go.sh

#!/bin/bash
#
# Wrapper script to set up Splunk Lab
#
# To test this script out, set up a webserver:
# 
#	python -m SimpleHTTPServer 8001
#
# Then run the script:
#
#	bash <(curl -s localhost:8000/go.sh)
#


# Errors are fatal
set -e


#
# Set default values for our vars
#
SPLUNK_PASSWORD=${SPLUNK_PASSWORD:-password1}
SPLUNK_DATA=${SPLUNK_DATA:-data}
SPLUNK_LOGS=${SPLUNK_LOGS:-logs}
SPLUNK_PORT=${SPLUNK_PORT:-8000}
SPLUNK_APP="app"
SPLUNK_ML=${SPLUNK_ML:--1}
SPLUNK_DEVEL=${SPLUNK_DEVEL:-}
SPLUNK_EVENTGEN=${SPLUNK_EVENTGEN:-}
ETC_HOSTS=${ETC_HOSTS:-no}
REST_KEY=${REST_KEY:-}
RSS=${RSS:-}
DOCKER_NAME=${DOCKER_NAME:-splunk-lab}
DOCKER_RM=${DOCKER_RM:-1}
DOCKER_CMD=${DOCKER_CMD:-}
PRINT_DOCKER_CMD=${PRINT_DOCKER_CMD:-}
SSL_CERT=${SSL_CERT:-}
SSL_KEY=${SSL_KEY:-}


#
# Download all of our helper scripts.
#
function download_helper_scripts() {

	BASE_URL="https://raw.githubusercontent.com/dmuth/splunk-lab/master"
	#BASE_URL="http://localhost:8001"  # Debugging

	if test ! $(type -P curl)
	then
		echo "! "
		echo "! Curl needs to be installed on your system so that I can fetch helper scripts."
		echo "! "
		exit 1
	fi

	#
	# Create our bin directory and copy down some helper scripts
	#
	mkdir -p bin
	FILES=(
		attach.sh
		clean.sh
		create-1-million-events.py
		create-test-logfiles.sh
		kill.sh
		)

	for FILE in ${FILES[@]}
	do
		URL=${BASE_URL}/bin/${FILE}
		DEST=bin/${FILE}

		if test -f ${DEST}
		then
			continue
		fi

		echo -n "# Downloading ${URL} to ${DEST}..."
		curl -s --fail ${URL} > ${DEST} || true
		if test ! -s ${DEST}
		then
			echo
			echo "! Unable to find ${URL}"
			rm -f ${DEST}
			exit 1
		fi

		chmod 755 ${DEST}
		echo "...done!"

	done

} # End of download_helper_scripts()


#
# Go through all of our argument checking.
# And where I say arguments, I really mean environment variables, 
# because there are so many different options!
#
function check_args() {

	if test "$SPLUNK_START_ARGS" != "--accept-license"
	then
		echo "! "
		echo "! You need to accept the Splunk License in order to continue."
		echo "! Please restart this container with SPLUNK_START_ARGS set to \"--accept-license\" "
		echo "! as follows: "
		echo "! "
		echo "! SPLUNK_START_ARGS=--accept-license"
		echo "! "
		exit 1
	fi


	#
	# Yes, I am aware that the password checking logic is a duplicate of what's in the 
	# container's entry point script.  But if someone is running Splunk Lab through this
	# script, I want bad passwords to cause failure as soon as possible, because it's 
	# easier to troubleshoot here than through Docker logs.
	#
	if test "$SPLUNK_PASSWORD" == "password"
	then
		echo "! "
		echo "! "
		echo "! Cowardly refusing to set the password to 'password'. Please set a different password."
		echo "! "
		echo "! If you need help picking a secure password, there's an app for that:"
		echo "! "
		echo "!	https://diceware.dmuth.org/"
		echo "! "
		echo "! "
		exit 1
	fi

	PASSWORD_LEN=${#SPLUNK_PASSWORD}
	if test $PASSWORD_LEN -lt 8
	then
		echo "! "
		echo "! "
		echo "! Admin password needs to be at least 8 characters!"
		echo "! "
		echo "! Password specified: ${SPLUNK_PASSWORD}"
		echo "! "
		echo "! "
		exit 1
	fi


	#
	# Massage -1 into an empty string.  This is for the benefit of if we're
	# called from devel.sh.
	#
	if test "$SPLUNK_ML" == "-1"
	then
		SPLUNK_ML=""
	fi


	if ! test $(which docker)
	then
		echo "! "
		echo "! Docker not found in the system path!"
		echo "! "
		echo "! Please double-check that Docker is installed on your system, otherwise you "
		echo "! can go to https://www.docker.com/ to download Docker. "
		echo "! "
		exit 1
	fi


	#
	# Sanity check to make sure our log directory exists
	#
	if test ! -d "${SPLUNK_LOGS}"
	then
		echo "! "
		echo "! ERROR: Log directory '${SPLUNK_LOGS}' does not exist!"
		echo "! "
		echo "! Please set the environment variable \$SPLUNK_LOGS to the "
		echo "! directory you wish to ingest and re-run this script."
		echo "! "
		exit 1
	fi


	#
	# Sanity check
	#
	if test "$ETC_HOSTS" != "no"
	then
		if test ! -f ${ETC_HOSTS}
		then
			echo "! Unable to read file '${ETC_HOSTS}' specfied in \$ETC_HOSTS!"
			exit 1
		fi
	fi


	#
	# Sanity check to make sure that both SSL_CERT *and* SSL_KEY are specified.
	#
	if test "${SSL_CERT}"
	then
		if test ! "${SSL_KEY}"
		then
			echo "! "
			echo "! \$SSL_CERT is specified but not \$SSL_KEY!"
			echo "! "
			exit 1
		fi

	elif test "${SSL_KEY}"
	then
		if test ! "${SSL_CERT}"
		then
			echo "! "
			echo "! \$SSL_KEY is specified but not \$SSL_CERT!"
			echo "! "
			exit 1
		fi

	fi

	#
	# Sanity check to make sure that SSL cert and key are both readable
	#
	if test "${SSL_CERT}"
	then
		if test ! -r "${SSL_CERT}"
		then
			echo "! "
			echo "! SSL Cert File ${SSL_CERT} does not exist or is not readable!"
			echo "! "
			exit 1
		fi

		if test ! -r "${SSL_KEY}"
		then
			echo "! "
			echo "! SSL Cert File ${SSL_KEY} does not exist or is not readable!"
			echo "! "
			exit 1
		fi

	fi

} # End of check_args()


#
# Create our Docker command from all of the arguments.
#
function create_docker_command() {

	#
	# Start forming our command
	#
	CMD="docker run \
		-p ${SPLUNK_PORT}:8000 \
		-e SPLUNK_PASSWORD=${SPLUNK_PASSWORD} "

	#
	# If SPLUNK_DATA is no, we're not exporting it. 
	# Useful for re-importing everything every time.
	#
	if test "${SPLUNK_DATA}" != "no"
	then
		CMD="$CMD -v $(pwd)/${SPLUNK_DATA}:/data "
	fi

	#
	# If the logs value doesn't start with a leading slash, prefix it with the full path
	#
	if test ${SPLUNK_LOGS:0:1} != "/"
	then
		SPLUNK_LOGS="$(pwd)/${SPLUNK_LOGS}"
	fi

	CMD="${CMD} -v ${SPLUNK_LOGS}:/logs"

	if test "${REST_KEY}"
	then
		CMD="${CMD} -e REST_KEY=${REST_KEY}"
	fi

	if test "${RSS}"
	then
		CMD="${CMD} -e RSS=${RSS}"
	fi

	if test "${ETC_HOSTS}" != "no"
	then
		CMD="$CMD -v $(pwd)/${ETC_HOSTS}:/etc/hosts.extra "
	fi

	if test "${SPLUNK_EVENTGEN}"
	then
		CMD="${CMD} -e SPLUNK_EVENTGEN=${SPLUNK_EVENTGEN}"
	fi

	#
	# If SSL files don't start with a leading slash, prefix with the full path
	#
	if test "${SSL_CERT}"
	then

		if test ${SSL_CERT:0:1} != "/"
		then
			SSL_CERT="$(pwd)/${SSL_CERT}"
		fi

		if test ${SSL_KEY:0:1} != "/"
		then
			SSL_KEY="$(pwd)/${SSL_KEY}"
		fi

		CMD="${CMD} -v ${SSL_CERT}:/ssl.cert -v ${SSL_KEY}:/ssl.key"

	fi


	#
	# Again, doing the same unusual stuff that we are with DOCKER_RM,
	# since the default is to hvae a name.
	#
	if test "${DOCKER_NAME}" == "no"
	then
		DOCKER_NAME=""
	fi

	if test "${DOCKER_NAME}"
	then
		CMD="${CMD} --name ${DOCKER_NAME}"
	fi

	#
	# Only disable --rm if DOCKER_RM is set to "no".
	# We want --rm action by default, since we also have a default name
	# and don't want name conflicts.
	#
	if test "$DOCKER_RM" == "no"
	then
		DOCKER_RM=""
	fi

	if test "${DOCKER_RM}"
	then
		CMD="${CMD} --rm"
	fi

	if test "$SPLUNK_START_ARGS" -a "$SPLUNK_START_ARGS" != 0
	then
		CMD="${CMD} -e SPLUNK_START_ARGS=${SPLUNK_START_ARGS}"
	fi

	#
	# Only run in the foreground if devel mode is set.
	# Otherwise, giving users the option to run in foreground will only 
	# confuse those that are new to Docker.
	#
	if test ! "$SPLUNK_DEVEL"
	then
		CMD="${CMD} -d "
		CMD="${CMD} -v $(pwd)/${SPLUNK_APP}:/opt/splunk/etc/apps/splunk-lab/local "

	else 
		CMD="${CMD} -it"
		#
		# Utility mount :-)
		#
		CMD="${CMD} -v $(pwd):/mnt "
		#
		# In devel mode, we'll mount the splunk-lab/ directory to the app directory
		# here, and the entrypoint.sh script will create the local/ symlink
		# (with build.sh removing said symlink before building any images)
		#
		CMD="${CMD} -v $(pwd)/splunk-lab-app:/opt/splunk/etc/apps/splunk-lab "
		CMD="${CMD} -e SPLUNK_DEVEL=${SPLUNK_DEVEL} "

	fi


	if test "$DOCKER_CMD"
	then
		CMD="${CMD} ${DOCKER_CMD} "
	fi


	IMAGE="dmuth1/splunk-lab"
	#IMAGE="splunk-lab" # Debugging/testing
	if test "$SPLUNK_ML"
	then
		IMAGE="dmuth1/splunk-lab-ml"
		#IMAGE="splunk-lab-ml" # Debugging/testing
	fi

	CMD="${CMD} ${IMAGE}"

	if test "$SPLUNK_DEVEL"
	then
		CMD="${CMD} bash"
	fi

	#echo "CMD: $CMD" # Debugging

} # End of create_docker_command()


download_helper_scripts
check_args
create_docker_command


#
# If $PRINT_DOCKER_CMD is set, print out the Docker command that would be run then exit.
#
if test "${PRINT_DOCKER_CMD}"
then
	echo "$CMD"
	exit
fi

echo
echo "    ____            _                   _        _               _     "
echo "   / ___|   _ __   | |  _   _   _ __   | | __   | |       __ _  | |__  "
echo "   \___ \  | '_ \  | | | | | | | '_ \  | |/ /   | |      / _\` | | '_ \ "
echo "    ___) | | |_) | | | | |_| | | | | | |   <    | |___  | (_| | | |_) |"
echo "   |____/  | .__/  |_|  \__,_| |_| |_| |_|\_\   |_____|  \__,_| |_.__/ "
echo "           |_|                                                         "
echo

echo "# "
if test ! "${SPLUNK_DEVEL}"
then
	echo "# About to run Splunk Lab!"
else
	echo "# About to run Splunk Lab IN DEVELOPMENT MODE!"
fi
echo "# "
echo "# Before we do, please take a few seconds to ensure that your options are correct:"
echo "# "
echo "# URL:                               https://localhost:${SPLUNK_PORT} (Change with \$SPLUNK_PORT)"
echo "# Login/password:                    admin/${SPLUNK_PASSWORD} (Change with \$SPLUNK_PASSWORD)"
echo "# "
echo "# Logs will be read from:            ${SPLUNK_LOGS} (Change with \$SPLUNK_LOGS)"
echo "# App dashboards will be stored in:  ${SPLUNK_APP} (Change with \$SPLUNK_APP)"
if test "$REST_KEY"
then
	echo "# REST API Modular Input key:        ${REST_KEY}"
else
	echo "# REST API Modular Input key:        (Get yours at https://www.baboonbones.com/#activation and set with \$REST_KEY)"
fi

if test "$RSS"
then
	echo "# Synication of RSS feeds?:          YES"
else
	echo "# Synication of RSS feeds?:          NO (Enabled with \$RSS=yes)"
fi

if test "${SPLUNK_DATA}" != "no"
then
	echo "# Indexed data will be stored in:    ${SPLUNK_DATA} (Change with \$SPLUNK_DATA, disable with SPLUNK_DATA=no)"
else
	echo "# Indexed data WILL NOT persist.     (Change by setting \$SPLUNK_DATA)"
fi

if test "$DOCKER_NAME"
then
	echo "# Docker container name:             ${DOCKER_NAME} (Disable automatic name with \$DOCKER_NAME=no)"
else
	echo "# Docker container name:             (Set with \$DOCKER_NAME, if you like)"
fi

if test "$DOCKER_RM"
then
	echo "# Removing container at exit?        YES (Disable with \$DOCKER_RM=no)"
else
	echo "# Removing container at exit?        NO (Set with \$DOCKER_RM=1)"
fi

if test "$DOCKER_CMD"
then
	echo "# Docker command injection:          ${DOCKER_CMD}"
else
	echo "# Docker command injection:          (Feel free to set with \$DOCKER_CMD)"
fi

if test "$ETC_HOSTS" != "no"
then
	echo "# /etc/hosts addition:               ${ETC_HOSTS} (Disable with \$ETC_HOSTS=no)"
else
	echo "# /etc/hosts addition:               NO (Set with \$ETC_HOSTS=filename)"
fi

if test "$SPLUNK_EVENTGEN"
then
	echo "# Fake Webserver Event Generation:   YES (index=main sourcetype=nginx to view)"
else
	echo "# Fake Webserver Event Generation:   NO (Feel free to set with \$SPLUNK_EVENTGEN)"
fi

if test "${SSL_CERT}"
then
	echo "# SSL Cert and Key?                  YES (${SSL_CERT}, ${SSL_KEY})"	
else
	echo "# SSL Cert and Key?                  NO (Specify with \$SSL_CERT and \$SSL_KEY)"	
fi

echo "# "
if test "$SPLUNK_ML"
then
	echo "# Splunk Machine Learning Image?     YES"
else
	echo "# Splunk Machine Learning Image?     NO (Enable by setting \$SPLUNK_ML in the environment)"
fi

echo "# "

if test "$SPLUNK_PASSWORD" == "password1"
then
	echo "# "
	echo "# PLEASE NOTE THAT YOU USED THE DEFAULT PASSWORD"
	echo "# "
	echo "# If you are testing this on localhost, you are probably fine."
	echo "# If you are not, then PLEASE use a different password for safety."
	echo "# If you have trouble coming up with a password, I have a utility "
	echo "# at https://diceware.dmuth.org/ which will help you pick a password "
	echo "# that can be remembered."
	echo "# "
fi

echo "> "
echo "> Press ENTER to run Splunk Lab with the above settings, or ctrl-C to abort..."
echo "> "
read


echo "# "
echo "# Launching container..."
echo "# "

if test "$SPLUNK_DEVEL"
then
	$CMD

elif test ! "$DOCKER_NAME"
then
	ID=$($CMD)
	SHORT_ID=$(echo $ID | cut -c-4)

else
	ID=$($CMD)
	SHORT_ID=$DOCKER_NAME

fi

if test ! "$SPLUNK_DEVEL"
then
	echo "#"
	echo "# Running Docker container with ID: ${ID}"
	echo "#"
	echo "# Inspect container logs with: docker logs ${SHORT_ID}"
	echo "#"
	echo "# Kill container with: docker kill ${SHORT_ID}"
	echo "#"

else
	echo "# All done!"

fi