRODUCT := splunk -SPLUNK_VERSION := 8.2.5 -SPLUNK_BUILD := 77015bc7a462 +SPLUNK_VERSION := 9.0.4 +SPLUNK_BUILD := de405f4a7979 ifeq ($(shell arch), s390x) SPLUNK_ARCH = s390x else diff --git a/README.md b/README.md index 0d135e5c..4d9af0b8 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ # Docker-Splunk: Containerizing Splunk Enterprise -[![Build Status](https://circleci.com/gh/splunk/docker-splunk/tree/develop.svg?style=svg)](https://circleci.com/gh/splunk/docker-splunk/tree/develop)  [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)  [![GitHub release](https://img.shields.io/github/v/tag/splunk/docker-splunk?sort=semver&label=Version)](https://github.com/splunk/docker-splunk/releases) diff --git a/base/redhat-8/install.sh b/base/redhat-8/install.sh index 954e9dbe..27147c7a 100755 --- a/base/redhat-8/install.sh +++ b/base/redhat-8/install.sh @@ -27,11 +27,14 @@ export LANG=en_US.utf8 # Install utility packages microdnf -y --nodocs install wget sudo shadow-utils procps tar make gcc \ - openssl-devel bzip2-devel libffi-devel findutils + openssl-devel bzip2-devel libffi-devel findutils \ + libssh-devel libcurl-devel glib2-devel ncurses-devel # Patch security updates -microdnf -y --nodocs update gnutls kernel-headers librepo libnghttp2 nettle \ - libpwquality libxml2 systemd-libs glib2 lz4-libs \ - rpm rpm-libs sqlite-libs cyrus-sasl-lib vim +microdnf -y --nodocs update gnutls kernel-headers libdnf librepo libnghttp2 nettle \ + libpwquality libxml2 systemd-libs lz4-libs curl \ + rpm rpm-libs sqlite-libs cyrus-sasl-lib vim expat \ + openssl-libs xz-libs zlib libsolv file-libs pcre \ + libarchive libgcrypt libksba libstdc++ json-c gnupg # Reinstall tzdata (originally stripped from minimal image): https://bugzilla.redhat.com/show_bug.cgi?id=1903219 microdnf -y --nodocs reinstall tzdata || microdnf -y --nodocs update tzdata @@ -67,9 +70,10 @@ find /usr/lib/ -depth \( -type f -a -name 'wininst-*.exe' \) -exec rm -rf '{}' \ ldconfig # Cleanup -microdnf remove -y make gcc openssl-devel bzip2-devel libffi-devel findutils cpp binutils \ - glibc-devel keyutils-libs-devel krb5-devel libcom_err-devel libselinux-devel \ - libsepol-devel libverto-devel libxcrypt-devel pcre2-devel zlib-devel +microdnf remove -y make gcc openssl-devel bzip2-devel findutils glib2-devel glibc-devel cpp binutils \ + keyutils-libs-devel krb5-devel libcom_err-devel libffi-devel libcurl-devel \ + libselinux-devel libsepol-devel libssh-devel libverto-devel libxcrypt-devel \ + ncurses-devel pcre2-devel zlib-devel microdnf clean all # Install scloud diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index e324f367..1f7bcb67 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -10,6 +10,15 @@ Red Hat images will continue to be published. ## Navigation +* [9.0.4](#904) +* [9.0.2](#902) +* [9.0.1](#901) +* [9.0.0.1](#9001) +* [9.0.0](#900) +* [8.2.9](#829) +* [8.2.8](#828) +* [8.2.7](#827) +* [8.2.6](#826) * [8.2.5](#825) * [8.2.4](#824) * [8.2.3.3](#8233) @@ -18,6 +27,8 @@ Red Hat images will continue to be published. * [8.2.2](#822) * [8.2.1](#821) * [8.2.0](#820) +* [8.1.12](#8112) +* [8.1.11](#8111) * [8.1.10](#8110) * [8.1.7](#817) * [8.1.7.1](#8171) @@ -69,6 +80,125 @@ Red Hat images will continue to be published. * [7.2.1](#721) * [7.2.0](#720) +## 9.0.4 + +#### What's New? +* Releasing new images to support Splunk Enterprise release. + +#### docker-splunk changes: +* Bumping Splunk version. For details, see [Fixed issues for 9.0.4](https://docs.splunk.com/Documentation/Splunk/9.0.4/ReleaseNotes/Fixedissues) +* Security patches & errata fixes + +#### splunk-ansible changes: +* Bugfixes + +--- + +## 9.0.2 + +#### What's New? +* Releasing new images to support Splunk Enterprise release. + +#### docker-splunk changes: +* Bumping Splunk version. For details, see [Fixed issues for 9.0.2](https://docs.splunk.com/Documentation/Splunk/9.0.2/ReleaseNotes/Fixedissues) +* Security patches & errata fixes + +#### splunk-ansible changes: +* Bugfixes + +--- + +## 9.0.1 + +#### What's New? +* Releasing new images to support Splunk Enterprise release. + +#### docker-splunk changes: +* Bumping Splunk version. For details, see [Fixed issues for 9.0.1](https://docs.splunk.com/Documentation/Splunk/9.0.1/ReleaseNotes/Fixedissues) + +#### splunk-ansible changes: +* Bugfixes + +--- + +## 9.0.0.1 + +#### What's New? +* Releasing new images to support Splunk Enterprise release. + +#### docker-splunk changes: +* Bumping Splunk version. For details, see [Fixed issues for 9.0.0.1](https://docs.splunk.com/Documentation/Splunk/9.0.0/ReleaseNotes/Fixedissues#Splunk_Enterprise_9.0.0.1) + +#### splunk-ansible changes: +* Bugfixes + +--- + +## 9.0.0 + +#### What's New? +* Releasing new images to support Splunk Enterprise release. + +#### docker-splunk changes: +* Bumping Splunk version. For details, see [Release notes for 9.0.0](https://docs.splunk.com/Documentation/Splunk/9.0.0/ReleaseNotes/) +* Security patches & errata fixes + +#### splunk-ansible changes: +* Patch support for new major Splunk release +* Documentation updates + bugfixes + +--- + +## 8.2.9 + +#### What's New? +* Releasing new images to support Splunk Enterprise release. + +#### docker-splunk changes: +* Bumping Splunk version. For details, see [Fixed issues for 8.2.9](https://docs.splunk.com/Documentation/Splunk/8.2.9/ReleaseNotes/Fixedissues) + +#### splunk-ansible changes: +* Bugfixes + +--- + +## 8.2.8 + +#### What's New? +* Releasing new images to support Splunk Enterprise release. + +#### docker-splunk changes: +* Bumping Splunk version. For details, see [Fixed issues for 8.2.8](https://docs.splunk.com/Documentation/Splunk/8.2.8/ReleaseNotes/Fixedissues) + +#### splunk-ansible changes: +* Bugfixes + +--- + +## 8.2.7 + +#### What's New? +* Releasing new images to support Splunk Enterprise release. + +#### docker-splunk changes: +* Bumping Splunk version. For details, see [Fixed issues for 8.2.7](https://docs.splunk.com/Documentation/Splunk/8.2.7/ReleaseNotes/Fixedissues) + +#### splunk-ansible changes: +* Bugfixes + +--- + +## 8.2.6 + +#### What's New? +* Releasing new images to support Splunk Enterprise release. + +#### docker-splunk changes: +* Bumping Splunk version. For details, see [Fixed issues for 8.2.6](https://docs.splunk.com/Documentation/Splunk/8.2.6/ReleaseNotes/Fixedissues) + +#### splunk-ansible changes: +* Bugfixes + --- ## 8.2.5 @@ -170,13 +300,39 @@ Red Hat images will continue to be published. --- +## 8.1.12 + +#### What's New? +* Releasing new images to support Splunk Enterprise release. + +#### docker-splunk changes: +* Bumping Splunk version. For details, see [Fixed issues for 8.1.12](https://docs.splunk.com/Documentation/Splunk/8.1.12/ReleaseNotes/Fixedissues) + +#### splunk-ansible changes: +* Bump version tag. + +--- + +## 8.1.11 + +#### What's New? +* Releasing new images to support Splunk Enterprise release. + +#### docker-splunk changes: +* Bumping Splunk version. For details, see [Fixed issues for 8.1.11](https://docs.splunk.com/Documentation/Splunk/8.1.11/ReleaseNotes/Fixedissues) + +#### splunk-ansible changes: +* Bump version tag. + +--- + ## 8.1.10 #### What's New? -* Releasing new images to support Splunk Enterprise release. +* Releasing new images to support Splunk Enterprise release. #### docker-splunk changes: -* Bumping Splunk version. For details, see [Fixed issues for 8.1,10](https://docs.splunk.com/Documentation/Splunk/8.1.10/ReleaseNotes/Fixedissues) +* Bumping Splunk version. For details, see [Fixed issues for 8.1.10](https://docs.splunk.com/Documentation/Splunk/8.1.10/ReleaseNotes/Fixedissues) #### splunk-ansible changes: * Bump version tag. diff --git a/splunk/common-files/make-minimal-exclude.py b/splunk/common-files/make-minimal-exclude.py index 36876764..72747e0c 100755 --- a/splunk/common-files/make-minimal-exclude.py +++ b/splunk/common-files/make-minimal-exclude.py @@ -30,18 +30,24 @@ */share/splunk/pdf* *mrsparkle*""" -m = re.match(".*splunk-([0-9]+)\.([0-9]+)\.[0-9]+\.?[0-9]?-[0-9a-z]+-Linux-[0-9a-z_-]+.tgz", sys.argv[1]) +version_string = re.match(".*splunk-([0-9]+)\.([0-9]+)\.[0-9]+\.?[0-9]?-[0-9a-z]+-Linux-[0-9a-z_-]+.tgz", sys.argv[1]) +major_version = None +minor_version = None -if m and m.group(1): +if version_string: + major_version = version_string.group(1) + minor_version = version_string.group(2) + +if major_version: print(EXCLUDE_V7) - if int(m.group(1)) == 7: + if int(major_version) == 7: print("*/bin/parsetest*") - if int(m.group(2)) < 3: + if int(minor_version) < 3: print("*/etc/apps/framework*") print("*/etc/apps/gettingstarted*") else: print("*/etc/apps/splunk_metrics_workspace*") - elif int(m.group(1)) > 7: + elif 7 < int(major_version) < 9: print("*/etc/apps/splunk_metrics_workspace*") - if int(m.group(2)) < 1: + if int(minor_version) < 1: print("*/bin/parsetest*")