Hi people.
I don’t have a lot of docker or docker-compose experience.
I’m attempting to set up Splunk inside a docker container using docker-compose (this part was easy), and customize the startup behavior (this I’m finding more difficult).
I started out with:
so1:
image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
container_name: so1
environment: - SPLUNK_START_ARGS=--accept-license
- SPLUNK_HEC_TOKEN=xxxxxxxx
# the password for the "admin" user
- SPLUNK_PASSWORD=yyyyyyyy
# - SPLUNK_HOME=${SPLUNK_HOME}
ports:
- 8000:8000
And that worked great. I can log into splunk on localhost:8000 and run queries, create indexes, etcetera.
However, I want to auto-create an index from outside splunk, on first container startup. For that, I switched to:
so1:
image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
container_name: so1
environment: - SPLUNK_START_ARGS=--accept-license
- SPLUNK_HEC_TOKEN=xxxxxxxx
# the password for the "admin" user
- SPLUNK_PASSWORD=yyyyyyyy
# - SPLUNK_HOME=${SPLUNK_HOME}
ports:
- 8000:8000
volumes:
- ./splunk-files/:/splunk-files/
entrypoint: /bin/bash
command: /splunk-files/start
…but the startup behavior totally changed, and I don’t know why. There were config files I had to manually copy that I didn’t need to copy before, and there were log directories I needed to create that I didn’t need to create before.
The container is based on RHEL, and customizing it appears to require an RHEL entitlement - so adding packages probably isn’t going to happen.
Any suggestions? How can I figure out what command to invoke from /splunk-files/start, to get comparable behavior to that seen without the entrypoint+command?
Inside /splunk-files/start, I’m running “/sbin/entrypoint.sh --accept-license start-service”.
Thanks!