Splunk_Docker/New/Dockerfile

# Create Base Image
FROM registry.access.redhat.com/ubi8/ubi-minimal
#FROM debian:buster-slim

LABEL name="splunk" \
      maintainer="Brett.woodruff@kinneygroup.com" \
      vendor="splunk" \
      release="1" \
      summary="UBI 8 Docker image of Splunk Enterprise" \
      description="Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results."

ARG BUSYBOX_URL \
    UID=41812 \
    GID=41812 \
    SPLUNK_BUILD_URL=https://download.splunk.com/products/splunk/beta/9.2.2.20240415/linux/splunkbeta-9.2.2.20240415-51a9cf8e4d88-Linux-x86_64.tgz \
    SPLUNK_FILENAME=splunk-9.2.2.20240415-51a9cf8e4d88-Linux-x86_64.tgz \
    SPLUNK_DEFAULTS_URL

ENV BUSYBOX_URL=${BUSYBOX_URL} \
    PYTHON_VERSION=3.10.13 \
    PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D \
    SPLUNK_HOME=/opt/splunk \
    SPLUNK_GROUP=splunk \
    SPLUNK_USER=splunk \
    TMPSPLUNKDIR=${SPLUNK_HOME}/tmp \
    TMPETCDIR=${TMPSPLUNKDIR}/etc \
    SPLUNK_ROLE=splunk_standalone \
    SPLUNK_DEFAULTS_URL=${SPLUNK_DEFAULTS_URL} \
    SPLUNK_ANSIBLE_HOME=/opt/ansible \
    ANSIBLE_USER=ansible \
    ANSIBLE_GROUP=ansible \
    CONTAINER_ARTIFACT_DIR=/opt/container_artifact \
    BUSYBOX_URL=${BUSYBOX_URL} \
    PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D

COPY install.sh /install.sh

RUN chmod +x /install.sh \
    && /install.sh

# Download Splunk and prepare for image
COPY splunk/common-files/make-minimal-exclude.py /tmp
RUN python /tmp/make-minimal-exclude.py ${SPLUNK_BUILD_URL} > /tmp/splunk-minimal-exclude.list \
    && echo "Downloading Splunk and validating the checksum at: ${SPLUNK_BUILD_URL}" \
    && wget -qO /tmp/${SPLUNK_FILENAME} ${SPLUNK_BUILD_URL} \
    && mkdir -p /minimal/splunk/var /extras/splunk/var \
    && tar -C /minimal/splunk --strip 1 --exclude-from=/tmp/splunk-minimal-exclude.list -zxf tmp/${SPLUNK_FILENAME} \
    && tar -C /extras/splunk --strip 1 --wildcards --files-from=/tmp/splunk-minimal-exclude.list -zxf tmp/${SPLUNK_FILENAME} \
    && mv /minimal/splunk/etc /minimal/splunk-etc \
    && mv /extras/splunk/etc /extras/splunk-etc \
    && mkdir -p /minimal/splunk/etc /minimal/splunk/share/splunk/search_mrsparkle/modules.new \
    && mv /minimal/splunk-etc /opt \
    && cp -R /extras/splunk-etc /opt/splunk-etc \
    && tar -C /opt/ -zxf /tmp/${SPLUNK_FILENAME} \
    && mv /opt/splunkbeta /opt/splunk \
    && rm -rf /tmp/${SPLUNK_FILENAME} \
    && rm -rf /minimal \
    && rm -rf /extras \
    && rm -rf /extras/splunk-etc

COPY splunk/common-files/apps /opt/splunk-etc/apps/

# Simple script used to populate/upgrade splunk/etc directory
COPY [ "splunk/common-files/updateetc.sh", "/sbin/" ]

RUN groupadd -r -g ${GID} ${SPLUNK_GROUP} \
    && useradd -r -m -u ${UID} -g ${GID} -s /bin/bash ${SPLUNK_USER} \
    && chmod 755 /sbin/updateetc.sh \
    && chown -R splunk:splunk /opt/splunk 

USER ${SPLUNK_USER}
WORKDIR ${SPLUNK_HOME}
EXPOSE 8000 8089 8065 8088 8191 9887 9997 9514
VOLUME [ "/opt/splunk/etc", "/opt/splunk/var" ]

USER root
COPY [ "splunk/common-files/entrypoint.sh", "splunk/common-files/createdefaults.py", "splunk/common-files/checkstate.sh", "/sbin/" ]
COPY splunk-ansible ${SPLUNK_ANSIBLE_HOME}

# Set sudo rights
RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL\nansible ALL=(splunk)NOPASSWD:ALL/g' /etc/sudoers \
    && echo 'Create the ansible user/group' \
    && groupadd -r ${ANSIBLE_GROUP} \
    && useradd -r -m -g ${ANSIBLE_GROUP} -s /bin/bash ${ANSIBLE_USER} \
    && usermod -aG sudo ${ANSIBLE_USER} \
    && usermod -aG ${ANSIBLE_GROUP} ${SPLUNK_USER} \
    && echo 'Container Artifact Directory is a place for all artifacts and logs that are generated by the provisioning process. The directory is owned by the user "ansible".' \
    && mkdir ${CONTAINER_ARTIFACT_DIR} \
    && chown -R ${ANSIBLE_USER}:${ANSIBLE_GROUP} ${CONTAINER_ARTIFACT_DIR} \
    && chmod -R 775 ${CONTAINER_ARTIFACT_DIR} \
    && chmod -R 555 ${SPLUNK_ANSIBLE_HOME} \
    && chgrp ${ANSIBLE_GROUP} ${SPLUNK_ANSIBLE_HOME} ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \
    && chmod 775 ${SPLUNK_ANSIBLE_HOME} \
    && chmod 664 ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \
    && chmod 755 /sbin/entrypoint.sh /sbin/createdefaults.py /sbin/checkstate.sh
    
USER ${ANSIBLE_USER}
HEALTHCHECK --interval=30s --timeout=30s --start-period=3m --retries=5 CMD /sbin/checkstate.sh || exit 1
ENTRYPOINT [ "/sbin/entrypoint.sh" ]
CMD [ "start-service" ]
Inital Commit 5 months ago			`# Create Base Image`
			`FROM registry.access.redhat.com/ubi8/ubi-minimal`
			`#FROM debian:buster-slim`

			`LABEL name="splunk" \`
			`maintainer="Brett.woodruff@kinneygroup.com" \`
			`vendor="splunk" \`
			`release="1" \`
			`summary="UBI 8 Docker image of Splunk Enterprise" \`
			`description="Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results."`

			`ARG BUSYBOX_URL \`
			`UID=41812 \`
			`GID=41812 \`
			`SPLUNK_BUILD_URL=https://download.splunk.com/products/splunk/beta/9.2.2.20240415/linux/splunkbeta-9.2.2.20240415-51a9cf8e4d88-Linux-x86_64.tgz \`
			`SPLUNK_FILENAME=splunk-9.2.2.20240415-51a9cf8e4d88-Linux-x86_64.tgz \`
			`SPLUNK_DEFAULTS_URL`

			`ENV BUSYBOX_URL=${BUSYBOX_URL} \`
			`PYTHON_VERSION=3.10.13 \`
			`PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D \`
			`SPLUNK_HOME=/opt/splunk \`
			`SPLUNK_GROUP=splunk \`
			`SPLUNK_USER=splunk \`
			`TMPSPLUNKDIR=${SPLUNK_HOME}/tmp \`
			`TMPETCDIR=${TMPSPLUNKDIR}/etc \`
			`SPLUNK_ROLE=splunk_standalone \`
			`SPLUNK_DEFAULTS_URL=${SPLUNK_DEFAULTS_URL} \`
			`SPLUNK_ANSIBLE_HOME=/opt/ansible \`
			`ANSIBLE_USER=ansible \`
			`ANSIBLE_GROUP=ansible \`
			`CONTAINER_ARTIFACT_DIR=/opt/container_artifact \`
			`BUSYBOX_URL=${BUSYBOX_URL} \`
			`PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D`

			`COPY install.sh /install.sh`

			`RUN chmod +x /install.sh \`
			`&& /install.sh`

			`# Download Splunk and prepare for image`
			`COPY splunk/common-files/make-minimal-exclude.py /tmp`
			`RUN python /tmp/make-minimal-exclude.py ${SPLUNK_BUILD_URL} > /tmp/splunk-minimal-exclude.list \`
			`&& echo "Downloading Splunk and validating the checksum at: ${SPLUNK_BUILD_URL}" \`
			`&& wget -qO /tmp/${SPLUNK_FILENAME} ${SPLUNK_BUILD_URL} \`
			`&& mkdir -p /minimal/splunk/var /extras/splunk/var \`
			`&& tar -C /minimal/splunk --strip 1 --exclude-from=/tmp/splunk-minimal-exclude.list -zxf tmp/${SPLUNK_FILENAME} \`
			`&& tar -C /extras/splunk --strip 1 --wildcards --files-from=/tmp/splunk-minimal-exclude.list -zxf tmp/${SPLUNK_FILENAME} \`
			`&& mv /minimal/splunk/etc /minimal/splunk-etc \`
			`&& mv /extras/splunk/etc /extras/splunk-etc \`
			`&& mkdir -p /minimal/splunk/etc /minimal/splunk/share/splunk/search_mrsparkle/modules.new \`
			`&& mv /minimal/splunk-etc /opt \`
			`&& cp -R /extras/splunk-etc /opt/splunk-etc \`
			`&& tar -C /opt/ -zxf /tmp/${SPLUNK_FILENAME} \`
			`&& mv /opt/splunkbeta /opt/splunk \`
			`&& rm -rf /tmp/${SPLUNK_FILENAME} \`
			`&& rm -rf /minimal \`
			`&& rm -rf /extras \`
			`&& rm -rf /extras/splunk-etc`

			`COPY splunk/common-files/apps /opt/splunk-etc/apps/`

			`# Simple script used to populate/upgrade splunk/etc directory`
			`COPY [ "splunk/common-files/updateetc.sh", "/sbin/" ]`

			`RUN groupadd -r -g ${GID} ${SPLUNK_GROUP} \`
			`&& useradd -r -m -u ${UID} -g ${GID} -s /bin/bash ${SPLUNK_USER} \`
			`&& chmod 755 /sbin/updateetc.sh \`
			`&& chown -R splunk:splunk /opt/splunk`

			`USER ${SPLUNK_USER}`
			`WORKDIR ${SPLUNK_HOME}`
			`EXPOSE 8000 8089 8065 8088 8191 9887 9997 9514`
			`VOLUME [ "/opt/splunk/etc", "/opt/splunk/var" ]`

			`USER root`
			`COPY [ "splunk/common-files/entrypoint.sh", "splunk/common-files/createdefaults.py", "splunk/common-files/checkstate.sh", "/sbin/" ]`
			`COPY splunk-ansible ${SPLUNK_ANSIBLE_HOME}`

			`# Set sudo rights`
			`RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL\nansible ALL=(splunk)NOPASSWD:ALL/g' /etc/sudoers \`
			`&& echo 'Create the ansible user/group' \`
			`&& groupadd -r ${ANSIBLE_GROUP} \`
			`&& useradd -r -m -g ${ANSIBLE_GROUP} -s /bin/bash ${ANSIBLE_USER} \`
			`&& usermod -aG sudo ${ANSIBLE_USER} \`
			`&& usermod -aG ${ANSIBLE_GROUP} ${SPLUNK_USER} \`
			`&& echo 'Container Artifact Directory is a place for all artifacts and logs that are generated by the provisioning process. The directory is owned by the user "ansible".' \`
			`&& mkdir ${CONTAINER_ARTIFACT_DIR} \`
			`&& chown -R ${ANSIBLE_USER}:${ANSIBLE_GROUP} ${CONTAINER_ARTIFACT_DIR} \`
			`&& chmod -R 775 ${CONTAINER_ARTIFACT_DIR} \`
			`&& chmod -R 555 ${SPLUNK_ANSIBLE_HOME} \`
			`&& chgrp ${ANSIBLE_GROUP} ${SPLUNK_ANSIBLE_HOME} ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \`
			`&& chmod 775 ${SPLUNK_ANSIBLE_HOME} \`
			`&& chmod 664 ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \`
			`&& chmod 755 /sbin/entrypoint.sh /sbin/createdefaults.py /sbin/checkstate.sh`

			`USER ${ANSIBLE_USER}`
			`HEALTHCHECK --interval=30s --timeout=30s --start-period=3m --retries=5 CMD /sbin/checkstate.sh \|\| exit 1`
			`ENTRYPOINT [ "/sbin/entrypoint.sh" ]`
			`CMD [ "start-service" ]`