Splunk-Install-Final/roles/splunk_common/tasks/main.yml

---
- name: Check if splunk user exists
  getent:
    database: passwd
    key: "{{ splunk_user }}"
    fail_key: yes
  register: user_exist
  ignore_errors: true
  become: yes

- name: Setup the splunk user
  user:
    name: "{{ splunk_user }}"
    comment: Splunk User
    shell: /bin/bash
    generate_ssh_key: yes
    ssh_key_bits: 2048
    ssh_key_file: .ssh/id_rsa
    state: present
  when: user_exist["failed"] == true
  become: yes
  become_user: "{{ privileged_user }}"

- name: Changing Splunk directory Owner
  include_tasks: pre_install_subtasks/change_splunk_directory_owner.yml
  when:
    - ansible_system is match("Linux")
    - splunk_home_ownership_enforcement is defined
    - splunk_home_ownership_enforcement | bool

- name: Stop existing Splunk
  include_tasks: stop_splunk.yml
  when:
    - splunk_upgrade | bool

# Below we will either install or upgrade, which at this moment is the same task.
- name: "Install Splunk"
  include_tasks: install_splunk.yml
  when:
    - splunk_install | bool or (first_run | bool and splunk_build_location and splunk_build_location is match("^(https?|file)://.*"))

- name: "Upgrade Splunk"
  include_tasks: install_splunk.yml
  when:
    - not splunk_install
    - not first_run
    - splunk_upgrade | bool

- name: Remove First Login
  include_tasks: post_install_subtasks/remove_first_login.yml
  when:
    - first_run | bool

# This needs to be done before any encrypted passkeys are generated
- name: setup splunk_secret
  include_tasks: post_install_subtasks/set_splunk_secret.yml
  when:
    - first_run | bool

- name: Generate user_seed.conf
  include_tasks: post_install_subtasks/set_user_seed.yml
  when:
    - first_run | bool

- name: setup the [general] pass4SymmKey in system/local
  include_tasks: "{{ playbook_dir }}/common/tasks/set_conf_stanza.yml"
  vars:
    conf_file: "server.conf"
    conf_directory: "{{ splunk_home }}/etc/system/local"
    stanza_name: general
    conf_stanzas:
      - pass4SymmKey: "{{ splunk_general_pass4SymmKey }}"

- name: Enable Splunk Service
  include_tasks: post_install_subtasks/enable_service.yml
  when:
    - splunk_enable_service and ansible_system is match("Linux")
    - first_run | bool

- name: Setup HTTP port
  include_tasks: post_install_subtasks/set_http_port.yml
  when:
    - splunk_http_port | int != 8000

- name: Setup MGMT port
  include_tasks: post_install_subtasks/set_mgmt_port.yml
  when:
    - splunk_svc_port | int != 8089

- name : Setup SSL
  include_tasks: post_install_subtasks/configure_ssl_on_splunk.yml
  when:
    - splunk_enableSSL | bool
    - first_run | bool

- name: Setup Optimistic locking
  include_tasks: post_install_subtasks/setup_optimistic_locking.yml
  when:
    - splunk_optimistic_about_file_locking

- name: "Add generic ssl apps"
  copy:
    src: "{{ playbook_dir }}/splunk_apps/base_ssl_apps/"
    dest: "{{ splunk_home }}/etc/apps/"
    group: "{{ splunk_group }}"
    owner: "{{ splunk_user }}"
    follow: yes
    local_follow: yes
  become: yes
  become_user: "{{ privileged_user }}"
  when:
    - splunk_enableSSL | bool

#- name: Start Splunk
  #include_tasks: start_splunk.yml

- name: setup http or https for further processing
  include_tasks: "{{ playbook_dir }}/common/tasks/set_certificate_prefix.yml"
  when :
    - cert_prefix is not defined

- name: setup root_endpoint for further processing
  include_tasks: post_install_subtasks/set_root_endpoint.yml
  when:
    - splunk_root_endpoint is defined
    - splunk_root_endpoint != None
    - first_run | bool

- name: Clean user_seed.conf
  include_tasks: post_install_subtasks/clean_user_seed.yml
  when:
    - first_run | bool

- name: Get splunk.secret if not provided initially
  include_tasks: post_install_subtasks/register_splunk_secret.yml
  when:
    - first_run | bool
    - splunk_secret is undefined or splunk_secret is none