Skip to content

Commit

Permalink
fix: prettify ep docs (#2481)
Browse files Browse the repository at this point in the history
  • Loading branch information
ikheifets-splunk committed Jun 3, 2024
1 parent 66701e1 commit e51f4a6
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 27 deletions.
63 changes: 36 additions & 27 deletions docs/edge_processor.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,51 +37,49 @@ stateDiagram

SC4S [using same protocol](https://docs.splunk.com/Documentation/SplunkCloud/latest/EdgeProcessor/HECSource) for communication with Splunk and Edge Processor. For that reason setup process will be very similar, but it have some differences.

### Set up on Docker / Podman

/// tab | Set up on Docker / Podman
1. On the `env_file`, configure the HEC URL as IP of *managed instance*, that you registered on Edge Processor.
2. Add your HEC token. You can find your token in the Edge Processor "global settings" page.
2. Add your HEC token. You can find your token in the Edge Processor "global settings" page.

```
SC4S_DEST_SPLUNK_HEC_DEFAULT_URL=http://x.x.x.x:8088
SC4S_DEST_SPLUNK_HEC_DEFAULT_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_VERIFY=no
```
///

### Kubernetes

/// tab | Set up on Kubernetes
1. Set up the Edge Processor on your `values.yaml` HEC URL using the IP of *managed instance*, that you registered on Edge Processor.

2. Provide the hec_token. You can find this token on the Edge Processor's "global settings" page.

```
splunk:
hec_url: "http://x.x.x.x:8088"
hec_token: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
hec_verify_tls: "no"
```
///

## mTLS encryption

### Prepare your certificates

Before setup, [generate mTLS certificates](https://docs.splunk.com/Documentation/SplunkCloud/latest/EdgeProcessor/SecureForwarders). Server mTLS certificates should be uploaded to `Edge Processor` and client certifcates should be used with `SC4S`.

Rename the certificate files. SC4S requires the following names:
**Rename the certificate files. SC4S requires the following names**:

* `key.pem` - client certificate key
* `cert.pem` - client certificate
* `ca_cert.pem` - certificate authority

### Docker / Podman
/// tab | Set up on Docker / Podman
1. Use HTTPS in HEC url: `SC4S_DEST_SPLUNK_HEC_DEFAULT_URL=https://x.x.x.x:8088`.
2. Move your clients mTLS certificates (`key.pem`, `cert.pem`, `ca_cert.pem`) to `/opt/sc4s/tls/hec`.
3. Mount `/opt/sc4s/tls/hec` to `/etc/syslog-ng/tls/hec` using docker/podman volumes.
4. Define mounting mTLS point for HEC: `SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_MOUNT=/etc/syslog-ng/tls/hec`.
5. Start or restart SC4S.
///

1. Use HTTPS in HEC url: `SC4S_DEST_SPLUNK_HEC_DEFAULT_URL=https://x.x.x.x:8088`.
2. Move your clients mTLS certificates to `/opt/sc4s/tls/hec`.
3. Mount `/opt/sc4s/tls/hec` to `/etc/syslog-ng/tls/hec` using docker/podman volumes.
4. Define mounting mTLS point for HEC: `SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_MOUNT=/etc/syslog-ng/tls/hec`.
5. Start or restart SC4S.

### Kubernetes

1. Add the secret name of the mTLS certificates to the `values.yaml` file:
/// tab | Set up on Kubernetes
1. Add the secret name of the mTLS certificates to the `values.yaml` file:

```
splunk:
Expand All @@ -90,7 +88,7 @@ splunk:
hec_tls: "hec-tls-secret"
```

2. Add your mTLS certificates to the `charts/splunk-connect-for-syslog/secrets.yaml` file:
2. Add your mTLS certificates to the `charts/splunk-connect-for-syslog/secrets.yaml` file:

```
hec_tls:
Expand All @@ -110,27 +108,38 @@ hec_tls:
-----END CERTIFICATE-----
```

3. Encrypt your `secrets.yaml` using `ansible-vault encrypt charts/splunk-connect-for-syslog/secrets.yaml`.
4. Add the IP address for your cluster nodes to the inventory file `ansible/inventory/inventory_microk8s_ha.yaml`.
5. Deploy the Ansible playbook `ansible-playbook -i ansible/inventory/inventory_microk8s_ha.yaml ansible/playbooks/microk8s_ha.yml --ask-vault-pass`
3. Encrypt your `secrets.yaml`:

```
ansible-vault encrypt charts/splunk-connect-for-syslog/secrets.yaml
```

4. Add the IP address for your cluster nodes to the inventory file `ansible/inventory/inventory_microk8s_ha.yaml`.

5. Deploy the Ansible playbook:

```
ansible-playbook -i ansible/inventory/inventory_microk8s_ha.yaml ansible/playbooks/microk8s_ha.yml --ask-vault-pass
```
///

## Scaling Edge Processor

To scale you can distribute traffic between Edge Processor **managed instances**. To set this up, update the HEC URL with a comma-separated list of URLs for your managed instances.

### Docker/Podman

/// tab | Set up on Docker/Podman
Update HEC URL in `env_file`:

```
SC4S_DEST_SPLUNK_HEC_DEFAULT_URL=http://x.x.x.x:8088,http://x.x.x.x:8088,http://x.x.x.x:8088
```
///

### Kubernetes

/// tab | Set up on Kubernetes
Update HEC URL in `values.yaml`:

```
splunk:
hec_url: "http://x.x.x.x:8088,http://x.x.x.x:8088,http://x.x.x.x:8088"
```
///
2 changes: 2 additions & 0 deletions mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ markdown_extensions:
- name: mermaid
class: mermaid
format: !!python/name:pymdownx.superfences.fence_code_format
- pymdownx.blocks.tab:
alternate_style: true


theme:
Expand Down
1 change: 1 addition & 0 deletions package/sbin/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,7 @@ then
HEC=$(echo $SC4S_DEST_SPLUNK_HEC_DEFAULT_URL | cut -d' ' -f 1)
if [ "${SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_VERIFY}" == "no" ]; then export NO_VERIFY=-k ; fi

export SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_MOUNT=${SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_MOUNT:=${SC4S_DEST_TLS_MOUNT}}
if [ -n "${SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_MOUNT}" ]; then
export HEC_TLS_OPTS="--cert ${SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_MOUNT}/cert.pem --key ${SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_MOUNT}/key.pem --cacert ${SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_MOUNT}/ca_cert.pem";
else
Expand Down

0 comments on commit e51f4a6

Please sign in to comment.