admingit
/
Splunk_Instal-V2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

First-add

Browse Source
master
JocelynPa 3 years ago
parent 3ea64b8598
commit a114fe3ed1
82 changed files with 2186 additions and 2 deletions
Show Stats Download Patch File Download Diff File

27
Apps_for_Splunk/01-Conf_ServerClass/local/serverclass.conf
Unescape View File

@ -0,0 +1,27 @@
[global]
crossServerChecksum = false
repositoryLocation = $SPLUNK_HOME/etc/deployment-apps
targetRepositoryLocation = $SPLUNK_HOME/etc/apps
tmpFolder = $SPLUNK_HOME/var/run/tmp
stateOnClient = enabled
restartSplunkWeb = False
restartSplunkd = False
issueReload = false
continueMatching = true
endpoint = $deploymentServerUri$/services/streams/deployment?name=$tenantName$:$serverClassName$:$appName$
filterType = whitelist
[serverClass:Licence_Master_TIC]
[serverClass:Cluster_Master_TIC]
[serverClass:Cluster_Indexer_TIC]
[serverClass:Cluster_SH_TIC]
[serverClass:Forwarder_Linux_TIC]
[serverClass:Forwarder_Windows_TIC]

5
Apps_for_Splunk/01-Conf_deploy_client/local/deploymentclient.conf
Unescape View File

@ -0,0 +1,5 @@
[target-broker:deploymentServer]
targetUri = https://SVLCTPLOGSUP01.mom.fr:8089
[deployment-client]
disabled = 0

61
Copy_Files.yml
Unescape View File

@ -0,0 +1,61 @@
---
- name: Copier un fichier via SCP
hosts: all:!splunk_uf_Linux_TIC
become: true
become_user: root
vars:
source_file: "/tmp/splunk-8.2.3-cd0848707637-Linux-x86_64.tgz"
destination_file: "/tmp/splunk-8.2.3-cd0848707637-Linux-x86_64.tgz"
remote_host: "10.10.30.38"
remote_user: "admin"
remote_password: "921223Jocpam!?"
tasks:
- name: Copier le fichier via SCP
command: scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null {{ remote_user }}@{{ remote_host }}:{{ source_file }} {{ destination_file }}
- name: Vérifier si le fichier a été copié
stat:
path: "{{ destination_file }}"
register: file_stat
- name: Afficher un message d'erreur si le fichier n'a pas été copié
fail:
msg: "La copie SCP a échoué"
when: not file_stat.stat.exists
#- name: Copier depuis repo
#hosts: SVLCTPSUPPFI02.mom.fr
#become: true
#tasks:
#- name: copy
#copy:
#src: /tmp/splunkforwarder-8.2.3-cd0848707637-Linux-x86_64.tgz
#dest: /home/admin/splunkforwarder.tgz
#remote_src: true
#owner: admin
#group: admin
#mode: "0644"
#delegate_to: 10.10.30.38
# - name: Récupérer le fichier depuis l'hôte source et le copier sur l'hôte distant
# hosts: SVLCTPSUPPFI02.mom.fr
# become: true
# tasks:
# - name: Récupérer le fichier depuis l'hôte source
# fetch:
# src: /tmp/splunkforwarder-8.2.3-cd0848707637-Linux-x86_64.tgz
# dest: /tmp/
# flat: yes
# validate_checksum: yes
# fail_on_missing: yes
# fail_on_unreachable: yes
# delegate_to: 10.10.30.38
# - name: Copier le fichier vers l'hôte distant
# copy:
# src: /tmp/splunkforwarder-8.2.3-cd0848707637-Linux-x86_64.tgz
# dest: "{{ splunk_build_location_uf }}"
# owner: admin
# group: admin
# mode: "0644"

33
Deleted_Splunk.yml
Unescape View File

@ -0,0 +1,33 @@
---
- name: Supprimer Splunk de Linux
hosts: all:!splunk_uf_Linux_TIC
become: true
become_user: root
vars:
splunk_dir: "/opt/splunk"
tasks:
- name: Arrêter tous les processus Splunk en cours d'exécution
shell: "{{ splunk_dir }}/bin/splunk stop"
ignore_errors: true
- name: Désinstaller le service Splunk
shell: "{{ splunk_dir }}/bin/splunk disable boot-start"
- name: Supprimer le répertoire d'installation de Splunk
file:
path: "{{ splunk_dir }}"
state: absent
- name: Supprimer l'utilisateur Splunk et son groupe
user:
name: splunk
state: absent
ignore_errors: true
- name: Supprimer les entrées de démarrage automatique de Splunk
file:
path: "{{ item }}"
state: absent
with_items:
- /etc/init.d/splunk
- /etc/systemd/system/splunk.service

33
Deleted_SplunkForwarder.yml
Unescape View File

@ -0,0 +1,33 @@
---
- name: Supprimer Splunk de Linux
hosts: all
become: true
become_user: root
vars:
splunkforwarder_dir: "/opt/splunkforwarder"
tasks:
- name: Arrêter tous les processus Splunkforwarder en cours d'exécution
shell: "{{ splunkforwarder_dir }}/bin/splunk stop"
ignore_errors: true
- name: Désinstaller le service Splunk
shell: "{{ splunkforwarder_dir }}/bin/splunk disable boot-start"
- name: Supprimer le répertoire d'installation de Splunk
file:
path: "{{ splunkforwarder_dir }}"
state: absent
- name: Supprimer l'utilisateur Splunk et son groupe
user:
name: splunk
state: absent
ignore_errors: true
- name: Supprimer les entrées de démarrage automatique de Splunk
file:
path: "{{ item }}"
state: absent
with_items:
- /etc/init.d/splunk
- /etc/systemd/system/splunk.service

23
Deploy_Conf-to-uf.yml
Unescape View File

@ -0,0 +1,23 @@
- name: Copie de la configuration du deploiment server
become: yes
become_user: "{{ privileged_user }}"
hosts: splunk_uf_Linux_TIC
tasks:
- name: Supprimer le répertoire non fonctionnel dans SplunkForwarder
file:
path: /opt/splunkforwarder/etc/apps/01-Conf_deploy_client
state: absent
force: yes
- name: Copier le répertoire dans SplunkForwarder
copy:
src: "{{ playbook_dir }}/Apps_for_Splunk/01-Conf_deploy_client"
dest: /opt/splunkforwarder/etc/apps/
owner: splunk
group: splunk
- name: "Start Splunk via cli"
command: "{{ splunk_exec_uf }} start --accept-license --answer-yes --no-prompt"
become: yes
become_user: "{{ splunk_user }}"

17
Deploy_Conf.yml
Unescape View File

@ -0,0 +1,17 @@
---
- name: Copie de la configuration du deploiment server
become: yes
become_user: "{{ privileged_user }}"
hosts: all:!splunk_deployement_TIC:!splunk_monitoring_TIC:!splunk_uf_Linux_TIC
tasks:
- name: Copier le configuration DS dans Splunk
copy:
src: "{{ playbook_dir }}/Apps_for_Splunk/01-Conf_deploy_client"
dest: /opt/splunk/etc/apps/
owner: splunk
group: splunk
- name: "Start Splunk via cli"
command: "{{ splunk_exec }} start --accept-license --answer-yes --no-prompt"
become: yes
become_user: "{{ splunk_user }}"

12
Deploy_Conf_serverClass.yml
Unescape View File

@ -0,0 +1,12 @@
---
- name: Copie de la configuration du deploiment server
become: yes
become_user: "{{ privileged_user }}"
hosts: splunk_deployement_TIC
tasks:
- name: Copier configuration serverClass sur le DS
copy:
src: "{{ playbook_dir }}/Apps_for_Splunk/01-Conf_ServerClass"
dest: /opt/splunk/etc/apps/
owner: splunk
group: splunk

2
README.md
Unescape View File

@ -1,2 +0,0 @@
# Splunk_Instal-V2

37
common/handlers/restart_splunk.yml
Unescape View File

@ -0,0 +1,37 @@
---
- name: "Retrieve PID 1 process information (Linux)"
command: "ps 1"
register: pid1
when:
- ansible_system is match("Linux")
- pid1 is not defined
- name: "Restart the splunkd service - Via CLI"
command: "{{ splunk_exec }} restart --answer-yes --accept-license"
become: yes
become_user: "{{ splunk_user }}"
register: task_result
until: task_result.rc == 0
retries: 3
delay: "{{ delay_num }}"
when: not splunk_enable_service
- name: "Restart the splunkd service - Via systemd"
service:
name: "{% if pid1.stdout.find('systemd') != -1 %}Splunkd{% else %}splunk{% endif %}"
state: restarted
when:
- splunk_enable_service
- ansible_system is match("Linux")
become: yes
become_user: "{{ privileged_user }}"
- name: "Restart the splunkd service - Via windows system"
win_service:
name: splunkd
state: restarted
when: splunk_enable_service and not ansible_system is match("Linux")
- name: "Wait for splunkd management port"
wait_for:
port: "{{ splunk_svc_port }}"

29
common/tasks/apply_dmc_trusted_pem.yml
Unescape View File

@ -0,0 +1,29 @@
---
- name: Get DMC Name
set_fact:
dmc_name: "{{ hostvars[groups.splunk_monitoring_console[0]].inventory_hostname_short }}"
when: not splunk_single_instance
- name: "Ensure that {{ dest_path }} exists"
file:
path: "{{ splunk_home }}/etc/{{ dest_path | dirname }}"
state: directory
recurse: yes
group: "{{ splunk_group }}"
owner: "{{ splunk_user }}"
ignore_errors: true
vars:
dest_path: "auth/distServerKeys/{{ dmc_name }}/"
become: yes
become_user: "{{ splunk_user }}"
when: not splunk_single_instance
- name: Copy trusted.pem to server
copy:
src: "/tmp/trusted.pem"
dest: "{{ splunk_home }}/etc/auth/distServerKeys/{{ dmc_name }}/trusted.pem"
group: "{{ splunk_group }}"
owner: "{{ splunk_user }}"
become: yes
become_user: "{{ splunk_user }}"
when: not splunk_single_instance

47
common/tasks/create_app_via_template.yml
Unescape View File

@ -0,0 +1,47 @@
---
- name: Default files added to the list
set_fact:
app_configs:
- template_path: "{{ playbook_dir }}/common/templates/app.j2"
template_output_path: "app.conf"
- name: Ensure that all local paths exists
file:
path: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/local"
state: directory
recurse: yes
force: true
ignore_errors: true
loop: "{{ configs|flatten + app_configs | flatten }}"
- name: Apply provided template.j2 on the provided target file
template:
src: "{{ item.template_path }}"
dest: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/local/{{ item.template_output_path }}"
force: true
loop: "{{ configs|flatten + app_configs | flatten }}"
- name: Ensure that all custom paths exists
file:
path: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/{{ item.dest_dir }}"
state: directory
recurse: yes
force: true
ignore_errors: true
loop: "{{ files |flatten }}"
when: files is defined
- name: Copy specific files to their local dir
copy:
src: "{{ item.src }}"
dest: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/{{ item.dest_dir }}"
force: true
loop: "{{ files |flatten }}"
when: files is defined
- name: Copy app to the different Splunk Topology
copy:
src: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}"
dest: "{{ playbook_dir }}/splunk_apps/{{ item }}/"
force: yes
loop: "{{ splunk_target_topology }}"

10
common/tasks/disable_dmc.yml
Unescape View File

@ -0,0 +1,10 @@
- name: "disable dmc on client instances"
ini_file:
dest: "{{ splunk_home }}/etc/apps/splunk_monitoring_console/local/app.conf"
section: install
option: "state"
value: "disabled"
become: yes
become_user: "{{ splunk_user }}"
when: "{{ groups.splunk_monitoring_console | length |int }} >= 1"

17
common/tasks/set_certificate_prefix.yml
Unescape View File

@ -0,0 +1,17 @@
---
- name: "Test basic https endpoint"
uri:
url: "https://127.0.0.1:{{ splunk_svc_port }}/services/properties"
method: GET
user: "{{ splunk_admin_user }}"
password: "{{ splunk_password }}"
validate_certs: false
status_code: 200,404
timeout: 10
register: ssl_enabled
ignore_errors: true
# If the https call failed, we will revert to http and continue REST with normal error handling
- name: "Set url prefix for future REST calls"
set_fact:
cert_prefix: "{% if ssl_enabled.status == 200 %}https{% else %}http{% endif %}"

33
common/tasks/set_conf_stanza.yml
Unescape View File

@ -0,0 +1,33 @@
---
- name: Create {{ conf_directory }} directory if not existing
file:
path: "{{ conf_directory }}"
state: directory
when: conf_directory is defined
become: yes
become_user: "{{ splunk_user }}"
- name: Create {{ conf_file }} if not existing
copy:
dest: "{{ conf_directory }}/{{ conf_file }}"
mode: u=rw,g=,o=
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
content: ""
force: no
become: yes
become_user: "{{ privileged_user }}"
- name: "Set options in {{ stanza_name }}"
ini_file:
path: "{{ conf_directory }}/{{ conf_file }}"
section: "{{ stanza_name }}"
option: "{{ stanza_setting.key }}"
value: "{{ stanza_setting.value }}"
allow_no_value: True
state: present
with_dict: "{{ conf_stanzas }}"
loop_control:
loop_var: stanza_setting
become: yes
become_user: "{{ splunk_user }}"

20
common/tasks/wait_for_splunk_instance.yml
Unescape View File

@ -0,0 +1,20 @@
---
- name: Check Splunk instance is running
uri:
url: "{{ cert_prefix }}://{{ inventory_hostname }}:{{ splunk_svc_port }}/services/server/info?output_mode=json"
method: GET
user: "{{ splunk_admin_user }}"
password: "{{ splunk_password }}"
validate_certs: false
register: task_response
until:
- task_response.status == 200
- lookup('pipe', 'date +"%s"')|int - task_response.json.entry[0].content.startup_time > 10
retries: "{{ retry_num }}"
delay: 3
ignore_errors: true
no_log: "{{ hide_password }}"
- name: Print response
debug:
var: task_response

11
common/templates/app.j2
Unescape View File

@ -0,0 +1,11 @@
[launcher]
author = {{ author }} via Ansible (OBS)
description = {{ app_desc }}
version = {{ ansible_script_version }}
[package]
id = {{ app_name }}
[ui]
is_visible = false

15
common/templates/cluster_master_server_conf.j2
Unescape View File

@ -0,0 +1,15 @@
[clustering]
available_sites = {{ splunk_all_sites }}
cluster_label = {{ splunk_idxcluster_label }}
mode = master
multisite = {{ splunk_multisite }}
replication_factor = {{ splunk_replication_factor }}
search_factor = {{ splunk_search_factor }}
site_replication_factor = origin:{{ splunk_multisite_replication_factor_origin }}, total:{{ splunk_multisite_replication_factor_total }}
site_search_factor = origin:{{ splunk_multisite_search_factor_origin }}, total:{{ splunk_multisite_search_factor_total }}
summary_replication = true
[general]
site = {{ splunk_site }}

2
common/templates/deployer.j2
Unescape View File

@ -0,0 +1,2 @@
[shclustering]
shcluster_label = {{ splunk_shcluster_label }}

10
common/templates/deploymentclient.j2
Unescape View File

@ -0,0 +1,10 @@
[deployment-client]
{% if splunk_enableSSL %}
sslVersions = tls1.2
sslVerifyServerCert = true
sslCommonNameToCheck = {% for host in groups.splunk_deployment_server %} {{ host }}, {% endfor %}
{% endif %}
[target-broker:deploymentServer]
# Change the targetUri
targetUri = {{ groups.splunk_deployment_server[0] }}:{{ splunk_svc_port }}

30
common/templates/dist_search.j2
Unescape View File

@ -0,0 +1,30 @@
[distributedSearch]
servers = {% if sh_list is not none %} {% for host in sh_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %}{% if lm_list is not none %} ,{% for host in lm_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %}{% if cm_list is not none %} ,{% for host in cm_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %}{% if ds_list is not none %} ,{% for host in ds_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %}{% if deployer_list is not none %} ,{% for host in deployer_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %}
[distributedSearch:dmc_group_cluster_master]
servers={% if cm_list is not none %} {% for host in cm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {% else %} localhost:localhost {%endif %}
[distributedSearch:dmc_group_deployment_server]
servers={% if ds_list is not none %} {% for host in ds_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}
[distributedSearch:dmc_group_indexer]
default = true
servers={% if indexer_list is not none %} {% for host in indexer_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {% else %} localhost:localhost {%endif %}
[distributedSearch:dmc_group_kv_store]
servers={% if sh_list is not none %} {% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}
[distributedSearch:dmc_group_license_master]
servers={% if lm_list is not none %} {% for host in lm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}
[distributedSearch:dmc_group_search_head]
servers={% if cm_list is not none %}{% for host in cm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}{% if sh_list is not none %},{% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %}
[distributedSearch:dmc_group_shc_deployer]
servers={% if deployer_list is not none %} {% for host in deployer_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}
[distributedSearch:dmc_indexerclustergroup_{{ splunk_idxcluster_label }}]
servers={% if cm_list is not none %}{% for host in cm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}{% if indexer_list is not none %},{% for host in indexer_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %}{% if sh_list is not none %},{% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %}
[distributedSearch:dmc_searchheadclustergroup_{{ splunk_shcluster_label }}]
servers={% if sh_list is not none %}{% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}

12
common/templates/enable_receiver.j2
Unescape View File

@ -0,0 +1,12 @@
{% if splunk_enableSSL %}
[splunktcp-ssl:{{ splunk_s2s_port }}]
connection_host = ip
[SSL]
serverCert = $SPLUNK_HOME/etc/auth/servercertificate.pem
sslPassword = {{ splunk_ssl_cert_password }}
requireClientCert = false
sslVersions = tls1.2
{% else %}
[splunktcp://{{ splunk_s2s_port }}]
{% endif %}

19
common/templates/forwarding_s2s_outputs_conf.j2
Unescape View File

@ -0,0 +1,19 @@
# BASE SETTINGS
[tcpout]
# Change here to specify the indexer group
defaultGroup = all_{{ splunk_app_prefix }}_indexer
forceTimebasedAutoLB = true
maxQueueSize = 7MB
useACK = true
[tcpout:all_{{ splunk_app_prefix }}_indexer]
{% if splunk_enableSSL %}
clientCert = $SPLUNK_HOME/etc/auth/servercertificate.pem
{% endif %}
server = {% for host in indexer_list %}{{ host }}:{{ splunk_s2s_port }}, {% endfor %}
{% if splunk_enableSSL %}
sslCommonNameToCheck = {% for host in groups.all_splunk_instances %}{{ host }}, {% endfor %}
sslPassword = {{ splunk_ssl_cert_password }}
sslVerifyServerCert = true
{% endif %}

19
common/templates/forwarding_uf_outputs_conf.j2
Unescape View File

@ -0,0 +1,19 @@
# BASE SETTINGS
[tcpout]
# Change here to specify the indexer group
defaultGroup = all_{{ splunk_app_prefix }}_indexer
forceTimebasedAutoLB = true
maxQueueSize = 7MB
useACK = true
[tcpout:all_{{ splunk_app_prefix }}_indexer]
{% if splunk_enableSSL %}
clientCert = $SPLUNK_HOME/etc/apps/{{ app_name }}/{{ custom_cert_path }}
{% endif %}
server = {% for host in indexer_list %}{{ host }}:{{ splunk_s2s_port }}, {% endfor %}
{% if splunk_enableSSL %}
sslCommonNameToCheck = {% for host in indexer_list %}{{ host }}, {% endfor %}
sslPassword = {{ splunk_ssl_cert_password }}
sslVerifyServerCert = true
{% endif %}

5
common/templates/idx_indexes_base.j2
Unescape View File

@ -0,0 +1,5 @@
# performance optimisation
[default]
journalCompression = zstd
tsidxWritingLevel = 4

5
common/templates/idx_kvstore_base.j2
Unescape View File

@ -0,0 +1,5 @@
# kvstore not needed on indexers, let's disable it
# even when distributing collection via bundle, it won't be used on indexer as this use lookups in the background
[kvstore]
disabled = true

9
common/templates/idx_web_base.j2
Unescape View File

@ -0,0 +1,9 @@
# In larger environments, where there are more than, say, three indexers,
# it's common to disable the Splunk UI. This helps avoid configuration issues
# caused by logging in to the UI to do something directly via the manager,
# as well as saving some system resources.
[settings]
startwebserver = 0
# avoid timeout when indexer loaded
splunkdConnectionTimeout = 120

10
common/templates/indexer_cluster.j2
Unescape View File

@ -0,0 +1,10 @@
# clustering parameters are local and moved in a cluster specific package
# this can be a site specific if only one site per cluster
[clustering]
master_uri = https://{{ groups.splunk_cluster_master[0] }}:{{ splunk_svc_port }}
mode = slave
[replication_port://{{ splunk_replication_port }}]
disabled = false

15
common/templates/indexer_multisite.j2
Unescape View File

@ -0,0 +1,15 @@
# This app is expected to be layered on top of org_cluster_indexer_base;
# the settings there establish the general relationship with the master and
# set up clustered indexing behavior. This is another layer to provide the
# site number of the host, and to indicate that the clustering should be of
# the multi-site variety.
# *** This app cannot be shipped via the master-apps mechanism; it would
# make all sites the same. Place it in etc/apps on the affected indexer. ***
[general]
site = {{ splunk_site }}
[clustering]
multisite = {{ splunk_multisite }}

10
common/templates/license_server_conf.j2
Unescape View File

@ -0,0 +1,10 @@
# In distributed environments, it's common to have a lone search head acting
# as the license master as well. In this configuration, providing the URI
# of the license master is easiest within the indexer_base configuration.
# In the event that there are multiple search heads, you could instead use
# the org_all_license app, shipped to the non-license SH, as well as all of
# the indexers. In either event, the settings are the same.
[license]
master_uri = https://{{ groups.splunk_license_master[0] }}:{{ splunk_svc_port }}

12
common/templates/server_SSLconfig.j2
Unescape View File

@ -0,0 +1,12 @@
[sslConfig]
sslRootCAPath = $SPLUNK_HOME/etc/auth/ca-cert.pem
enableSplunkdSSL = true
sslVersions = tls1.2
serverCert = $SPLUNK_HOME/etc/auth/servercertificate.pem
# servercertificate.pem is a symlink to the real cert.pem on the instance
sslPassword = {{ splunk_ssl_cert_password }}
requireClientCert = false
sslVerifyServerCert = true
sslCommonNameToCheck = {% for host in groups.all_splunk_instances %}{{ host }}, {% endfor %}

8
common/templates/sh_idxcluster.j2
Unescape View File

@ -0,0 +1,8 @@
[clustering]
master_uri = https://{{ groups.splunk_cluster_master[0] }}:{{ splunk_svc_port }}
mode = searchhead
multisite = {{ splunk_multisite }}
[general]
site = {{ splunk_site }}

2
common/templates/sh_shcluster.j2
Unescape View File

@ -0,0 +1,2 @@
[replication_port://{{ splunk_shcluster_replication_port }}]

7
common/templates/uf_ssl_server_conf.j2
Unescape View File

@ -0,0 +1,7 @@
[sslConfig]
enableSplunkdSSL = true
requireClientCert = false
sslPassword = {{ splunk_ssl_cert_password }}
sslRootCAPath = $SPLUNK_HOME/etc/apps/{{ splunk_app_prefix }}_uf_ssl/certs/ca-cert.pem
serverCert = $SPLUNK_HOME/etc/apps/{{ splunk_app_prefix }}_uf_ssl/certs/splunk_universal_forwarder-cert-concatenated.pem
sslVersions = tls1.2

5
common/templates/web_sslConfig.j2
Unescape View File

@ -0,0 +1,5 @@
[settings]
enableSplunkWebSSL = true
privKeyPath = $SPLUNK_HOME/etc/auth/web-nopwd-key.pem
serverCert = $SPLUNK_HOME/etc/auth/web-servercertificate.pem
sslVersions = tls1.2

24
install_splunk.yml
Unescape View File

@ -0,0 +1,24 @@
- hosts: all_splunk_instances
tasks:
- name: Gathering Facts
include_tasks: roles/splunk_common/tasks/pre_install_subtasks/get_facts.yml
when:
- splunk_get_fact is not defined
- hosts: all_splunk_instances
serial:
- 1
- 100%
roles:
- splunk_common
tags: all,installation
- hosts: localhost
connection: local
tasks:
- name: Cleanup secret
file:
dest: "/tmp/splunk_secret"
state: "absent"
become: yes
become_user: root

23
install_splunk_uf.yml
Unescape View File

@ -0,0 +1,23 @@
---
- hosts: splunk_uf_Linux_TIC
tasks:
- name: Gathering Facts
include_tasks: roles/splunk_common_uf/tasks/pre_install_subtasks/get_facts.yml
when:
- splunk_get_fact is not defined
- hosts: splunk_uf_Linux_TIC
serial:
- 1
- 100%
roles:
- splunk_common_uf
tags: all,installation
- hosts: localhost
connection: local
tasks:
- name: Cleanup secret
file:
dest: "/tmp/splunk_secret"
state: "absent"

10
install_splunk_uf_win.yml
Unescape View File

@ -0,0 +1,10 @@
- hosts: splunk_uf_win_m-tic
name: Copy source forwarder windows
ansible.windows.win.copy:
src: "{{ playbook_dir }}/roles/sources/{{ hostvars ['127.0.0.1'].splunkforwarder-8.1.3-63079c59e632-x64-release.msi }}"
dest: "C:\Temp\"
- hosts: splunk_uf_win_m-tic
name: Install SplunkForwarder Windows
win_command: C:\Windows\System32\msiexec.exe /i C:\Temp\splunkforwarder-8.1.3-63079c59e632-x64-release.msi AGREETOLICENSE=Yes SPLUNKUSERNAME=admin SPLUNKPASSWORD=Adm1nPa$$w0rd /quiet
when: splunkforwarder_installed.exists == false

49
inventories/cluster/group_vars/vars.yml
Unescape View File

@ -0,0 +1,49 @@
---
ansible_user: admin
privileged_user: root
retry_num: 3
delay_num: 3
hide_password: false
ansible_script_version: 1.0
author: VABOS
splunk_upgrade: false
splunk_home_ownership_enforcement: true
splunk_user: splunk
splunk_group: splunk
splunk_build_location: /tmp/splunk
splunk_build_location_uf: /tmp/splunk
splunk_build_remote_src: true
splunk_build_type: tgz
splunk_opt: /opt
splunk_home: /opt/splunk
splunk_home_uf: /opt/splunkforwarder
splunk_exec: /opt/splunk/bin/splunk
splunk_exec_uf: /opt/splunkforwarder/bin/splunk
splunk_enable_service: false
splunk_password: 921223Jocpam!?
splunk_admin_user: adminsplunk
splunk_general_pass4SymmKey: Asf#oQcAjOAnw^#zCE#Nd2R0#27j0@
splunk_secret: 6XHPsFI2^jsYI&^ITvxzk#SZBcr1^n
splunk_svc_port: 8089
splunk_http_port: 8000
splunk_enableSSL: true
splunk_ssl_cert_password: CHANGEME
splunk_ssl_generate_cert: false
splunk_ssl_generate_root_cert: false
splunk_s2s_port: 9997
splunk_replication_port: 9100
splunk_shcluster_replication_port: 9200
splunk_shcluster_mode: member
splunk_optimistic_about_file_locking: true
splunk_single_instance: false
#splunk_site: site0
#splunk_multisite: false
#splunk_license_uri: /splunk_apps/splunk.license
splunk_idxc_pass4SymmKey: 1nZ7lubH^KTqKyS3#h5Ad9V^Xkrttq
splunk_app_prefix: SPL

27
inventories/cluster/hosts.yml
Unescape View File

@ -0,0 +1,27 @@
---
all_splunk_instances:
children:
splunk_search_head_TIC:
hosts:
SVLCTPLOGPUB01.mom.fr:
SVLCTPLOGPUB02.mom.fr:
splunk_indexer_TIC:
hosts:
SVLCTPLOGIDX01.mom.fr:
SVLCTPLOGIDX02.mom.fr:
splunk_licence_master:
hosts:
SVLCTPLOGLMR.mom.fr:
splunk_uf_Linux_TIC:
hosts:
SVLCTPSUPPFI01.mom.fr:
SVLCTPSUPPFI02.mom.fr:
splunk_uf_Windows_TIC:
hosts:
SVWCTPSUPPFI01.mom.fr:
splunk_deployement_TIC:
hosts:
SVLCTPLOGSUP01.mom.fr:
splunk_monitoring_TIC:
hosts:
SVLCTPLOGSUP01.mom.fr:

107
inventories/group_vars_all.yml.spec
Unescape View File

@ -0,0 +1,107 @@
---
# user used by ansible on client
ansible_user: admin
# number of retry for a command
retry_num: 3
# delay in sec between 2 retry
delay_num: 3
# password visible in std_out
hide_password: false
# version use for all the auto_generated_apps
ansible_script_version: 1.0
# author displayed in all the auto_generated_apps
author: Louis-Marie NOGUES
# prefix set in the name of all the auto generated apps
splunk_app_prefix: ansbl
create_base_apps: true
### SPLUNK BASIC INSTALL ###
# apply the chwon
splunk_home_ownership_enforcement: true
# cli user for splunk
splunk_user: splunk
splunk_group: splunk
# path to the package on ansible host
splunk_build_location: /mnt/e/prj/splunk/splunk-7.3.2-c60db69f8e32-Linux-x86_64.tgz
# /mnt/e/prj/splunk/splunk-8.0.0-1357bef0a7f6-Linux-x86_64.tgz
# path is a http link
splunk_build_remote_src: false
# splunk path
splunk_opt: /opt
splunk_home: /opt/splunk
splunk_exec: /opt/splunk/bin/splunk
### SPLUNK BASIC CONFIG ###
# start splunk as a service
splunk_enable_service: true
# splunk admin info
splunk_password:
splunk_admin_user: admin
# splunk default configuration
splunk_general_pass4SymmKey:
splunk_secret:
splunk_svc_port: 8089
splunk_http_port: 8000
splunk_s2s_port: 9997
splunk_disable_kvstore_on_idx: false
splunk_disable_web_on_idx: false
# default site, can be override on each host_vars
splunk_license_uri:
-
-
### SPLUNK BASIC SSL ###
splunk_enableSSL: false
splunk_ssl_cert_password: password
splunk_ssl_generate_cert: false
splunk_ssl_generate_root_cert: false
### SPLUNK INDEX CLUSTERING ###
splunk_indexer_cluster: true
splunk_replication_port: 9100
splunk_site: site0
splunk_multisite: true
splunk_idxc_pass4SymmKey:
splunk_search_factor:
splunk_replication_factor:
splunk_idx_discovery_pass4SymmKey:
splunk_idxcluster_label:
splunk_all_sites: site1,site2
splunk_multisite_replication_factor_origin:
splunk_multisite_replication_factor_total:
splunk_multisite_search_factor_origin:
splunk_multisite_search_factor_total:
### SPLUNK SH CLUSTERING ###
splunk_search_head_cluster: true
splunk_shcluster_replication_port: 9200
splunk_shcluster_mode: member
splunk_shcluster_label:
splunk_shcluster_pass4SymmKey:
splunk_shcluster_election: false
### PREMIUM APPS ###
## ITSI ##
# Flag to trigger installation of Premium Apps
splunk_itsi: True
# local_path for the itsi package
splunk_itsi_local_path:
### JAVA ###
# which version of java to be installed (oracle:8,openjdk:8,openjdk:11,openjdk:13,openjdk:9 (windows))
java_version: openjdk:11
java_update_version: 11.0.2
java_download_url: /mnt/e/prj/splunk/tools/openjdk-11.0.2_linux-x64_bin.tar.gz
java_download_url_remote: false
# add optimitstic_about_file_locking flag in the splunk splunk-launch.conf
# usefull for docker + Windows
splunk_optimistic_about_file_locking: false

4
roles/splunk_common/handlers/main.yml
Unescape View File

@ -0,0 +1,4 @@
---
# handlers file for splunk_common
- name: "Restart the splunkd service"
include_tasks: "{{ playbook_dir }}/common/handlers/restart_splunk.yml"

39
roles/splunk_common/tasks/install_splunk.yml
Unescape View File

@ -0,0 +1,39 @@
---
- name: Remove old manifest files
file:
path: "{{ item.path }}"
state: "absent"
ignore_errors: yes
become: yes
become_user: "{{ privileged_user }}"
with_items:
- "{{ manifests.files }}"
when: splunk_upgrade | bool
- name: Remove old directories
file:
path: "{{ item }}"
state: "absent"
ignore_errors: yes
become: yes
become_user: "{{ privileged_user }}"
with_items:
- "{{ splunk_home }}/bin"
- "{{ splunk_home }}/lib"
- "{{ splunk_home }}/share"
- "{{ splunk_home }}/Python-2.7"
when: splunk_upgrade | bool
- name: Install Splunk
include_tasks: install_tasks/install_splunk_{{ splunk_build_type }}.yml
- name: Remove installers
file:
dest: "{{ item }}"
state: "absent"
ignore_errors: yes
become: yes
become_user: "{{ privileged_user }}"
with_items:
- "{{ splunk_build_location }}"
- "/tmp/splunk_msi"

7
roles/splunk_common/tasks/install_tasks/install_splunk_msi.yml
Unescape View File

@ -0,0 +1,7 @@
- name: Install Splunk (Windows)
command: "msiexec /I {{ splunk_build_location }}" AGREETOLICENSE=yes LAUNCHSPLUNK=0 /passive /qn"
when: ansible_system is match("CYGWIN*|Win32NT")
register: install_result
until: install_result is succeeded
retries: "{{ retry_num }}"
delay: 3

13
roles/splunk_common/tasks/install_tasks/install_splunk_tgz.yml
Unescape View File

@ -0,0 +1,13 @@
- name: Install Splunk (Linux)
unarchive:
src: "{{ splunk_build_location }}"
dest: "{{ splunk_opt }}"
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
remote_src: "{{ splunk_build_remote_src }}"
register: install_result
until: install_result is succeeded
retries: " {{ retry_num}}"
delay: 3
become: yes
become_user: "{{ privileged_user }}"

138
roles/splunk_common/tasks/main.yml
Unescape View File

@ -0,0 +1,138 @@
---
- name: Check if splunk user exists
getent:
database: passwd
key: "{{ splunk_user }}"
fail_key: yes
register: user_exist
ignore_errors: true
become: yes
- name: Setup the splunk user
user:
name: "{{ splunk_user }}"
comment: Splunk User
shell: /bin/bash
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: .ssh/id_rsa
state: present
when: user_exist["failed"] == true
become: yes
become_user: "{{ privileged_user }}"
- name: Changing Splunk directory Owner
include_tasks: pre_install_subtasks/change_splunk_directory_owner.yml
when:
- ansible_system is match("Linux")
- splunk_home_ownership_enforcement is defined
- splunk_home_ownership_enforcement | bool
- name: Stop existing Splunk
include_tasks: stop_splunk.yml
when:
- splunk_upgrade | bool
# Below we will either install or upgrade, which at this moment is the same task.
- name: "Install Splunk"
include_tasks: install_splunk.yml
when:
- splunk_install | bool or (first_run | bool and splunk_build_location and splunk_build_location is match("^(https?|file)://.*"))
- name: "Upgrade Splunk"
include_tasks: install_splunk.yml
when:
- not splunk_install
- not first_run
- splunk_upgrade | bool
- name: Remove First Login
include_tasks: post_install_subtasks/remove_first_login.yml
when:
- first_run | bool
# This needs to be done before any encrypted passkeys are generated
- name: setup splunk_secret
include_tasks: post_install_subtasks/set_splunk_secret.yml
when:
- first_run | bool
- name: Generate user_seed.conf
include_tasks: post_install_subtasks/set_user_seed.yml
when:
- first_run | bool
- name: setup the [general] pass4SymmKey in system/local
include_tasks: "{{ playbook_dir }}/common/tasks/set_conf_stanza.yml"
vars:
conf_file: "server.conf"
conf_directory: "{{ splunk_home }}/etc/system/local"
stanza_name: general
conf_stanzas:
- pass4SymmKey: "{{ splunk_general_pass4SymmKey }}"
- name: Enable Splunk Service
include_tasks: post_install_subtasks/enable_service.yml
when:
- splunk_enable_service and ansible_system is match("Linux")
- first_run | bool
- name: Setup HTTP port
include_tasks: post_install_subtasks/set_http_port.yml
when:
- splunk_http_port | int != 8000
- name: Setup MGMT port
include_tasks: post_install_subtasks/set_mgmt_port.yml
when:
- splunk_svc_port | int != 8089
- name : Setup SSL
include_tasks: post_install_subtasks/configure_ssl_on_splunk.yml
when:
- splunk_enableSSL | bool
- first_run | bool
- name: Setup Optimistic locking
include_tasks: post_install_subtasks/setup_optimistic_locking.yml
when:
- splunk_optimistic_about_file_locking
- name: "Add generic ssl apps"
copy:
src: "{{ playbook_dir }}/splunk_apps/base_ssl_apps/"
dest: "{{ splunk_home }}/etc/apps/"
group: "{{ splunk_group }}"
owner: "{{ splunk_user }}"
follow: yes
local_follow: yes
become: yes
become_user: "{{ privileged_user }}"
when:
- splunk_enableSSL | bool
- name: Start Splunk
include_tasks: start_splunk.yml
- name: setup http or https for further processing
include_tasks: "{{ playbook_dir }}/common/tasks/set_certificate_prefix.yml"
when :
- cert_prefix is not defined
- name: setup root_endpoint for further processing
include_tasks: post_install_subtasks/set_root_endpoint.yml
when:
- splunk_root_endpoint is defined
- splunk_root_endpoint != None
- first_run | bool
- name: Clean user_seed.conf
include_tasks: post_install_subtasks/clean_user_seed.yml
when:
- first_run | bool
- name: Get splunk.secret if not provided initially
include_tasks: post_install_subtasks/register_splunk_secret.yml
when:
- first_run | bool
- splunk_secret is undefined or splunk_secret is none

7
roles/splunk_common/tasks/post_install_subtasks/clean_user_seed.yml
Unescape View File

@ -0,0 +1,7 @@
---
- name: Remove user-seed.conf
file:
dest: "{{ splunk_home }}/etc/system/local/user-seed.conf"
state: "absent"
notify:
- Restart the splunkd service

48
roles/splunk_common/tasks/post_install_subtasks/configure_ssl_on_splunk.yml
Unescape View File

@ -0,0 +1,48 @@
---
- name: "Transmit certificates from host"
copy:
src: "{{ playbook_dir }}/ssl/{{ item }}"
dest: "{{ splunk_home }}/etc/auth/{{ item }}"
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
local_follow: true
mode: 0400
loop:
- ca-cert.pem
- ca-key.pem
- "{{ inventory_hostname }}-cert-concatenated.pem"
- "{{ inventory_hostname }}-cert-concatenated-web.pem"
- "{{ inventory_hostname }}-nopwd-key.pem"
become: yes
become_user: "{{ privileged_user }}"
- name: "Rename Server certificate for simplified usage via symbolic link"
file:
src: "{{ splunk_home }}/etc/auth/{{ inventory_hostname }}-cert-concatenated.pem"
dest: "{{ splunk_home }}/etc/auth/servercertificate.pem"
state: link
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
become: yes
become_user: "{{ privileged_user }}"
- name: "Rename Web Server certificate for simplified usage via symbolic link"
file:
src: "{{ splunk_home }}/etc/auth/{{ inventory_hostname }}-cert-concatenated-web.pem"
dest: "{{ splunk_home }}/etc/auth/web-servercertificate.pem"
state: link
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
become: yes
become_user: "{{ privileged_user }}"
- name: "Rename Web Server certificate Key for simplified usage via symbolic link"
file:
src: "{{ splunk_home }}/etc/auth/{{ inventory_hostname }}-nopwd-key.pem"
dest: "{{ splunk_home }}/etc/auth/web-nopwd-key.pem"
state: link
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
become: yes
become_user: "{{ privileged_user }}"

109
roles/splunk_common/tasks/post_install_subtasks/enable_service.yml
Unescape View File

@ -0,0 +1,109 @@
---
- name: "Retrieve PID 1 process information (Linux)"
command: "ps 1"
register: pid1
when: ansible_system is match("Linux")
- name: "Retrieve Splunk version"
command: "{{ splunk_exec }} version --accept-license --answer-yes --no-prompt"
register: installed_splunk_version
when: ansible_system is match("Linux")
become: yes
become_user: "{{ splunk_user }}"
- name: "Set installed version fact"
set_fact:
installed_splunk_version: "{{ installed_splunk_version.stdout | regex_search(regexp, '\\1') }}"
vars:
regexp: 'Splunk\s((\d+)\.(\d+)\.(\d+)).*'
when: ansible_system is match("Linux")
- name: "Enable service via boot-start - Linux (systemd)"
become: yes
become_user: "{{ privileged_user }}"
command: "{{ splunk_exec }} enable boot-start -systemd-managed 1 -user {{ splunk_user }} --accept-license --answer-yes --no-prompt"
when:
- ansible_system is match("Linux")
- pid1.stdout.find("systemd") != -1
- installed_splunk_version[0] is version("7.2.2", ">=")
# Using service file approach for systemd rather than 'boot-start' with
# 'systemd-unit-file-name' option because cli's versions older than 7.2.2 do
# not implement systemd in boot-start command.
- name: "Copy Splunkd unit file - Linux (systemd)"
template:
src: Splunkd.service.j2
dest: /etc/systemd/system/Splunkd.service
owner: "{{ privileged_user }}"
group: "{{ privileged_user }}"
mode: 0644
become: yes
become_user: "{{ privileged_user }}"
when:
- ansible_system is match("Linux")
- pid1.stdout.find("systemd") != -1
- installed_splunk_version[0] is version("7.2.2", "<")
- name: "Reload daemons via systemctl - Linux (systemd)"
become: yes
become_user: "{{ privileged_user }}"
systemd:
daemon-reload: yes
name: Splunkd.service
enabled: true
when:
- ansible_system is match("Linux")
- pid1.stdout.find('systemd') != -1
- name: "Enable service via boot-start - Linux (init)"
become: yes
become_user: "{{ privileged_user }}"
command: "{{ splunk_exec }} enable boot-start -user {{ splunk_user }} --accept-license --answer-yes --no-prompt"
when:
- ansible_system is match("Linux")
- pid1.stdout.find('systemd') == -1
- name: "Enable service via boot-start - Windows"
command: "{{ splunk_exec }} enable boot-start -user {{ splunk_user }} --accept-license --answer-yes --no-prompt"
when: ansible_os_family == "Windows"
- name: add splunk user to sudoer for systemd
lineinfile:
path: /etc/sudoers
state: present
line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl restart Splunkd.service"
when:
- ansible_system is match("Linux")
- pid1.stdout.find("systemd") != -1
become: yes
- name: add splunk user to sudoer for systemd
lineinfile:
path: /etc/sudoers
state: present
line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl start Splunkd.service"
when:
- ansible_system is match("Linux")
- pid1.stdout.find("systemd") != -1
become: yes
- name: add splunk user to sudoer for systemd
lineinfile:
path: /etc/sudoers
state: present
line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl stop Splunkd.service"
when:
- ansible_system is match("Linux")
- pid1.stdout.find("systemd") != -1
become: yes
- name: add splunk user to sudoer for systemd
lineinfile:
path: /etc/sudoers
state: present
line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl status Splunkd.service"
when:
- ansible_system is match("Linux")
- pid1.stdout.find("systemd") != -1
become: yes

30
roles/splunk_common/tasks/post_install_subtasks/install_java.yml
Unescape View File

@ -0,0 +1,30 @@
---
- name: Install Oracle8 JDK
include_tasks: java_tasks/install_oracle8_jdk.yml
when:
- java_version == "oracle:8"
- ansible_system is match("Linux")
- name: Install Openjdk8 JDK
include_tasks: java_tasks/install_openjdk8_jdk.yml
when:
- java_version == "openjdk:8"
- ansible_system is match("Linux")
- name: Install Openjdk11 JDK
include_tasks: java_tasks/install_openjdk11_jdk.yml
when:
- java_version == "openjdk:11"
- ansible_system is match("Linux")
- name: Install Openjdk13 JDK
include_tasks: java_tasks/install_openjdk11_jdk.yml
when:
- java_version == "openjdk:13"
- ansible_system is match("Linux")
- name: Install Openjdk9 JDK for Windows
include_tasks: java_tasks/install_openjdk9_jdk_windows.yml
when:
- java_version == "openjdk:9"
- ansible_system is match("CYGWIN*|Win32NT")

21
roles/splunk_common/tasks/post_install_subtasks/register_splunk_secret.yml
Unescape View File

@ -0,0 +1,21 @@
---
# - name: Get the Splunk secret
# shell: cat "{{ splunk_home }}/etc/auth/splunk.secret"
# register: splunk_secret_content
# when:
# - splunk_secret is undefined or splunk_secret is none
# - not tmp_splunk_secret.stat.exists
# become: yes
# become_user: "{{ privileged_user }}"
- name: register Splunk secret for use on other hosts
fetch:
src: "{{ splunk_home }}/etc/auth/splunk.secret"
dest: "/tmp/splunk_secret"
flat: yes
become: yes
become_user: "{{ privileged_user }}"
when:
- splunk_secret is undefined or splunk_secret is none
- not tmp_splunk_secret.stat.exists

10
roles/splunk_common/tasks/post_install_subtasks/remove_first_login.yml
Unescape View File

@ -0,0 +1,10 @@
---
- name: "Create .ui_login"
file:
path: "{{ splunk_home }}/etc/.ui_login"
state: touch
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
mode: "u=rw,g=,o="
become: yes
become_user: "{{ splunk_user }}"

8
roles/splunk_common/tasks/post_install_subtasks/set_http_port.yml
Unescape View File

@ -0,0 +1,8 @@
---
- name: Set HTTP Port
ini_file:
dest: "{{ splunk_home }}/etc/system/local/web.conf"
section: settings
option: "httpport"
value: "{{ splunk_http_port }}"

7
roles/splunk_common/tasks/post_install_subtasks/set_mgmt_port.yml
Unescape View File

@ -0,0 +1,7 @@
---
- name: Set mgmt port
ini_file:
dest: "{{ splunk_home }}/etc/system/local/web.conf"
section: settings
option: "mgmtHostPort"
value: "127.0.0.1:{{ splunk_svc_port }}"

19
roles/splunk_common/tasks/post_install_subtasks/set_root_endpoint.yml
Unescape View File

@ -0,0 +1,19 @@
---
- name: Set root endpoint
uri:
url: "{{ cert_prefix }}://127.0.0.1:{{ splunk_svc_port }}/servicesNS/nobody/system/configs/conf-web/settings"
method: POST
user: "{{ splunk_admin_user }}"
password: "{{ splunk_password }}"
validate_certs: false
body:
root_endpoint: "{{ splunk_root_endpoint }}"
body_format: "form-urlencoded"
status_code: 200
timeout: 10
when: splunk_root_endpoint
register: set_root_endpoint
changed_when: set_root_endpoint.status == 200
no_log: "{{ hide_password }}"
notify:
- Restart the splunkd service

35
roles/splunk_common/tasks/post_install_subtasks/set_splunk_secret.yml
Unescape View File

@ -0,0 +1,35 @@
---
- name: Set the Splunk secret from Config
copy:
dest: "{{ splunk_home }}/etc/auth/splunk.secret"
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
mode: 0400
content: "{{ splunk_secret }}"
when:
- splunk_secret is defined and splunk_secret is not none
become: yes
become_user: "{{ privileged_user }}"
# Checking that a splunk_secret exists on ansible host
- name: "Checking that a splunk_secret exists on ansible host"
local_action: stat path=/tmp/splunk_secret
register: tmp_splunk_secret
become: yes
become_user: "{{ privileged_user }}"
- name: Set the Splunk secret from First Host
copy:
dest: "{{ splunk_home }}/etc/auth/splunk.secret"
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
mode: 0400
src: "/tmp/splunk_secret"
when:
- splunk_secret is undefined or splunk_secret is none
- tmp_splunk_secret.stat.exists
become: yes
become_user: "{{ privileged_user }}"

42
roles/splunk_common/tasks/post_install_subtasks/set_user_seed.yml
Unescape View File

@ -0,0 +1,42 @@
---
- name: "Hash the password"
command: "{{ splunk_exec }} hash-passwd {{ splunk_password }}"
register: hashed_pwd
changed_when: hashed_pwd.rc == 0
become: yes
become_user: "{{ splunk_user }}"
no_log: "{{ hide_password }}"
- name: "Generate user-seed.conf (Linux)"
ini_file:
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
dest: "{{ splunk_home }}/etc/system/local/user-seed.conf"
section: user_info
option: "{{ item.opt }}"
value: "{{ item.val }}"
with_items:
- { opt: "USERNAME", val: "{{ splunk_admin_user }}" }
- { opt: "HASHED_PASSWORD", val: "{{ hashed_pwd.stdout }}" }
loop_control:
label: "{{ item.opt }}"
when: ansible_system is match("Linux")
no_log: "{{ hide_password }}"
become: yes
become_user: "{{ splunk_user }}"
- name: "Generate user-seed.conf (Windows)"
ini_file:
dest: "{{ splunk_home }}/etc/system/local/user-seed.conf"
section: user_info
option: "{{ item.opt }}"
value: "{{ item.val }}"
with_items:
- { opt: "USERNAME", val: "{{ splunk_admin_user }}" }
- { opt: "HASHED_PASSWORD", val: "{{ hashed_pwd.stdout }}" }
loop_control:
label: "{{ item.opt }}"
when: ansible_system is match("CYGWIN*|Win32NT")
no_log: "{{ hide_password }}"
become: yes
become_user: "{{ splunk_user }}"

7
roles/splunk_common/tasks/post_install_subtasks/setup_optimistic_locking.yml
Unescape View File

@ -0,0 +1,7 @@
- name: Ensure Optimistic locking is set to splunk-launch.conf
lineinfile:
path: "{{ splunk_home }}/etc/splunk-launch.conf"
regexp: "^OPTIMISTIC_ABOUT_FILE_LOCKING="
line: OPTIMISTIC_ABOUT_FILE_LOCKING=1
become: yes
become_user: "{{ privileged_user }}"

10
roles/splunk_common/tasks/pre_install_subtasks/change_splunk_directory_owner.yml
Unescape View File

@ -0,0 +1,10 @@
---
- name: Update Splunk directory owner
file:
path: "{{ splunk_home }}"
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
recurse: yes
state: directory
become: yes
become_user: "{{ privileged_user }}"

56
roles/splunk_common/tasks/pre_install_subtasks/get_facts.yml
Unescape View File

@ -0,0 +1,56 @@
---
- name: "Set privilege escalation user"
set_fact:
privileged_user: "{% if ansible_system is match('CYGWIN*|Win32NT') %}Administrator{% else %}root{% endif %}"
- name: "Check for existing installation"
stat:
path: "{{ splunk_exec }}"
become: yes
register: pre_existing_splunk_exec
- name: "Set splunk install fact"
set_fact:
splunk_install: "{{ not pre_existing_splunk_exec.stat.exists | default(True) }}"
- name: "Check for existing splunk secret"
stat:
path: "{{ splunk_home }}/etc/auth/splunk.secret"
register: pre_existing_splunk_secret
become: yes
become_user: "{{ privileged_user }}"
- name: "Set first run fact"
set_fact:
first_run: "{{ not pre_existing_splunk_secret.stat.exists | default(True) }}"
become: yes
become_user: "{{ privileged_user }}"
- name : "Set splunk_build_type fact"
include_tasks: get_facts_build_type.yml
- name: "Set target version fact"
include_tasks: get_facts_target_version.yml
when: splunk_target_version is not defined or splunk_target_version == none
- name: "Find manifest"
find:
paths: "{{ splunk_home }}"
patterns: ".*-manifest$"
use_regex: yes
become: yes
register: manifests
- name: "Set current version fact"
set_fact:
splunk_current_version: "{{ manifests.files[0].path | regex_search(regexp, '\\1') if (manifests.matched == 1) else '0' }}"
vars:
regexp: 'splunk\D*?-((\d+)\.(\d+)\.(\d+))'
- name: "Setting upgrade fact"
set_fact:
splunk_upgrade: "{{ splunk_build_location and not splunk_install and splunk_target_version and splunk_target_version != splunk_current_version | default(False) }}"
- name: "Register the fact that we've gather the fact"
set_fact:
splunk_get_fact: true

21
roles/splunk_common/tasks/pre_install_subtasks/get_facts_build_type.yml
Unescape View File

@ -0,0 +1,21 @@
- name: Set splunk_build_type from variable
set_fact:
splunk_build_type: "{{ splunk_build_type }}"
when:
- "splunk_build_type is defined"
- name: Set splunk_build_type from build_location
block:
#check if the build_location is a tgz
- name: "Set build_type (tgz)"
set_fact:
splunk_build_type: "tgz"
when: splunk_build_location is match(".*(\.tar\.gz|\.tgz)$")
- name: "Set build_type (msi)"
set_fact:
splunk_build_type: "msi"
when: splunk_build_location is match(".*\.msi$")
when:
- splunk_build_type is not defined
- splunk_build_type is not none
- splunk_build_location is not none

13
roles/splunk_common/tasks/pre_install_subtasks/get_facts_target_version.yml
Unescape View File

@ -0,0 +1,13 @@
# Use a manually set version, if a it is set
- name: "Set target version fact"
set_fact:
splunk_target_version: "{{ splunk_target_version }}"
when: "splunk_target_version is defined"
# Extracting the numbers from the Splunk installer file name allows us to know the version we are targeting.
- name: "Set target version fact (file)"
set_fact:
splunk_target_version: "{{ splunk_build_location | regex_search(regexp, '\\1') | default('0') }}"
vars:
regexp: 'splunk\D*?-((\d+)\.(\d+)\.(\d+))'
when: "splunk_build_type is defined and splunk_build_type is match('(tgz|msi|rpm|deb)')"

45
roles/splunk_common/tasks/start_splunk.yml
Unescape View File

@ -0,0 +1,45 @@
---
- name: "Get Splunk status"
command: "{{ splunk_exec }} status --accept-license --answer-yes --no-prompt"
become: yes
become_user: "{{ splunk_user }}"
register: splunk_status
changed_when: False
failed_when: False
ignore_errors: yes
- name: "Start Splunk via cli"
command: "{{ splunk_exec }} start --accept-license --answer-yes --no-prompt"
become: yes
become_user: "{{ splunk_user }}"
register: start_splunk
changed_when: start_splunk.rc == 0 and 'already running' not in start_splunk.stdout
when:
- not splunk_enable_service or pid1 is not defined
- splunk_status.rc != 0
ignore_errors: yes
- name: "Start Splunk via service"
service:
name: "{% if pid1.stdout.find('systemd') != -1 %}Splunkd{% else %}splunk{% endif %}"
state: restarted
when:
- splunk_enable_service
- splunk_status.rc != 0
- ansible_system is match("Linux")
- pid1 is defined
become: yes
become_user: "{{ privileged_user }}"
- name: "Start Splunk via Windows service"
win_service:
name: splunkd
state: restarted
when:
- splunk_enable_service
- splunk_status.rc != 0
- ansible_os_family == "Windows"
- name: "Wait for splunkd management port"
wait_for:
port: "{{ splunk_svc_port }}"

40
roles/splunk_common/tasks/stop_splunk.yml
Unescape View File

@ -0,0 +1,40 @@
---
- name: "Get Splunk status"
command: "{{ splunk_exec }} status --accept-license --answer-yes --no-prompt"
become: yes
become_user: "{{ splunk_user }}"
register: splunk_status
changed_when: False
failed_when: False
ignore_errors: yes
- name: "Stop Splunk via cli"
command: "{{ splunk_exec }} stop --accept-license --answer-yes --no-prompt"
become: yes
become_user: "{{ splunk_user }}"
register: stop_splunk
changed_when: stop_splunk.rc == 0
when:
- not splunk_enable_service
- splunk_status.rc == 0
- name: "Stop Splunk via systemctl"
service:
name: Splunkd
state: stopped
when:
- splunk_enable_service
- splunk_status.rc == 0
- ansible_system is match("Linux")
become: yes
become_user: "{{ privileged_user }}"
ignore_errors: yes
- name: "Stop Splunk via Windows service"
win_service:
name: splunkd
state: stopped
when:
- splunk_enable_service
- splunk_status.rc == 0
- ansible_os_family == "Windows"

3
roles/splunk_common/vars/main.yml
Unescape View File

@ -0,0 +1,3 @@
splunk_version: "8.3.1"
splunk_download_url: "https://download.splunk.com/products/splunk/releases/{{ splunk_version }}/linux/splunk-{{ splunk_version }}-aa7ca5cfbb32-Linux-x86_64.tgz"
splunk_user: "splunk"

39
roles/splunk_common_uf/tasks/install_splunk.yml
Unescape View File

@ -0,0 +1,39 @@
---
- name: Remove old manifest files
file:
path: "{{ item.path }}"
state: "absent"
ignore_errors: yes
become: yes
become_user: "{{ privileged_user }}"
with_items:
- "{{ manifests.files }}"
when: splunk_upgrade | bool
- name: Remove old directories
file:
path: "{{ item }}"
state: "absent"
ignore_errors: yes
become: yes
become_user: "{{ privileged_user }}"
with_items:
- "{{ splunk_home_uf }}/bin"
- "{{ splunk_home_uf }}/lib"
- "{{ splunk_home_uf }}/share"
- "{{ splunk_home_uf }}/Python-2.7"
when: splunk_upgrade | bool
- name: Install Splunk
include_tasks: install_tasks/install_splunk_{{ splunk_build_type }}.yml
- name: Remove installers
file:
dest: "{{ item }}"
state: "absent"
ignore_errors: yes
become: yes
become_user: "{{ privileged_user }}"
with_items:
- "{{ splunk_build_location_uf }}"
- "/tmp/splunk_msi"

13
roles/splunk_common_uf/tasks/install_tasks/install_splunk_tgz.yml
Unescape View File

@ -0,0 +1,13 @@
- name: Install Splunk (Linux)
unarchive:
src: "{{ splunk_build_location_uf }}"
dest: "{{ splunk_opt }}"
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
remote_src: "{{ splunk_build_remote_src }}"
register: install_result
until: install_result is succeeded
retries: "{{ retry_num }}"
delay: 3
become: yes
become_user: "{{ privileged_user }}"

92
roles/splunk_common_uf/tasks/main.yml
Unescape View File

@ -0,0 +1,92 @@
---
- name: Check if splunk user exists
getent:
database: passwd
key: "{{ splunk_user }}"
fail_key: yes
register: user_exist
ignore_errors: true
become: yes
- name: Setup the splunk user
user:
name: "{{ splunk_user }}"
comment: Splunk User
shell: /bin/bash
generate_ssh_key: yes
ssh_key_bits: 2048
ssh_key_file: .ssh/id_rsa
state: present
when: user_exist["failed"] == true
become: yes
become_user: "{{ privileged_user }}"
- name: Changing Splunk directory Owner
include_tasks: pre_install_subtasks/change_splunk_directory_owner.yml
when:
- ansible_system is match("Linux")
- splunk_home_ownership_enforcement is defined
- splunk_home_ownership_enforcement | bool
- name: Stop existing Splunk
include_tasks: stop_splunk.yml
when:
- splunk_upgrade | bool
# Below we will either install or upgrade, which at this moment is the same task.
- name: "Install Splunk"
include_tasks: install_splunk.yml
when:
- splunk_install | bool or (first_run | bool and splunk_build_location and splunk_build_location is match("^(https?|file)://.*"))
- name: "Upgrade Splunk"
include_tasks: install_splunk.yml
when:
- not splunk_install
- not first_run
- splunk_upgrade | bool
- name: Remove First Login
include_tasks: post_install_subtasks/remove_first_login.yml
when:
- first_run | bool
# This needs to be done before any encrypted passkeys are generated
- name: setup splunk_secret
include_tasks: post_install_subtasks/set_splunk_secret.yml
when:
- first_run | bool
- name: Generate user_seed.conf
include_tasks: post_install_subtasks/set_user_seed.yml
when:
- first_run | bool
- name: setup the [general] pass4SymmKey in system/local
include_tasks: "{{ playbook_dir }}/common/tasks/set_conf_stanza.yml"
vars:
conf_file: "server.conf"
conf_directory: "{{ splunk_home_uf }}/etc/system/local"
stanza_name: general
conf_stanzas:
- pass4SymmKey: "{{ splunk_general_pass4SymmKey }}"
- name: Enable Splunk Service
include_tasks: post_install_subtasks/enable_service.yml
when:
- splunk_enable_service and ansible_system is match("Linux")
- first_run | bool
- name: Start Splunk
include_tasks: start_splunk.yml
- name: Clean user_seed.conf
include_tasks: post_install_subtasks/clean_user_seed.yml
when:
- first_run | bool
- name: Get splunk.secret if not provided initially
include_tasks: post_install_subtasks/register_splunk_secret.yml
when:
- first_run | bool
- splunk_secret is undefined or splunk_secret is none

7
roles/splunk_common_uf/tasks/post_install_subtasks/clean_user_seed.yml
Unescape View File

@ -0,0 +1,7 @@
---
- name: Remove user-seed.conf
file:
dest: "{{ splunk_home_uf }}/etc/system/local/user-seed.conf"
state: "absent"
notify:
- Restart the splunkd service

109
roles/splunk_common_uf/tasks/post_install_subtasks/enable_service.yml
Unescape View File

@ -0,0 +1,109 @@
---
- name: "Retrieve PID 1 process information (Linux)"
command: "ps 1"
register: pid1
when: ansible_system is match("Linux")
- name: "Retrieve Splunk version"
command: "{{ splunk_exec_uf }} version --accept-license --answer-yes --no-prompt"
register: installed_splunk_version
when: ansible_system is match("Linux")
become: yes
become_user: "{{ splunk_user }}"
- name: "Set installed version fact"
set_fact:
installed_splunk_version: "{{ installed_splunk_version.stdout | regex_search(regexp, '\\1') }}"
vars:
regexp: 'Splunk\s((\d+)\.(\d+)\.(\d+)).*'
when: ansible_system is match("Linux")
- name: "Enable service via boot-start - Linux (systemd)"
become: yes
become_user: "{{ privileged_user }}"
command: "{{ splunk_exec_uf }} enable boot-start -systemd-managed 1 -user {{ splunk_user }} --accept-license --answer-yes --no-prompt"
when:
- ansible_system is match("Linux")
- pid1.stdout.find("systemd") != -1
- installed_splunk_version[0] is version("7.2.2", ">=")
# Using service file approach for systemd rather than 'boot-start' with
# 'systemd-unit-file-name' option because cli's versions older than 7.2.2 do
# not implement systemd in boot-start command.
- name: "Copy Splunkd unit file - Linux (systemd)"
template:
src: Splunkd.service.j2
dest: /etc/systemd/system/Splunkd.service
owner: "{{ privileged_user }}"
group: "{{ privileged_user }}"
mode: 0644
become: yes
become_user: "{{ privileged_user }}"
when:
- ansible_system is match("Linux")
- pid1.stdout.find("systemd") != -1
- installed_splunk_version[0] is version("7.2.2", "<")
- name: "Reload daemons via systemctl - Linux (systemd)"
become: yes
become_user: "{{ privileged_user }}"
systemd:
daemon-reload: yes
name: Splunkd.service
enabled: true
when:
- ansible_system is match("Linux")
- pid1.stdout.find('systemd') != -1
- name: "Enable service via boot-start - Linux (init)"
become: yes
become_user: "{{ privileged_user }}"
command: "{{ splunk_exec_uf }} enable boot-start -user {{ splunk_user }} --accept-license --answer-yes --no-prompt"
when:
- ansible_system is match("Linux")
- pid1.stdout.find('systemd') == -1
- name: "Enable service via boot-start - Windows"
command: "{{ splunk_exec_uf }} enable boot-start -user {{ splunk_user }} --accept-license --answer-yes --no-prompt"
when: ansible_os_family == "Windows"
- name: add splunk user to sudoer for systemd
lineinfile:
path: /etc/sudoers
state: present
line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl restart Splunkd.service"
when:
- ansible_system is match("Linux")
- pid1.stdout.find("systemd") != -1
become: yes
- name: add splunk user to sudoer for systemd
lineinfile:
path: /etc/sudoers
state: present
line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl start Splunkd.service"
when:
- ansible_system is match("Linux")
- pid1.stdout.find("systemd") != -1
become: yes
- name: add splunk user to sudoer for systemd
lineinfile:
path: /etc/sudoers
state: present
line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl stop Splunkd.service"
when:
- ansible_system is match("Linux")
- pid1.stdout.find("systemd") != -1
become: yes
- name: add splunk user to sudoer for systemd
lineinfile:
path: /etc/sudoers
state: present
line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl status Splunkd.service"
when:
- ansible_system is match("Linux")
- pid1.stdout.find("systemd") != -1
become: yes

30
roles/splunk_common_uf/tasks/post_install_subtasks/install_java.yml
Unescape View File

@ -0,0 +1,30 @@
---
- name: Install Oracle8 JDK
include_tasks: java_tasks/install_oracle8_jdk.yml
when:
- java_version == "oracle:8"
- ansible_system is match("Linux")
- name: Install Openjdk8 JDK
include_tasks: java_tasks/install_openjdk8_jdk.yml
when:
- java_version == "openjdk:8"
- ansible_system is match("Linux")
- name: Install Openjdk11 JDK
include_tasks: java_tasks/install_openjdk11_jdk.yml
when:
- java_version == "openjdk:11"
- ansible_system is match("Linux")
- name: Install Openjdk13 JDK
include_tasks: java_tasks/install_openjdk11_jdk.yml
when:
- java_version == "openjdk:13"
- ansible_system is match("Linux")
- name: Install Openjdk9 JDK for Windows
include_tasks: java_tasks/install_openjdk9_jdk_windows.yml
when:
- java_version == "openjdk:9"
- ansible_system is match("CYGWIN*|Win32NT")

21
roles/splunk_common_uf/tasks/post_install_subtasks/register_splunk_secret.yml
Unescape View File

@ -0,0 +1,21 @@
---
# - name: Get the Splunk secret
# shell: cat "{{ splunk_home }}/etc/auth/splunk.secret"
# register: splunk_secret_content
# when:
# - splunk_secret is undefined or splunk_secret is none
# - not tmp_splunk_secret.stat.exists
# become: yes
# become_user: "{{ privileged_user }}"
- name: register Splunk secret for use on other hosts
fetch:
src: "{{ splunk_home_uf }}/etc/auth/splunk.secret"
dest: "/tmp/splunk_secret"
flat: yes
become: yes
become_user: "{{ privileged_user }}"
when:
- splunk_secret is undefined or splunk_secret is none
- not tmp_splunk_secret.stat.exists

10
roles/splunk_common_uf/tasks/post_install_subtasks/remove_first_login.yml
Unescape View File

@ -0,0 +1,10 @@
---
- name: "Create .ui_login"
file:
path: "{{ splunk_home_uf }}/etc/.ui_login"
state: touch
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
mode: "u=rw,g=,o="
become: yes
become_user: "{{ splunk_user }}"

33
roles/splunk_common_uf/tasks/post_install_subtasks/set_splunk_secret.yml
Unescape View File

@ -0,0 +1,33 @@
---
- name: Set the Splunk secret from Config
copy:
dest: "{{ splunk_home_uf }}/etc/auth/splunk.secret"
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
mode: 0400
content: "{{ splunk_secret }}"
when:
- splunk_secret is defined and splunk_secret is not none
become: yes
become_user: "{{ privileged_user }}"
# Checking that a splunk_secret exists on ansible host
- name: "Checking that a splunk_secret exists on ansible host"
local_action: stat path=/tmp/splunk_secret
register: tmp_splunk_secret
become: yes
become_user: "{{ privileged_user }}"
- name: Set the Splunk secret from First Host
copy:
dest: "{{ splunk_home_uf }}/etc/auth/splunk.secret"
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
mode: 0400
src: "/tmp/splunk_secret"
when:
- splunk_secret is undefined or splunk_secret is none
- tmp_splunk_secret.stat.exists
become: yes
become_user: "{{ privileged_user }}"

42
roles/splunk_common_uf/tasks/post_install_subtasks/set_user_seed.yml
Unescape View File

@ -0,0 +1,42 @@
---
- name: "Hash the password"
command: "{{ splunk_exec_uf }} hash-passwd {{ splunk_password }}"
register: hashed_pwd
changed_when: hashed_pwd.rc == 0
become: yes
become_user: "{{ splunk_user }}"
no_log: "{{ hide_password }}"
- name: "Generate user-seed.conf (Linux)"
ini_file:
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
dest: "{{ splunk_home_uf }}/etc/system/local/user-seed.conf"
section: user_info
option: "{{ item.opt }}"
value: "{{ item.val }}"
with_items:
- { opt: "USERNAME", val: "{{ splunk_admin_user }}" }
- { opt: "HASHED_PASSWORD", val: "{{ hashed_pwd.stdout }}" }
loop_control:
label: "{{ item.opt }}"
when: ansible_system is match("Linux")
no_log: "{{ hide_password }}"
become: yes
become_user: "{{ splunk_user }}"
- name: "Generate user-seed.conf (Windows)"
ini_file:
dest: "{{ splunk_home_uf }}/etc/system/local/user-seed.conf"
section: user_info
option: "{{ item.opt }}"
value: "{{ item.val }}"
with_items:
- { opt: "USERNAME", val: "{{ splunk_admin_user }}" }
- { opt: "HASHED_PASSWORD", val: "{{ hashed_pwd.stdout }}" }
loop_control:
label: "{{ item.opt }}"
when: ansible_system is match("CYGWIN*|Win32NT")
no_log: "{{ hide_password }}"
become: yes
become_user: "{{ splunk_user }}"

10
roles/splunk_common_uf/tasks/pre_install_subtasks/change_splunk_directory_owner.yml
Unescape View File

@ -0,0 +1,10 @@
---
- name: Update Splunk directory owner
file:
path: "{{ splunk_home_uf }}"
owner: "{{ splunk_user }}"
group: "{{ splunk_group }}"
recurse: yes
state: directory
become: yes
become_user: "{{ privileged_user }}"

72
roles/splunk_common_uf/tasks/pre_install_subtasks/get_facts.yml
Unescape View File

@ -0,0 +1,72 @@
---
- name: "Set privilege escalation user"
set_fact:
privileged_user: "{% if ansible_system is match('CYGWIN*|Win32NT') %}Administrator{% else %}root{% endif %}"
- name: "Check for existing installation"
stat:
path: "{{ splunk_exec_uf }}"
become: yes
register: pre_existing_splunk_exec
- name: Récupérer le fichier depuis l'hôte source
fetch:
src: /tmp/splunkforwarder-8.2.3-cd0848707637-Linux-x86_64.tgz
dest: /tmp/
flat: yes
validate_checksum: yes
fail_on_missing: yes
fail_on_unreachable: yes
delegate_to: 10.10.30.38
- name: Copier le fichier vers l'hôte distant
copy:
src: /tmp/splunkforwarder-8.2.3-cd0848707637-Linux-x86_64.tgz
dest: "{{ splunk_build_location_uf }}"
owner: admin
group: admin
mode: "0644"
- name: "Set splunk install fact"
set_fact:
splunk_install: "{{ not pre_existing_splunk_exec.stat.exists | default(True) }}"
- name: "Check for existing splunk secret"
stat:
path: "{{ splunk_home_uf }}/etc/auth/splunk.secret"
register: pre_existing_splunk_secret
become: yes
- name: "Set first run fact"
set_fact:
first_run: "{{ not pre_existing_splunk_secret.stat.exists | default(True) }}"
- name: "Set splunk_build_type fact"
include_tasks: get_facts_build_type.yml
- name: "Set target version fact"
include_tasks: get_facts_target_version.yml
when: splunk_target_version is not defined or splunk_target_version == none
- name: "Find manifests"
find:
paths: "{{ splunk_home_uf }}"
patterns: ".*-manifest$"
use_regex: yes
become: yes
register: manifests
- name: "Set current version fact"
set_fact:
splunk_current_version: "{{ manifests.files[0].path | regex_search(regexp, '\\1') if (manifests.matched == 1) else '0' }}"
vars:
regexp: 'splunk\D*?-((\d+)\.(\d+)\.(\d+))'
- name: "Setting upgrade fact"
set_fact:
splunk_upgrade: "{{ splunk_build_location_uf and not splunk_install and splunk_target_version and splunk_target_version != splunk_current_version | default(False) }}"
- name: "Register the fact that we've gather the fact"
set_fact:
splunk_get_fact: true

21
roles/splunk_common_uf/tasks/pre_install_subtasks/get_facts_build_type.yml
Unescape View File

@ -0,0 +1,21 @@
- name: Set splunk_build_type from variable
set_fact:
splunk_build_type: "{{ splunk_build_type }}"
when:
- "splunk_build_type is defined"
- name: Set splunk_build_type from build_location
block:
#check if the build_location is a tgz
- name: "Set build_type (tgz)"
set_fact:
splunk_build_type: "tgz"
when: splunk_build_location is match(".*(\.tar\.gz|\.tgz)$")
- name: "Set build_type (msi)"
set_fact:
splunk_build_type: "msi"
when: splunk_build_location is match(".*\.msi$")
when:
- splunk_build_type is not defined
- splunk_build_type is not none
- splunk_build_location is not none

13
roles/splunk_common_uf/tasks/pre_install_subtasks/get_facts_target_version.yml
Unescape View File

@ -0,0 +1,13 @@
# Use a manually set version, if a it is set
- name: "Set target version fact"
set_fact:
splunk_target_version: "{{ splunk_target_version }}"
when: "splunk_target_version is defined"
# Extracting the numbers from the Splunk installer file name allows us to know the version we are targeting.
- name: "Set target version fact (file)"
set_fact:
splunk_target_version: "{{ splunk_build_location | regex_search(regexp, '\\1') | default('0') }}"
vars:
regexp: 'splunk\D*?-((\d+)\.(\d+)\.(\d+))'
when: "splunk_build_type is defined and splunk_build_type is match('(tgz|msi|rpm|deb)')"

45
roles/splunk_common_uf/tasks/start_splunk.yml
Unescape View File

@ -0,0 +1,45 @@
---
- name: "Get Splunk status"
command: "{{ splunk_exec_uf }} status --accept-license --answer-yes --no-prompt"
become: yes
become_user: "{{ splunk_user }}"
register: splunk_status
changed_when: False
failed_when: False
ignore_errors: yes
- name: "Start Splunk via cli"
command: "{{ splunk_exec_uf }} start --accept-license --answer-yes --no-prompt"
become: yes
become_user: "{{ splunk_user }}"
register: start_splunk
changed_when: start_splunk.rc == 0 and 'already running' not in start_splunk.stdout
when:
- not splunk_enable_service or pid1 is not defined
- splunk_status.rc != 0
ignore_errors: yes
- name: "Start Splunk via service"
service:
name: "{% if pid1.stdout.find('systemd') != -1 %}Splunkd{% else %}splunk{% endif %}"
state: restarted
when:
- splunk_enable_service
- splunk_status.rc != 0
- ansible_system is match("Linux")
- pid1 is defined
become: yes
become_user: "{{ privileged_user }}"
- name: "Start Splunk via Windows service"
win_service:
name: splunkd
state: restarted
when:
- splunk_enable_service
- splunk_status.rc != 0
- ansible_os_family == "Windows"
- name: "Wait for splunkd management port"
wait_for:
port: "{{ splunk_svc_port }}"

40
roles/splunk_common_uf/tasks/stop_splunk.yml
Unescape View File

@ -0,0 +1,40 @@
---
- name: "Get Splunk status"
command: "{{ splunk_exec_uf }} status --accept-license --answer-yes --no-prompt"
become: yes
become_user: "{{ splunk_user }}"
register: splunk_status
changed_when: False
failed_when: False
ignore_errors: yes
- name: "Stop Splunk via cli"
command: "{{ splunk_exec_uf }} stop --accept-license --answer-yes --no-prompt"
become: yes
become_user: "{{ splunk_user }}"
register: stop_splunk
changed_when: stop_splunk.rc == 0
when:
- not splunk_enable_service
- splunk_status.rc == 0
- name: "Stop Splunk via systemctl"
service:
name: Splunkd
state: stopped
when:
- splunk_enable_service
- splunk_status.rc == 0
- ansible_system is match("Linux")
become: yes
become_user: "{{ privileged_user }}"
ignore_errors: yes
- name: "Stop Splunk via Windows service"
win_service:
name: splunkd
state: stopped
when:
- splunk_enable_service
- splunk_status.rc == 0
- ansible_os_family == "Windows"

7
test_ping.yml
Unescape View File

@ -0,0 +1,7 @@
- name: Test de connectivité ping pong
hosts: all_splunk_instances
become: true
tasks:
- name: Test de ping pong
ping:
Write Preview
Loading…
Cancel
Save