feat: modernize cookbook and update to Splunk 9.4.0

.github/workflows/ci.yml

@@ -23,70 +23,27 @@ jobs:
     strategy:
       matrix:
         os:
-          - centos-7
-          - centos-stream-8
-          - debian-10
-          - debian-9
-          - ubuntu-1804
-          - ubuntu-2004
+          - almalinux-9
+          - almalinux-10
+          - amazonlinux-2023
+          - debian-12
+          - debian-13
+          - rocky-9
+          - rocky-10
+          - ubuntu-2204
+          - ubuntu-2404
           - opensuse-leap-15
+          - opensuse-leap-16
         suite:
-          - "client-inputs-outputs"
-          - "client-resources"
-          - "client-runas-splunk"
+          - "default"
           - "client"
-          - "disabled"
-          - "server-cluster-master"
-          - "server-resources"
-          - "server-runas-root"
-          - "server-runas-splunk"
-          - "server-shcluster-member"
-          - "server-shdeployer"
-          - "uninstall-forwarder"
-          - "upgrade-client"
-          - "upgrade-server"
-      fail-fast: false
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v5
-      - name: Install Chef
-        uses: actionshub/chef-install@main
-      - name: Dokken
-        uses: actionshub/test-kitchen@main
-        env:
-          CHEF_LICENSE: accept-no-persist
-          KITCHEN_LOCAL_YAML: kitchen.dokken.yml
-        with:
-          suite: ${{ matrix.suite }}
-          os: ${{ matrix.os }}
-      - name: Print debug output on failure
-        if: failure()
-        run: |
-          set -x
-          sudo journalctl -l --since today
-          KITCHEN_LOCAL_YAML=kitchen.dokken.yml /usr/bin/kitchen exec ${{ matrix.suite }}-${{ matrix.os }} -c "journalctl -l"
-
-  integration-amazonlinux:
-    needs: lint-unit
-    runs-on: ubuntu-24.04
-    strategy:
-      matrix:
-        os:
-          - amazonlinux-2
-        suite:
-          - "client-inputs-outputs"
           - "client-resources"
-          - "client-runas-splunk"
-          - "client"
           - "disabled"
-          - "server-cluster-master"
           - "server-resources"
           - "server-runas-root"
           - "server-runas-splunk"
-          - "server-shcluster-member"
           - "server-shdeployer"
-          - "uninstall-forwarder"
+          - "uninstall-client"
           - "upgrade-client"
           - "upgrade-server"
       fail-fast: false

.rubocop.yml

@@ -0,0 +1,2 @@
+require:
+  - cookstyle

Berksfile

@@ -4,5 +4,5 @@ metadata
 
 # this group can be excluded by berks; for example: `berks upload --except test`
 group :test do
-  cookbook 'test', path: './test/fixtures/cookbooks/test'
+  cookbook 'test', path: 'test/cookbooks/test'
 end

LIMITATIONS.md

@@ -0,0 +1,25 @@
+# Splunk Cookbook Limitations
+
+This cookbook manages Splunk Enterprise and Splunk Universal Forwarder.
+
+## Supported Platforms and Architectures
+
+Based on Splunk 10.0 vendor documentation, the following platforms are supported:
+
+### Linux x86_64 / ARM64 (AArch64)
+
+- **Ubuntu**: 22.04, 24.04
+- **Debian**: 12, 13
+- **AlmaLinux**: 9, 10
+- **Rocky Linux**: 9, 10
+- **RHEL**: 9, 10
+- **Amazon Linux**: 2023
+- **openSUSE**: Leap 15, 16
+
+## Systemd Requirement
+
+This cookbook exclusively supports `systemd` init systems. Legacy `sysvinit` and `upstart` support has been removed.
+
+## Chef Version Requirement
+
+- **Chef Infra Client**: 16.0 or newer (required for `unified_mode` and resource partials)

README.md

@@ -26,7 +26,7 @@ This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of
 
 ## Requirements
 
-Chef 15.5 or newer
+Chef 16.0 or newer (required for `unified_mode` and resource partials)
 
 ## License Acceptance
 
@@ -58,11 +58,12 @@ post-convergence tests. The tested platforms are considered supported.
 This cookbook may work on other platforms or platform versions with or
 without modification.
 
-- Debian 9, 10
-- Ubuntu 18.04, 20.04
-- CentOS 7, 8
-- Redhat 7, 8
-- openSUSE Leap 15
+- AlmaLinux 9, 10
+- Amazon Linux 2023
+- Debian 12, 13
+- Rocky 9, 10
+- Ubuntu 22.04, 24.04
+- openSUSE Leap 15, 16
 
 By default, only 64-bit Splunk server and Splunk Universal Forwarder will be installed or upgraded by this cookbook.
 
@@ -375,7 +376,7 @@ on a Splunk Enterprise server. Some custom "apps" simply install with a few file
 default Splunk settings. The latter is desirable for maintaining settings after an upgrade of the
 Splunk Enterprise server software.
 
-**Breaking Change**
+__Breaking Change__
 As of v6.0.0, sub-resources of the `splunk_app` provider will no longer notify restarts to the `service[splunk]` resource. Restarts of the service must be handled explicitly by the `splunk_app` caller. This allows end-users of the resource more control of when splunkd gets restarted; especially in cases where an app does not require a restart when its files are updated.
 
 #### Actions
@@ -444,7 +445,7 @@ As of v6.0.0, sub-resources of the `splunk_app` provider will no longer notify r
 
 ### splunk_index
 
-This resource helps manage Splunk indexes that are defined in an `indexes.conf` file in a "chef way" using standard Chef DSL vernacular. For information and specifications about Splunk indexes, please review and understand [https://docs.splunk.com/Documentation/Splunk/8.0.2/Admin/Indexesconf](https://docs.splunk.com/Documentation/Splunk/8.0.2/Admin/Indexesconf).
+This resource helps manage Splunk indexes that are defined in an `indexes.conf` file in a "chef way" using standard Chef DSL vernacular. For information and specifications about Splunk indexes, please review and understand [https://docs.splunk.com/Documentation/Splunk/latest/Admin/Indexesconf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Indexesconf).
 
 Upon convergence, this resource will add a new stanza to the `indexes.conf` file, as needed, and modify or add new lines to the section based on properties given to the resource. If the current stanza in the `indexes.conf` file has any extra lines that are not listed as a valid property in this resource, those lines are automatically removed.
 
@@ -469,7 +470,7 @@ A test recipe is embedded in this cookbook. Please look at `test/fixtures/cookbo
 
 ### splunk_monitor
 
-Adds a Splunk monitor stanza into a designated `inputs.conf` file in a "chef-erized" way using standard Chef DSL vernacular. This resource also validates supported monitors and index names as documented by Splunk. The dictionary is created from documentation on [Splunk's website](https://docs.splunk.com/@documentation/Splunk/8.0.2/Data/Listofpretrainedsourcetypes).
+Adds a Splunk monitor stanza into a designated `inputs.conf` file in a "chef-erized" way using standard Chef DSL vernacular. This resource also validates supported monitors and index names as documented by Splunk. The dictionary is created from documentation on [Splunk's website](https://docs.splunk.com/Documentation/Splunk/latest/Data/Listofpretrainedsourcetypes).
 
 Upon convergence, this resource will add a new stanza to the inputs.conf file, as needed, and modify or add new lines to the section based on properties given to the resource. If the current stanza in the inputs.conf file has any extra lines that are not listed as a valid property in this resource, those lines are automatically removed.
 
@@ -486,7 +487,7 @@ These properties are specific to this resource:
 - `inputs_conf_path` - this is the target path and filename to the `inputs.conf`
 - `backup` - similar to the backup property of other file/template resources in chef, this specifies a number of backup files to retain or false to disable (Default: 5)
 
-These resource properties are drawn from Splunk's @documentation. Refer to [https://docs.splunk.com/@documentation/Splunk/8.0.2/Data/Monitorfilesanddirectorieswithinputs.conf](https://docs.splunk.com/@documentation/Splunk/8.0.2/Data/Monitorfilesanddirectorieswithinputs.conf) for more detailed description of these properties.
+These resource properties are drawn from Splunk's documentation. Refer to [https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorfilesanddirectorieswithinputs.conf](https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorfilesanddirectorieswithinputs.conf) for more detailed description of these properties.
 
 - `host`
 - `index`
@@ -753,7 +754,7 @@ more about Splunk search head clustering, refer to [Splunk Docs](http://docs.spl
 
 ## upgrade
 
-**Important** Read the upgrade documentation and release notes for any
+__Important__ Read the upgrade documentation and release notes for any
   particular Splunk version upgrades before performing an upgrade.
   Also back up the Splunk directory, configuration, etc.
 

documentation/splunk_app.md

@@ -0,0 +1,36 @@
+# splunk_app
+
+The `splunk_app` resource manages Splunk apps, including installation from cookbook files, remote files, or directories, and configuring them with templates.
+
+## Actions
+
+- `:install`: Installs and configures the Splunk app.
+- `:remove`: Deletes the Splunk app directory.
+
+## Properties
+
+- `app_name`: The name of the app. Default is the name of the resource.
+- `app_dependencies`: Array of package dependencies for the app.
+- `app_dir`: The directory where the app is installed.
+- `install_dir`: The Splunk installation directory. Default is `'/opt/splunk'`.
+- `runas_user`: The system user that runs Splunk. Default is `'splunk'`.
+- `cookbook`: The cookbook to find files/templates in.
+- `cookbook_file`: The cookbook file to install.
+- `remote_file`: The remote file to install.
+- `local_file`: The local file to install.
+- `remote_directory`: The remote directory to install.
+- `templates`: Array or Hash of templates to configure the app.
+- `template_variables`: Hash of variables for the templates.
+- `files_mode`: The octal mode for files.
+
+## Examples
+
+```ruby
+splunk_app 'my_app' do
+  cookbook_file 'my_app.spl'
+  templates ['inputs.conf', 'outputs.conf']
+  template_variables({
+    'inputs.conf' => { 'port' => 1234 },
+  })
+end
+```