First-Commit

Apps_for_DS/01-Conf_license_slave/default/app.conf

@@ -0,0 +1,11 @@
+        [launcher]
+        version = 1.0.0
+        author =  VABOS
+        description = Configure instance as License Slave
+
+        [package]
+        id = Conf_license_slave
+
+
+        [ui]
+        is_visible = false

Apps_for_DS/01-Conf_license_slave/default/server.conf

@@ -0,0 +1,9 @@
+        # In distributed environments, it's common to have a lone search head acting
+        # as the license master as well. In this configuration, providing the URI
+        # of the license master is easiest within the indexer_base configuration.
+        # In the event that there are multiple search heads, you could instead use
+        # the org_all_license app, shipped to the non-license SH, as well as all of
+        # the indexers. In either event, the settings are the same.
+
+        [license]
+        master_uri = https://SVLCTPLOGLMR.mom.fr:8089

Apps_for_DS/01-Conf_license_slave/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/01-idx_kvstore_base/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Disable Kvstore on Indexers
+
+[package]
+id = edf_idx_kvstore_base
+
+
+[ui]
+is_visible = false

Apps_for_DS/01-idx_kvstore_base/default/server.conf

@@ -0,0 +1,4 @@
+# kvstore not needed on indexers, let's disable it
+# even when distributing collection via bundle, it won't be used on indexer as this use lookups in the background
+[kvstore]
+disabled = true

Apps_for_DS/01-idx_kvstore_base/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/01-idx_receiver_port/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Enable receiving on Indexer layer
+
+[package]
+id = edf_idx_receiver_port
+
+
+[ui]
+is_visible = false

Apps_for_DS/01-idx_receiver_port/default/inputs.conf

@@ -0,0 +1 @@
+[splunktcp://9997]

Apps_for_DS/01-idx_receiver_port/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/01-idx_volume_indexes/default/app.conf

@@ -0,0 +1,11 @@
+
+[launcher]
+version = 1.0.0
+author = VABOS
+description = Contient la configuration des volumes de données
+
+[package]
+id = edf_idx_volume_indexes
+
+[ui]
+is_visible = false

Apps_for_DS/01-idx_volume_indexes/default/indexes.conf

@@ -0,0 +1,7 @@
+[volume:primary]
+path = /data/splunk_data
+maxVolumeDataSizeMB = 60000
+
+[volume:secondary]
+path = /data_cold/splunk_data
+maxVolumeDataSizeMB = 240000

Apps_for_DS/01-idx_volume_indexes/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/01-idx_volume_indexes/metadata/local.meta

@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system

Apps_for_DS/01-idx_web_base/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author = Mattys Hervé (OBS)
+description = Disable Web access on Indexers
+
+[package]
+id = odin_idx_web_base
+
+
+[ui]
+is_visible = false

Apps_for_DS/01-idx_web_base/default/web.conf

@@ -0,0 +1,12 @@
+# In larger environments, where there are more than, say, three indexers,
+# it's common to disable the Splunk UI. This helps avoid configuration issues
+# caused by logging in to the UI to do something directly via the manager,
+# as well as saving some system resources.
+
+[settings]
+ startwebserver = 0
+
+# avoid timeout when indexer loaded 
+splunkdConnectionTimeout = 120
+
+

Apps_for_DS/01-idx_web_base/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/02-M-TIC_CM/local/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+author =  VABOS
+description = Configure Distributed Search for Monitoring Console
+version = 1.0
+
+[package]
+id = MAQ_M-TIC_DSMC
+
+
+[ui]
+is_visible = false

Apps_for_DS/02-M-TIC_CM/local/distsearch.conf

@@ -0,0 +1,19 @@
+[distributedSearch:dmc_group_search_head]
+servers = localhost:localhost
+[distributedSearch:dmc_group_cluster_master]
+
+
+[distributedSearch:dmc_group_license_master]
+
+[distributedSearch:dmc_group_deployment_server]
+
+[distributedSearch:dmc_group_indexer]
+default = false
+servers = SVLCTPLOGIDX01.mom.fr:8089,SVLCTPLOGIDX02.mom.fr:8089
+
+[distributedSearch:dmc_group_shc_deployer]
+
+[distributedSearch:dmc_group_kv_store]
+
+[distributedSearch:dmc_indexerclustergroup_Cluster_M-TIC]
+servers = localhost:localhost,SVLCTPLOGIDX01.mom.fr:8089,SVLCTPLOGIDX02.mom.fr:8089

Apps_for_DS/02-M-TIC_all_forwarding_outputs/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0
+author =  VABOS
+description = Enable forwarding to Indexer layer
+
+[package]
+id = m-tic_all_forwarding_outputs
+
+
+[ui]
+is_visible = false

Apps_for_DS/02-M-TIC_all_forwarding_outputs/default/outputs.conf

@@ -0,0 +1,12 @@
+# BASE SETTINGS
+
+[tcpout]
+# Change here to specify the indexer group
+defaultGroup = m-tic_indexer
+maxQueueSize = 7MB
+useACK = true
+forceTimebasedAutoLB = true
+
+[tcpout:m-tic_indexer]
+server =  SVLCTPLOGIDX01.mom.fr:9997, SVLCTPLOGIDX02.mom.fr:9997
+~

Apps_for_DS/02-M-TIC_all_forwarding_outputs/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/local/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/local/inputs.conf

@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/catchother/*/*/*.log]
+disabled = false
+index = idx_m-tic_catchall
+sourcetype = catchall

Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/metadata/local.meta

@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system

Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/local/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/local/inputs.conf

@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/cisco/.../*.log]
+disabled = false
+index = idx_m-tic_cisco
+sourcetype = cisco

Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/metadata/local.meta

@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system

Apps_for_DS/02-M-TIC_cluster_forwarder_outputs/local/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_update = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_cluster_forwarder_outputs/local/outputs.conf

@@ -0,0 +1,12 @@
+[tcpout]
+defautlGroup = primary_indexers
+maxQueuSize = 100MB
+useACK = true
+forceTimebaseAutoLB = true
+forwardedindex.2.whitelist = (_audit|_introspection|_internal)
+
+[tcpout:primary_indexers]
+server = SVLCTPLOGIDX01.mom.fr:9997, SVLCTPLOGIDX02.mom.fr:9997
+
+#clientCert = $SPLUNK_HOME/etc/auth/server.pem
+#sslPassword = 

Apps_for_DS/02-M-TIC_cluster_forwarder_outputs/local/server.conf

@@ -0,0 +1,2 @@
+[sslConfig]
+sslRootCAPath = $SPLUNK_HOME/etc/auth/ca.pem

Apps_for_DS/02-M-TIC_cluster_master_base/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Configure Cluster Master
+
+[package]
+id = M-TIC_cluster_master_base
+
+
+[ui]
+is_visible = false

Apps_for_DS/02-M-TIC_cluster_master_base/default/server.conf

@@ -0,0 +1,5 @@
+[clustering]
+cluster_label = Cluster_M-TIC
+mode = master
+pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
+replication_factor = 2

Apps_for_DS/02-M-TIC_cluster_master_base/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/02-M-TIC_deployer_base/local/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_update = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_deployer_base/local/server.conf

@@ -0,0 +1,3 @@
+[shclustering]
+pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
+shcluster_label = M-TIC_shcluster

Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/local/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/local/inputs.conf

@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/esxi/*/*/*.log]
+disabled = false
+index = idx_m-tic_esxi
+sourcetype = esxi

Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/metadata/local.meta

@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system

Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/local/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/local/inputs.conf

@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/fortigate/*/*/*.log]
+disabled = false
+index = idx_m-tic_fortigate
+sourcetype = fortigate

Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/metadata/local.meta

@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system

Apps_for_DS/02-M-TIC_idx_cluster_base/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Configure default clustering options on Indexers
+
+[package]
+id = M-TIC_idx_cluster_base
+
+
+[ui]
+is_visible = false

Apps_for_DS/02-M-TIC_idx_cluster_base/default/fields.conf

@@ -0,0 +1,2 @@
+[edfZone]
+INDEXED = true

Apps_for_DS/02-M-TIC_idx_cluster_base/default/server.conf

@@ -0,0 +1,6 @@
+[replication_port://9100]
+
+[clustering]
+manager_uri = https://SVLCTPLOGCLM01.mom.fr:8089
+mode = peer
+pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=

Apps_for_DS/02-M-TIC_idx_cluster_base/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/02-M-TIC_idx_indexes_base/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Configure default optimisation on Indexers
+
+[package]
+id = edf_idx_indexes_base
+
+
+[ui]
+is_visible = false

Apps_for_DS/02-M-TIC_idx_indexes_base/default/indexes.conf

@@ -0,0 +1,65 @@
+[default]
+thawedPath = $SPLUNK_DB/$_index_name/thaweddb
+coldPath = volume:secondary/$_index_name/colddb
+homePath = volume:primary/$_index_name/db
+tstatsHomePath = volume:primary/$_index_name/datamodel_summary
+tsidxWritingLevel = 4
+journalCompression = zstd
+enableDataIntegrityControl = 0
+enableTsidxReduction = 0
+archiver.enableDataArchive = 0
+bucketRebuildMemoryHint = 1
+compressRawdata = 1
+enableOnlineBucketRepair = 1
+rtRouterQueueSize =
+rtRouterThreads =
+selfStorageThreads =
+suspendHotRollByDeleteQuery = 0
+syncMeta = 1
+
+[idx_m-tic_windows]
+
+[idx_m-tic_fortigate]
+
+[idx_m-tic_linux]
+
+[idx_m-tic_esxi]
+
+[vmware-esxilog]
+
+[vmware-perf-metrics]
+datatype = metric
+
+[vmware-inv]
+
+[vmware-taskevent]
+
+[vmware-vclog]
+
+[idx_m-tic_alcatel]
+
+[idx_m-tic_cisco]
+
+[idx_m-tic_switch]
+
+[idx_m-tic_catchall]
+
+[idx_m-tic_catchother]
+
+[idx_m-tic_other]
+
+[idx_m-tic_glpi]
+
+[idx_m-tic_glpi_vm]
+
+[idx_m-tic_glpi_kb]
+
+[idx_m-tic_glpi_sep]
+
+[idx_m-tic_glpi_obsolescence]
+
+[idx_m-tic_genetec_sc]
+
+[idx_ldap]
+
+[idx_m-tic_synology]

Apps_for_DS/02-M-TIC_idx_indexes_base/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/02-M-TIC_linux_forwarders_inputs/local/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_linux_forwarders_inputs/local/inputs.conf

@@ -0,0 +1,5 @@
+[monitor:///var/rsyslog/*/linux/.../*.log]
+disabled = 0
+host_segment = 6
+index = idx_m-tic_linux
+sourcetype = syslog_linux

Apps_for_DS/02-M-TIC_linux_forwarders_inputs/metadata/local.meta

@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system

Apps_for_DS/02-M-TIC_sh_cluster_base/default/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_sh_cluster_base/default/server.conf

@@ -0,0 +1,17 @@
+[clustering]
+mode = searchhead
+manager_uri = clustermanager:one
+
+[clustermanager:one]
+manager_uri = https://SVLCTPLOGCLM01.mom.fr:8089
+pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
+multisite = false
+
+[shclustering]
+shcluster_label = M-TIC_shcluster
+conf_deploy_fetch_url = https://SVLCTPLOGSUP01.mom.fr:8089
+pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
+
+[httpServer]
+maxThreads = 150000
+maxSockets = 250000

Apps_for_DS/02-M-TIC_sh_cluster_base/metadata/default.meta

@@ -0,0 +1,3 @@
+[]
+acces = read : [ * ], write : [ admin ]
+export = system

Apps_for_DS/02-M-TIC_sh_idxcluster_base/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author = VABOS
+description = Configure Search Head for IDX Clustering
+
+[package]
+id = M-TIN_sh_idxcluster_base
+
+
+[ui]
+is_visible = false

Apps_for_DS/02-M-TIC_sh_idxcluster_base/default/server.conf

@@ -0,0 +1,9 @@
+[general]
+site = site2
+
+[clustering]
+multisite = true
+master_uri = https://SVLCTPLOGCLM01.mom.fr:8089
+mode = searchhead
+pass4SymmKey = $7$i7IqoiyC1DpnVbSVtwGzuVTO5rmVyPCI2CMacpHEFs3N2oFAaF0EJ049Otza
+

Apps_for_DS/02-M-TIC_sh_idxcluster_base/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/02-M-TIC_sh_volume_indexes/default/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_update = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_sh_volume_indexes/default/indexes.conf

@@ -0,0 +1,6 @@
+# One Volume for Hot and Cold
+[volume:primary]
+path = /opt/splunk/var/lib/splunk
+
+[volume:secondary]
+path = /opt/splunk/var/lib/splunk

Apps_for_DS/02-M-TIC_windows_forwarders_inputs/local/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_windows_forwarders_inputs/local/inputs.conf

@@ -0,0 +1,7 @@
+[WinEventLog]
+interval=60
+evt_resolve_ad_obj = 0
+evt_dc_name=
+evt_dns_name=
+index = idx_m-tic_windows
+sourcetype = events_windows

Apps_for_DS/02-M-TIC_windows_forwarders_inputs/metadata/local.meta

@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system

Apps_for_DS/For_MC/local/distsearch.conf

@@ -0,0 +1,23 @@
+[distributedSearch]
+servers = https://SVLCTPLOGCLM01.mom.fr:8089,https://SVLCTPLOGIDX01.mom.fr:8089,https://SVLCTPLOGIDX02.mom.fr:8089,https://SVLCTPLOGLMR.mom.fr:8089,https://SVLCTPLOGPUB01.mom.fr:8089,https://SVLCTPLOGPUB02.mom.fr:8089
+
+[distributedSearch:dmc_group_deployment_server]
+servers = localhost:localhost
+
+[distributedSearch:dmc_group_kv_store]
+servers = SVLCTPLOGCLM01.mom.fr:8089,SVLCTPLOGIDX01.mom.fr:8089,SVLCTPLOGIDX02.mom.fr:8089,SVLCTPLOGPUB01.mom.fr:8089,SVLCTPLOGPUB02.mom.fr:8089
+
+[distributedSearch:dmc_group_license_master]
+servers = SVLCTPLOGLMR.mom.fr:8089
+
+[distributedSearch:dmc_group_shc_deployer]
+servers = localhost:localhost
+
+[distributedSearch:dmc_group_cluster_master]
+
+[distributedSearch:dmc_group_indexer]
+default = true
+servers = SVLCTPLOGIDX01.mom.fr:8089,SVLCTPLOGIDX02.mom.fr:8089
+
+[distributedSearch:dmc_group_search_head]
+servers = SVLCTPLOGCLM01.mom.fr:8089,SVLCTPLOGPUB01.mom.fr:8089,SVLCTPLOGPUB02.mom.fr:8089

Apps_for_DS/splunk_monitoring_console/local/splunk_monitoring_console_assets.conf

@@ -0,0 +1,3 @@
+[settings]
+disabled = 0
+configuredPeers = SVLCTPLOGPUB01.mom.fr:8089,SVLCTPLOGPUB02.mom.fr:8089,SVLCTPLOGIDX01.mom.fr:8089,SVLCTPLOGIDX02.mom.fr:8089,SVLCTPLOGLMR.mom.fr:8089,SVLCTPLOGCLM01.mom.fr:8089

Apps_for_Splunk/01-Conf_ServerClass/local/serverclass.conf

@@ -0,0 +1,27 @@
+[global]
+crossServerChecksum = false
+repositoryLocation = $SPLUNK_HOME/etc/deployment-apps
+targetRepositoryLocation = $SPLUNK_HOME/etc/apps
+tmpFolder = $SPLUNK_HOME/var/run/tmp
+
+stateOnClient = enabled
+
+restartSplunkWeb = False
+restartSplunkd = False
+issueReload = false
+continueMatching = true
+endpoint = $deploymentServerUri$/services/streams/deployment?name=$tenantName$:$serverClassName$:$appName$
+
+filterType = whitelist
+
+[serverClass:Licence_Master_TIC]
+
+[serverClass:Cluster_Master_TIC]
+
+[serverClass:Cluster_Indexer_TIC]
+
+[serverClass:Cluster_SH_TIC]
+
+[serverClass:Forwarder_Linux_TIC]
+
+[serverClass:Forwarder_Windows_TIC]

Apps_for_Splunk/01-Conf_deploy_client/local/deploymentclient.conf

@@ -0,0 +1,5 @@
+[target-broker:deploymentServer]
+targetUri = https://SVLCTPLOGSUP01.mom.fr:8089
+
+[deployment-client]
+disabled = 0

Copy_Files.yml

@@ -0,0 +1,61 @@
+---
+- name: Copier un fichier via SCP
+  hosts: all:!splunk_uf_Linux_TIC
+  become: true
+  become_user: root
+  vars:
+    source_file: "/tmp/splunk-8.2.3-cd0848707637-Linux-x86_64.tgz"
+    destination_file: "/tmp/splunk-8.2.3-cd0848707637-Linux-x86_64.tgz"
+    remote_host: "10.10.30.38"
+    remote_user: "admin"
+    remote_password: "921223Jocpam!?"
+  tasks:
+    - name: Copier le fichier via SCP
+      command: scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null {{ remote_user }}@{{ remote_host }}:{{ source_file }} {{ destination_file }}
+
+    - name: Vérifier si le fichier a été copié
+      stat:
+        path: "{{ destination_file }}"
+      register: file_stat
+
+    - name: Afficher un message d'erreur si le fichier n'a pas été copié
+      fail:
+        msg: "La copie SCP a échoué"
+      when: not file_stat.stat.exists
+
+
+
+#- name: Copier depuis repo
+  #hosts: SVLCTPSUPPFI02.mom.fr
+  #become: true
+  #tasks:
+    #- name: copy
+      #copy:
+        #src: /tmp/splunkforwarder-8.2.3-cd0848707637-Linux-x86_64.tgz
+        #dest: /home/admin/splunkforwarder.tgz
+        #remote_src: true
+        #owner: admin
+        #group: admin
+        #mode: "0644"
+      #delegate_to: 10.10.30.38
+
+# - name: Récupérer le fichier depuis l'hôte source et le copier sur l'hôte distant
+#   hosts: SVLCTPSUPPFI02.mom.fr
+#   become: true
+#   tasks:
+#     - name: Récupérer le fichier depuis l'hôte source
+#       fetch:
+#         src: /tmp/splunkforwarder-8.2.3-cd0848707637-Linux-x86_64.tgz
+#         dest: /tmp/
+#         flat: yes
+#         validate_checksum: yes
+#         fail_on_missing: yes
+#         fail_on_unreachable: yes
+#       delegate_to: 10.10.30.38
+#     - name: Copier le fichier vers l'hôte distant
+#       copy:
+#         src: /tmp/splunkforwarder-8.2.3-cd0848707637-Linux-x86_64.tgz
+#         dest: "{{ splunk_build_location_uf }}"
+#         owner: admin
+#         group: admin
+#         mode: "0644"

Copy_keys.yml

@@ -0,0 +1,12 @@
+---
+- name: Copie de la clé du DSMC sur les instances splunk 
+  become: yes
+  become_user: "{{ privileged_user }}"
+  hosts: all:!splunk_deployement_TIC:!splunk_uf_Linux
+  tasks:
+  - name: Copie de la clé du DSMC sur les instances splunk 
+    copy:
+      src: "{{ playbook_dir }}/Keys_public/SVLCTPLOGSUP01.mom.fr/"
+      dest: /opt/splunk/etc/auth/distServerKeys/SVLCTPLOGSUP01.mom.fr/
+      owner: root
+      group: root

Deleted_Splunk.yml

@@ -0,0 +1,33 @@
+---
+- name: Supprimer Splunk de Linux
+  hosts: all:!splunk_uf_Linux
+  become: true
+  become_user: root
+  vars:
+    splunk_dir: "/opt/splunk"
+  tasks:
+    - name: Arrêter tous les processus Splunk en cours d'exécution
+      shell: "{{ splunk_dir }}/bin/splunk stop"
+      ignore_errors: true
+
+    - name: Désinstaller le service Splunk
+      shell: "{{ splunk_dir }}/bin/splunk disable boot-start"
+
+    - name: Supprimer le répertoire d'installation de Splunk
+      file:
+        path: "{{ splunk_dir }}"
+        state: absent
+
+    - name: Supprimer l'utilisateur Splunk et son groupe
+      user:
+        name: splunk
+        state: absent
+      ignore_errors: true
+
+    - name: Supprimer les entrées de démarrage automatique de Splunk
+      file:
+        path: "{{ item }}"
+        state: absent
+      with_items:
+        - /etc/init.d/splunk
+        - /etc/systemd/system/splunk.service

Deleted_SplunkForwarder.yml

@@ -0,0 +1,33 @@
+---
+- name: Supprimer Splunk de Linux
+  hosts: splunk_uf_Linux
+  become: true
+  become_user: root
+  vars:
+    splunkforwarder_dir: "/opt/splunkforwarder"
+  tasks:
+    - name: Arrêter tous les processus Splunkforwarder en cours d'exécution
+      shell: "{{ splunkforwarder_dir }}/bin/splunk stop"
+      ignore_errors: true
+
+    - name: Désinstaller le service Splunk
+      shell: "{{ splunkforwarder_dir }}/bin/splunk disable boot-start"
+
+    - name: Supprimer le répertoire d'installation de Splunk
+      file:
+        path: "{{ splunkforwarder_dir }}"
+        state: absent
+
+    - name: Supprimer l'utilisateur Splunk et son groupe
+      user:
+        name: splunk
+        state: absent
+      ignore_errors: true
+
+    - name: Supprimer les entrées de démarrage automatique de Splunk
+      file:
+        path: "{{ item }}"
+        state: absent
+      with_items:
+        - /etc/init.d/Splunkforwarder
+        - /etc/systemd/system/Splunk.service

Deploy_Conf-to-uf.yml

@@ -0,0 +1,16 @@
+- name: Copie de la configuration du deploiment server
+  become: yes
+  become_user: "{{ privileged_user }}"
+  hosts: splunk_uf_Linux
+  tasks:
+  - name: Copier le répertoire dans SplunkForwarder
+    copy:
+      src: "{{ playbook_dir }}/Apps_for_Splunk/01-Conf_deploy_client"
+      dest: /opt/splunkforwarder/etc/apps/
+      owner: splunk
+      group: splunk      
+
+  - name: "Start Splunk via cli"
+    command: "{{ splunk_exec_uf }} restart"
+    become: yes
+    become_user: "{{ privileged_user }}"

Deploy_Conf.yml

@@ -0,0 +1,20 @@
+---
+- name: Copie de la configuration du deploiment server
+  become: yes
+  become_user: "{{ privileged_user }}"
+  hosts: all:!splunk_uf_Linux
+  tasks:
+  - name: Copier le configuration DS dans Splunk
+    copy:
+      src: "{{ playbook_dir }}/Apps_for_Splunk/01-Conf_deploy_client"
+      dest: /opt/splunk/etc/apps/
+      owner: splunk
+      group: splunk
+
+  - name: Activer le démarrage automatique
+    shell: "/opt/splunk/bin/splunk enable boot-start"
+
+  - name: "Start Splunk via cli"
+    command: "{{ splunk_exec }} restart"
+    become: yes
+    become_user: "{{ privileged_user }}"

Deploy_Conf_DSMC.yml

@@ -0,0 +1,42 @@
+---
+- name: Copie de la configuration du DSMC
+  become: yes
+  become_user: "{{ privileged_user }}"
+  hosts: splunk_deployement_TIC
+  tasks:
+  - name: Copier configuration serverClass sur le DS
+    copy:
+      src: "{{ playbook_dir }}/Apps_for_Splunk/01-Conf_ServerClass"
+      dest: /opt/splunk/etc/apps/
+      owner: splunk
+      group: splunk
+  - name: Copier configuration cluster_SH sur le DS
+    copy:
+      src: "{{ playbook_dir }}/Apps_for_DS/02-M-TIC_sh_cluster_base"
+      dest: /opt/splunk/etc/apps/
+      owner: splunk
+      group: splunk
+  - name: Copier configuration deployer sur le DS
+    copy:
+      src: "{{ playbook_dir }}/Apps_for_DS/02-M-TIC_deployer_base"
+      dest: /opt/splunk/etc/apps/
+      owner: splunk
+      group: splunk
+  - name: Copier configuration volume_sh sur le DS
+    copy:
+      src: "{{ playbook_dir }}/Apps_for_DS/02-M-TIC_sh_volume_indexes"
+      dest: /opt/splunk/etc/apps/
+      owner: splunk
+      group: splunk
+  - name: Copier configuration distributsearch
+    copy:
+      src: "{{ playbook_dir }}/Apps_for_DS/For_MC/local/"
+      dest: /opt/splunk/etc/system/local/
+      owner: splunk
+      group: splunk
+  - name: Copier configuration MonitoringConsole
+    copy:
+      src: "{{ playbook_dir }}/Apps_for_DS/splunk_monitoring_console/"
+      dest: /opt/splunk/etc/apps/splunk_monitoring_console/
+      owner: splunk
+      group: splunk

Deploy_apps-to_DS.yml

@@ -0,0 +1,17 @@
+---
+- name: Copie des apps sur le deploiment server
+  become: yes
+  become_user: "{{ privileged_user }}"
+  hosts: splunk_deployement_TIC
+  tasks:
+  - name: Copier application sur le DS
+    copy:
+      src: "{{ playbook_dir }}/Apps_for_DS/"
+      dest: /opt/splunk/etc/deployment-apps/
+      owner: splunk
+      group: splunk
+
+#  - name: "Restart Splunk via cli"
+#    command: "{{ splunk_exec }} restart"
+#    become: yes
+#    become_user: "{{ privileged_user }}"

Inventories/cluster/group_vars/vars.yml

@@ -0,0 +1,49 @@
+---
+ansible_user: admin
+privileged_user: root
+retry_num: 3
+delay_num: 3
+hide_password: false
+
+ansible_script_version: 1.0
+author: VABOS
+
+splunk_upgrade: false
+
+splunk_home_ownership_enforcement: true
+splunk_user: splunk
+splunk_group: splunk
+splunk_build_location: /tmp/splunk
+splunk_build_location_uf: /tmp/splunk
+splunk_build_remote_src: true
+splunk_build_type: tgz
+splunk_opt: /opt
+splunk_home: /opt/splunk
+splunk_home_uf: /opt/splunkforwarder
+splunk_exec: /opt/splunk/bin/splunk
+splunk_exec_uf: /opt/splunkforwarder/bin/splunk
+splunk_enable_service: false
+splunk_password: 921223Jocpam!?
+splunk_admin_user: adminsplunk
+splunk_general_pass4SymmKey: Asf#oQcAjOAnw^#zCE#Nd2R0#27j0@
+splunk_secret: 6XHPsFI2^jsYI&^ITvxzk#SZBcr1^n
+splunk_svc_port: 8089
+splunk_http_port: 8000
+splunk_enableSSL: true
+splunk_ssl_cert_password: CHANGEME
+splunk_ssl_generate_cert: false
+splunk_ssl_generate_root_cert: false
+splunk_s2s_port: 9997
+splunk_replication_port: 9100
+splunk_shcluster_replication_port: 9200
+splunk_shcluster_mode: member
+
+splunk_optimistic_about_file_locking: true
+splunk_single_instance: false
+
+#splunk_site: site0
+#splunk_multisite: false
+#splunk_license_uri: /splunk_apps/splunk.license
+
+splunk_idxc_pass4SymmKey: 1nZ7lubH^KTqKyS3#h5Ad9V^Xkrttq
+splunk_app_prefix: SPL

Inventories/cluster/hosts-TIA.yml

@@ -0,0 +1,16 @@
+all_splunk_instances:
+    children:
+      splunk_indexer:
+        hosts:
+          SVLATPLOGIDX01.mom.fr:
+          SVLATPLOGIDX02.mom.fr:
+      splunk_uf_Linux:
+        hosts:
+          SVLATPSUPPFI01.mom.fr:
+          SVLATPSUPPFI02.mom.fr:
+      splunk_uf_Windows:
+        hosts:
+          SVWATPSUPPFI01.mom.fr:
+      splunk_cluster_master:
+        hosts:
+          SVLATPLOGCLM01.mom.fr:

Inventories/cluster/hosts-TIC.yml

@@ -0,0 +1,30 @@
+---
+            all_splunk_instances:
+              children:
+                splunk_search_head:
+                  hosts:
+                    SVLCTPLOGPUB01.mom.fr:
+                    SVLCTPLOGPUB02.mom.fr:
+                splunk_indexer:
+                  hosts:
+                    SVLCTPLOGIDX01.mom.fr:
+                    SVLCTPLOGIDX02.mom.fr:
+                splunk_licence_master:
+                  hosts:
+                    SVLCTPLOGLMR.mom.fr:
+                splunk_uf_Linux:
+                  hosts:
+                    SVLCTPSUPPFI01.mom.fr:
+                    SVLCTPSUPPFI02.mom.fr:
+                splunk_uf_Windows:
+                  hosts:
+                    SVWCTPSUPPFI01.mom.fr:
+                splunk_deployement:
+                  hosts:
+                    SVLCTPLOGSUP01.mom.fr:
+                splunk_monitoring:
+                  hosts:
+                    SVLCTPLOGSUP01.mom.fr:
+                splunk_cluster_master:
+                  hosts:
+                    SVLCTPLOGCLM01.mom.fr:

Inventories/group_vars_all.yml.spec

@@ -0,0 +1,107 @@
+---
+# user used by ansible on client
+ansible_user: admin
+# number of retry for a command
+retry_num: 3
+# delay in sec between 2 retry
+delay_num: 3
+# password visible in std_out
+hide_password: false
+
+# version use for all the auto_generated_apps
+ansible_script_version: 1.0
+# author displayed in all the auto_generated_apps
+author: Louis-Marie NOGUES
+# prefix set in the name of all the auto generated apps
+splunk_app_prefix: ansbl
+
+create_base_apps: true
+
+### SPLUNK BASIC INSTALL ### 
+# apply the chwon
+splunk_home_ownership_enforcement: true
+# cli user for splunk
+splunk_user: splunk
+splunk_group: splunk
+# path to the package on ansible host
+splunk_build_location: /mnt/e/prj/splunk/splunk-7.3.2-c60db69f8e32-Linux-x86_64.tgz
+# /mnt/e/prj/splunk/splunk-8.0.0-1357bef0a7f6-Linux-x86_64.tgz
+# path is a http link
+splunk_build_remote_src: false
+# splunk path
+splunk_opt: /opt
+splunk_home: /opt/splunk
+splunk_exec: /opt/splunk/bin/splunk
+
+### SPLUNK BASIC CONFIG ###
+
+# start splunk as a service
+splunk_enable_service: true
+
+# splunk admin info
+splunk_password:
+splunk_admin_user: admin
+
+# splunk default configuration
+splunk_general_pass4SymmKey:
+splunk_secret:
+splunk_svc_port: 8089
+splunk_http_port: 8000
+splunk_s2s_port: 9997
+splunk_disable_kvstore_on_idx: false
+splunk_disable_web_on_idx: false
+
+# default site, can be override on each host_vars
+splunk_license_uri:
+  -
+  -
+
+### SPLUNK BASIC SSL ###
+splunk_enableSSL: false
+splunk_ssl_cert_password: password
+splunk_ssl_generate_cert: false
+splunk_ssl_generate_root_cert: false
+
+### SPLUNK INDEX CLUSTERING ###
+splunk_indexer_cluster: true
+splunk_replication_port: 9100
+splunk_site: site0
+splunk_multisite: true
+splunk_idxc_pass4SymmKey:
+splunk_search_factor:
+splunk_replication_factor:
+splunk_idx_discovery_pass4SymmKey:
+splunk_idxcluster_label:
+splunk_all_sites: site1,site2
+splunk_multisite_replication_factor_origin:
+splunk_multisite_replication_factor_total:
+splunk_multisite_search_factor_origin:
+splunk_multisite_search_factor_total:
+
+### SPLUNK SH CLUSTERING ###
+splunk_search_head_cluster: true
+splunk_shcluster_replication_port: 9200
+splunk_shcluster_mode: member
+splunk_shcluster_label:
+splunk_shcluster_pass4SymmKey:
+splunk_shcluster_election: false
+
+### PREMIUM APPS ###
+
+## ITSI ##
+# Flag to trigger installation of Premium Apps
+splunk_itsi: True
+# local_path for the itsi package
+splunk_itsi_local_path:
+
+### JAVA ###
+# which version of java to be installed (oracle:8,openjdk:8,openjdk:11,openjdk:13,openjdk:9 (windows))
+java_version: openjdk:11
+java_update_version: 11.0.2
+java_download_url: /mnt/e/prj/splunk/tools/openjdk-11.0.2_linux-x64_bin.tar.gz
+java_download_url_remote: false
+
+
+# add optimitstic_about_file_locking flag in the splunk splunk-launch.conf
+# usefull for docker + Windows
+splunk_optimistic_about_file_locking: false

Keys_public/SVLCTPLOGSUP01.mom.fr/trusted.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1D1hzIW8IXb1htSMGRMQ
+rmtJYfaLI0QAlsEwXute2ioMZu5cL2Fn3NqI2py0F0kyyRio82nPZIeFer67tpup
+yU6/nCiXs6upNcDGZyUdoYwzA/D2HiE0CHQXR7ppfXjFiltm7HcQF+t3mHL+dSe+
+/9DLQgfe0yGHwPMoN2SyQSHUD3dn9T9k0zgo8M4jHu/JEw9DXBmtRXf9Q2/PTMNU
+YyBaYhgb0zYIA1RCuT1Ha1EmX+utQ1Rf8BHamBv7lYbHIPkpSQD+PHy+W8RmiwWe
+KoYu+rE7Vtf7bxNhyAq3TzaJlHum1s3GBGP5r6r+HpdP9sDrmC5TDAuX8xdtwbY5
+pQIDAQAB
+-----END PUBLIC KEY-----

README.md

@@ -1,2 +0,0 @@
-# Splunk-Install-Final
-

Restart_Splunk.yml

@@ -0,0 +1,11 @@
+---
+- name: Restart Splunk
+  become: yes
+  become_user: "{{ privileged_user }}"
+  hosts: all
+  tasks:
+  - name: "Start Splunk via cli"
+    command: "{{ splunk_exec }} restart"
+
+  - name: "Start Splunk via cli"
+    command: "{{ splunk_exec_uf }} restart"

Start_Splunk.yml

@@ -0,0 +1,8 @@
+---
+- name: Start Splunk
+  become: yes
+  become_user: "{{ privileged_user }}"
+  hosts: all
+  tasks:
+  - name: "Start Splunk via cli"
+    command: "{{ splunk_exec }} start"

Update_Splunk.yml

@@ -0,0 +1,97 @@
+- name: Mise à jour de Splunk
+  hosts: all:!splunk_uf_Linux:!splunk_uf_windows
+  become: yes
+  become_user: root
+  vars:
+    splunk_version: "9.0.4.1-419ad9369127-Linux-x86_64"
+
+  tasks:
+
+ - name: Sauvegarder la configuration des indexeurs
+    command: "{{ splunk_home }}/bin/splunk cmd btool --debug > {{ backup_dir }}/btool_{{ inventory_hostname }}.txt"
+    run_once: yes
+
+    - name: Arrêter le service Splunk
+      systemd:
+        name: splunk
+        state: stopped
+
+    - name: Extraire le fichier d'installation de Splunk
+      unarchive:
+        src: "/tmp/splunk-{{ splunk_version }}.tgz"
+        dest: "/opt"
+        remote_src: yes
+        creates: "{{ splunk_home }}/etc/system/local/.upgrade_marker"
+      when: inventory_hostname == groups['all:!splunk_uf_Linux:!splunk_uf_windows'][0]
+
+    - name: Attribution des droits
+      shell: "chown -R splunk:splunk /opt/splunk/*"
+
+    - name: Attendre que la mise à jour soit appliquée à tous les indexeurs
+      wait_for:
+        path: "{{ splunk_home }}/etc/system/local/.upgrade_marker"
+        state: present
+      when: inventory_hostname != groups['all:!splunk_uf_Linux:!splunk_uf_windows'][0]
+
+    - name: Vérifier l'état du cluster
+      command: "{{ splunk_home }}/bin/splunk show cluster-status"
+      register: cluster_status
+      ignore_errors: true
+      run_once: yes
+
+    - name: Afficher l'état du cluster
+      debug:
+        var: cluster_status.stdout_lines
+      run_once: yes
+
+    - name: Desactiver le démarrage automatique
+      shell: "/opt/splunk/bin/splunk disable boot-start"
+
+    - name: Supprimer les entrées de démarrage automatique de Splunk
+      file:
+        path: "{{ item }}"
+        state: absent
+      with_items:
+        - /etc/init.d/splunk
+        - /etc/systemd/system/splunk.service
+
+    - name: Redémarrer le serveur
+      reboot:
+        pre_reboot_delay: 0
+        reboot_timeout: 300
+        msg: "Redémarrage du serveur nécessaire pour la mise à jour de Splunk"
+
+    - name: Démarrer Splunk
+      shell: "/opt/splunk/bin/splunk start --accept-license --answer-yes --no-prompt"
+
+    - name: Boot-start Enable
+      shell: "/opt/splunk/bin/splunk enable boot-start"
+
+    #- name: Attente de la disponibilité de Splunk
+      #uri:
+        #url: "http://localhost:8000/"
+        #return_content: no
+        #status_code: 200
+      #register: result
+      #retries: 30
+      #delay: 10
+      #until: result.status == 200
+
+    #- name: Appliquer les changements de configuration
+      #shell: "/opt/splunk/bin/splunk apply cluster-bundle --answer-yes --no-prompt"
+
+    #- name: Redémarrer le service Splunk
+      #systemd:
+        #name: splunk
+        #state: started
+
+
+    #- name: Sauvegarder la configuration et les données
+      #shell: /opt/splunk/bin/splunk cmd splunkd print-paths --propagation none
+      #register: splunk_paths
+
+    #- name: Installer la nouvelle version de Splunk
+      #unarchive:
+        #src: /tmp/splunk-{{ splunk_version }}.tgz
+        #dest: /opt
+        #creates: /opt/splunk-{{ splunk_version }}

Update_SplunkV2.yml

@@ -0,0 +1,144 @@
+---
+- name: Mettre à jour le cluster de Search Head
+  hosts: splunk_deployement
+  become: yes
+  become_user: root
+  vars:
+    splunk_version: "9.0.4.1-419ad9369127-Linux-x86_64"
+
+
+  tasks:
+  - name: Arrêter les processus Splunk
+    shell: "/opt/splunk/bin/splunk stop"
+    become: yes
+
+  - name: Extraire le fichier d'installation de Splunk
+    unarchive:
+      src: "/tmp/splunk-{{ splunk_version }}.tgz"
+      dest: "/opt"
+      remote_src: yes
+
+  - name: Attribution des droits
+    shell: "chown -R splunk:splunk /opt/splunk/*"
+
+  - name: Mettre à jour Splunk
+    shell: "/opt/splunk/bin/splunk start --accept-license --answer-yes --no-prompt"
+
+  - name: Vérifier l'état de Splunk
+    wait_for:
+      host: localhost
+      port: 8089
+      delay: 10
+      timeout: 180
+      state: started
+      msg: "Splunk n'a pas redémarré correctement"
+
+- name: Mettre à jour le master cluster Splunk
+  hosts: splunk_cluster_master
+  become: yes
+  become_user: root
+  vars:
+    splunk_version: "9.0.4.1-419ad9369127-Linux-x86_64"
+
+
+  tasks:
+  - name: Arrêter les processus Splunk
+    shell: "/opt/splunk/bin/splunk stop"
+    become: yes
+
+  - name: Extraire le fichier d'installation de Splunk
+    unarchive:
+      src: "/tmp/splunk-{{ splunk_version }}.tgz"
+      dest: "/opt"
+      remote_src: yes
+
+  - name: Attribution des droits
+    shell: "chown -R splunk:splunk /opt/splunk/*"
+
+  - name: Mettre à jour Splunk
+    shell: "/opt/splunk/bin/splunk start --accept-license --answer-yes --no-prompt"
+
+  - name: Vérifier l'état de Splunk
+    wait_for:
+      host: localhost
+      port: 8089
+      delay: 10
+      timeout: 180
+      state: started
+      msg: "Splunk n'a pas redémarré correctement"
+
+- name: Mettre à jour un cluster Splunk avec un fichier .tgz
+  hosts: splunk_indexer
+  become: yes
+  become_user: root
+  vars:
+    splunk_version: "9.0.4.1-419ad9369127-Linux-x86_64"
+
+  tasks:
+  - name: Arrêter les processus Splunk
+    shell: "/opt/splunk/bin/splunk stop"
+    become: yes
+
+  - name: Extraire le fichier d'installation de Splunk
+    unarchive:
+      src: "/tmp/splunk-{{ splunk_version }}.tgz"
+      dest: "/opt"
+      remote_src: yes
+
+  - name: Attribution des droits
+    shell: "chown -R splunk:splunk /opt/splunk/*"
+
+  - name: Mettre à jour Splunk
+    shell: "/opt/splunk/bin/splunk start --accept-license --answer-yes --no-prompt"
+
+  - name: Vérifier l'état de Splunk
+    wait_for:
+      host: localhost
+      port: 8089
+      delay: 10
+      timeout: 180
+      state: started
+      msg: "Splunk n'a pas redémarré correctement"
+
+  #- name: Attendre que l'indexer rejoigne le cluster
+    #shell: "/opt/splunk/bin/splunk show cluster-state -auth adminsplunk:921223Jocpam!? | grep 'Instance type=peer' | wc -l"
+    #register: peers_count
+    #until: peers_count.stdout == "2"
+    #retries: 5
+    #delay: 10
+    #become: yes
+
+
+- name: Mettre à jour le cluster de Search Head
+  hosts: splunk_search_head
+  become: yes
+  become_user: root
+  vars:
+    splunk_version: "9.0.4.1-419ad9369127-Linux-x86_64"
+
+
+  tasks:
+  - name: Arrêter les processus Splunk
+    shell: "/opt/splunk/bin/splunk stop"
+    become: yes
+
+  - name: Extraire le fichier d'installation de Splunk
+    unarchive:
+      src: "/tmp/splunk-{{ splunk_version }}.tgz"
+      dest: "/opt"
+      remote_src: yes
+
+  - name: Attribution des droits
+    shell: "chown -R splunk:splunk /opt/splunk/*"
+
+  - name: Mettre à jour Splunk
+    shell: "/opt/splunk/bin/splunk start --accept-license --answer-yes --no-prompt"
+
+  - name: Vérifier l'état de Splunk
+    wait_for:
+      host: localhost
+      port: 8089
+      delay: 10
+      timeout: 180
+      state: started
+      msg: "Splunk n'a pas redémarré correctement"

Update_Splunk_UF.yml

@@ -0,0 +1,48 @@
+- name: Mise à jour de Splunk
+  hosts: splunk_uf_Linux
+  become: yes
+  become_user: "{{ privileged_user }}"
+  vars:
+    splunk_version_uf: "9.0.4-de405f4a7979-Linux-x86_64"
+
+  tasks:
+
+    - name: Arrêter le service Splunk
+      systemd:
+        name: splunk
+        state: stopped
+
+    - name: Extraire le fichier d'installation de Splunk
+      unarchive:
+        src: "/tmp/splunkforwarder-{{ splunk_version_uf }}.tgz"
+        dest: "/opt"
+        remote_src: yes
+
+    - name: Desactiver le démarrage automatique
+      shell: "/opt/splunkforwarder/bin/splunk disable boot-start"
+
+    - name: Supprimer les entrées de démarrage automatique de Splunk
+      file:
+        path: "{{ item }}"
+        state: absent
+      with_items:
+        - /etc/init.d/splunk
+        - /etc/systemd/system/splunk.service
+
+    #- name: Arrêt de splunk
+      #shell: "/opt/splunkforwarder/bin/splunk stop"
+
+    - name: Attribution des droits
+      shell: "chown -R splunk:splunk /opt/splunkforwarder/*"
+
+    - name: Mettre à jour le Splunk Universal Forwarder
+      shell: "/opt/splunkforwarder/bin/splunk stop; /opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --no-prompt --answer-accept-changes && /opt/splunkforwarder/bin/splunk enable boot-start -user splunk"
+      become: yes
+
+    #- name: Activer le démarrage automatique
+      #shell: "/opt/splunkforwarder/bin/splunk enable boot-start"
+
+    - name: Redémarrer le service Splunk
+      systemd:
+        name: SplunkForwarder
+        state: started

Update_Splunk_UFV2.yml

@@ -0,0 +1,26 @@
+- name: Mise à jour de Splunk
+  hosts: splunk_uf_Linux
+  become: yes
+  become_user: "{{ privileged_user }}"
+  vars:
+    splunk_version_uf: "9.0.4-de405f4a7979-Linux-x86_64"
+
+  tasks:
+
+    - name: Arrêter le service Splunk
+      systemd:
+        name: splunk
+        state: stopped
+
+    - name: Extraire le fichier d'installation de Splunk
+      unarchive:
+        src: "/tmp/splunkforwarder-{{ splunk_version_uf }}.tgz"
+        dest: "/opt"
+        remote_src: yes
+
+    - name: Attribution des droits
+      shell: "chown -R splunk:splunk /opt/splunkforwarder/*"
+
+    - name: Mettre à jour le Splunk Universal Forwarder
+      shell: "/opt/splunkforwarder/bin/splunk stop; /opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --no-prompt"
+      become: yes

common/handlers/restart_splunk.yml

@@ -0,0 +1,37 @@
+---
+- name: "Retrieve PID 1 process information (Linux)"
+  command: "ps 1"
+  register: pid1
+  when:
+    - ansible_system is match("Linux")
+    - pid1 is not defined
+
+- name: "Restart the splunkd service - Via CLI"
+  command: "{{ splunk_exec }} restart --answer-yes --accept-license"
+  become: yes
+  become_user: "{{ splunk_user }}"
+  register: task_result
+  until: task_result.rc == 0
+  retries: 3
+  delay: "{{ delay_num }}"
+  when: not splunk_enable_service
+
+- name: "Restart the splunkd service - Via systemd"
+  service:
+    name: "{% if pid1.stdout.find('systemd') != -1 %}Splunkd{% else %}splunk{% endif %}"
+    state: restarted
+  when:
+    - splunk_enable_service
+    - ansible_system is match("Linux")
+  become: yes
+  become_user: "{{ privileged_user }}"
+
+- name: "Restart the splunkd service - Via windows system"
+  win_service:
+    name: splunkd
+    state: restarted
+  when: splunk_enable_service and not ansible_system is match("Linux")
+
+- name: "Wait for splunkd management port"
+  wait_for:
+    port: "{{ splunk_svc_port }}"

common/tasks/apply_dmc_trusted_pem.yml

@@ -0,0 +1,29 @@
+---
+- name: Get DMC Name
+  set_fact:
+    dmc_name: "{{ hostvars[groups.splunk_monitoring_console[0]].inventory_hostname_short }}"
+  when: not splunk_single_instance
+
+- name: "Ensure that {{ dest_path }} exists"
+  file:
+    path: "{{ splunk_home }}/etc/{{ dest_path | dirname }}"
+    state: directory
+    recurse: yes
+    group: "{{ splunk_group }}"
+    owner: "{{ splunk_user }}"
+  ignore_errors: true
+  vars:
+    dest_path: "auth/distServerKeys/{{ dmc_name }}/"
+  become: yes
+  become_user: "{{ splunk_user }}"
+  when: not splunk_single_instance
+
+- name: Copy trusted.pem to server
+  copy:
+    src: "/tmp/trusted.pem"
+    dest: "{{ splunk_home }}/etc/auth/distServerKeys/{{ dmc_name }}/trusted.pem"
+    group: "{{ splunk_group }}"
+    owner: "{{ splunk_user }}"
+  become: yes
+  become_user: "{{ splunk_user }}"
+  when: not splunk_single_instance

common/tasks/create_app_via_template.yml

@@ -0,0 +1,47 @@
+---
+- name: Default files added to the list
+  set_fact:
+    app_configs:
+      - template_path: "{{ playbook_dir }}/common/templates/app.j2"
+        template_output_path: "app.conf"
+
+- name: Ensure that all local paths exists
+  file:
+    path: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/local"
+    state: directory
+    recurse: yes
+    force: true
+  ignore_errors: true
+  loop:  "{{ configs|flatten + app_configs | flatten }}"
+
+- name: Apply provided template.j2 on the provided target file
+  template:
+    src: "{{ item.template_path }}"
+    dest: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/local/{{ item.template_output_path }}"
+    force: true
+  loop: "{{ configs|flatten +  app_configs | flatten }}"
+
+- name: Ensure that all custom paths exists
+  file:
+    path: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/{{ item.dest_dir }}"
+    state: directory
+    recurse: yes
+    force: true
+  ignore_errors: true
+  loop: "{{ files |flatten }}"
+  when: files is defined
+
+- name: Copy specific files to their local dir
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/{{ item.dest_dir }}"
+    force: true
+  loop: "{{ files |flatten }}"
+  when: files is defined
+
+- name: Copy app to the different Splunk Topology
+  copy:
+    src: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}"
+    dest: "{{ playbook_dir }}/splunk_apps/{{ item }}/"
+    force: yes
+  loop: "{{ splunk_target_topology }}"

common/tasks/disable_dmc.yml

@@ -0,0 +1,10 @@
+
+- name: "disable dmc on client instances"
+  ini_file:
+    dest: "{{ splunk_home }}/etc/apps/splunk_monitoring_console/local/app.conf"
+    section: install
+    option: "state"
+    value: "disabled"
+  become: yes
+  become_user: "{{ splunk_user }}"
+  when: "{{ groups.splunk_monitoring_console | length |int }} >= 1"

common/tasks/set_certificate_prefix.yml

@@ -0,0 +1,17 @@
+---
+- name: "Test basic https endpoint"
+  uri:
+    url: "https://127.0.0.1:{{ splunk_svc_port }}/services/properties"
+    method: GET
+    user: "{{ splunk_admin_user }}"
+    password: "{{ splunk_password }}"
+    validate_certs: false
+    status_code: 200,404
+    timeout: 10
+  register: ssl_enabled
+  ignore_errors: true
+
+# If the https call failed, we will revert to http and continue REST with normal error handling
+- name: "Set url prefix for future REST calls"
+  set_fact:
+    cert_prefix: "{% if ssl_enabled.status == 200 %}https{% else %}http{% endif %}"

common/tasks/set_conf_stanza.yml

@@ -0,0 +1,33 @@
+---
+- name: Create {{ conf_directory }} directory if not existing
+  file:
+    path: "{{ conf_directory }}"
+    state: directory
+  when: conf_directory is defined
+  become: yes
+  become_user: "{{ splunk_user }}"
+
+- name: Create {{ conf_file }} if not existing
+  copy:
+    dest: "{{ conf_directory }}/{{ conf_file }}"
+    mode: u=rw,g=,o=
+    owner: "{{ splunk_user }}"
+    group: "{{ splunk_group }}"
+    content: ""
+    force: no
+  become: yes
+  become_user: "{{ privileged_user }}"
+
+- name: "Set options in {{ stanza_name }}"
+  ini_file:
+    path: "{{ conf_directory }}/{{ conf_file }}"
+    section: "{{ stanza_name }}"
+    option: "{{ stanza_setting.key }}"
+    value: "{{ stanza_setting.value }}"
+    allow_no_value: True
+    state: present
+  with_dict: "{{ conf_stanzas }}"
+  loop_control:
+    loop_var: stanza_setting
+  become: yes
+  become_user: "{{ splunk_user }}"

common/tasks/wait_for_splunk_instance.yml

@@ -0,0 +1,20 @@
+---
+- name: Check Splunk instance is running
+  uri:
+    url: "{{ cert_prefix }}://{{ inventory_hostname }}:{{ splunk_svc_port }}/services/server/info?output_mode=json"
+    method: GET
+    user: "{{ splunk_admin_user }}"
+    password: "{{ splunk_password }}"
+    validate_certs: false
+  register: task_response
+  until:
+    - task_response.status == 200
+    - lookup('pipe', 'date +"%s"')|int - task_response.json.entry[0].content.startup_time > 10
+  retries: "{{ retry_num }}"
+  delay: 3
+  ignore_errors: true
+  no_log: "{{ hide_password }}"
+
+- name: Print response
+  debug:
+    var: task_response