Merge branch 'develop' of github.com:splunk/docker-splunk into develop

kruj0 · Aug 2, 2024 · 7bd4a3c · 7bd4a3c
2 parents 7bb6bca + 9b55b69
commit 7bd4a3c
Show file tree

Hide file tree

Showing 14 changed files with 97 additions and 29 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 .vscode/
+*splunk.lic
 splunk-ansible
 *.idea
 *.DS_Store

diff --git a/Makefile b/Makefile
@@ -7,8 +7,8 @@ SPLUNK_ANSIBLE_BRANCH ?= develop
 SPLUNK_COMPOSE ?= cluster_absolute_unit.yaml
 # Set Splunk version/build parameters here to define downstream URLs and file names
 SPLUNK_PRODUCT := splunk
-SPLUNK_VERSION := 9.2.0.1
-SPLUNK_BUILD := d8ae995bf219
+SPLUNK_VERSION := 9.2.1
+SPLUNK_BUILD := 78803f08aabb
 ifeq ($(shell arch), s390x)
 	SPLUNK_ARCH = s390x
 else

diff --git a/base/redhat-8/Dockerfile b/base/redhat-8/Dockerfile
@@ -28,8 +28,8 @@ LABEL name="splunk" \
 ARG BUSYBOX_URL
 
 ENV BUSYBOX_URL=${BUSYBOX_URL} \
-    PYTHON_VERSION=3.7.16 \
-    PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D
+    PYTHON_VERSION=3.9.19 \
+    PYTHON_GPG_KEY_ID=E3FF2839C048B25C084DEBE9B26995E310250568
 
 COPY install.sh /install.sh
 

diff --git a/base/redhat-8/install.sh b/base/redhat-8/install.sh
@@ -17,7 +17,8 @@ set -e
 
 # Generate UTF-8 char map and locale
 # Reinstalling local English def for now, removed in minimal image: https://bugzilla.redhat.com/show_bug.cgi?id=1665251
-microdnf -y --nodocs install glibc-langpack-en
+# Comment below install until glibc update is available in minimal image: https://access.redhat.com/errata/RHSA-2024:2722
+#microdnf -y --nodocs install glibc-langpack-en
 
 # Currently there is no access to the UTF-8 char map. The following command is commented out until
 # the base container can generate the locale.
@@ -28,7 +29,8 @@ export LANG=en_US.utf8
 # Install utility packages
 microdnf -y --nodocs install wget sudo shadow-utils procps tar make gcc \
                              openssl-devel bzip2-devel libffi-devel findutils \
-                             libssh-devel libcurl-devel glib2-devel ncurses-devel
+                             libssh-devel libcurl-devel glib2-devel ncurses-devel \
+                             diffutils bzip2
 # Patch security updates
 microdnf -y --nodocs update gnutls kernel-headers libdnf librepo libnghttp2 nettle \
                             libpwquality libxml2 systemd-libs lz4-libs curl \
@@ -39,6 +41,18 @@ microdnf -y --nodocs update gnutls kernel-headers libdnf librepo libnghttp2 nett
 # Reinstall tzdata (originally stripped from minimal image): https://bugzilla.redhat.com/show_bug.cgi?id=1903219
 microdnf -y --nodocs reinstall tzdata || microdnf -y --nodocs update tzdata
 
+# Build and install busybox direct from the multiarch since EPEL isn't available yet for redhat8
+cd ~
+wget https://busybox.net/downloads/busybox-1.36.1.tar.bz2
+bzip2 -d busybox-1.36.1.tar.bz2
+tar -xf busybox-1.36.1.tar
+cd busybox-1.36.1
+make defconfig
+make
+cp busybox /bin/busybox
+cd ~
+rm -rf busybox-1.36.1.tar busybox-1.36.1/
+
 # Install Python and necessary packages
 PY_SHORT=${PYTHON_VERSION%.*}
 wget -O /tmp/python.tgz https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz
@@ -58,11 +72,13 @@ make altinstall LDFLAGS="-Wl,--strip-all"
 rm -rf /tmp/pyinstall
 ln -sf /usr/bin/python${PY_SHORT} /usr/bin/python
 ln -sf /usr/bin/pip${PY_SHORT} /usr/bin/pip
+ln -sf /usr/bin/python${PY_SHORT} /usr/bin/python3
+ln -sf /usr/bin/pip${PY_SHORT} /usr/bin/pip3
 
 # Install splunk-ansible dependencies
 cd /
-/usr/bin/python3.7 -m pip install --upgrade pip
-pip -q --no-cache-dir install --upgrade six wheel requests Mako urllib3 certifi jmespath future avro cryptography lxml protobuf setuptools ansible
+/usr/bin/python3.9 -m pip install --upgrade pip
+pip -q --no-cache-dir install --upgrade "requests_unixsocket<2.29" "requests<2.29" six wheel Mako "urllib3<2.0.0" certifi jmespath future avro cryptography lxml protobuf setuptools ansible
 
 # Remove tests packaged in python libs
 find /usr/lib/ -depth \( -type d -a -not -wholename '*/ansible/plugins/test' -a \( -name test -o -name tests -o -name idle_test \) \) -exec rm -rf '{}' \;
@@ -74,14 +90,9 @@ ldconfig
 microdnf remove -y make gcc openssl-devel bzip2-devel findutils glib2-devel glibc-devel cpp binutils \
                    keyutils-libs-devel krb5-devel libcom_err-devel libffi-devel libcurl-devel \
                    libselinux-devel libsepol-devel libssh-devel libverto-devel libxcrypt-devel \
-                   ncurses-devel pcre2-devel zlib-devel
+                   ncurses-devel pcre2-devel zlib-devel diffutils bzip2
 microdnf clean all
 
-# Install busybox direct from the multiarch since EPEL isn't available yet for redhat8
-BUSYBOX_URL=${BUSYBOX_URL:=https://busybox.net/downloads/binaries/1.35.0-`arch`-linux-musl/busybox}
-wget -O /bin/busybox ${BUSYBOX_URL}
-chmod +x /bin/busybox
-
 # Enable busybox symlinks
 cd /bin
 BBOX_LINKS=( clear find diff hostname killall netstat nslookup ping ping6 readline route syslogd tail traceroute vi )

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -10,13 +10,17 @@ Red Hat images will continue to be published.
 
 ## Navigation
 
+* [9.2.1](#921)
 * [9.2.0.1](#9201)
 * [9.2.0](#920)
+* [9.1.4](#914)
+* [9.1.3-patch1](#913p1)
 * [9.1.3](#913)
 * [9.1.2](#912)
 * [9.1.1](#911)
 * [9.1.0.2](#9102)
 * [9.1.0.1](#9101)
+* [9.0.9](#909)
 * [9.0.8](#908)
 * [9.0.7](#907)
 * [9.0.6](#906)
@@ -100,6 +104,20 @@ Red Hat images will continue to be published.
 
 ---
 
+## 9.2.1
+
+#### What's New?
+* Releasing new images to support Splunk Enterprise release.
+
+#### docker-splunk changes:
+* Bumping Splunk version. For details, see [Fixed issues for 9.2.1](https://docs.splunk.com/Documentation/Splunk/9.2.1/ReleaseNotes/Fixedissues#Splunk_Enterprise_9.2.1)
+
+#### splunk-ansible changes:
+* Docs updated
+* Bugfixes
+
+---
+
 ## 9.2.0.1
 
 #### What's New?
@@ -128,6 +146,34 @@ Red Hat images will continue to be published.
 
 ---
 
+## 9.1.4
+
+#### What's New?
+* Releasing new images to support Splunk Enterprise release.
+
+#### docker-splunk changes:
+* Bumping Splunk version. For details, see [Fixed issues for 9.1.4](https://docs.splunk.com/Documentation/Splunk/9.1.4/ReleaseNotes/Fixedissues#Splunk_Enterprise_9.1.4)
+
+#### splunk-ansible changes:
+* Docs updated
+* Bugfixes
+
+---
+
+## 9.1.3-patch1
+
+#### What's New?
+* Install busybox 1.36.1 for remediation of CVE-2022-28391 and CVE-2022-30065
+
+#### docker-splunk changes:
+* Bumping Splunk version. For details, see [Fixed issues for 9.1.3](https://docs.splunk.com/Documentation/Splunk/9.1.3/ReleaseNotes/Fixedissues#Splunk_Enterprise_9.1.3)
+
+#### splunk-ansible changes:
+* Docs updated
+* Bugfixes
+
+---
+
 ## 9.1.3
 
 #### What's New?
@@ -191,6 +237,16 @@ Red Hat images will continue to be published.
 
 ---
 
+## 9.0.9
+
+#### What's New?
+* Releasing new images to support Splunk Enterprise release.
+
+#### docker-splunk changes:
+* Bumping Splunk version. For details, see [Fixed issues for 9.0.9](https://docs.splunk.com/Documentation/Splunk/9.0.9/ReleaseNotes/Fixedissues#Splunk_Enterprise_9.0.9)
+
+---
+
 ## 9.0.8
 
 #### What's New?

diff --git a/py23-image/centos-7/Dockerfile b/py23-image/centos-7/Dockerfile
@@ -17,8 +17,7 @@ RUN wget https://www.python.org/ftp/python/3.7.4/Python-3.7.4.tgz \
     && python3.7 get-pip.py \
     && rm -f get-pip.py \
     #pip version is not automatically "fixed", unlike debian-based
-    && ln -sf /usr/bin/pip2 /usr/bin/pip \
-    && ln -sf /usr/bin/pip3.7 /usr/bin/pip3
+    && ln -sf /usr/bin/pip2 /usr/bin/pip
 RUN yum remove -y --setopt=tsflags=noscripts gcc openssl-devel bzip2-devel libffi-devel \
     && yum autoremove -y \
     && yum clean all

diff --git a/py23-image/centos-8/Dockerfile b/py23-image/centos-8/Dockerfile
@@ -18,8 +18,7 @@ RUN wget https://www.python.org/ftp/python/3.7.4/Python-3.7.4.tgz \
     && python3.7 get-pip.py \
     && rm -f get-pip.py \
     # pip version is not automatically "fixed", unlike debian-based
-    && ln -sf /usr/bin/pip2 /usr/bin/pip \
-    && ln -sf /usr/bin/pip3.7 /usr/bin/pip3
+    && ln -sf /usr/bin/pip2 /usr/bin/pip
     # add python alias
     # && ln -s /bin/python3 /bin/python
 

diff --git a/py23-image/debian-10/Dockerfile b/py23-image/debian-10/Dockerfile
@@ -4,8 +4,6 @@ USER root
 
 RUN apt-get update -y \
     && apt-get install -y --no-install-recommends libpython-dev python-pip python-requests python-jmespath python-yaml \
-    && ln -sf /usr/bin/python3.7 /usr/bin/python3 \
-    && ln -sf /usr/bin/pip3.7 /usr/bin/pip3 \
     && ln -sf /usr/bin/python3.7 /usr/bin/python \
     && ln -sf /usr/bin/pip3.7 /usr/bin/pip \
     && pip3 install --upgrade ansible==3.4.0 requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0
diff --git a/py23-image/debian-9/Dockerfile b/py23-image/debian-9/Dockerfile
@@ -4,8 +4,6 @@ USER root
 
 RUN apt-get update -y \
     && apt-get install -y --no-install-recommends libpython-dev python-pip python-requests python-jmespath python-yaml \
-    && ln -sf /usr/bin/python3.7 /usr/bin/python3 \
-    && ln -sf /usr/bin/pip3.7 /usr/bin/pip3 \
     && ln -sf /usr/bin/python3.7 /usr/bin/python \
     && ln -sf /usr/bin/pip3.7 /usr/bin/pip \
     && pip3 install --upgrade ansible==3.4.0 requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0
diff --git a/py23-image/redhat-8/Dockerfile b/py23-image/redhat-8/Dockerfile
@@ -3,10 +3,9 @@ FROM ${SPLUNK_PRODUCT}-redhat-8:latest
 USER root
 
 RUN microdnf -y --nodocs update \
-    && microdnf -y --nodocs install python2-pip python2-devel \
+    && microdnf -y --nodocs install python2 \
+    && pip2 install --upgrade pip \
     && pip2 --no-cache-dir install requests pyyaml jmespath \
-    && ln -sf /usr/bin/python3.7 /usr/bin/python3 \
-    && ln -sf /usr/bin/pip3.7 /usr/bin/pip3 \
-    && ln -sf /usr/bin/python3.7 /usr/bin/python \
-    && ln -sf /usr/bin/pip3.7 /usr/bin/pip \
-    && pip3 install --upgrade ansible==3.4.0 requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0
+    && ln -sf /usr/bin/python3.9 /usr/bin/python \
+    && ln -sf /usr/bin/pip3.9 /usr/bin/pip \
+    && pip3 install --upgrade requests==2.25.1 pyyaml==5.4.1 jmespath==0.10.0
diff --git a/splunk/common-files/Dockerfile b/splunk/common-files/Dockerfile
@@ -112,6 +112,7 @@ RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL\nans
     && chgrp ${ANSIBLE_GROUP} ${SPLUNK_ANSIBLE_HOME} ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \
     && chmod 775 ${SPLUNK_ANSIBLE_HOME} \
     && chmod 664 ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \
+    && sed -i '/^\[defaults\]/a\interpreter_python = /usr/bin/python3' ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \
     && chmod 755 /sbin/entrypoint.sh /sbin/createdefaults.py /sbin/checkstate.sh
 
 USER ${ANSIBLE_USER}

diff --git a/splunk/common-files/apps/splunk_enterprise_on_docker/metadata/default.meta b/splunk/common-files/apps/splunk_enterprise_on_docker/metadata/default.meta
@@ -0,0 +1,2 @@
+[]
+access = read : [ * ], write : [ admin ]
diff --git a/splunk/common-files/make-minimal-exclude.py b/splunk/common-files/make-minimal-exclude.py
@@ -39,7 +39,6 @@
     minor_version = version_string.group(2)
 
 if major_version:
-    print(EXCLUDE_V7)
     if int(major_version) == 7:
         print("*/bin/parsetest*")
         if int(minor_version) < 3:
@@ -51,3 +50,7 @@
         print("*/etc/apps/splunk_metrics_workspace*")
         if int(minor_version) < 1:
             print("*/bin/parsetest*")
+    elif int(major_version) >= 9:
+        if int(minor_version) >= 4:
+            EXCLUDE_V7 = EXCLUDE_V7.replace('*/bin/jsmin*', '')
+    print(EXCLUDE_V7)
diff --git a/uf/common-files/Dockerfile b/uf/common-files/Dockerfile
@@ -105,6 +105,7 @@ RUN sed -i -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL\nans
     && chgrp ${ANSIBLE_GROUP} ${SPLUNK_ANSIBLE_HOME} ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \
     && chmod 775 ${SPLUNK_ANSIBLE_HOME} \
     && chmod 664 ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \
+    && sed -i '/^\[defaults\]/a\interpreter_python = /usr/bin/python3' ${SPLUNK_ANSIBLE_HOME}/ansible.cfg \
     && chmod 755 /sbin/entrypoint.sh /sbin/createdefaults.py /sbin/checkstate.sh
 
 USER ${ANSIBLE_USER}