From edb7a912ccd2309735febed3ea1d1d90674ea1f3 Mon Sep 17 00:00:00 2001 From: JocelynPa Date: Fri, 3 Mar 2023 20:25:51 +0100 Subject: [PATCH] add common --- common/handlers/restart_splunk.yml | 37 +++++++++++++++ common/tasks/apply_dmc_trusted_pem.yml | 29 ++++++++++++ common/tasks/create_app_via_template.yml | 47 +++++++++++++++++++ common/tasks/disable_dmc.yml | 10 ++++ common/tasks/set_certificate_prefix.yml | 17 +++++++ common/tasks/set_conf_stanza.yml | 33 +++++++++++++ common/tasks/wait_for_splunk_instance.yml | 20 ++++++++ common/templates/app.j2 | 11 +++++ .../templates/cluster_master_server_conf.j2 | 15 ++++++ common/templates/deployer.j2 | 2 + common/templates/deploymentclient.j2 | 10 ++++ common/templates/dist_search.j2 | 30 ++++++++++++ common/templates/enable_receiver.j2 | 12 +++++ .../templates/forwarding_s2s_outputs_conf.j2 | 19 ++++++++ .../templates/forwarding_uf_outputs_conf.j2 | 19 ++++++++ common/templates/idx_indexes_base.j2 | 5 ++ common/templates/idx_kvstore_base.j2 | 5 ++ common/templates/idx_web_base.j2 | 9 ++++ common/templates/indexer_cluster.j2 | 10 ++++ common/templates/indexer_multisite.j2 | 15 ++++++ common/templates/license_server_conf.j2 | 10 ++++ common/templates/server_SSLconfig.j2 | 12 +++++ common/templates/sh_idxcluster.j2 | 8 ++++ common/templates/sh_shcluster.j2 | 2 + common/templates/uf_ssl_server_conf.j2 | 7 +++ common/templates/web_sslConfig.j2 | 5 ++ 26 files changed, 399 insertions(+) create mode 100755 common/handlers/restart_splunk.yml create mode 100755 common/tasks/apply_dmc_trusted_pem.yml create mode 100755 common/tasks/create_app_via_template.yml create mode 100755 common/tasks/disable_dmc.yml create mode 100755 common/tasks/set_certificate_prefix.yml create mode 100755 common/tasks/set_conf_stanza.yml create mode 100755 common/tasks/wait_for_splunk_instance.yml create mode 100755 common/templates/app.j2 create mode 100755 common/templates/cluster_master_server_conf.j2 create mode 100755 common/templates/deployer.j2 create mode 100755 common/templates/deploymentclient.j2 create mode 100755 common/templates/dist_search.j2 create mode 100755 common/templates/enable_receiver.j2 create mode 100755 common/templates/forwarding_s2s_outputs_conf.j2 create mode 100755 common/templates/forwarding_uf_outputs_conf.j2 create mode 100755 common/templates/idx_indexes_base.j2 create mode 100755 common/templates/idx_kvstore_base.j2 create mode 100755 common/templates/idx_web_base.j2 create mode 100755 common/templates/indexer_cluster.j2 create mode 100755 common/templates/indexer_multisite.j2 create mode 100755 common/templates/license_server_conf.j2 create mode 100755 common/templates/server_SSLconfig.j2 create mode 100755 common/templates/sh_idxcluster.j2 create mode 100755 common/templates/sh_shcluster.j2 create mode 100755 common/templates/uf_ssl_server_conf.j2 create mode 100755 common/templates/web_sslConfig.j2 diff --git a/common/handlers/restart_splunk.yml b/common/handlers/restart_splunk.yml new file mode 100755 index 0000000..d2b642b --- /dev/null +++ b/common/handlers/restart_splunk.yml @@ -0,0 +1,37 @@ +--- +- name: "Retrieve PID 1 process information (Linux)" + command: "ps 1" + register: pid1 + when: + - ansible_system is match("Linux") + - pid1 is not defined + +- name: "Restart the splunkd service - Via CLI" + command: "{{ splunk_exec }} restart --answer-yes --accept-license" + become: yes + become_user: "{{ splunk_user }}" + register: task_result + until: task_result.rc == 0 + retries: 3 + delay: "{{ delay_num }}" + when: not splunk_enable_service + +- name: "Restart the splunkd service - Via systemd" + service: + name: "{% if pid1.stdout.find('systemd') != -1 %}Splunkd{% else %}splunk{% endif %}" + state: restarted + when: + - splunk_enable_service + - ansible_system is match("Linux") + become: yes + become_user: "{{ privileged_user }}" + +- name: "Restart the splunkd service - Via windows system" + win_service: + name: splunkd + state: restarted + when: splunk_enable_service and not ansible_system is match("Linux") + +- name: "Wait for splunkd management port" + wait_for: + port: "{{ splunk_svc_port }}" diff --git a/common/tasks/apply_dmc_trusted_pem.yml b/common/tasks/apply_dmc_trusted_pem.yml new file mode 100755 index 0000000..296a85e --- /dev/null +++ b/common/tasks/apply_dmc_trusted_pem.yml @@ -0,0 +1,29 @@ +--- +- name: Get DMC Name + set_fact: + dmc_name: "{{ hostvars[groups.splunk_monitoring_console[0]].inventory_hostname_short }}" + when: not splunk_single_instance + +- name: "Ensure that {{ dest_path }} exists" + file: + path: "{{ splunk_home }}/etc/{{ dest_path | dirname }}" + state: directory + recurse: yes + group: "{{ splunk_group }}" + owner: "{{ splunk_user }}" + ignore_errors: true + vars: + dest_path: "auth/distServerKeys/{{ dmc_name }}/" + become: yes + become_user: "{{ splunk_user }}" + when: not splunk_single_instance + +- name: Copy trusted.pem to server + copy: + src: "/tmp/trusted.pem" + dest: "{{ splunk_home }}/etc/auth/distServerKeys/{{ dmc_name }}/trusted.pem" + group: "{{ splunk_group }}" + owner: "{{ splunk_user }}" + become: yes + become_user: "{{ splunk_user }}" + when: not splunk_single_instance diff --git a/common/tasks/create_app_via_template.yml b/common/tasks/create_app_via_template.yml new file mode 100755 index 0000000..3ca88fa --- /dev/null +++ b/common/tasks/create_app_via_template.yml @@ -0,0 +1,47 @@ +--- +- name: Default files added to the list + set_fact: + app_configs: + - template_path: "{{ playbook_dir }}/common/templates/app.j2" + template_output_path: "app.conf" + +- name: Ensure that all local paths exists + file: + path: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/local" + state: directory + recurse: yes + force: true + ignore_errors: true + loop: "{{ configs|flatten + app_configs | flatten }}" + +- name: Apply provided template.j2 on the provided target file + template: + src: "{{ item.template_path }}" + dest: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/local/{{ item.template_output_path }}" + force: true + loop: "{{ configs|flatten + app_configs | flatten }}" + +- name: Ensure that all custom paths exists + file: + path: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/{{ item.dest_dir }}" + state: directory + recurse: yes + force: true + ignore_errors: true + loop: "{{ files |flatten }}" + when: files is defined + +- name: Copy specific files to their local dir + copy: + src: "{{ item.src }}" + dest: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/{{ item.dest_dir }}" + force: true + loop: "{{ files |flatten }}" + when: files is defined + +- name: Copy app to the different Splunk Topology + copy: + src: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}" + dest: "{{ playbook_dir }}/splunk_apps/{{ item }}/" + force: yes + loop: "{{ splunk_target_topology }}" \ No newline at end of file diff --git a/common/tasks/disable_dmc.yml b/common/tasks/disable_dmc.yml new file mode 100755 index 0000000..99f45d3 --- /dev/null +++ b/common/tasks/disable_dmc.yml @@ -0,0 +1,10 @@ + +- name: "disable dmc on client instances" + ini_file: + dest: "{{ splunk_home }}/etc/apps/splunk_monitoring_console/local/app.conf" + section: install + option: "state" + value: "disabled" + become: yes + become_user: "{{ splunk_user }}" + when: "{{ groups.splunk_monitoring_console | length |int }} >= 1" diff --git a/common/tasks/set_certificate_prefix.yml b/common/tasks/set_certificate_prefix.yml new file mode 100755 index 0000000..390179c --- /dev/null +++ b/common/tasks/set_certificate_prefix.yml @@ -0,0 +1,17 @@ +--- +- name: "Test basic https endpoint" + uri: + url: "https://127.0.0.1:{{ splunk_svc_port }}/services/properties" + method: GET + user: "{{ splunk_admin_user }}" + password: "{{ splunk_password }}" + validate_certs: false + status_code: 200,404 + timeout: 10 + register: ssl_enabled + ignore_errors: true + +# If the https call failed, we will revert to http and continue REST with normal error handling +- name: "Set url prefix for future REST calls" + set_fact: + cert_prefix: "{% if ssl_enabled.status == 200 %}https{% else %}http{% endif %}" diff --git a/common/tasks/set_conf_stanza.yml b/common/tasks/set_conf_stanza.yml new file mode 100755 index 0000000..e36b4aa --- /dev/null +++ b/common/tasks/set_conf_stanza.yml @@ -0,0 +1,33 @@ +--- +- name: Create {{ conf_directory }} directory if not existing + file: + path: "{{ conf_directory }}" + state: directory + when: conf_directory is defined + become: yes + become_user: "{{ splunk_user }}" + +- name: Create {{ conf_file }} if not existing + copy: + dest: "{{ conf_directory }}/{{ conf_file }}" + mode: u=rw,g=,o= + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + content: "" + force: no + become: yes + become_user: "{{ privileged_user }}" + +- name: "Set options in {{ stanza_name }}" + ini_file: + path: "{{ conf_directory }}/{{ conf_file }}" + section: "{{ stanza_name }}" + option: "{{ stanza_setting.key }}" + value: "{{ stanza_setting.value }}" + allow_no_value: True + state: present + with_dict: "{{ conf_stanzas }}" + loop_control: + loop_var: stanza_setting + become: yes + become_user: "{{ splunk_user }}" diff --git a/common/tasks/wait_for_splunk_instance.yml b/common/tasks/wait_for_splunk_instance.yml new file mode 100755 index 0000000..c934a43 --- /dev/null +++ b/common/tasks/wait_for_splunk_instance.yml @@ -0,0 +1,20 @@ +--- +- name: Check Splunk instance is running + uri: + url: "{{ cert_prefix }}://{{ inventory_hostname }}:{{ splunk_svc_port }}/services/server/info?output_mode=json" + method: GET + user: "{{ splunk_admin_user }}" + password: "{{ splunk_password }}" + validate_certs: false + register: task_response + until: + - task_response.status == 200 + - lookup('pipe', 'date +"%s"')|int - task_response.json.entry[0].content.startup_time > 10 + retries: "{{ retry_num }}" + delay: 3 + ignore_errors: true + no_log: "{{ hide_password }}" + +- name: Print response + debug: + var: task_response diff --git a/common/templates/app.j2 b/common/templates/app.j2 new file mode 100755 index 0000000..c007875 --- /dev/null +++ b/common/templates/app.j2 @@ -0,0 +1,11 @@ +[launcher] +author = {{ author }} via Ansible (OBS) +description = {{ app_desc }} +version = {{ ansible_script_version }} + +[package] +id = {{ app_name }} + + +[ui] +is_visible = false diff --git a/common/templates/cluster_master_server_conf.j2 b/common/templates/cluster_master_server_conf.j2 new file mode 100755 index 0000000..57d39ff --- /dev/null +++ b/common/templates/cluster_master_server_conf.j2 @@ -0,0 +1,15 @@ + +[clustering] +available_sites = {{ splunk_all_sites }} +cluster_label = {{ splunk_idxcluster_label }} +mode = master +multisite = {{ splunk_multisite }} +replication_factor = {{ splunk_replication_factor }} +search_factor = {{ splunk_search_factor }} +site_replication_factor = origin:{{ splunk_multisite_replication_factor_origin }}, total:{{ splunk_multisite_replication_factor_total }} +site_search_factor = origin:{{ splunk_multisite_search_factor_origin }}, total:{{ splunk_multisite_search_factor_total }} +summary_replication = true + +[general] +site = {{ splunk_site }} + diff --git a/common/templates/deployer.j2 b/common/templates/deployer.j2 new file mode 100755 index 0000000..e698cd5 --- /dev/null +++ b/common/templates/deployer.j2 @@ -0,0 +1,2 @@ +[shclustering] +shcluster_label = {{ splunk_shcluster_label }} diff --git a/common/templates/deploymentclient.j2 b/common/templates/deploymentclient.j2 new file mode 100755 index 0000000..b6b26d5 --- /dev/null +++ b/common/templates/deploymentclient.j2 @@ -0,0 +1,10 @@ +[deployment-client] +{% if splunk_enableSSL %} + sslVersions = tls1.2 + sslVerifyServerCert = true + sslCommonNameToCheck = {% for host in groups.splunk_deployment_server %} {{ host }}, {% endfor %} +{% endif %} + +[target-broker:deploymentServer] +# Change the targetUri +targetUri = {{ groups.splunk_deployment_server[0] }}:{{ splunk_svc_port }} diff --git a/common/templates/dist_search.j2 b/common/templates/dist_search.j2 new file mode 100755 index 0000000..1af0638 --- /dev/null +++ b/common/templates/dist_search.j2 @@ -0,0 +1,30 @@ +[distributedSearch] +servers = {% if sh_list is not none %} {% for host in sh_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %}{% if lm_list is not none %} ,{% for host in lm_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %}{% if cm_list is not none %} ,{% for host in cm_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %}{% if ds_list is not none %} ,{% for host in ds_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %}{% if deployer_list is not none %} ,{% for host in deployer_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %} + +[distributedSearch:dmc_group_cluster_master] +servers={% if cm_list is not none %} {% for host in cm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {% else %} localhost:localhost {%endif %} + +[distributedSearch:dmc_group_deployment_server] +servers={% if ds_list is not none %} {% for host in ds_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %} + +[distributedSearch:dmc_group_indexer] +default = true +servers={% if indexer_list is not none %} {% for host in indexer_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {% else %} localhost:localhost {%endif %} + +[distributedSearch:dmc_group_kv_store] +servers={% if sh_list is not none %} {% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %} + +[distributedSearch:dmc_group_license_master] +servers={% if lm_list is not none %} {% for host in lm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %} + +[distributedSearch:dmc_group_search_head] +servers={% if cm_list is not none %}{% for host in cm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}{% if sh_list is not none %},{% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %} + +[distributedSearch:dmc_group_shc_deployer] +servers={% if deployer_list is not none %} {% for host in deployer_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %} + +[distributedSearch:dmc_indexerclustergroup_{{ splunk_idxcluster_label }}] +servers={% if cm_list is not none %}{% for host in cm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}{% if indexer_list is not none %},{% for host in indexer_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %}{% if sh_list is not none %},{% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %} + +[distributedSearch:dmc_searchheadclustergroup_{{ splunk_shcluster_label }}] +servers={% if sh_list is not none %}{% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %} diff --git a/common/templates/enable_receiver.j2 b/common/templates/enable_receiver.j2 new file mode 100755 index 0000000..766dbdc --- /dev/null +++ b/common/templates/enable_receiver.j2 @@ -0,0 +1,12 @@ +{% if splunk_enableSSL %} +[splunktcp-ssl:{{ splunk_s2s_port }}] +connection_host = ip + +[SSL] +serverCert = $SPLUNK_HOME/etc/auth/servercertificate.pem +sslPassword = {{ splunk_ssl_cert_password }} +requireClientCert = false +sslVersions = tls1.2 +{% else %} +[splunktcp://{{ splunk_s2s_port }}] +{% endif %} \ No newline at end of file diff --git a/common/templates/forwarding_s2s_outputs_conf.j2 b/common/templates/forwarding_s2s_outputs_conf.j2 new file mode 100755 index 0000000..d383e5e --- /dev/null +++ b/common/templates/forwarding_s2s_outputs_conf.j2 @@ -0,0 +1,19 @@ +# BASE SETTINGS + +[tcpout] +# Change here to specify the indexer group +defaultGroup = all_{{ splunk_app_prefix }}_indexer +forceTimebasedAutoLB = true +maxQueueSize = 7MB +useACK = true + +[tcpout:all_{{ splunk_app_prefix }}_indexer] +{% if splunk_enableSSL %} +clientCert = $SPLUNK_HOME/etc/auth/servercertificate.pem +{% endif %} +server = {% for host in indexer_list %}{{ host }}:{{ splunk_s2s_port }}, {% endfor %} +{% if splunk_enableSSL %} +sslCommonNameToCheck = {% for host in groups.all_splunk_instances %}{{ host }}, {% endfor %} +sslPassword = {{ splunk_ssl_cert_password }} +sslVerifyServerCert = true +{% endif %} \ No newline at end of file diff --git a/common/templates/forwarding_uf_outputs_conf.j2 b/common/templates/forwarding_uf_outputs_conf.j2 new file mode 100755 index 0000000..a714e83 --- /dev/null +++ b/common/templates/forwarding_uf_outputs_conf.j2 @@ -0,0 +1,19 @@ +# BASE SETTINGS + +[tcpout] +# Change here to specify the indexer group +defaultGroup = all_{{ splunk_app_prefix }}_indexer +forceTimebasedAutoLB = true +maxQueueSize = 7MB +useACK = true + +[tcpout:all_{{ splunk_app_prefix }}_indexer] +{% if splunk_enableSSL %} +clientCert = $SPLUNK_HOME/etc/apps/{{ app_name }}/{{ custom_cert_path }} +{% endif %} +server = {% for host in indexer_list %}{{ host }}:{{ splunk_s2s_port }}, {% endfor %} +{% if splunk_enableSSL %} +sslCommonNameToCheck = {% for host in indexer_list %}{{ host }}, {% endfor %} +sslPassword = {{ splunk_ssl_cert_password }} +sslVerifyServerCert = true +{% endif %} \ No newline at end of file diff --git a/common/templates/idx_indexes_base.j2 b/common/templates/idx_indexes_base.j2 new file mode 100755 index 0000000..7d92ebc --- /dev/null +++ b/common/templates/idx_indexes_base.j2 @@ -0,0 +1,5 @@ +# performance optimisation +[default] +journalCompression = zstd +tsidxWritingLevel = 4 + diff --git a/common/templates/idx_kvstore_base.j2 b/common/templates/idx_kvstore_base.j2 new file mode 100755 index 0000000..91223e7 --- /dev/null +++ b/common/templates/idx_kvstore_base.j2 @@ -0,0 +1,5 @@ +# kvstore not needed on indexers, let's disable it +# even when distributing collection via bundle, it won't be used on indexer as this use lookups in the background + +[kvstore] +disabled = true \ No newline at end of file diff --git a/common/templates/idx_web_base.j2 b/common/templates/idx_web_base.j2 new file mode 100755 index 0000000..dfe7c76 --- /dev/null +++ b/common/templates/idx_web_base.j2 @@ -0,0 +1,9 @@ +# In larger environments, where there are more than, say, three indexers, +# it's common to disable the Splunk UI. This helps avoid configuration issues +# caused by logging in to the UI to do something directly via the manager, +# as well as saving some system resources. + +[settings] +startwebserver = 0 +# avoid timeout when indexer loaded +splunkdConnectionTimeout = 120 diff --git a/common/templates/indexer_cluster.j2 b/common/templates/indexer_cluster.j2 new file mode 100755 index 0000000..b93d28f --- /dev/null +++ b/common/templates/indexer_cluster.j2 @@ -0,0 +1,10 @@ + +# clustering parameters are local and moved in a cluster specific package +# this can be a site specific if only one site per cluster + +[clustering] +master_uri = https://{{ groups.splunk_cluster_master[0] }}:{{ splunk_svc_port }} +mode = slave + +[replication_port://{{ splunk_replication_port }}] +disabled = false diff --git a/common/templates/indexer_multisite.j2 b/common/templates/indexer_multisite.j2 new file mode 100755 index 0000000..a0d328c --- /dev/null +++ b/common/templates/indexer_multisite.j2 @@ -0,0 +1,15 @@ +# This app is expected to be layered on top of org_cluster_indexer_base; +# the settings there establish the general relationship with the master and +# set up clustered indexing behavior. This is another layer to provide the +# site number of the host, and to indicate that the clustering should be of +# the multi-site variety. + +# *** This app cannot be shipped via the master-apps mechanism; it would +# make all sites the same. Place it in etc/apps on the affected indexer. *** + +[general] +site = {{ splunk_site }} + +[clustering] +multisite = {{ splunk_multisite }} + diff --git a/common/templates/license_server_conf.j2 b/common/templates/license_server_conf.j2 new file mode 100755 index 0000000..efbe1b0 --- /dev/null +++ b/common/templates/license_server_conf.j2 @@ -0,0 +1,10 @@ +# In distributed environments, it's common to have a lone search head acting +# as the license master as well. In this configuration, providing the URI +# of the license master is easiest within the indexer_base configuration. +# In the event that there are multiple search heads, you could instead use +# the org_all_license app, shipped to the non-license SH, as well as all of +# the indexers. In either event, the settings are the same. + +[license] +master_uri = https://{{ groups.splunk_license_master[0] }}:{{ splunk_svc_port }} + diff --git a/common/templates/server_SSLconfig.j2 b/common/templates/server_SSLconfig.j2 new file mode 100755 index 0000000..c904964 --- /dev/null +++ b/common/templates/server_SSLconfig.j2 @@ -0,0 +1,12 @@ +[sslConfig] +sslRootCAPath = $SPLUNK_HOME/etc/auth/ca-cert.pem +enableSplunkdSSL = true +sslVersions = tls1.2 +serverCert = $SPLUNK_HOME/etc/auth/servercertificate.pem +# servercertificate.pem is a symlink to the real cert.pem on the instance + +sslPassword = {{ splunk_ssl_cert_password }} +requireClientCert = false + +sslVerifyServerCert = true +sslCommonNameToCheck = {% for host in groups.all_splunk_instances %}{{ host }}, {% endfor %} \ No newline at end of file diff --git a/common/templates/sh_idxcluster.j2 b/common/templates/sh_idxcluster.j2 new file mode 100755 index 0000000..945ab52 --- /dev/null +++ b/common/templates/sh_idxcluster.j2 @@ -0,0 +1,8 @@ +[clustering] +master_uri = https://{{ groups.splunk_cluster_master[0] }}:{{ splunk_svc_port }} +mode = searchhead +multisite = {{ splunk_multisite }} + +[general] +site = {{ splunk_site }} + diff --git a/common/templates/sh_shcluster.j2 b/common/templates/sh_shcluster.j2 new file mode 100755 index 0000000..13ab1ef --- /dev/null +++ b/common/templates/sh_shcluster.j2 @@ -0,0 +1,2 @@ +[replication_port://{{ splunk_shcluster_replication_port }}] + diff --git a/common/templates/uf_ssl_server_conf.j2 b/common/templates/uf_ssl_server_conf.j2 new file mode 100755 index 0000000..7ff1cf2 --- /dev/null +++ b/common/templates/uf_ssl_server_conf.j2 @@ -0,0 +1,7 @@ +[sslConfig] +enableSplunkdSSL = true +requireClientCert = false +sslPassword = {{ splunk_ssl_cert_password }} +sslRootCAPath = $SPLUNK_HOME/etc/apps/{{ splunk_app_prefix }}_uf_ssl/certs/ca-cert.pem +serverCert = $SPLUNK_HOME/etc/apps/{{ splunk_app_prefix }}_uf_ssl/certs/splunk_universal_forwarder-cert-concatenated.pem +sslVersions = tls1.2 \ No newline at end of file diff --git a/common/templates/web_sslConfig.j2 b/common/templates/web_sslConfig.j2 new file mode 100755 index 0000000..c3b7527 --- /dev/null +++ b/common/templates/web_sslConfig.j2 @@ -0,0 +1,5 @@ +[settings] +enableSplunkWebSSL = true +privKeyPath = $SPLUNK_HOME/etc/auth/web-nopwd-key.pem +serverCert = $SPLUNK_HOME/etc/auth/web-servercertificate.pem +sslVersions = tls1.2 \ No newline at end of file