-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile_splunkforwarder
29 lines (23 loc) · 1.07 KB
/
Dockerfile_splunkforwarder
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
FROM debian:stable-slim
ENV SPLUNK_HOME=/opt/splunkforwarder
ENV SPLUNK_GROUP=splunk
ENV SPLUNK_USER=splunk
ENV SPLUNK_URL="https://www.splunk.com/en_us/download/universal-forwarder.html"
ENV SPLUNK_PACKAGE_REGEX="Linux-arm\.tgz"
ENV SPLUNK_FILENAME="splunkforwarder.tgz"
ENV LANG en_US.utf8
ADD start.sh /
ADD splunkforwarder/etc/system/local/*.conf ${SPLUNK_HOME}/etc/system/local/
RUN groupadd -r ${SPLUNK_GROUP} \
&& useradd -r -m -g ${SPLUNK_GROUP} ${SPLUNK_USER} \
&& apt-get update \
&& apt-get install -y curl procps \
&& rm -rf /var/lib/apt/lists/* \
&& mkdir -p ${SPLUNK_HOME} \
&& curl -L -o ${SPLUNK_HOME}/../${SPLUNK_FILENAME} $(echo $(curl -s --connect-timeout 5 --max-time 5 ${SPLUNK_URL}) | egrep -o "data-link=\"https://[^\"]+-${SPLUNK_PACKAGE_REGEX}\"" | cut -c12- | rev | cut -c2- | rev) \
&& ls -al ${SPLUNK_HOME}/../ \
&& tar xzf "${SPLUNK_HOME}/../${SPLUNK_FILENAME}" --strip 1 -C ${SPLUNK_HOME} \
&& chown -R ${SPLUNK_USER}:${SPLUNK_GROUP} ${SPLUNK_HOME} \
&& chmod +x /start.sh
WORKDIR /opt/splunkforwarder
CMD ["/start.sh"]