add common

common/handlers/restart_splunk.yml

@@ -0,0 +1,37 @@
+---
+- name: "Retrieve PID 1 process information (Linux)"
+  command: "ps 1"
+  register: pid1
+  when:
+    - ansible_system is match("Linux")
+    - pid1 is not defined
+
+- name: "Restart the splunkd service - Via CLI"
+  command: "{{ splunk_exec }} restart --answer-yes --accept-license"
+  become: yes
+  become_user: "{{ splunk_user }}"
+  register: task_result
+  until: task_result.rc == 0
+  retries: 3
+  delay: "{{ delay_num }}"
+  when: not splunk_enable_service
+
+- name: "Restart the splunkd service - Via systemd"
+  service:
+    name: "{% if pid1.stdout.find('systemd') != -1 %}Splunkd{% else %}splunk{% endif %}"
+    state: restarted
+  when:
+    - splunk_enable_service
+    - ansible_system is match("Linux")
+  become: yes
+  become_user: "{{ privileged_user }}"
+
+- name: "Restart the splunkd service - Via windows system"
+  win_service:
+    name: splunkd
+    state: restarted
+  when: splunk_enable_service and not ansible_system is match("Linux")
+
+- name: "Wait for splunkd management port"
+  wait_for:
+    port: "{{ splunk_svc_port }}"

common/tasks/apply_dmc_trusted_pem.yml

@@ -0,0 +1,29 @@
+---
+- name: Get DMC Name
+  set_fact:
+    dmc_name: "{{ hostvars[groups.splunk_monitoring_console[0]].inventory_hostname_short }}"
+  when: not splunk_single_instance
+
+- name: "Ensure that {{ dest_path }} exists"
+  file:
+    path: "{{ splunk_home }}/etc/{{ dest_path | dirname }}"
+    state: directory
+    recurse: yes
+    group: "{{ splunk_group }}"
+    owner: "{{ splunk_user }}"
+  ignore_errors: true
+  vars:
+    dest_path: "auth/distServerKeys/{{ dmc_name }}/"
+  become: yes
+  become_user: "{{ splunk_user }}"
+  when: not splunk_single_instance
+
+- name: Copy trusted.pem to server
+  copy:
+    src: "/tmp/trusted.pem"
+    dest: "{{ splunk_home }}/etc/auth/distServerKeys/{{ dmc_name }}/trusted.pem"
+    group: "{{ splunk_group }}"
+    owner: "{{ splunk_user }}"
+  become: yes
+  become_user: "{{ splunk_user }}"
+  when: not splunk_single_instance

common/tasks/create_app_via_template.yml

@@ -0,0 +1,47 @@
+---
+- name: Default files added to the list
+  set_fact:
+    app_configs:
+      - template_path: "{{ playbook_dir }}/common/templates/app.j2"
+        template_output_path: "app.conf"
+
+- name: Ensure that all local paths exists
+  file:
+    path: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/local"
+    state: directory
+    recurse: yes
+    force: true
+  ignore_errors: true
+  loop:  "{{ configs|flatten + app_configs | flatten }}"
+
+- name: Apply provided template.j2 on the provided target file
+  template:
+    src: "{{ item.template_path }}"
+    dest: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/local/{{ item.template_output_path }}"
+    force: true
+  loop: "{{ configs|flatten +  app_configs | flatten }}"
+
+- name: Ensure that all custom paths exists
+  file:
+    path: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/{{ item.dest_dir }}"
+    state: directory
+    recurse: yes
+    force: true
+  ignore_errors: true
+  loop: "{{ files |flatten }}"
+  when: files is defined
+
+- name: Copy specific files to their local dir
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/{{ item.dest_dir }}"
+    force: true
+  loop: "{{ files |flatten }}"
+  when: files is defined
+
+- name: Copy app to the different Splunk Topology
+  copy:
+    src: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}"
+    dest: "{{ playbook_dir }}/splunk_apps/{{ item }}/"
+    force: yes
+  loop: "{{ splunk_target_topology }}"

common/tasks/disable_dmc.yml

@@ -0,0 +1,10 @@
+
+- name: "disable dmc on client instances"
+  ini_file:
+    dest: "{{ splunk_home }}/etc/apps/splunk_monitoring_console/local/app.conf"
+    section: install
+    option: "state"
+    value: "disabled"
+  become: yes
+  become_user: "{{ splunk_user }}"
+  when: "{{ groups.splunk_monitoring_console | length |int }} >= 1"

common/tasks/set_certificate_prefix.yml

@@ -0,0 +1,17 @@
+---
+- name: "Test basic https endpoint"
+  uri:
+    url: "https://127.0.0.1:{{ splunk_svc_port }}/services/properties"
+    method: GET
+    user: "{{ splunk_admin_user }}"
+    password: "{{ splunk_password }}"
+    validate_certs: false
+    status_code: 200,404
+    timeout: 10
+  register: ssl_enabled
+  ignore_errors: true
+
+# If the https call failed, we will revert to http and continue REST with normal error handling
+- name: "Set url prefix for future REST calls"
+  set_fact:
+    cert_prefix: "{% if ssl_enabled.status == 200 %}https{% else %}http{% endif %}"

common/tasks/set_conf_stanza.yml

@@ -0,0 +1,33 @@
+---
+- name: Create {{ conf_directory }} directory if not existing
+  file:
+    path: "{{ conf_directory }}"
+    state: directory
+  when: conf_directory is defined
+  become: yes
+  become_user: "{{ splunk_user }}"
+
+- name: Create {{ conf_file }} if not existing
+  copy:
+    dest: "{{ conf_directory }}/{{ conf_file }}"
+    mode: u=rw,g=,o=
+    owner: "{{ splunk_user }}"
+    group: "{{ splunk_group }}"
+    content: ""
+    force: no
+  become: yes
+  become_user: "{{ privileged_user }}"
+
+- name: "Set options in {{ stanza_name }}"
+  ini_file:
+    path: "{{ conf_directory }}/{{ conf_file }}"
+    section: "{{ stanza_name }}"
+    option: "{{ stanza_setting.key }}"
+    value: "{{ stanza_setting.value }}"
+    allow_no_value: True
+    state: present
+  with_dict: "{{ conf_stanzas }}"
+  loop_control:
+    loop_var: stanza_setting
+  become: yes
+  become_user: "{{ splunk_user }}"

common/tasks/wait_for_splunk_instance.yml

@@ -0,0 +1,20 @@
+---
+- name: Check Splunk instance is running
+  uri:
+    url: "{{ cert_prefix }}://{{ inventory_hostname }}:{{ splunk_svc_port }}/services/server/info?output_mode=json"
+    method: GET
+    user: "{{ splunk_admin_user }}"
+    password: "{{ splunk_password }}"
+    validate_certs: false
+  register: task_response
+  until:
+    - task_response.status == 200
+    - lookup('pipe', 'date +"%s"')|int - task_response.json.entry[0].content.startup_time > 10
+  retries: "{{ retry_num }}"
+  delay: 3
+  ignore_errors: true
+  no_log: "{{ hide_password }}"
+
+- name: Print response
+  debug:
+    var: task_response

common/templates/app.j2

@@ -0,0 +1,11 @@
+[launcher]
+author =  {{ author }} via Ansible (OBS)
+description = {{ app_desc }}
+version = {{ ansible_script_version }}
+
+[package]
+id = {{ app_name }}
+
+
+[ui]
+is_visible = false

common/templates/cluster_master_server_conf.j2

@@ -0,0 +1,15 @@
+
+[clustering]
+available_sites = {{ splunk_all_sites }}
+cluster_label = {{ splunk_idxcluster_label }}
+mode = master
+multisite = {{ splunk_multisite }}
+replication_factor = {{ splunk_replication_factor }}
+search_factor = {{ splunk_search_factor }}
+site_replication_factor = origin:{{ splunk_multisite_replication_factor_origin }}, total:{{ splunk_multisite_replication_factor_total }}
+site_search_factor = origin:{{ splunk_multisite_search_factor_origin }}, total:{{ splunk_multisite_search_factor_total }}
+summary_replication = true
+
+[general]
+site = {{ splunk_site }}
+

common/templates/deployer.j2

@@ -0,0 +1,2 @@
+[shclustering]
+shcluster_label = {{ splunk_shcluster_label }}

common/templates/deploymentclient.j2

@@ -0,0 +1,10 @@
+[deployment-client]
+{% if splunk_enableSSL %}
+  sslVersions = tls1.2
+  sslVerifyServerCert = true
+  sslCommonNameToCheck =  {% for host in groups.splunk_deployment_server %} {{ host }}, {% endfor %} 
+{% endif %}
+
+[target-broker:deploymentServer]
+# Change the targetUri
+targetUri = {{ groups.splunk_deployment_server[0] }}:{{ splunk_svc_port }}

common/templates/dist_search.j2

@@ -0,0 +1,30 @@
+[distributedSearch]
+servers = {% if sh_list is not none %}  {% for host in sh_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %}{% if lm_list is not none %} ,{% for host in lm_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %}{% if cm_list is not none %} ,{% for host in cm_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %}{% if ds_list is not none %} ,{% for host in ds_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %}{% if deployer_list is not none %} ,{% for host in deployer_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %}
+
+[distributedSearch:dmc_group_cluster_master]
+servers={% if cm_list is not none %}  {% for host in cm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {% else %} localhost:localhost {%endif %}
+
+[distributedSearch:dmc_group_deployment_server]
+servers={% if ds_list is not none %} {% for host in ds_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}
+
+[distributedSearch:dmc_group_indexer]
+default = true
+servers={% if indexer_list is not none %} {% for host in indexer_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {% else %} localhost:localhost {%endif %}
+
+[distributedSearch:dmc_group_kv_store]
+servers={% if sh_list is not none %} {% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}
+
+[distributedSearch:dmc_group_license_master]
+servers={% if lm_list is not none %} {% for host in lm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}
+
+[distributedSearch:dmc_group_search_head]
+servers={% if cm_list is not none %}{% for host in cm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}{% if sh_list is not none %},{% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %}
+
+[distributedSearch:dmc_group_shc_deployer]
+servers={% if deployer_list is not none %} {% for host in deployer_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}
+
+[distributedSearch:dmc_indexerclustergroup_{{ splunk_idxcluster_label }}]
+servers={% if cm_list is not none %}{% for host in cm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}{% if indexer_list is not none %},{% for host in indexer_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %}{% if sh_list is not none %},{% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %}
+
+[distributedSearch:dmc_searchheadclustergroup_{{ splunk_shcluster_label }}]
+servers={% if sh_list is not none %}{% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}

common/templates/enable_receiver.j2

@@ -0,0 +1,12 @@
+{% if splunk_enableSSL %}
+[splunktcp-ssl:{{ splunk_s2s_port }}]
+connection_host = ip
+
+[SSL]
+serverCert = $SPLUNK_HOME/etc/auth/servercertificate.pem
+sslPassword = {{ splunk_ssl_cert_password }}
+requireClientCert = false
+sslVersions = tls1.2
+{% else %}
+[splunktcp://{{ splunk_s2s_port }}]
+{% endif %}

common/templates/forwarding_s2s_outputs_conf.j2

@@ -0,0 +1,19 @@
+# BASE SETTINGS
+
+[tcpout]
+# Change here to specify the indexer group 
+defaultGroup = all_{{ splunk_app_prefix }}_indexer
+forceTimebasedAutoLB = true
+maxQueueSize = 7MB
+useACK = true
+
+[tcpout:all_{{ splunk_app_prefix }}_indexer]
+{% if splunk_enableSSL %}
+clientCert = $SPLUNK_HOME/etc/auth/servercertificate.pem
+{% endif %}
+server = {% for host in indexer_list %}{{ host }}:{{ splunk_s2s_port }}, {% endfor %}
+{% if splunk_enableSSL %}
+sslCommonNameToCheck = {% for host in groups.all_splunk_instances %}{{ host }}, {% endfor %} 
+sslPassword = {{ splunk_ssl_cert_password }}
+sslVerifyServerCert = true
+{% endif %}

common/templates/forwarding_uf_outputs_conf.j2

@@ -0,0 +1,19 @@
+# BASE SETTINGS
+
+[tcpout]
+# Change here to specify the indexer group 
+defaultGroup = all_{{ splunk_app_prefix }}_indexer
+forceTimebasedAutoLB = true
+maxQueueSize = 7MB
+useACK = true
+
+[tcpout:all_{{ splunk_app_prefix }}_indexer]
+{% if splunk_enableSSL %}
+clientCert = $SPLUNK_HOME/etc/apps/{{ app_name }}/{{ custom_cert_path }}
+{% endif %}
+server = {% for host in indexer_list %}{{ host }}:{{ splunk_s2s_port }}, {% endfor %}
+{% if splunk_enableSSL %}
+sslCommonNameToCheck = {% for host in indexer_list %}{{ host }}, {% endfor %} 
+sslPassword = {{ splunk_ssl_cert_password }}
+sslVerifyServerCert = true
+{% endif %}

common/templates/idx_indexes_base.j2

@@ -0,0 +1,5 @@
+# performance optimisation
+[default]
+journalCompression = zstd
+tsidxWritingLevel = 4
+

common/templates/idx_kvstore_base.j2

@@ -0,0 +1,5 @@
+# kvstore not needed on indexers, let's disable it
+# even when distributing collection via bundle, it won't be used on indexer as this use lookups in the background
+
+[kvstore]
+disabled = true

common/templates/idx_web_base.j2

@@ -0,0 +1,9 @@
+# In larger environments, where there are more than, say, three indexers,
+# it's common to disable the Splunk UI. This helps avoid configuration issues
+# caused by logging in to the UI to do something directly via the manager,
+# as well as saving some system resources.
+
+[settings]
+startwebserver = 0
+# avoid timeout when indexer loaded 
+splunkdConnectionTimeout = 120

common/templates/indexer_cluster.j2

@@ -0,0 +1,10 @@
+
+# clustering parameters are local and moved in a cluster specific package
+# this can be a site specific if only one site per cluster
+
+[clustering]
+master_uri = https://{{ groups.splunk_cluster_master[0] }}:{{ splunk_svc_port }}
+mode = slave
+
+[replication_port://{{ splunk_replication_port }}]
+disabled = false

common/templates/indexer_multisite.j2

@@ -0,0 +1,15 @@
+# This app is expected to be layered on top of org_cluster_indexer_base;
+# the settings there establish the general relationship with the master and
+# set up clustered indexing behavior. This is another layer to provide the
+# site number of the host, and to indicate that the clustering should be of
+# the multi-site variety.
+
+# *** This app cannot be shipped via the master-apps mechanism; it would 
+#     make all sites the same. Place it in etc/apps on the affected indexer. ***
+
+[general]
+site = {{ splunk_site }}
+
+[clustering]
+multisite = {{ splunk_multisite }}
+

common/templates/license_server_conf.j2

@@ -0,0 +1,10 @@
+# In distributed environments, it's common to have a lone search head acting
+# as the license master as well. In this configuration, providing the URI
+# of the license master is easiest within the indexer_base configuration.
+# In the event that there are multiple search heads, you could instead use
+# the org_all_license app, shipped to the non-license SH, as well as all of
+# the indexers. In either event, the settings are the same.
+
+[license]
+master_uri = https://{{ groups.splunk_license_master[0] }}:{{ splunk_svc_port }}
+

common/templates/server_SSLconfig.j2

@@ -0,0 +1,12 @@
+[sslConfig]
+sslRootCAPath = $SPLUNK_HOME/etc/auth/ca-cert.pem
+enableSplunkdSSL = true
+sslVersions = tls1.2
+serverCert = $SPLUNK_HOME/etc/auth/servercertificate.pem
+# servercertificate.pem is a symlink to the real cert.pem on the instance 
+ 
+sslPassword = {{ splunk_ssl_cert_password }}
+requireClientCert = false
+ 
+sslVerifyServerCert = true
+sslCommonNameToCheck = {% for host in groups.all_splunk_instances %}{{ host }}, {% endfor %} 

common/templates/sh_idxcluster.j2

@@ -0,0 +1,8 @@
+[clustering]
+master_uri = https://{{ groups.splunk_cluster_master[0] }}:{{ splunk_svc_port }}
+mode = searchhead
+multisite = {{ splunk_multisite }}
+
+[general]
+site =  {{ splunk_site }}
+

common/templates/sh_shcluster.j2

@@ -0,0 +1,2 @@
+[replication_port://{{ splunk_shcluster_replication_port }}]
+

common/templates/uf_ssl_server_conf.j2

@@ -0,0 +1,7 @@
+[sslConfig]
+enableSplunkdSSL = true
+requireClientCert = false
+sslPassword = {{ splunk_ssl_cert_password }}
+sslRootCAPath = $SPLUNK_HOME/etc/apps/{{ splunk_app_prefix }}_uf_ssl/certs/ca-cert.pem
+serverCert = $SPLUNK_HOME/etc/apps/{{ splunk_app_prefix }}_uf_ssl/certs/splunk_universal_forwarder-cert-concatenated.pem
+sslVersions = tls1.2

common/templates/web_sslConfig.j2

@@ -0,0 +1,5 @@
+[settings]
+enableSplunkWebSSL = true
+privKeyPath = $SPLUNK_HOME/etc/auth/web-nopwd-key.pem
+serverCert = $SPLUNK_HOME/etc/auth/web-servercertificate.pem
+sslVersions = tls1.2