diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000..6c045e0 Binary files /dev/null and b/.DS_Store differ diff --git a/Deployment_Server b/Deployment_Server new file mode 160000 index 0000000..d4d9f57 --- /dev/null +++ b/Deployment_Server @@ -0,0 +1 @@ +Subproject commit d4d9f57a05b0e766ab37702728e9325bc5572ff3 diff --git a/Splunk_Install/.DS_Store b/Splunk_Install/.DS_Store new file mode 100644 index 0000000..71a2cde Binary files /dev/null and b/Splunk_Install/.DS_Store differ diff --git a/Splunk_Install/Apps_for_DS/01-Conf_license_slave/default/app.conf b/Splunk_Install/Apps_for_DS/01-Conf_license_slave/default/app.conf new file mode 100755 index 0000000..149b00b --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-Conf_license_slave/default/app.conf @@ -0,0 +1,11 @@ + [launcher] + version = 1.0.0 + author = VABOS + description = Configure instance as License Slave + + [package] + id = Conf_license_slave + + + [ui] + is_visible = false \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/01-Conf_license_slave/default/server.conf b/Splunk_Install/Apps_for_DS/01-Conf_license_slave/default/server.conf new file mode 100755 index 0000000..4d7d5d9 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-Conf_license_slave/default/server.conf @@ -0,0 +1,9 @@ + # In distributed environments, it's common to have a lone search head acting + # as the license master as well. In this configuration, providing the URI + # of the license master is easiest within the indexer_base configuration. + # In the event that there are multiple search heads, you could instead use + # the org_all_license app, shipped to the non-license SH, as well as all of + # the indexers. In either event, the settings are the same. + + [license] + master_uri = https://SVLCTMLOGCLM01.unit-c.edf.fr:8089 \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/01-Conf_license_slave/local/app.conf b/Splunk_Install/Apps_for_DS/01-Conf_license_slave/local/app.conf new file mode 100755 index 0000000..1173ea8 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-Conf_license_slave/local/app.conf @@ -0,0 +1 @@ +# Autogenerated file \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/01-idx_kvstore_base/default/app.conf b/Splunk_Install/Apps_for_DS/01-idx_kvstore_base/default/app.conf new file mode 100755 index 0000000..693301d --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-idx_kvstore_base/default/app.conf @@ -0,0 +1,11 @@ +[launcher] +version = 1.0.0 +author = VABOS +description = Disable Kvstore on Indexers + +[package] +id = edf_idx_kvstore_base + + +[ui] +is_visible = false diff --git a/Splunk_Install/Apps_for_DS/01-idx_kvstore_base/default/server.conf b/Splunk_Install/Apps_for_DS/01-idx_kvstore_base/default/server.conf new file mode 100755 index 0000000..f4cf81b --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-idx_kvstore_base/default/server.conf @@ -0,0 +1,4 @@ +# kvstore not needed on indexers, let's disable it +# even when distributing collection via bundle, it won't be used on indexer as this use lookups in the background +[kvstore] +disabled = true diff --git a/Splunk_Install/Apps_for_DS/01-idx_kvstore_base/local/app.conf b/Splunk_Install/Apps_for_DS/01-idx_kvstore_base/local/app.conf new file mode 100755 index 0000000..1173ea8 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-idx_kvstore_base/local/app.conf @@ -0,0 +1 @@ +# Autogenerated file \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/01-idx_receiver_port/default/app.conf b/Splunk_Install/Apps_for_DS/01-idx_receiver_port/default/app.conf new file mode 100755 index 0000000..c02c82c --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-idx_receiver_port/default/app.conf @@ -0,0 +1,11 @@ +[launcher] +version = 1.0.0 +author = VABOS +description = Enable receiving on Indexer layer + +[package] +id = edf_idx_receiver_port + + +[ui] +is_visible = false diff --git a/Splunk_Install/Apps_for_DS/01-idx_receiver_port/default/inputs.conf b/Splunk_Install/Apps_for_DS/01-idx_receiver_port/default/inputs.conf new file mode 100755 index 0000000..f9562b9 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-idx_receiver_port/default/inputs.conf @@ -0,0 +1 @@ +[splunktcp://9997] diff --git a/Splunk_Install/Apps_for_DS/01-idx_receiver_port/local/app.conf b/Splunk_Install/Apps_for_DS/01-idx_receiver_port/local/app.conf new file mode 100755 index 0000000..1173ea8 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-idx_receiver_port/local/app.conf @@ -0,0 +1 @@ +# Autogenerated file \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/.DS_Store b/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/.DS_Store new file mode 100755 index 0000000..028aabb Binary files /dev/null and b/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/.DS_Store differ diff --git a/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/default/app.conf b/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/default/app.conf new file mode 100755 index 0000000..538800e --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/default/app.conf @@ -0,0 +1,11 @@ + +[launcher] +version = 1.0.0 +author = VABOS +description = Contient la configuration des volumes de données + +[package] +id = edf_idx_volume_indexes + +[ui] +is_visible = false \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/default/indexes.conf b/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/default/indexes.conf new file mode 100755 index 0000000..840aac3 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/default/indexes.conf @@ -0,0 +1,7 @@ +[volume:primary] +path = /data/splunk_data +maxVolumeDataSizeMB = 60000 + +[volume:secondary] +path = /data_cold/splunk_data +maxVolumeDataSizeMB = 240000 diff --git a/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/local/app.conf b/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/local/app.conf new file mode 100755 index 0000000..1173ea8 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/local/app.conf @@ -0,0 +1 @@ +# Autogenerated file \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/metadata/local.meta b/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/metadata/local.meta new file mode 100755 index 0000000..d827768 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-idx_volume_indexes/metadata/local.meta @@ -0,0 +1,3 @@ +[] +access = read : [ * ], write : [ admin ] +export = system diff --git a/Splunk_Install/Apps_for_DS/01-idx_web_base/.DS_Store b/Splunk_Install/Apps_for_DS/01-idx_web_base/.DS_Store new file mode 100755 index 0000000..0f32880 Binary files /dev/null and b/Splunk_Install/Apps_for_DS/01-idx_web_base/.DS_Store differ diff --git a/Splunk_Install/Apps_for_DS/01-idx_web_base/default/app.conf b/Splunk_Install/Apps_for_DS/01-idx_web_base/default/app.conf new file mode 100755 index 0000000..184f4ca --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-idx_web_base/default/app.conf @@ -0,0 +1,11 @@ +[launcher] +version = 1.0.0 +author = Mattys Hervé (OBS) +description = Disable Web access on Indexers + +[package] +id = odin_idx_web_base + + +[ui] +is_visible = false diff --git a/Splunk_Install/Apps_for_DS/01-idx_web_base/default/web.conf b/Splunk_Install/Apps_for_DS/01-idx_web_base/default/web.conf new file mode 100755 index 0000000..ccb5abc --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-idx_web_base/default/web.conf @@ -0,0 +1,12 @@ +# In larger environments, where there are more than, say, three indexers, +# it's common to disable the Splunk UI. This helps avoid configuration issues +# caused by logging in to the UI to do something directly via the manager, +# as well as saving some system resources. + +[settings] + startwebserver = 0 + +# avoid timeout when indexer loaded +splunkdConnectionTimeout = 120 + + diff --git a/Splunk_Install/Apps_for_DS/01-idx_web_base/local/app.conf b/Splunk_Install/Apps_for_DS/01-idx_web_base/local/app.conf new file mode 100755 index 0000000..1173ea8 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/01-idx_web_base/local/app.conf @@ -0,0 +1 @@ +# Autogenerated file \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_all_forwarding_outputs/default/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_all_forwarding_outputs/default/app.conf new file mode 100755 index 0000000..ff2b941 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_all_forwarding_outputs/default/app.conf @@ -0,0 +1,11 @@ +[launcher] +version = 1.0 +author = VABOS +description = Enable forwarding to Indexer layer + +[package] +id = m-tic_all_forwarding_outputs + + +[ui] +is_visible = false diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_all_forwarding_outputs/default/outputs.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_all_forwarding_outputs/default/outputs.conf new file mode 100755 index 0000000..72ef901 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_all_forwarding_outputs/default/outputs.conf @@ -0,0 +1,12 @@ +# BASE SETTINGS + +[tcpout] +# Change here to specify the indexer group +defaultGroup = m-tic_indexer +maxQueueSize = 7MB +useACK = true +forceTimebasedAutoLB = true + +[tcpout:m-tic_indexer] +server = SVLCTMLOGIDX01.unit-c.edf.fr:9997, SVLCTMLOGIDX02.unit-c.edf.fr:9997 +~ diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_all_forwarding_outputs/local/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_all_forwarding_outputs/local/app.conf new file mode 100755 index 0000000..1173ea8 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_all_forwarding_outputs/local/app.conf @@ -0,0 +1 @@ +# Autogenerated file \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/local/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/local/app.conf new file mode 100755 index 0000000..ae434e7 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/local/app.conf @@ -0,0 +1,9 @@ +[install] +state = enabled + +[package] +check_for_updates = false + +[ui] +is_visible = false +is_manageable = false diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/local/inputs.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/local/inputs.conf new file mode 100755 index 0000000..1640b5f --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/local/inputs.conf @@ -0,0 +1,4 @@ +[monitor:///var/rsyslog/*/catchother/*/*/*.log] +disabled = false +index = idx_m-tic_catchall +sourcetype = catchall \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/metadata/local.meta b/Splunk_Install/Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/metadata/local.meta new file mode 100755 index 0000000..d827768 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/metadata/local.meta @@ -0,0 +1,3 @@ +[] +access = read : [ * ], write : [ admin ] +export = system diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/local/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/local/app.conf new file mode 100755 index 0000000..ae434e7 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/local/app.conf @@ -0,0 +1,9 @@ +[install] +state = enabled + +[package] +check_for_updates = false + +[ui] +is_visible = false +is_manageable = false diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/local/inputs.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/local/inputs.conf new file mode 100755 index 0000000..7db2e44 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/local/inputs.conf @@ -0,0 +1,4 @@ +[monitor:///var/rsyslog/*/cisco/.../*.log] +disabled = false +index = idx_m-tic_cisco +sourcetype = cisco \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/metadata/local.meta b/Splunk_Install/Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/metadata/local.meta new file mode 100755 index 0000000..d827768 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/metadata/local.meta @@ -0,0 +1,3 @@ +[] +access = read : [ * ], write : [ admin ] +export = system diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_forwarder_outputs/local/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_forwarder_outputs/local/app.conf new file mode 100755 index 0000000..7d97740 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_forwarder_outputs/local/app.conf @@ -0,0 +1,9 @@ +[install] +state = enabled + +[package] +check_for_update = false + +[ui] +is_visible = false +is_manageable = false \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_forwarder_outputs/local/outputs.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_forwarder_outputs/local/outputs.conf new file mode 100755 index 0000000..9519b26 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_forwarder_outputs/local/outputs.conf @@ -0,0 +1,12 @@ +[tcpout] +defautlGroup = primary_indexers +maxQueuSize = 100MB +useACK = true +forceTimebaseAutoLB = true +forwardedindex.2.whitelist = (_audit|_introspection|_internal) + +[tcpout:primary_indexers] +server = SVLCTMLOGIDX01.unit-c.edf.fr:9997, SVLCTMLOGIDX02.unit-c.edf.fr:9997 + +#clientCert = $SPLUNK_HOME/etc/auth/server.pem +#sslPassword = diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_forwarder_outputs/local/server.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_forwarder_outputs/local/server.conf new file mode 100755 index 0000000..e10e8c3 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_forwarder_outputs/local/server.conf @@ -0,0 +1,2 @@ +[sslConfig] +sslRootCAPath = $SPLUNK_HOME/etc/auth/ca.pem \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_master_base/default/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_master_base/default/app.conf new file mode 100755 index 0000000..1c4bb3d --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_master_base/default/app.conf @@ -0,0 +1,11 @@ +[launcher] +version = 1.0.0 +author = VABOS +description = Configure Cluster Master + +[package] +id = M-TIC_cluster_master_base + + +[ui] +is_visible = false diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_master_base/default/distsearch.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_master_base/default/distsearch.conf new file mode 100755 index 0000000..4342194 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_master_base/default/distsearch.conf @@ -0,0 +1,19 @@ +[distributedSearch:dmc_group_search_head] +servers = localhost:localhost +[distributedSearch:dmc_group_cluster_master] + + +[distributedSearch:dmc_group_license_master] + +[distributedSearch:dmc_group_deployment_server] + +[distributedSearch:dmc_group_indexer] +default = false +servers = SVLCTMLOGIDX01.unit-c.edf.fr:8089,SVLCTMLOGIDX02.unit-c.edf.fr:8089 + +[distributedSearch:dmc_group_shc_deployer] + +[distributedSearch:dmc_group_kv_store] + +[distributedSearch:dmc_indexerclustergroup_Cluster_M-TIC] +servers = localhost:localhost,SVLCTMLOGIDX01.unit-c.edf.fr:8089,SVLCTMLOGIDX02.unit-c.edf.fr:8089 diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_master_base/default/server.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_master_base/default/server.conf new file mode 100755 index 0000000..4ea84ee --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_master_base/default/server.conf @@ -0,0 +1,5 @@ +[clustering] +cluster_label = Cluster_M-TIC +mode = master +pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0= +replication_factor = 2 diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_master_base/local/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_master_base/local/app.conf new file mode 100755 index 0000000..1173ea8 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_cluster_master_base/local/app.conf @@ -0,0 +1 @@ +# Autogenerated file \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_deployer_base/local/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_deployer_base/local/app.conf new file mode 100755 index 0000000..7d97740 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_deployer_base/local/app.conf @@ -0,0 +1,9 @@ +[install] +state = enabled + +[package] +check_for_update = false + +[ui] +is_visible = false +is_manageable = false \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_deployer_base/local/server.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_deployer_base/local/server.conf new file mode 100755 index 0000000..b3abc83 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_deployer_base/local/server.conf @@ -0,0 +1,3 @@ +[shclustering] +pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0= +shcluster_label = M-TIC_shcluster \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/local/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/local/app.conf new file mode 100755 index 0000000..ae434e7 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/local/app.conf @@ -0,0 +1,9 @@ +[install] +state = enabled + +[package] +check_for_updates = false + +[ui] +is_visible = false +is_manageable = false diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/local/inputs.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/local/inputs.conf new file mode 100755 index 0000000..b1e28ec --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/local/inputs.conf @@ -0,0 +1,4 @@ +[monitor:///var/rsyslog/*/esxi/*/*/*.log] +disabled = false +index = idx_m-tic_esxi +sourcetype = esxi \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/metadata/local.meta b/Splunk_Install/Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/metadata/local.meta new file mode 100755 index 0000000..d827768 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/metadata/local.meta @@ -0,0 +1,3 @@ +[] +access = read : [ * ], write : [ admin ] +export = system diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/local/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/local/app.conf new file mode 100755 index 0000000..ae434e7 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/local/app.conf @@ -0,0 +1,9 @@ +[install] +state = enabled + +[package] +check_for_updates = false + +[ui] +is_visible = false +is_manageable = false diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/local/inputs.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/local/inputs.conf new file mode 100755 index 0000000..62205ab --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/local/inputs.conf @@ -0,0 +1,4 @@ +[monitor:///var/rsyslog/*/fortigate/*/*/*.log] +disabled = false +index = idx_m-tic_fortigate +sourcetype = fortigate \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/metadata/local.meta b/Splunk_Install/Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/metadata/local.meta new file mode 100755 index 0000000..d827768 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/metadata/local.meta @@ -0,0 +1,3 @@ +[] +access = read : [ * ], write : [ admin ] +export = system diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/.DS_Store b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/.DS_Store new file mode 100755 index 0000000..0f32880 Binary files /dev/null and b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/.DS_Store differ diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/default/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/default/app.conf new file mode 100755 index 0000000..9cfba3a --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/default/app.conf @@ -0,0 +1,11 @@ +[launcher] +version = 1.0.0 +author = VABOS +description = Configure default clustering options on Indexers + +[package] +id = M-TIC_idx_cluster_base + + +[ui] +is_visible = false diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/default/fields.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/default/fields.conf new file mode 100755 index 0000000..1b1a8f3 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/default/fields.conf @@ -0,0 +1,2 @@ +[edfZone] +INDEXED = true \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/default/server.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/default/server.conf new file mode 100755 index 0000000..6b4974e --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/default/server.conf @@ -0,0 +1,6 @@ +[replication_port://9100] + +[clustering] +manager_uri = https://SVLCTMLOGCLM01.unit-c.edf.fr:8089 +mode = peer +pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0= diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/local/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/local/app.conf new file mode 100755 index 0000000..1173ea8 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_cluster_base/local/app.conf @@ -0,0 +1 @@ +# Autogenerated file \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_idx_indexes_base/default/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_indexes_base/default/app.conf new file mode 100755 index 0000000..b17b3c9 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_indexes_base/default/app.conf @@ -0,0 +1,11 @@ +[launcher] +version = 1.0.0 +author = VABOS +description = Configure default optimisation on Indexers + +[package] +id = edf_idx_indexes_base + + +[ui] +is_visible = false diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_idx_indexes_base/default/indexes.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_indexes_base/default/indexes.conf new file mode 100755 index 0000000..ba562f9 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_indexes_base/default/indexes.conf @@ -0,0 +1,65 @@ +[default] +thawedPath = $SPLUNK_DB/$_index_name/thaweddb +coldPath = volume:secondary/$_index_name/colddb +homePath = volume:primary/$_index_name/db +tstatsHomePath = volume:primary/$_index_name/datamodel_summary +tsidxWritingLevel = 4 +journalCompression = zstd +enableDataIntegrityControl = 0 +enableTsidxReduction = 0 +archiver.enableDataArchive = 0 +bucketRebuildMemoryHint = 1 +compressRawdata = 1 +enableOnlineBucketRepair = 1 +rtRouterQueueSize = +rtRouterThreads = +selfStorageThreads = +suspendHotRollByDeleteQuery = 0 +syncMeta = 1 + +[idx_m-tic_windows] + +[idx_m-tic_fortigate] + +[idx_m-tic_linux] + +[idx_m-tic_esxi] + +[vmware-esxilog] + +[vmware-perf-metrics] +datatype = metric + +[vmware-inv] + +[vmware-taskevent] + +[vmware-vclog] + +[idx_m-tic_alcatel] + +[idx_m-tic_cisco] + +[idx_m-tic_switch] + +[idx_m-tic_catchall] + +[idx_m-tic_catchother] + +[idx_m-tic_other] + +[idx_m-tic_glpi] + +[idx_m-tic_glpi_vm] + +[idx_m-tic_glpi_kb] + +[idx_m-tic_glpi_sep] + +[idx_m-tic_glpi_obsolescence] + +[idx_m-tic_genetec_sc] + +[idx_ldap] + +[idx_m-tic_synology] \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_idx_indexes_base/local/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_indexes_base/local/app.conf new file mode 100755 index 0000000..1173ea8 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_idx_indexes_base/local/app.conf @@ -0,0 +1 @@ +# Autogenerated file \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_linux_forwarders_inputs/local/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_linux_forwarders_inputs/local/app.conf new file mode 100755 index 0000000..ae434e7 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_linux_forwarders_inputs/local/app.conf @@ -0,0 +1,9 @@ +[install] +state = enabled + +[package] +check_for_updates = false + +[ui] +is_visible = false +is_manageable = false diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_linux_forwarders_inputs/local/inputs.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_linux_forwarders_inputs/local/inputs.conf new file mode 100755 index 0000000..de1525c --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_linux_forwarders_inputs/local/inputs.conf @@ -0,0 +1,5 @@ +[monitor:///var/rsyslog/*/linux/.../*.log] +disabled = 0 +host_segment = 6 +index = idx_m-tic_linux +sourcetype = syslog_linux diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_linux_forwarders_inputs/metadata/local.meta b/Splunk_Install/Apps_for_DS/02-M-TIC_linux_forwarders_inputs/metadata/local.meta new file mode 100755 index 0000000..d827768 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_linux_forwarders_inputs/metadata/local.meta @@ -0,0 +1,3 @@ +[] +access = read : [ * ], write : [ admin ] +export = system diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_sh_cluster_base/default/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_cluster_base/default/app.conf new file mode 100755 index 0000000..eab63c9 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_cluster_base/default/app.conf @@ -0,0 +1,9 @@ +[install] +state = enabled + +[package] +check_for_updates = false + +[ui] +is_visible = false +is_manageable = false \ No newline at end of file diff --git a/README.md b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_cluster_base/default/authorize.conf old mode 100644 new mode 100755 similarity index 100% rename from README.md rename to Splunk_Install/Apps_for_DS/02-M-TIC_sh_cluster_base/default/authorize.conf diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_sh_cluster_base/default/fields.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_cluster_base/default/fields.conf new file mode 100755 index 0000000..e69de29 diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_sh_cluster_base/default/server.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_cluster_base/default/server.conf new file mode 100755 index 0000000..7c50fab --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_cluster_base/default/server.conf @@ -0,0 +1,17 @@ +[clustering] +mode = searchhead +manager_uri = clustermanager:one + +[clustermanager:one] +manager_uri = https://SVLCTMLOGCLM01.unit-c.edf.fr:8089 +pass4SymmKey = $7$S9wq9h/bAbFgNYLo/9vsjHEwpY2z8IkPYQ663LGXb6cLu5YmhyEQnSS3+7jNTRzFBQ== +multisite = false + +[shclustering] +shcluster_label = M-TIC_shcluster +conf_deploy_fetch_url = https://SVLCTMLOGSUP01.unit-c.edf.fr:8089 +pass4SymmKey = $7$S9wq9h/bAbFgNYLo/9vsjHEwpY2z8IkPYQ663LGXb6cLu5YmhyEQnSS3+7jNTRzFBQ== + +[httpServer] +maxThreads = 150000 +maxSockets = 250000 \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_sh_cluster_base/metadata/default.meta b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_cluster_base/metadata/default.meta new file mode 100755 index 0000000..93b703a --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_cluster_base/metadata/default.meta @@ -0,0 +1,3 @@ +[] +acces = read : [ * ], write : [ admin ] +export = system \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_sh_idxcluster_base/default/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_idxcluster_base/default/app.conf new file mode 100755 index 0000000..a662815 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_idxcluster_base/default/app.conf @@ -0,0 +1,11 @@ +[launcher] +version = 1.0.0 +author = VABOS +description = Configure Search Head for IDX Clustering + +[package] +id = M-TIN_sh_idxcluster_base + + +[ui] +is_visible = false diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_sh_idxcluster_base/default/server.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_idxcluster_base/default/server.conf new file mode 100755 index 0000000..bf71fc9 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_idxcluster_base/default/server.conf @@ -0,0 +1,9 @@ +[general] +site = site2 + +[clustering] +multisite = true +master_uri = https://SVLCTMLOGCLM01.unit-c.edf.fr:8089 +mode = searchhead +pass4SymmKey = $7$i7IqoiyC1DpnVbSVtwGzuVTO5rmVyPCI2CMacpHEFs3N2oFAaF0EJ049Otza + diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_sh_idxcluster_base/local/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_idxcluster_base/local/app.conf new file mode 100755 index 0000000..1173ea8 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_idxcluster_base/local/app.conf @@ -0,0 +1 @@ +# Autogenerated file \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_sh_volume_indexes/default/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_volume_indexes/default/app.conf new file mode 100755 index 0000000..7d97740 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_volume_indexes/default/app.conf @@ -0,0 +1,9 @@ +[install] +state = enabled + +[package] +check_for_update = false + +[ui] +is_visible = false +is_manageable = false \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_sh_volume_indexes/default/indexes.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_volume_indexes/default/indexes.conf new file mode 100755 index 0000000..8981b3c --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_sh_volume_indexes/default/indexes.conf @@ -0,0 +1,6 @@ +# One Volume for Hot and Cold +[volume:primary] +path = /opt/splunk/var/lib/splunk + +[volume:secondary] +path = /opt/splunk/var/lib/splunk \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_windows_forwarders_inputs/local/app.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_windows_forwarders_inputs/local/app.conf new file mode 100755 index 0000000..ae434e7 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_windows_forwarders_inputs/local/app.conf @@ -0,0 +1,9 @@ +[install] +state = enabled + +[package] +check_for_updates = false + +[ui] +is_visible = false +is_manageable = false diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_windows_forwarders_inputs/local/inputs.conf b/Splunk_Install/Apps_for_DS/02-M-TIC_windows_forwarders_inputs/local/inputs.conf new file mode 100755 index 0000000..a33dd68 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_windows_forwarders_inputs/local/inputs.conf @@ -0,0 +1,7 @@ +[WinEventLog] +interval=60 +evt_resolve_ad_obj = 0 +evt_dc_name= +evt_dns_name= +index = idx_m-tic_windows +sourcetype = events_windows \ No newline at end of file diff --git a/Splunk_Install/Apps_for_DS/02-M-TIC_windows_forwarders_inputs/metadata/local.meta b/Splunk_Install/Apps_for_DS/02-M-TIC_windows_forwarders_inputs/metadata/local.meta new file mode 100755 index 0000000..d827768 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/02-M-TIC_windows_forwarders_inputs/metadata/local.meta @@ -0,0 +1,3 @@ +[] +access = read : [ * ], write : [ admin ] +export = system diff --git a/Splunk_Install/Apps_for_DS/For_MC/local/distsearch.conf b/Splunk_Install/Apps_for_DS/For_MC/local/distsearch.conf new file mode 100755 index 0000000..4e59289 --- /dev/null +++ b/Splunk_Install/Apps_for_DS/For_MC/local/distsearch.conf @@ -0,0 +1,27 @@ +[distributedSearch] +servers = https://SVLCTMLOGCLM01.unit-c.edf.fr:8089,https://SVLCTMLOGPUB01.unit-c.edf.fr:8089,https://SVLCTMLOGPUB02.unit-c.edf.fr:8089 + +[distributedSearch:dmc_group_deployment_server] +servers = localhost:localhost + +[distributedSearch:dmc_group_kv_store] +servers = SVLCTMLOGCLM01.unit-c.edf.fr:8089,SVLCTMLOGPUB01.unit-c.edf.fr:8089,SVLCTMLOGPUB02.unit-c.edf.fr:8089 + +[distributedSearch:dmc_group_license_master] +servers = SVLCTMLOGCLM01.unit-c.edf.fr:8089 + +[distributedSearch:dmc_group_shc_deployer] +servers = localhost:localhost + +[distributedSearch:dmc_group_cluster_master] +servers = SVLCTMLOGCLM01.unit-c.edf.fr:8089 + +[distributedSearch:dmc_group_indexer] +default = true +servers = SVLCTMLOGIDX01.unit-c.edf.fr:8089,SVLCTMLOGIDX02.unit-c.edf.fr:8089 + +[distributedSearch:dmc_group_search_head] +servers = SVLCTMLOGCLM01.unit-c.edf.fr:8089,SVLCTMLOGPUB01.unit-c.edf.fr:8089,SVLCTMLOGPUB02.unit-c.edf.fr:8089 + +[distributedSearch:dmc_searchheadclustergroup_Cluster_SH_M-TIC] +servers = localhost:localhost,SVLCTMLOGPUB01.unit-c.edf.fr:8089,SVLCTMLOGPUB02.unit-c.edf.fr:8089 diff --git a/Splunk_Install/Apps_for_DS/splunk_monitoring_console/local/splunk_monitoring_console_assets.conf b/Splunk_Install/Apps_for_DS/splunk_monitoring_console/local/splunk_monitoring_console_assets.conf new file mode 100755 index 0000000..81e890b --- /dev/null +++ b/Splunk_Install/Apps_for_DS/splunk_monitoring_console/local/splunk_monitoring_console_assets.conf @@ -0,0 +1,3 @@ +[settings] +disabled = 0 +configuredPeers = SVLCTMLOGPUB01.unit-c.edf.fr:8089,SVLCTMLOGPUB02.unit-c.edf.fr:8089,SVLCTMLOGIDX01.unit-c.edf.fr:8089,SVLCTMLOGIDX02.unit-c.edf.fr:8089,SVLCTMLOGCLM01.unit-c.edf.fr:8089,SVLCTMLOGCLM01.unit-c.edf.fr:8089 \ No newline at end of file diff --git a/Splunk_Install/Apps_for_Splunk/01-Conf_ServerClass/local/serverclass.conf b/Splunk_Install/Apps_for_Splunk/01-Conf_ServerClass/local/serverclass.conf new file mode 100755 index 0000000..ebd3905 --- /dev/null +++ b/Splunk_Install/Apps_for_Splunk/01-Conf_ServerClass/local/serverclass.conf @@ -0,0 +1,35 @@ +[global] +crossServerChecksum = false +repositoryLocation = $SPLUNK_HOME/etc/deployment-apps +targetRepositoryLocation = $SPLUNK_HOME/etc/apps +tmpFolder = $SPLUNK_HOME/var/run/tmp + +stateOnClient = enabled + +restartSplunkWeb = False +restartSplunkd = False +issueReload = false +continueMatching = true +endpoint = $deploymentServerUri$/services/streams/deployment?name=$tenantName$:$serverClassName$:$appName$ + +filterType = whitelist + +[serverClass:Licence_Master_TIC] + +[serverClass:Cluster_Master_TIC] + +[serverClass:Cluster_Indexer_TIC] + +[serverClass:Cluster_SH_TIC] + +[serverClass:Forwarder_Linux_TIC] + +[serverClass:Forwarder_Windows_TIC] + +[serverClass:Cluster_Master_TIH] + +[serverClass:Cluster_Indexer_TIH] + +[serverClass:Forwarder_Linux_TIH] + +[serverClass:Forwarder_Windows_TIH] \ No newline at end of file diff --git a/Splunk_Install/Apps_for_Splunk/01-Conf_deploy_client/local/deploymentclient.conf b/Splunk_Install/Apps_for_Splunk/01-Conf_deploy_client/local/deploymentclient.conf new file mode 100755 index 0000000..026a07a --- /dev/null +++ b/Splunk_Install/Apps_for_Splunk/01-Conf_deploy_client/local/deploymentclient.conf @@ -0,0 +1,5 @@ +[target-broker:deploymentServer] +targetUri = https://SVLCTMLOGSUP01.unit-c.edf.fr:8089 + +[deployment-client] +disabled = 0 \ No newline at end of file diff --git a/Splunk_Install/Apps_for_Splunk/IDN-Conf_Proxy_Forwarder/local/app.conf b/Splunk_Install/Apps_for_Splunk/IDN-Conf_Proxy_Forwarder/local/app.conf new file mode 100755 index 0000000..33845d7 --- /dev/null +++ b/Splunk_Install/Apps_for_Splunk/IDN-Conf_Proxy_Forwarder/local/app.conf @@ -0,0 +1,10 @@ +[launcher] +version = 1.0.0 +author = OB +description = Configuration Proxy IDN +[package] +id = IDN-Conf_Proxy_forwarder +[ui] +is_visible = false +[install] +state = enabled diff --git a/Splunk_Install/Apps_for_Splunk/IDN-Conf_Proxy_Forwarder/local/deploymentclient.conf b/Splunk_Install/Apps_for_Splunk/IDN-Conf_Proxy_Forwarder/local/deploymentclient.conf new file mode 100755 index 0000000..253cd47 --- /dev/null +++ b/Splunk_Install/Apps_for_Splunk/IDN-Conf_Proxy_Forwarder/local/deploymentclient.conf @@ -0,0 +1,2 @@ +[target-broker:deploymentServer] +targetUri = https://80.205.212.20:8089 \ No newline at end of file diff --git a/Splunk_Install/Apps_for_Splunk/IDN-Conf_Proxy_Forwarder/local/server.conf b/Splunk_Install/Apps_for_Splunk/IDN-Conf_Proxy_Forwarder/local/server.conf new file mode 100755 index 0000000..ae73c3d --- /dev/null +++ b/Splunk_Install/Apps_for_Splunk/IDN-Conf_Proxy_Forwarder/local/server.conf @@ -0,0 +1,2 @@ +[proxyConfig] +https_proxy = https://80.205.212.20:8089 \ No newline at end of file diff --git a/Splunk_Install/Config_Rsyslog/01-Splunk_Forwarder-IDN_Lyon.conf b/Splunk_Install/Config_Rsyslog/01-Splunk_Forwarder-IDN_Lyon.conf new file mode 100755 index 0000000..4d1ccb8 --- /dev/null +++ b/Splunk_Install/Config_Rsyslog/01-Splunk_Forwarder-IDN_Lyon.conf @@ -0,0 +1,110 @@ +# Configuration rsyslog pour utiliser avec un Splunk Forwarder a copier dans /etc/rsyslog.d + +#--------------------------Modules----------------------------- + +$ModLoad imudp +$ModLoad imtcp + +#--------------------------Protocoles-------------------------- + +$UDPServerRun 514 +$UDPServerRun 5140 +$InputTCPServerRun 514 + +#--------------------------Folder------------------------------ + +$DirCreateMode 0755 +$FileCreateMode 0640 +$DirOwner splunk +$DirGroup splunk +$FileOwner splunk +$FileGroup splunk + +$RuleSet RSYSLOG_DefaultRuleSet + +#--------------------------Templates--------------------------- + +# Template pour Fortigate +template(name="fortigate" type="string" string="/var/rsyslog/%$myhostname%/fortigate/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log") + +# Template pour ESXi +template(name="esxi" type="string" string="/var/rsyslog/%$myhostname%/esxi/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log") + +# Template pour Linux +template(name="linux" type="string" string="/var/rsyslog/%$myhostname%/linux/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log") + +# Template pour Switch alcatel +template(name="alcatel_omniswitch" type="string" string="/var/rsyslog/%$myhostname%/alcatel_omniswitch/%$YEAR%-%$MONTH%-%$DAY%/%fromhost-ip%/%syslogfacility-text%.log") + +# Template pour ILO +template(name="ilo" type="string" string="/var/rsyslog/%$myhostname%/ilo/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log") + +# Template pour les equipement réseau +template(name="network" type="string" string="/var/rsyslog/%$myhostname%/network/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log") + +# Template pour iDRAC +template(name="idrac" type="string" string="/var/rsyslog/%$myhostname%/idrac/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log") + +# Template Catch-All +template(name="catchall" type="string" string="/var/rsyslog/%$myhostname%/catchall/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log") + +#-------------------------Filtres et Actions------------------------------ + +# Fortigate (identifié par 'devid="FG' dans le message) +if $msg contains_i ' devid="FG' then { + action(type="omfile" dynaFile="fortigate") + stop +} + +# ESXi (hôte commençant par 'spv') +if $fromhost startswith "spv" then { + action(type="omfile" dynaFile="esxi") + stop +} + +# Linux (hôte ou nom contenant 'svl') +if $fromhost startswith "svl" or $hostname contains 'svl' then { + action(type="omfile" dynaFile="linux") + stop +} + +# Cisco ASA (identifié par '%ASA' dans le tag syslog) +if $syslogtag contains '%ASA' then { + action(type="omfile" dynaFile="network") + stop +} + +# ILO (identifié par 'ILO' dans le message) +if $msg contains_i "ILO" then { + action(type="omfile" dynaFile="ilo") + stop +} + +# iDRAC (nom d'hôte contenant 'IDR') +if $hostname contains_i "IDR" then { + action(type="omfile" dynaFile="idrac") + stop +} + +# Réseau spécifique +if ($fromhost-ip startswith '223.90.0' or $fromhost-ip startswith '223.94.0') then { + action(type="omfile" dynaFile="alcatel_omniswitch") + stop +} + +# Catch-All (tous les autres logs) +if $fromhost != $$myhostname then { + action(type="omfile" dynaFile="catchall") + stop +} + +#----------------------- Options additionnelles ----------------------- + +# Utilisation d'une file d'attente asynchrone pour améliorer les performances +# Permet d'assurer un traitement non bloquant des logs en cas de surcharge +$ActionQueueType LinkedList # Type de queue : liste chaînée (asynchrone) +$ActionQueueFileName syslogqueue # Nom du fichier de queue +$ActionResumeRetryCount -1 # Retenter indéfiniment si le serveur de logs est indisponible + +# Utilisation du format Syslog Protocol 23 (compatibilité maximale) +$ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format \ No newline at end of file diff --git a/Splunk_Install/Config_Rsyslog/01-Splunk_Forwarder.conf b/Splunk_Install/Config_Rsyslog/01-Splunk_Forwarder.conf new file mode 100755 index 0000000..532ff2f --- /dev/null +++ b/Splunk_Install/Config_Rsyslog/01-Splunk_Forwarder.conf @@ -0,0 +1,78 @@ +# Configuration rsyslog pour utiliser avec un Splunk Forwarder a copier dans /etc/rsyslog.d + +#--------------------------Modules----------------------------- + +$ModLoad imudp +$ModLoad imtcp + +#--------------------------Protocoles-------------------------- + +$UDPServerRun 514 +$UDPServerRun 5140 +$InputTCPServerRun 514 + +#--------------------------Folder------------------------------ + +$DirCreateMode 0755 +$FileCreateMode 0640 +$DirOwner splunk +$DirGroup splunk +$FileOwner splunk +$FileGroup splunk + +$RuleSet RSYSLOG_DefaultRuleSet + +#--------------------------Templates--------------------------- + +#Template Cisco +$template ciscoasa,"/var/rsyslog/%$myhostname%/ciscoasa/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log" + +#Template Fortigate +$template fortigate,"/var/rsyslog/%$myhostname%/fortigate/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log" + +#Template Esxi +$template esxi,"/var/rsyslog/%$myhostname%/esxi/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log" + +#Template Linux +$template linux,"/var/rsyslog/%$myhostname%/linux/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log" + +#Template Switch +$template switch,"/var/rsyslog/%$myhostname%/switch/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log" + +#Templates ILO +$template ilo,"/var/rsyslog/%$myhostname%/ilo/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log" + +#Templates iDRAC +$template ilo,"/var/rsyslog/%$myhostname%/idrac/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log" + +# Catch All +$template catchother,"/var/rsyslog/%$myhostname%/catchother/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log" + +#-------------------------Filtres------------------------------ + +if $msg contains_i ' devid="FG' then -?fortigate +& stop + +if $fromhost startswith "spv" then -?esxi +& stop + +if $fromhost startswith "svl" then -?linux +& stop + +if $hostname contains 'svl' then -?linux +& stop + +if $hostname contains 'SWI' then -?switch +& stop + +if $syslogtag contains '%ASA' then -?ciscoasa +& stop + +if $msg contains_i "ILO" then -?ilo +& stop + +if $hostname contains_i "IDR" then -?idrac +& stop + +if $fromhost != $$myhostname then -?catchother +& stop diff --git a/Splunk_Install/Keys_public/SVLCTMLOGSUP01.unit-c.edf.fr/trusted.pem b/Splunk_Install/Keys_public/SVLCTMLOGSUP01.unit-c.edf.fr/trusted.pem new file mode 100755 index 0000000..757deea --- /dev/null +++ b/Splunk_Install/Keys_public/SVLCTMLOGSUP01.unit-c.edf.fr/trusted.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKYWpilaQTRB1A19lN3W +lnN9B8VTZOzZWMTOf0v8vk0SqTkrh4DSGYp0ikNcEG1ECAF+Gc5RxsaiKm3YuHa7 +lR5jcGguIv/rPIQSS25fPmYN6eddGx6iupcyQxatMFW5QZVjmCcxvorrRlqgNLhr +CYhb3EoEQDO79yWTGf8pH5WUg+hI2jWinhUJqKflz/K+IH1u9iKuWmMXjHJR7O+/ +QX+t0t3vTR2XIbLU4kTUR0XKb8q8pUY8ew0F3chkJY4pKcKCdELioakWZEcf0Pcx +Qt3H5MHSU1K5WD8xYfOmY/HOpWUuDHO31jpqnaCv4gJShELfA6ECGPD2QVxn6RcS +EwIDAQAB +-----END PUBLIC KEY----- diff --git a/Splunk_Install/common/handlers/restart_splunk.yml b/Splunk_Install/common/handlers/restart_splunk.yml new file mode 100755 index 0000000..d2b642b --- /dev/null +++ b/Splunk_Install/common/handlers/restart_splunk.yml @@ -0,0 +1,37 @@ +--- +- name: "Retrieve PID 1 process information (Linux)" + command: "ps 1" + register: pid1 + when: + - ansible_system is match("Linux") + - pid1 is not defined + +- name: "Restart the splunkd service - Via CLI" + command: "{{ splunk_exec }} restart --answer-yes --accept-license" + become: yes + become_user: "{{ splunk_user }}" + register: task_result + until: task_result.rc == 0 + retries: 3 + delay: "{{ delay_num }}" + when: not splunk_enable_service + +- name: "Restart the splunkd service - Via systemd" + service: + name: "{% if pid1.stdout.find('systemd') != -1 %}Splunkd{% else %}splunk{% endif %}" + state: restarted + when: + - splunk_enable_service + - ansible_system is match("Linux") + become: yes + become_user: "{{ privileged_user }}" + +- name: "Restart the splunkd service - Via windows system" + win_service: + name: splunkd + state: restarted + when: splunk_enable_service and not ansible_system is match("Linux") + +- name: "Wait for splunkd management port" + wait_for: + port: "{{ splunk_svc_port }}" diff --git a/Splunk_Install/common/tasks/apply_dmc_trusted_pem.yml b/Splunk_Install/common/tasks/apply_dmc_trusted_pem.yml new file mode 100755 index 0000000..296a85e --- /dev/null +++ b/Splunk_Install/common/tasks/apply_dmc_trusted_pem.yml @@ -0,0 +1,29 @@ +--- +- name: Get DMC Name + set_fact: + dmc_name: "{{ hostvars[groups.splunk_monitoring_console[0]].inventory_hostname_short }}" + when: not splunk_single_instance + +- name: "Ensure that {{ dest_path }} exists" + file: + path: "{{ splunk_home }}/etc/{{ dest_path | dirname }}" + state: directory + recurse: yes + group: "{{ splunk_group }}" + owner: "{{ splunk_user }}" + ignore_errors: true + vars: + dest_path: "auth/distServerKeys/{{ dmc_name }}/" + become: yes + become_user: "{{ splunk_user }}" + when: not splunk_single_instance + +- name: Copy trusted.pem to server + copy: + src: "/tmp/trusted.pem" + dest: "{{ splunk_home }}/etc/auth/distServerKeys/{{ dmc_name }}/trusted.pem" + group: "{{ splunk_group }}" + owner: "{{ splunk_user }}" + become: yes + become_user: "{{ splunk_user }}" + when: not splunk_single_instance diff --git a/Splunk_Install/common/tasks/create_app_via_template.yml b/Splunk_Install/common/tasks/create_app_via_template.yml new file mode 100755 index 0000000..3ca88fa --- /dev/null +++ b/Splunk_Install/common/tasks/create_app_via_template.yml @@ -0,0 +1,47 @@ +--- +- name: Default files added to the list + set_fact: + app_configs: + - template_path: "{{ playbook_dir }}/common/templates/app.j2" + template_output_path: "app.conf" + +- name: Ensure that all local paths exists + file: + path: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/local" + state: directory + recurse: yes + force: true + ignore_errors: true + loop: "{{ configs|flatten + app_configs | flatten }}" + +- name: Apply provided template.j2 on the provided target file + template: + src: "{{ item.template_path }}" + dest: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/local/{{ item.template_output_path }}" + force: true + loop: "{{ configs|flatten + app_configs | flatten }}" + +- name: Ensure that all custom paths exists + file: + path: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/{{ item.dest_dir }}" + state: directory + recurse: yes + force: true + ignore_errors: true + loop: "{{ files |flatten }}" + when: files is defined + +- name: Copy specific files to their local dir + copy: + src: "{{ item.src }}" + dest: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}/{{ item.dest_dir }}" + force: true + loop: "{{ files |flatten }}" + when: files is defined + +- name: Copy app to the different Splunk Topology + copy: + src: "{{ playbook_dir }}/splunk_apps/base_apps/{{ app_name }}" + dest: "{{ playbook_dir }}/splunk_apps/{{ item }}/" + force: yes + loop: "{{ splunk_target_topology }}" \ No newline at end of file diff --git a/Splunk_Install/common/tasks/disable_dmc.yml b/Splunk_Install/common/tasks/disable_dmc.yml new file mode 100755 index 0000000..99f45d3 --- /dev/null +++ b/Splunk_Install/common/tasks/disable_dmc.yml @@ -0,0 +1,10 @@ + +- name: "disable dmc on client instances" + ini_file: + dest: "{{ splunk_home }}/etc/apps/splunk_monitoring_console/local/app.conf" + section: install + option: "state" + value: "disabled" + become: yes + become_user: "{{ splunk_user }}" + when: "{{ groups.splunk_monitoring_console | length |int }} >= 1" diff --git a/Splunk_Install/common/tasks/set_certificate_prefix.yml b/Splunk_Install/common/tasks/set_certificate_prefix.yml new file mode 100755 index 0000000..390179c --- /dev/null +++ b/Splunk_Install/common/tasks/set_certificate_prefix.yml @@ -0,0 +1,17 @@ +--- +- name: "Test basic https endpoint" + uri: + url: "https://127.0.0.1:{{ splunk_svc_port }}/services/properties" + method: GET + user: "{{ splunk_admin_user }}" + password: "{{ splunk_password }}" + validate_certs: false + status_code: 200,404 + timeout: 10 + register: ssl_enabled + ignore_errors: true + +# If the https call failed, we will revert to http and continue REST with normal error handling +- name: "Set url prefix for future REST calls" + set_fact: + cert_prefix: "{% if ssl_enabled.status == 200 %}https{% else %}http{% endif %}" diff --git a/Splunk_Install/common/tasks/set_conf_stanza.yml b/Splunk_Install/common/tasks/set_conf_stanza.yml new file mode 100755 index 0000000..e36b4aa --- /dev/null +++ b/Splunk_Install/common/tasks/set_conf_stanza.yml @@ -0,0 +1,33 @@ +--- +- name: Create {{ conf_directory }} directory if not existing + file: + path: "{{ conf_directory }}" + state: directory + when: conf_directory is defined + become: yes + become_user: "{{ splunk_user }}" + +- name: Create {{ conf_file }} if not existing + copy: + dest: "{{ conf_directory }}/{{ conf_file }}" + mode: u=rw,g=,o= + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + content: "" + force: no + become: yes + become_user: "{{ privileged_user }}" + +- name: "Set options in {{ stanza_name }}" + ini_file: + path: "{{ conf_directory }}/{{ conf_file }}" + section: "{{ stanza_name }}" + option: "{{ stanza_setting.key }}" + value: "{{ stanza_setting.value }}" + allow_no_value: True + state: present + with_dict: "{{ conf_stanzas }}" + loop_control: + loop_var: stanza_setting + become: yes + become_user: "{{ splunk_user }}" diff --git a/Splunk_Install/common/tasks/wait_for_splunk_instance.yml b/Splunk_Install/common/tasks/wait_for_splunk_instance.yml new file mode 100755 index 0000000..c934a43 --- /dev/null +++ b/Splunk_Install/common/tasks/wait_for_splunk_instance.yml @@ -0,0 +1,20 @@ +--- +- name: Check Splunk instance is running + uri: + url: "{{ cert_prefix }}://{{ inventory_hostname }}:{{ splunk_svc_port }}/services/server/info?output_mode=json" + method: GET + user: "{{ splunk_admin_user }}" + password: "{{ splunk_password }}" + validate_certs: false + register: task_response + until: + - task_response.status == 200 + - lookup('pipe', 'date +"%s"')|int - task_response.json.entry[0].content.startup_time > 10 + retries: "{{ retry_num }}" + delay: 3 + ignore_errors: true + no_log: "{{ hide_password }}" + +- name: Print response + debug: + var: task_response diff --git a/Splunk_Install/common/templates/app.j2 b/Splunk_Install/common/templates/app.j2 new file mode 100755 index 0000000..c007875 --- /dev/null +++ b/Splunk_Install/common/templates/app.j2 @@ -0,0 +1,11 @@ +[launcher] +author = {{ author }} via Ansible (OBS) +description = {{ app_desc }} +version = {{ ansible_script_version }} + +[package] +id = {{ app_name }} + + +[ui] +is_visible = false diff --git a/Splunk_Install/common/templates/cluster_master_server_conf.j2 b/Splunk_Install/common/templates/cluster_master_server_conf.j2 new file mode 100755 index 0000000..57d39ff --- /dev/null +++ b/Splunk_Install/common/templates/cluster_master_server_conf.j2 @@ -0,0 +1,15 @@ + +[clustering] +available_sites = {{ splunk_all_sites }} +cluster_label = {{ splunk_idxcluster_label }} +mode = master +multisite = {{ splunk_multisite }} +replication_factor = {{ splunk_replication_factor }} +search_factor = {{ splunk_search_factor }} +site_replication_factor = origin:{{ splunk_multisite_replication_factor_origin }}, total:{{ splunk_multisite_replication_factor_total }} +site_search_factor = origin:{{ splunk_multisite_search_factor_origin }}, total:{{ splunk_multisite_search_factor_total }} +summary_replication = true + +[general] +site = {{ splunk_site }} + diff --git a/Splunk_Install/common/templates/deployer.j2 b/Splunk_Install/common/templates/deployer.j2 new file mode 100755 index 0000000..e698cd5 --- /dev/null +++ b/Splunk_Install/common/templates/deployer.j2 @@ -0,0 +1,2 @@ +[shclustering] +shcluster_label = {{ splunk_shcluster_label }} diff --git a/Splunk_Install/common/templates/deploymentclient.j2 b/Splunk_Install/common/templates/deploymentclient.j2 new file mode 100755 index 0000000..b6b26d5 --- /dev/null +++ b/Splunk_Install/common/templates/deploymentclient.j2 @@ -0,0 +1,10 @@ +[deployment-client] +{% if splunk_enableSSL %} + sslVersions = tls1.2 + sslVerifyServerCert = true + sslCommonNameToCheck = {% for host in groups.splunk_deployment_server %} {{ host }}, {% endfor %} +{% endif %} + +[target-broker:deploymentServer] +# Change the targetUri +targetUri = {{ groups.splunk_deployment_server[0] }}:{{ splunk_svc_port }} diff --git a/Splunk_Install/common/templates/dist_search.j2 b/Splunk_Install/common/templates/dist_search.j2 new file mode 100755 index 0000000..1af0638 --- /dev/null +++ b/Splunk_Install/common/templates/dist_search.j2 @@ -0,0 +1,30 @@ +[distributedSearch] +servers = {% if sh_list is not none %} {% for host in sh_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %}{% if lm_list is not none %} ,{% for host in lm_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %}{% if cm_list is not none %} ,{% for host in cm_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %}{% if ds_list is not none %} ,{% for host in ds_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %}{% if deployer_list is not none %} ,{% for host in deployer_list %} https://{{ host }}:{{ splunk_svc_port }}, {% endfor %}{%endif %} + +[distributedSearch:dmc_group_cluster_master] +servers={% if cm_list is not none %} {% for host in cm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {% else %} localhost:localhost {%endif %} + +[distributedSearch:dmc_group_deployment_server] +servers={% if ds_list is not none %} {% for host in ds_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %} + +[distributedSearch:dmc_group_indexer] +default = true +servers={% if indexer_list is not none %} {% for host in indexer_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {% else %} localhost:localhost {%endif %} + +[distributedSearch:dmc_group_kv_store] +servers={% if sh_list is not none %} {% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %} + +[distributedSearch:dmc_group_license_master] +servers={% if lm_list is not none %} {% for host in lm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %} + +[distributedSearch:dmc_group_search_head] +servers={% if cm_list is not none %}{% for host in cm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}{% if sh_list is not none %},{% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %} + +[distributedSearch:dmc_group_shc_deployer] +servers={% if deployer_list is not none %} {% for host in deployer_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %} + +[distributedSearch:dmc_indexerclustergroup_{{ splunk_idxcluster_label }}] +servers={% if cm_list is not none %}{% for host in cm_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %}{% if indexer_list is not none %},{% for host in indexer_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %}{% if sh_list is not none %},{% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %} {%endif %} + +[distributedSearch:dmc_searchheadclustergroup_{{ splunk_shcluster_label }}] +servers={% if sh_list is not none %}{% for host in sh_list %} {{ host }}:{{ splunk_svc_port }}, {% endfor %}{% else %} localhost:localhost {%endif %} diff --git a/Splunk_Install/common/templates/enable_receiver.j2 b/Splunk_Install/common/templates/enable_receiver.j2 new file mode 100755 index 0000000..766dbdc --- /dev/null +++ b/Splunk_Install/common/templates/enable_receiver.j2 @@ -0,0 +1,12 @@ +{% if splunk_enableSSL %} +[splunktcp-ssl:{{ splunk_s2s_port }}] +connection_host = ip + +[SSL] +serverCert = $SPLUNK_HOME/etc/auth/servercertificate.pem +sslPassword = {{ splunk_ssl_cert_password }} +requireClientCert = false +sslVersions = tls1.2 +{% else %} +[splunktcp://{{ splunk_s2s_port }}] +{% endif %} \ No newline at end of file diff --git a/Splunk_Install/common/templates/forwarding_s2s_outputs_conf.j2 b/Splunk_Install/common/templates/forwarding_s2s_outputs_conf.j2 new file mode 100755 index 0000000..d383e5e --- /dev/null +++ b/Splunk_Install/common/templates/forwarding_s2s_outputs_conf.j2 @@ -0,0 +1,19 @@ +# BASE SETTINGS + +[tcpout] +# Change here to specify the indexer group +defaultGroup = all_{{ splunk_app_prefix }}_indexer +forceTimebasedAutoLB = true +maxQueueSize = 7MB +useACK = true + +[tcpout:all_{{ splunk_app_prefix }}_indexer] +{% if splunk_enableSSL %} +clientCert = $SPLUNK_HOME/etc/auth/servercertificate.pem +{% endif %} +server = {% for host in indexer_list %}{{ host }}:{{ splunk_s2s_port }}, {% endfor %} +{% if splunk_enableSSL %} +sslCommonNameToCheck = {% for host in groups.all_splunk_instances %}{{ host }}, {% endfor %} +sslPassword = {{ splunk_ssl_cert_password }} +sslVerifyServerCert = true +{% endif %} \ No newline at end of file diff --git a/Splunk_Install/common/templates/forwarding_uf_outputs_conf.j2 b/Splunk_Install/common/templates/forwarding_uf_outputs_conf.j2 new file mode 100755 index 0000000..a714e83 --- /dev/null +++ b/Splunk_Install/common/templates/forwarding_uf_outputs_conf.j2 @@ -0,0 +1,19 @@ +# BASE SETTINGS + +[tcpout] +# Change here to specify the indexer group +defaultGroup = all_{{ splunk_app_prefix }}_indexer +forceTimebasedAutoLB = true +maxQueueSize = 7MB +useACK = true + +[tcpout:all_{{ splunk_app_prefix }}_indexer] +{% if splunk_enableSSL %} +clientCert = $SPLUNK_HOME/etc/apps/{{ app_name }}/{{ custom_cert_path }} +{% endif %} +server = {% for host in indexer_list %}{{ host }}:{{ splunk_s2s_port }}, {% endfor %} +{% if splunk_enableSSL %} +sslCommonNameToCheck = {% for host in indexer_list %}{{ host }}, {% endfor %} +sslPassword = {{ splunk_ssl_cert_password }} +sslVerifyServerCert = true +{% endif %} \ No newline at end of file diff --git a/Splunk_Install/common/templates/idx_indexes_base.j2 b/Splunk_Install/common/templates/idx_indexes_base.j2 new file mode 100755 index 0000000..7d92ebc --- /dev/null +++ b/Splunk_Install/common/templates/idx_indexes_base.j2 @@ -0,0 +1,5 @@ +# performance optimisation +[default] +journalCompression = zstd +tsidxWritingLevel = 4 + diff --git a/Splunk_Install/common/templates/idx_kvstore_base.j2 b/Splunk_Install/common/templates/idx_kvstore_base.j2 new file mode 100755 index 0000000..91223e7 --- /dev/null +++ b/Splunk_Install/common/templates/idx_kvstore_base.j2 @@ -0,0 +1,5 @@ +# kvstore not needed on indexers, let's disable it +# even when distributing collection via bundle, it won't be used on indexer as this use lookups in the background + +[kvstore] +disabled = true \ No newline at end of file diff --git a/Splunk_Install/common/templates/idx_web_base.j2 b/Splunk_Install/common/templates/idx_web_base.j2 new file mode 100755 index 0000000..dfe7c76 --- /dev/null +++ b/Splunk_Install/common/templates/idx_web_base.j2 @@ -0,0 +1,9 @@ +# In larger environments, where there are more than, say, three indexers, +# it's common to disable the Splunk UI. This helps avoid configuration issues +# caused by logging in to the UI to do something directly via the manager, +# as well as saving some system resources. + +[settings] +startwebserver = 0 +# avoid timeout when indexer loaded +splunkdConnectionTimeout = 120 diff --git a/Splunk_Install/common/templates/indexer_cluster.j2 b/Splunk_Install/common/templates/indexer_cluster.j2 new file mode 100755 index 0000000..b93d28f --- /dev/null +++ b/Splunk_Install/common/templates/indexer_cluster.j2 @@ -0,0 +1,10 @@ + +# clustering parameters are local and moved in a cluster specific package +# this can be a site specific if only one site per cluster + +[clustering] +master_uri = https://{{ groups.splunk_cluster_master[0] }}:{{ splunk_svc_port }} +mode = slave + +[replication_port://{{ splunk_replication_port }}] +disabled = false diff --git a/Splunk_Install/common/templates/indexer_multisite.j2 b/Splunk_Install/common/templates/indexer_multisite.j2 new file mode 100755 index 0000000..a0d328c --- /dev/null +++ b/Splunk_Install/common/templates/indexer_multisite.j2 @@ -0,0 +1,15 @@ +# This app is expected to be layered on top of org_cluster_indexer_base; +# the settings there establish the general relationship with the master and +# set up clustered indexing behavior. This is another layer to provide the +# site number of the host, and to indicate that the clustering should be of +# the multi-site variety. + +# *** This app cannot be shipped via the master-apps mechanism; it would +# make all sites the same. Place it in etc/apps on the affected indexer. *** + +[general] +site = {{ splunk_site }} + +[clustering] +multisite = {{ splunk_multisite }} + diff --git a/Splunk_Install/common/templates/license_server_conf.j2 b/Splunk_Install/common/templates/license_server_conf.j2 new file mode 100755 index 0000000..efbe1b0 --- /dev/null +++ b/Splunk_Install/common/templates/license_server_conf.j2 @@ -0,0 +1,10 @@ +# In distributed environments, it's common to have a lone search head acting +# as the license master as well. In this configuration, providing the URI +# of the license master is easiest within the indexer_base configuration. +# In the event that there are multiple search heads, you could instead use +# the org_all_license app, shipped to the non-license SH, as well as all of +# the indexers. In either event, the settings are the same. + +[license] +master_uri = https://{{ groups.splunk_license_master[0] }}:{{ splunk_svc_port }} + diff --git a/Splunk_Install/common/templates/server_SSLconfig.j2 b/Splunk_Install/common/templates/server_SSLconfig.j2 new file mode 100755 index 0000000..c904964 --- /dev/null +++ b/Splunk_Install/common/templates/server_SSLconfig.j2 @@ -0,0 +1,12 @@ +[sslConfig] +sslRootCAPath = $SPLUNK_HOME/etc/auth/ca-cert.pem +enableSplunkdSSL = true +sslVersions = tls1.2 +serverCert = $SPLUNK_HOME/etc/auth/servercertificate.pem +# servercertificate.pem is a symlink to the real cert.pem on the instance + +sslPassword = {{ splunk_ssl_cert_password }} +requireClientCert = false + +sslVerifyServerCert = true +sslCommonNameToCheck = {% for host in groups.all_splunk_instances %}{{ host }}, {% endfor %} \ No newline at end of file diff --git a/Splunk_Install/common/templates/sh_idxcluster.j2 b/Splunk_Install/common/templates/sh_idxcluster.j2 new file mode 100755 index 0000000..945ab52 --- /dev/null +++ b/Splunk_Install/common/templates/sh_idxcluster.j2 @@ -0,0 +1,8 @@ +[clustering] +master_uri = https://{{ groups.splunk_cluster_master[0] }}:{{ splunk_svc_port }} +mode = searchhead +multisite = {{ splunk_multisite }} + +[general] +site = {{ splunk_site }} + diff --git a/Splunk_Install/common/templates/sh_shcluster.j2 b/Splunk_Install/common/templates/sh_shcluster.j2 new file mode 100755 index 0000000..13ab1ef --- /dev/null +++ b/Splunk_Install/common/templates/sh_shcluster.j2 @@ -0,0 +1,2 @@ +[replication_port://{{ splunk_shcluster_replication_port }}] + diff --git a/Splunk_Install/common/templates/uf_ssl_server_conf.j2 b/Splunk_Install/common/templates/uf_ssl_server_conf.j2 new file mode 100755 index 0000000..7ff1cf2 --- /dev/null +++ b/Splunk_Install/common/templates/uf_ssl_server_conf.j2 @@ -0,0 +1,7 @@ +[sslConfig] +enableSplunkdSSL = true +requireClientCert = false +sslPassword = {{ splunk_ssl_cert_password }} +sslRootCAPath = $SPLUNK_HOME/etc/apps/{{ splunk_app_prefix }}_uf_ssl/certs/ca-cert.pem +serverCert = $SPLUNK_HOME/etc/apps/{{ splunk_app_prefix }}_uf_ssl/certs/splunk_universal_forwarder-cert-concatenated.pem +sslVersions = tls1.2 \ No newline at end of file diff --git a/Splunk_Install/common/templates/web_sslConfig.j2 b/Splunk_Install/common/templates/web_sslConfig.j2 new file mode 100755 index 0000000..c3b7527 --- /dev/null +++ b/Splunk_Install/common/templates/web_sslConfig.j2 @@ -0,0 +1,5 @@ +[settings] +enableSplunkWebSSL = true +privKeyPath = $SPLUNK_HOME/etc/auth/web-nopwd-key.pem +serverCert = $SPLUNK_HOME/etc/auth/web-servercertificate.pem +sslVersions = tls1.2 \ No newline at end of file diff --git a/Splunk_Install/inventories/cluster/group_vars/vars.yml b/Splunk_Install/inventories/cluster/group_vars/vars.yml new file mode 100755 index 0000000..565f6c8 --- /dev/null +++ b/Splunk_Install/inventories/cluster/group_vars/vars.yml @@ -0,0 +1,49 @@ +--- +ansible_user: admin +privileged_user: root +retry_num: 3 +delay_num: 3 +hide_password: false + +ansible_script_version: 1.0 +author: VABOS + +splunk_upgrade: false + +splunk_home_ownership_enforcement: true +splunk_user: splunk +splunk_group: splunk +splunk_build_location: /tmp/splunk +splunk_build_location_uf: /tmp/splunk +splunk_build_remote_src: true +splunk_build_type: tgz +splunk_opt: /opt +splunk_home: /opt/splunk +splunk_home_uf: /opt/splunkforwarder +splunk_exec: /opt/splunk/bin/splunk +splunk_exec_uf: /opt/splunkforwarder/bin/splunk +splunk_enable_service: false +splunk_password: Adm1nPa$$w0rd +splunk_admin_user: adminsplunk +splunk_general_pass4SymmKey: Asf#oQcAjOAnw^#zCE#Nd2R0#27j0@ +splunk_secret: 6XHPsFI2^jsYI&^ITvxzk#SZBcr1^n +splunk_svc_port: 8089 +splunk_http_port: 8000 +splunk_enableSSL: true +splunk_ssl_cert_password: CHANGEME +splunk_ssl_generate_cert: false +splunk_ssl_generate_root_cert: false +splunk_s2s_port: 9997 +splunk_replication_port: 9100 +splunk_shcluster_replication_port: 9200 +splunk_shcluster_mode: member + +splunk_optimistic_about_file_locking: true +splunk_single_instance: false + +#splunk_site: site0 +#splunk_multisite: false +#splunk_license_uri: /splunk_apps/splunk.license + +splunk_idxc_pass4SymmKey: 1nZ7lubH^KTqKyS3#h5Ad9V^Xkrttq +splunk_app_prefix: SPL \ No newline at end of file diff --git a/Splunk_Install/inventories/cluster/hosts_IDN-MQ.yml b/Splunk_Install/inventories/cluster/hosts_IDN-MQ.yml new file mode 100755 index 0000000..014224d --- /dev/null +++ b/Splunk_Install/inventories/cluster/hosts_IDN-MQ.yml @@ -0,0 +1,10 @@ + all_splunk_instances: + children: + splunk_uf_Linux: + hosts: + SVL4Q2SUPPFI01.unit-n.edf.fr: + SVL4Q2SUPPFI02.unit-n.edf.fr: + SVL4Q2SUPPFS01.unit-n.edf.fr: + SVL4Q2SUPPFS02.unit-n.edf.fr: + splunk_uf_Windows: + hosts: \ No newline at end of file diff --git a/Splunk_Install/inventories/cluster/hosts_IDN.yml b/Splunk_Install/inventories/cluster/hosts_IDN.yml new file mode 100755 index 0000000..97100c6 --- /dev/null +++ b/Splunk_Install/inventories/cluster/hosts_IDN.yml @@ -0,0 +1,10 @@ + all_splunk_instances: + children: + splunk_uf_Linux: + hosts: + SVL4Q1SUPPFI01.unit-n.edf.fr: + SVL4Q1SUPPFI02.unit-n.edf.fr: + SVL4Q1SUPPFS01.unit-n.edf.fr: + SVL4Q1SUPPFS02.unit-n.edf.fr: + splunk_uf_Windows: + hosts: \ No newline at end of file diff --git a/Splunk_Install/inventories/cluster/hosts_IDT.yml b/Splunk_Install/inventories/cluster/hosts_IDT.yml new file mode 100755 index 0000000..fd11228 --- /dev/null +++ b/Splunk_Install/inventories/cluster/hosts_IDT.yml @@ -0,0 +1,30 @@ + all_splunk_instances: + children: + splunk_uf_Linux: + hosts: + SVLTQTSUPPFI01.unit-t.edf.fr: + SVLTQTSUPPFI02.unit-t.edf.fr: + SVLTQTSUPPFS01.unit-t.edf.fr: + SVLTQTSUPPFS02.unit-t.edf.fr: + splunk_uf_Windows: + hosts: + SVWTQTAUTATS01.unit-t.edf.fr: + SVWTQTAUTAUS01.unit-t.edf.fr: + SVWTQTDAPSRV01.unit-t.edf.fr: + SVWTQTPARIDT01.unit-t.edf.fr: + SVWTQTPMDREI01.unit-t.edf.fr: + SVWTQTPMDREP01.unit-t.edf.fr: + SVWTQTPMDRES01.unit-t.edf.fr: + SVWTQTPMDRII01.unit-t.edf.fr: + SVWTQTPMDRIS01.unit-t.edf.fr: + SVWTQTSNCC01.unit-t.edf.fr: + SVWTQTSUPLS-01.unit-t.edf.fr: + SVWTQTSVSVMB01.unit-t.edf.fr: + SVWTQTTDIFTP02.unit-t.edf.fr: + SVWTQTTDIOPP01.unit-t.edf.fr: + SVWTQTTDIPIC01.unit-t.edf.fr: + SVWTQTTDIPIC02.unit-t.edf.fr: + SVWTQTTDITS101.unit-t.edf.fr: + SVWTQTTDIVND01.unit-t.edf.fr: + SVWTQTTDIVND02.unit-t.edf.fr: + SVWTQTVIDSRV01.unit-t.edf.fr: diff --git a/Splunk_Install/inventories/cluster/hosts_TIC.yml b/Splunk_Install/inventories/cluster/hosts_TIC.yml new file mode 100755 index 0000000..f54bab7 --- /dev/null +++ b/Splunk_Install/inventories/cluster/hosts_TIC.yml @@ -0,0 +1,48 @@ + all_splunk_instances: + children: + splunk_search_head: + hosts: + SVLCTMLOGPUB01.unit-c.edf.fr: + SVLCTMLOGPUB02.unit-c.edf.fr: + splunk_indexer: + hosts: + SVLCTMLOGIDX01.unit-c.edf.fr: + SVLCTMLOGIDX02.unit-c.edf.fr: + splunk_licence_master: + hosts: + SVLCTMLOGCLM01.unit-c.edf.fr: + splunk_uf_Linux: + hosts: + SVLCTMSUPPFI01.unit-c.edf.fr: + SVLCTMSUPPFI02.unit-c.edf.fr: + splunk_uf_Windows: + hosts: + SVWCTMSUPMLS01.unit-c.edf.fr: + SVWCMSEPM.unit-c.edf.fr: + SVWCTMAUTADC01.unit-c.edf.fr: + SVWCTMAUTADC02.unit-c.edf.fr: + SVWCTMAUTVSB01.unit-c.edf.fr: + SVWCTMPAVMGR01.unit-c.edf.fr: + SVWCTMPMDRBD01.unit-c.edf.fr: + SVWCTMPMDRDS01.unit-c.edf.fr: + SVWCTMSUPMLS02.unit-c.edf.fr: + SVWCTMSUPPUB01.unit-c.edf.fr: + SVWCTMSUPPUB02.unit-c.edf.fr: + SVWCTMSVSMGR01.unit-c.edf.fr: + SVWCTMSVSSUP01.unit-c.edf.fr: + SVWCTMSVSVMB01.unit-c.edf.fr: + SVWUTMAUTADC01.unimaq.edf.fr: + SVWUTMAUTADC02.unimaq.edf.fr: + SVWUTMAUTADU01.unimaq.edf.fr: + SVWUTMAUTADU02.unimaq.edf.fr: + SVWCTMAUTRAD01.unit-c.edf.fr: + + splunk_deployement: + hosts: + SVLCTMLOGSUP01.unit-c.edf.fr: + splunk_monitoring: + hosts: + SVLCTMLOGSUP01.unit-c.edf.fr: + splunk_cluster_master: + hosts: + SVLCTMLOGCLM01.unit-c.edf.fr: \ No newline at end of file diff --git a/Splunk_Install/inventories/cluster/hosts_TIH.yml b/Splunk_Install/inventories/cluster/hosts_TIH.yml new file mode 100755 index 0000000..de69219 --- /dev/null +++ b/Splunk_Install/inventories/cluster/hosts_TIH.yml @@ -0,0 +1,49 @@ + all_splunk_instances: + children: + splunk_indexer: + hosts: + SVLHTMLOGIDX01.unit-h.edf.fr: + SVLHTMLOGIDX02.unit-h.edf.fr: + splunk_uf_Linux: + hosts: + SVLHTMSUPPFI01.unit-h.edf.fr: + SVLHTMSUPPFI02.unit-h.edf.fr: + SVLHTMSUPPFI03.unit-h.edf.fr: + SVLHTMSUPPFI04.unit-h.edf.fr: + SVLHTMSUPPFI05.unit-h.edf.fr: + SVLHTMSUPPFI06.unit-h.edf.fr: + SVLHTMSUPPFI07.unit-h.edf.fr: + SVLHTMSUPPFI08.unit-h.edf.fr: + SVLHTMSUPPFI09.unit-h.edf.fr: + SVLHTMSUPPFI10.unit-h.edf.fr: + SVLHTMSUPPFI11.unit-h.edf.fr: + SVLHTMSUPPFI12.unit-h.edf.fr: + SVLHTMSUPPFI13.unit-h.edf.fr: + SVLHTMSUPPFI14.unit-h.edf.fr: + SVLHTMSUPPFI15.unit-h.edf.fr: + SVLHTMSUPPFI16.unit-h.edf.fr: + SVLHTMSUPPFI17.unit-h.edf.fr: + SVLHTMSUPPFI18.unit-h.edf.fr: + SVLHTMSUPPFI19.unit-h.edf.fr: + SVLHTMSUPPFI20.unit-h.edf.fr: + splunk_uf_Windows: + hosts: + SVWUTMAUTADH01.unit-h.edf.fr: + SVWUTMAUTADH02.unit-h.edf.fr: + SVWHTMALADAC01.unit-h.edf.fr: + SVWHTMALADAC02.unit-h.edf.fr: + SVWHTMAUTADC03.unit-h.edf.fr: + SVWHTMAUTRAD01.unit-h.edf.fr: + SVWHTMPARTIH01.unit-h.edf.fr: + SVWHTMSUPLS-01.unit-h.edf.fr: + SVWHTMSUPLS-02.unit-h.edf.fr: + SVWHTMSUPPUB01.unit-h.edf.fr: + SVWHTMPMDRBD01.unit-h.edf.fr: + SVWHTMAUTADC01.unit-h.edf.fr: + SVWHTMAUTADC02.unit-h.edf.fr: + SVWHTMAUTRAD31.unit-h.edf.fr: + SVWHTMAUTRAD99.unit-h.edf.fr: + + splunk_cluster_master: + hosts: + SVLHTMLOGCLM01.unit-h.edf.fr: \ No newline at end of file diff --git a/Splunk_Install/inventories/cluster/hosts_TIN.yml b/Splunk_Install/inventories/cluster/hosts_TIN.yml new file mode 100755 index 0000000..a5e43ff --- /dev/null +++ b/Splunk_Install/inventories/cluster/hosts_TIN.yml @@ -0,0 +1,21 @@ + all_splunk_instances: + children: + splunk_indexer: + hosts: + SVL4TMLOGIDX01.unit-n.edf.fr: + SVL4TMLOGIDX02.unit-n.edf.fr: + splunk_uf_Linux: + hosts: + SVL4TMSUPPFI01.unit-n.edf.fr: + SVL4TMSUPPFI02.unit-n.edf.fr: + SVL4TMSUPPFI03.unit-n.edf.fr: + SVL4TMSUPPFI04.unit-n.edf.fr: + SVL4TMSUPPFI05.unit-n.edf.fr: + SVL4TMSUPPFI06.unit-n.edf.fr: + SVL4TMSUPPFI07.unit-n.edf.fr: + SVL4TMSUPPFI08.unit-n.edf.fr: + splunk_uf_Windows: + hosts: + splunk_cluster_master: + hosts: + SVL4TMLOGCLM01.unit-n.edf.fr: \ No newline at end of file diff --git a/Splunk_Install/inventories/cluster/hosts_TIT.yml b/Splunk_Install/inventories/cluster/hosts_TIT.yml new file mode 100755 index 0000000..56ebfa8 --- /dev/null +++ b/Splunk_Install/inventories/cluster/hosts_TIT.yml @@ -0,0 +1,37 @@ + all_splunk_instances: + children: + splunk_indexer: + hosts: + SVLTTMLOGIDX01.unit-t.edf.fr: + SVLTTMLOGIDX02.unit-t.edf.fr: + splunk_uf_Linux: + hosts: + SVLTTMSUPPFI01.unit-t.edf.fr: + SVLTTMSUPPFI02.unit-t.edf.fr: + SVLTTMSUPPFI03.unit-t.edf.fr: + SVLTTMSUPPFI04.unit-t.edf.fr: + SVLTTMSUPPFI05.unit-t.edf.fr: + SVLTTMSUPPFI06.unit-t.edf.fr: + SVLTTMSUPPFI07.unit-t.edf.fr: + SVLTTMSUPPFI08.unit-t.edf.fr: + SVLTTMSUPPFI09.unit-t.edf.fr: + SVLTTMSUPPFI10.unit-t.edf.fr: + splunk_uf_Windows: + hosts: + SVWUTMAUTADH01.unit-t.edf.fr: + SVWUTMAUTADH02.unit-t.edf.fr: + SVWHTMALADAC01.unit-t.edf.fr: + SVWHTMALADAC02.unit-t.edf.fr: + SVWHTMAUTADC03.unit-t.edf.fr: + SVWHTMAUTRAD01.unit-t.edf.fr: + SVWHTMPARTIH01.unit-t.edf.fr: + SVWHTMSUPLS-01.unit-t.edf.fr: + SVWHTMSUPLS-02.unit-t.edf.fr: + SVWHTMSUPPUB01.unit-t.edf.fr: + SVWHTMPMDRBD01.unit-t.edf.fr: + SVWHTMAUTADC01.unit-t.edf.fr: + SVWHTMAUTADC02.unit-t.edf.fr: + + splunk_cluster_master: + hosts: + SVLTTMLOGCLM01.unit-t.edf.fr: \ No newline at end of file diff --git a/Splunk_Install/inventories/group_vars_all.yml.spec b/Splunk_Install/inventories/group_vars_all.yml.spec new file mode 100755 index 0000000..a101074 --- /dev/null +++ b/Splunk_Install/inventories/group_vars_all.yml.spec @@ -0,0 +1,107 @@ +--- +# user used by ansible on client +ansible_user: admin +# number of retry for a command +retry_num: 3 +# delay in sec between 2 retry +delay_num: 3 +# password visible in std_out +hide_password: false + +# version use for all the auto_generated_apps +ansible_script_version: 1.0 +# author displayed in all the auto_generated_apps +author: Louis-Marie NOGUES +# prefix set in the name of all the auto generated apps +splunk_app_prefix: ansbl + +create_base_apps: true + +### SPLUNK BASIC INSTALL ### +# apply the chwon +splunk_home_ownership_enforcement: true +# cli user for splunk +splunk_user: splunk +splunk_group: splunk +# path to the package on ansible host +splunk_build_location: /mnt/e/prj/splunk/splunk-7.3.2-c60db69f8e32-Linux-x86_64.tgz +# /mnt/e/prj/splunk/splunk-8.0.0-1357bef0a7f6-Linux-x86_64.tgz +# path is a http link +splunk_build_remote_src: false +# splunk path +splunk_opt: /opt +splunk_home: /opt/splunk +splunk_exec: /opt/splunk/bin/splunk + +### SPLUNK BASIC CONFIG ### + +# start splunk as a service +splunk_enable_service: true + +# splunk admin info +splunk_password: +splunk_admin_user: admin + +# splunk default configuration +splunk_general_pass4SymmKey: +splunk_secret: +splunk_svc_port: 8089 +splunk_http_port: 8000 +splunk_s2s_port: 9997 +splunk_disable_kvstore_on_idx: false +splunk_disable_web_on_idx: false + +# default site, can be override on each host_vars +splunk_license_uri: + - + - + +### SPLUNK BASIC SSL ### +splunk_enableSSL: false +splunk_ssl_cert_password: password +splunk_ssl_generate_cert: false +splunk_ssl_generate_root_cert: false + +### SPLUNK INDEX CLUSTERING ### +splunk_indexer_cluster: true +splunk_replication_port: 9100 +splunk_site: site0 +splunk_multisite: true +splunk_idxc_pass4SymmKey: +splunk_search_factor: +splunk_replication_factor: +splunk_idx_discovery_pass4SymmKey: +splunk_idxcluster_label: +splunk_all_sites: site1,site2 +splunk_multisite_replication_factor_origin: +splunk_multisite_replication_factor_total: +splunk_multisite_search_factor_origin: +splunk_multisite_search_factor_total: + +### SPLUNK SH CLUSTERING ### +splunk_search_head_cluster: true +splunk_shcluster_replication_port: 9200 +splunk_shcluster_mode: member +splunk_shcluster_label: +splunk_shcluster_pass4SymmKey: +splunk_shcluster_election: false + +### PREMIUM APPS ### + +## ITSI ## +# Flag to trigger installation of Premium Apps +splunk_itsi: True +# local_path for the itsi package +splunk_itsi_local_path: + +### JAVA ### +# which version of java to be installed (oracle:8,openjdk:8,openjdk:11,openjdk:13,openjdk:9 (windows)) +java_version: openjdk:11 +java_update_version: 11.0.2 +java_download_url: /mnt/e/prj/splunk/tools/openjdk-11.0.2_linux-x64_bin.tar.gz +java_download_url_remote: false + + +# add optimitstic_about_file_locking flag in the splunk splunk-launch.conf +# usefull for docker + Windows +splunk_optimistic_about_file_locking: false \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common/handlers/main.yml b/Splunk_Install/roles/splunk_common/handlers/main.yml new file mode 100755 index 0000000..fd2f43a --- /dev/null +++ b/Splunk_Install/roles/splunk_common/handlers/main.yml @@ -0,0 +1,4 @@ +--- +# handlers file for splunk_common +- name: "Restart the splunkd service" + include_tasks: "{{ playbook_dir }}/common/handlers/restart_splunk.yml" diff --git a/Splunk_Install/roles/splunk_common/tasks/install_splunk.yml b/Splunk_Install/roles/splunk_common/tasks/install_splunk.yml new file mode 100755 index 0000000..7c08fc4 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/install_splunk.yml @@ -0,0 +1,39 @@ +--- +- name: Remove old manifest files + file: + path: "{{ item.path }}" + state: "absent" + ignore_errors: yes + become: yes + become_user: "{{ privileged_user }}" + with_items: + - "{{ manifests.files }}" + when: splunk_upgrade | bool + +- name: Remove old directories + file: + path: "{{ item }}" + state: "absent" + ignore_errors: yes + become: yes + become_user: "{{ privileged_user }}" + with_items: + - "{{ splunk_home }}/bin" + - "{{ splunk_home }}/lib" + - "{{ splunk_home }}/share" + - "{{ splunk_home }}/Python-2.7" + when: splunk_upgrade | bool + +- name: Install Splunk + include_tasks: install_tasks/install_splunk_{{ splunk_build_type }}.yml + +- name: Remove installers + file: + dest: "{{ item }}" + state: "absent" + ignore_errors: yes + become: yes + become_user: "{{ privileged_user }}" + with_items: + - "{{ splunk_build_location }}" + - "/tmp/splunk_msi" diff --git a/Splunk_Install/roles/splunk_common/tasks/install_tasks/install_splunk_msi.yml b/Splunk_Install/roles/splunk_common/tasks/install_tasks/install_splunk_msi.yml new file mode 100755 index 0000000..5f9df3b --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/install_tasks/install_splunk_msi.yml @@ -0,0 +1,7 @@ +- name: Install Splunk (Windows) + command: "msiexec /I {{ splunk_build_location }}" AGREETOLICENSE=yes LAUNCHSPLUNK=0 /passive /qn" + when: ansible_system is match("CYGWIN*|Win32NT") + register: install_result + until: install_result is succeeded + retries: "{{ retry_num }}" + delay: 3 \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common/tasks/install_tasks/install_splunk_tgz.yml b/Splunk_Install/roles/splunk_common/tasks/install_tasks/install_splunk_tgz.yml new file mode 100755 index 0000000..793d207 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/install_tasks/install_splunk_tgz.yml @@ -0,0 +1,13 @@ +- name: Install Splunk (Linux) + unarchive: + src: "{{ splunk_build_location }}" + dest: "{{ splunk_opt }}" + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + remote_src: "{{ splunk_build_remote_src }}" + register: install_result + until: install_result is succeeded + retries: " {{ retry_num}}" + delay: 3 + become: yes + become_user: "{{ privileged_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common/tasks/main.yml b/Splunk_Install/roles/splunk_common/tasks/main.yml new file mode 100755 index 0000000..4233414 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/main.yml @@ -0,0 +1,138 @@ +--- +- name: Check if splunk user exists + getent: + database: passwd + key: "{{ splunk_user }}" + fail_key: yes + register: user_exist + ignore_errors: true + become: yes + +- name: Setup the splunk user + user: + name: "{{ splunk_user }}" + comment: Splunk User + shell: /bin/bash + generate_ssh_key: yes + ssh_key_bits: 2048 + ssh_key_file: .ssh/id_rsa + state: present + when: user_exist["failed"] == true + become: yes + become_user: "{{ privileged_user }}" + +- name: Changing Splunk directory Owner + include_tasks: pre_install_subtasks/change_splunk_directory_owner.yml + when: + - ansible_system is match("Linux") + - splunk_home_ownership_enforcement is defined + - splunk_home_ownership_enforcement | bool + +- name: Stop existing Splunk + include_tasks: stop_splunk.yml + when: + - splunk_upgrade | bool + +# Below we will either install or upgrade, which at this moment is the same task. +- name: "Install Splunk" + include_tasks: install_splunk.yml + when: + - splunk_install | bool or (first_run | bool and splunk_build_location and splunk_build_location is match("^(https?|file)://.*")) + +- name: "Upgrade Splunk" + include_tasks: install_splunk.yml + when: + - not splunk_install + - not first_run + - splunk_upgrade | bool + +- name: Remove First Login + include_tasks: post_install_subtasks/remove_first_login.yml + when: + - first_run | bool + +# This needs to be done before any encrypted passkeys are generated +- name: setup splunk_secret + include_tasks: post_install_subtasks/set_splunk_secret.yml + when: + - first_run | bool + +- name: Generate user_seed.conf + include_tasks: post_install_subtasks/set_user_seed.yml + when: + - first_run | bool + +- name: setup the [general] pass4SymmKey in system/local + include_tasks: "{{ playbook_dir }}/common/tasks/set_conf_stanza.yml" + vars: + conf_file: "server.conf" + conf_directory: "{{ splunk_home }}/etc/system/local" + stanza_name: general + conf_stanzas: + - pass4SymmKey: "{{ splunk_general_pass4SymmKey }}" + +- name: Enable Splunk Service + include_tasks: post_install_subtasks/enable_service.yml + when: + - splunk_enable_service and ansible_system is match("Linux") + - first_run | bool + +- name: Setup HTTP port + include_tasks: post_install_subtasks/set_http_port.yml + when: + - splunk_http_port | int != 8000 + +- name: Setup MGMT port + include_tasks: post_install_subtasks/set_mgmt_port.yml + when: + - splunk_svc_port | int != 8089 + +- name : Setup SSL + include_tasks: post_install_subtasks/configure_ssl_on_splunk.yml + when: + - splunk_enableSSL | bool + - first_run | bool + +- name: Setup Optimistic locking + include_tasks: post_install_subtasks/setup_optimistic_locking.yml + when: + - splunk_optimistic_about_file_locking + +- name: "Add generic ssl apps" + copy: + src: "{{ playbook_dir }}/splunk_apps/base_ssl_apps/" + dest: "{{ splunk_home }}/etc/apps/" + group: "{{ splunk_group }}" + owner: "{{ splunk_user }}" + follow: yes + local_follow: yes + become: yes + become_user: "{{ privileged_user }}" + when: + - splunk_enableSSL | bool + +- name: Start Splunk + include_tasks: start_splunk.yml + +- name: setup http or https for further processing + include_tasks: "{{ playbook_dir }}/common/tasks/set_certificate_prefix.yml" + when : + - cert_prefix is not defined + +- name: setup root_endpoint for further processing + include_tasks: post_install_subtasks/set_root_endpoint.yml + when: + - splunk_root_endpoint is defined + - splunk_root_endpoint != None + - first_run | bool + +- name: Clean user_seed.conf + include_tasks: post_install_subtasks/clean_user_seed.yml + when: + - first_run | bool + +- name: Get splunk.secret if not provided initially + include_tasks: post_install_subtasks/register_splunk_secret.yml + when: + - first_run | bool + - splunk_secret is undefined or splunk_secret is none \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/clean_user_seed.yml b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/clean_user_seed.yml new file mode 100755 index 0000000..b0aa661 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/clean_user_seed.yml @@ -0,0 +1,7 @@ +--- +- name: Remove user-seed.conf + file: + dest: "{{ splunk_home }}/etc/system/local/user-seed.conf" + state: "absent" + notify: + - Restart the splunkd service diff --git a/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/configure_ssl_on_splunk.yml b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/configure_ssl_on_splunk.yml new file mode 100755 index 0000000..137e91a --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/configure_ssl_on_splunk.yml @@ -0,0 +1,48 @@ +--- +- name: "Transmit certificates from host" + copy: + src: "{{ playbook_dir }}/ssl/{{ item }}" + dest: "{{ splunk_home }}/etc/auth/{{ item }}" + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + local_follow: true + mode: 0400 + loop: + - ca-cert.pem + - ca-key.pem + - "{{ inventory_hostname }}-cert-concatenated.pem" + - "{{ inventory_hostname }}-cert-concatenated-web.pem" + - "{{ inventory_hostname }}-nopwd-key.pem" + become: yes + become_user: "{{ privileged_user }}" + +- name: "Rename Server certificate for simplified usage via symbolic link" + file: + src: "{{ splunk_home }}/etc/auth/{{ inventory_hostname }}-cert-concatenated.pem" + dest: "{{ splunk_home }}/etc/auth/servercertificate.pem" + state: link + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + become: yes + become_user: "{{ privileged_user }}" + +- name: "Rename Web Server certificate for simplified usage via symbolic link" + file: + src: "{{ splunk_home }}/etc/auth/{{ inventory_hostname }}-cert-concatenated-web.pem" + dest: "{{ splunk_home }}/etc/auth/web-servercertificate.pem" + state: link + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + become: yes + become_user: "{{ privileged_user }}" + + +- name: "Rename Web Server certificate Key for simplified usage via symbolic link" + file: + src: "{{ splunk_home }}/etc/auth/{{ inventory_hostname }}-nopwd-key.pem" + dest: "{{ splunk_home }}/etc/auth/web-nopwd-key.pem" + state: link + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + become: yes + become_user: "{{ privileged_user }}" diff --git a/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/enable_service.yml b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/enable_service.yml new file mode 100755 index 0000000..d3256dc --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/enable_service.yml @@ -0,0 +1,109 @@ +--- +- name: "Retrieve PID 1 process information (Linux)" + command: "ps 1" + register: pid1 + when: ansible_system is match("Linux") + +- name: "Retrieve Splunk version" + command: "{{ splunk_exec }} version --accept-license --answer-yes --no-prompt" + register: installed_splunk_version + when: ansible_system is match("Linux") + become: yes + become_user: "{{ splunk_user }}" + +- name: "Set installed version fact" + set_fact: + installed_splunk_version: "{{ installed_splunk_version.stdout | regex_search(regexp, '\\1') }}" + vars: + regexp: 'Splunk\s((\d+)\.(\d+)\.(\d+)).*' + when: ansible_system is match("Linux") + +- name: "Enable service via boot-start - Linux (systemd)" + become: yes + become_user: "{{ privileged_user }}" + command: "{{ splunk_exec }} enable boot-start -systemd-managed 1 -user {{ splunk_user }} --accept-license --answer-yes --no-prompt" + when: + - ansible_system is match("Linux") + - pid1.stdout.find("systemd") != -1 + - installed_splunk_version[0] is version("7.2.2", ">=") + +# Using service file approach for systemd rather than 'boot-start' with +# 'systemd-unit-file-name' option because cli's versions older than 7.2.2 do +# not implement systemd in boot-start command. +- name: "Copy Splunkd unit file - Linux (systemd)" + template: + src: Splunkd.service.j2 + dest: /etc/systemd/system/Splunkd.service + owner: "{{ privileged_user }}" + group: "{{ privileged_user }}" + mode: 0644 + become: yes + become_user: "{{ privileged_user }}" + when: + - ansible_system is match("Linux") + - pid1.stdout.find("systemd") != -1 + - installed_splunk_version[0] is version("7.2.2", "<") + +- name: "Reload daemons via systemctl - Linux (systemd)" + become: yes + become_user: "{{ privileged_user }}" + systemd: + daemon-reload: yes + name: Splunkd.service + enabled: true + when: + - ansible_system is match("Linux") + - pid1.stdout.find('systemd') != -1 + +- name: "Enable service via boot-start - Linux (init)" + become: yes + become_user: "{{ privileged_user }}" + command: "{{ splunk_exec }} enable boot-start -user {{ splunk_user }} --accept-license --answer-yes --no-prompt" + when: + - ansible_system is match("Linux") + - pid1.stdout.find('systemd') == -1 + +- name: "Enable service via boot-start - Windows" + command: "{{ splunk_exec }} enable boot-start -user {{ splunk_user }} --accept-license --answer-yes --no-prompt" + when: ansible_os_family == "Windows" + +- name: add splunk user to sudoer for systemd + lineinfile: + path: /etc/sudoers + state: present + line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl restart Splunkd.service" + when: + - ansible_system is match("Linux") + - pid1.stdout.find("systemd") != -1 + become: yes + +- name: add splunk user to sudoer for systemd + lineinfile: + path: /etc/sudoers + state: present + line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl start Splunkd.service" + + when: + - ansible_system is match("Linux") + - pid1.stdout.find("systemd") != -1 + become: yes + +- name: add splunk user to sudoer for systemd + lineinfile: + path: /etc/sudoers + state: present + line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl stop Splunkd.service" + when: + - ansible_system is match("Linux") + - pid1.stdout.find("systemd") != -1 + become: yes + +- name: add splunk user to sudoer for systemd + lineinfile: + path: /etc/sudoers + state: present + line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl status Splunkd.service" + when: + - ansible_system is match("Linux") + - pid1.stdout.find("systemd") != -1 + become: yes diff --git a/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/install_java.yml b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/install_java.yml new file mode 100755 index 0000000..bca5d89 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/install_java.yml @@ -0,0 +1,30 @@ +--- +- name: Install Oracle8 JDK + include_tasks: java_tasks/install_oracle8_jdk.yml + when: + - java_version == "oracle:8" + - ansible_system is match("Linux") + +- name: Install Openjdk8 JDK + include_tasks: java_tasks/install_openjdk8_jdk.yml + when: + - java_version == "openjdk:8" + - ansible_system is match("Linux") + +- name: Install Openjdk11 JDK + include_tasks: java_tasks/install_openjdk11_jdk.yml + when: + - java_version == "openjdk:11" + - ansible_system is match("Linux") + +- name: Install Openjdk13 JDK + include_tasks: java_tasks/install_openjdk11_jdk.yml + when: + - java_version == "openjdk:13" + - ansible_system is match("Linux") + +- name: Install Openjdk9 JDK for Windows + include_tasks: java_tasks/install_openjdk9_jdk_windows.yml + when: + - java_version == "openjdk:9" + - ansible_system is match("CYGWIN*|Win32NT") diff --git a/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/register_splunk_secret.yml b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/register_splunk_secret.yml new file mode 100755 index 0000000..85db2a6 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/register_splunk_secret.yml @@ -0,0 +1,21 @@ +--- + +# - name: Get the Splunk secret +# shell: cat "{{ splunk_home }}/etc/auth/splunk.secret" +# register: splunk_secret_content +# when: +# - splunk_secret is undefined or splunk_secret is none +# - not tmp_splunk_secret.stat.exists +# become: yes +# become_user: "{{ privileged_user }}" + +- name: register Splunk secret for use on other hosts + fetch: + src: "{{ splunk_home }}/etc/auth/splunk.secret" + dest: "/tmp/splunk_secret" + flat: yes + become: yes + become_user: "{{ privileged_user }}" + when: + - splunk_secret is undefined or splunk_secret is none + - not tmp_splunk_secret.stat.exists diff --git a/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/remove_first_login.yml b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/remove_first_login.yml new file mode 100755 index 0000000..e7e3e7b --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/remove_first_login.yml @@ -0,0 +1,10 @@ +--- +- name: "Create .ui_login" + file: + path: "{{ splunk_home }}/etc/.ui_login" + state: touch + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + mode: "u=rw,g=,o=" + become: yes + become_user: "{{ splunk_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_http_port.yml b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_http_port.yml new file mode 100755 index 0000000..e361809 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_http_port.yml @@ -0,0 +1,8 @@ +--- +- name: Set HTTP Port + ini_file: + dest: "{{ splunk_home }}/etc/system/local/web.conf" + section: settings + option: "httpport" + value: "{{ splunk_http_port }}" + diff --git a/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_mgmt_port.yml b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_mgmt_port.yml new file mode 100755 index 0000000..e958959 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_mgmt_port.yml @@ -0,0 +1,7 @@ +--- +- name: Set mgmt port + ini_file: + dest: "{{ splunk_home }}/etc/system/local/web.conf" + section: settings + option: "mgmtHostPort" + value: "127.0.0.1:{{ splunk_svc_port }}" diff --git a/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_root_endpoint.yml b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_root_endpoint.yml new file mode 100755 index 0000000..7e8a4aa --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_root_endpoint.yml @@ -0,0 +1,19 @@ +--- +- name: Set root endpoint + uri: + url: "{{ cert_prefix }}://127.0.0.1:{{ splunk_svc_port }}/servicesNS/nobody/system/configs/conf-web/settings" + method: POST + user: "{{ splunk_admin_user }}" + password: "{{ splunk_password }}" + validate_certs: false + body: + root_endpoint: "{{ splunk_root_endpoint }}" + body_format: "form-urlencoded" + status_code: 200 + timeout: 10 + when: splunk_root_endpoint + register: set_root_endpoint + changed_when: set_root_endpoint.status == 200 + no_log: "{{ hide_password }}" + notify: + - Restart the splunkd service diff --git a/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_splunk_secret.yml b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_splunk_secret.yml new file mode 100755 index 0000000..0b1630e --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_splunk_secret.yml @@ -0,0 +1,35 @@ +--- + +- name: Set the Splunk secret from Config + copy: + dest: "{{ splunk_home }}/etc/auth/splunk.secret" + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + mode: 0400 + content: "{{ splunk_secret }}" + when: + - splunk_secret is defined and splunk_secret is not none + become: yes + become_user: "{{ privileged_user }}" + +# Checking that a splunk_secret exists on ansible host +- name: "Checking that a splunk_secret exists on ansible host" + local_action: stat path=/tmp/splunk_secret + register: tmp_splunk_secret + + become: yes + become_user: "{{ privileged_user }}" + + +- name: Set the Splunk secret from First Host + copy: + dest: "{{ splunk_home }}/etc/auth/splunk.secret" + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + mode: 0400 + src: "/tmp/splunk_secret" + when: + - splunk_secret is undefined or splunk_secret is none + - tmp_splunk_secret.stat.exists + become: yes + become_user: "{{ privileged_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_user_seed.yml b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_user_seed.yml new file mode 100755 index 0000000..4c554ba --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/set_user_seed.yml @@ -0,0 +1,42 @@ +--- +- name: "Hash the password" + command: "{{ splunk_exec }} hash-passwd {{ splunk_password }}" + register: hashed_pwd + changed_when: hashed_pwd.rc == 0 + become: yes + become_user: "{{ splunk_user }}" + no_log: "{{ hide_password }}" + +- name: "Generate user-seed.conf (Linux)" + ini_file: + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + dest: "{{ splunk_home }}/etc/system/local/user-seed.conf" + section: user_info + option: "{{ item.opt }}" + value: "{{ item.val }}" + with_items: + - { opt: "USERNAME", val: "{{ splunk_admin_user }}" } + - { opt: "HASHED_PASSWORD", val: "{{ hashed_pwd.stdout }}" } + loop_control: + label: "{{ item.opt }}" + when: ansible_system is match("Linux") + no_log: "{{ hide_password }}" + become: yes + become_user: "{{ splunk_user }}" + +- name: "Generate user-seed.conf (Windows)" + ini_file: + dest: "{{ splunk_home }}/etc/system/local/user-seed.conf" + section: user_info + option: "{{ item.opt }}" + value: "{{ item.val }}" + with_items: + - { opt: "USERNAME", val: "{{ splunk_admin_user }}" } + - { opt: "HASHED_PASSWORD", val: "{{ hashed_pwd.stdout }}" } + loop_control: + label: "{{ item.opt }}" + when: ansible_system is match("CYGWIN*|Win32NT") + no_log: "{{ hide_password }}" + become: yes + become_user: "{{ splunk_user }}" diff --git a/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/setup_optimistic_locking.yml b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/setup_optimistic_locking.yml new file mode 100755 index 0000000..99860c5 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/post_install_subtasks/setup_optimistic_locking.yml @@ -0,0 +1,7 @@ +- name: Ensure Optimistic locking is set to splunk-launch.conf + lineinfile: + path: "{{ splunk_home }}/etc/splunk-launch.conf" + regexp: "^OPTIMISTIC_ABOUT_FILE_LOCKING=" + line: OPTIMISTIC_ABOUT_FILE_LOCKING=1 + become: yes + become_user: "{{ privileged_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/change_splunk_directory_owner.yml b/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/change_splunk_directory_owner.yml new file mode 100755 index 0000000..b030bce --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/change_splunk_directory_owner.yml @@ -0,0 +1,10 @@ +--- +- name: Update Splunk directory owner + file: + path: "{{ splunk_home }}" + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + recurse: yes + state: directory + become: yes + become_user: "{{ privileged_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/config_lvm_idx.yml b/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/config_lvm_idx.yml new file mode 100755 index 0000000..4344c07 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/config_lvm_idx.yml @@ -0,0 +1,138 @@ +--- +- name: "Set privilege escalation user" + set_fact: + privileged_user: "{% if ansible_system is match('CYGWIN*|Win32NT') %}Administrator{% else %}root{% endif %}" + +### Initialisation des partitions + +- name: Init /dev/sdb + shell: "echo -e 'n\np\n1\n\n\nt\n8e\nw' | fdisk /dev/sdb" + become: yes + become_user: root + +- name: Init /dev/sdc + shell: "echo -e 'n\np\n1\n\n60G\nt\n8e\nw' | fdisk /dev/sdc" + become: yes + become_user: root + +- name: Init /dev/sdc + shell: "echo -e 'n\np\n2\n\n\nt\n8e\nw' | fdisk /dev/sdc" + become: yes + become_user: root + +### Config lvm for Splunk + +- name: Create PV + shell: "pvcreate /dev/sdb1" + become: yes + become_user: root + +- name: Create VG + shell: "vgcreate splunk_vg /dev/sdb1" + become: yes + become_user: root + +- name: Create LV + shell: "lvcreate -l+100%FREE -n lv_splunk splunk_vg" + become: yes + become_user: root + +- name: Create file system XFS + shell: "mkfs.xfs /dev/splunk_vg/lv_splunk" + become: yes + become_user: root + +- name: Mount /opt + shell: "mount /dev/splunk_vg/lv_splunk /opt" + become: yes + become_user: root + +- name: Add mount in fstab file + shell: "echo -e '/dev/mapper/splunk_vg-lv_splunk /opt xfs defaults 0 0' >> /etc/fstab" + become: yes + become_user: root + + +### Config lvm for HOT DATA + +- name: Create PV + shell: "pvcreate /dev/sdc1" + become: yes + become_user: root + +- name: Create VG + shell: "vgcreate data_vg /dev/sdc1" + become: yes + become_user: root + +- name: Create LV + shell: "lvcreate -l+100%FREE -n lv_data data_vg" + become: yes + become_user: root + +- name: Create file system XFS + shell: "mkfs.xfs /dev/data_vg/lv_data" + become: yes + become_user: root + +- name: Create directory data + shell: "mkdir /data" + become: yes + become_user: root + +- name: Create directory data/splunk_data + shell: "mkdir /data/splunk_data" + become: yes + become_user: root + +- name: Mount /data + shell: "mount /dev/data_vg/lv_data /data" + become: yes + become_user: root + +- name: Add mount in fstab file + shell: "echo -e '/dev/mapper/data_vg-lv_data /data xfs defaults 0 0' >> /etc/fstab" + become: yes + become_user: root + +### Config lvm for COLD DATA + +- name: Create PV + shell: "pvcreate /dev/sdc2" + become: yes + become_user: root + +- name: Create VG + shell: "vgcreate data_cold_vg /dev/sdc2" + become: yes + become_user: root + +- name: Create LV + shell: "lvcreate -l+100%FREE -n lv_data_cold data_cold_vg" + become: yes + become_user: root + +- name: Create file system XFS + shell: "mkfs.xfs /dev/data_cold_vg/lv_data_cold" + become: yes + become_user: root + +- name: Create directory data_cold + shell: "mkdir /data_cold" + become: yes + become_user: root + +- name: Create directory data_cold/splunk_data + shell: "mkdir /data_cold/splunk_data" + become: yes + become_user: root + +- name: Mount /opt + shell: "mount /dev/data_cold_vg/lv_data_cold /data_cold" + become: yes + become_user: root + +- name: Add mount in fstab file + shell: "echo -e '/dev/mapper/data_cold_vg-lv_data_cold /data_cold xfs defaults 0 0' >> /etc/fstab" + become: yes + become_user: root diff --git a/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/config_lvm_other.yml b/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/config_lvm_other.yml new file mode 100755 index 0000000..ce6c524 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/config_lvm_other.yml @@ -0,0 +1,43 @@ +--- +- name: "Set privilege escalation user" + set_fact: + privileged_user: "{% if ansible_system is match('CYGWIN*|Win32NT') %}Administrator{% else %}root{% endif %}" + +### Initialisation des partitions + +- name: Init /dev/sdb + shell: "echo -e 'n\np\n1\n\n\nt\n8e\nw' | fdisk /dev/sdb" + become: yes + become_user: root + +### Config lvm for Splunk + +- name: Create PV + shell: "pvcreate /dev/sdb1" + become: yes + become_user: root + +- name: Create VG + shell: "vgcreate splunk_vg /dev/sdb1" + become: yes + become_user: root + +- name: Create LV + shell: "lvcreate -l+100%FREE -n lv_splunk splunk_vg" + become: yes + become_user: root + +- name: Create file system XFS + shell: "mkfs.xfs /dev/splunk_vg/lv_splunk" + become: yes + become_user: root + +- name: Mount /opt + shell: "mount /dev/splunk_vg/lv_splunk /opt" + become: yes + become_user: root + +- name: Add mount in fstab file + shell: "echo -e '/dev/mapper/splunk_vg-lv_splunk /opt xfs defaults 0 0' >> /etc/fstab" + become: yes + become_user: root \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/get_facts.yml b/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/get_facts.yml new file mode 100755 index 0000000..150b64d --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/get_facts.yml @@ -0,0 +1,64 @@ +--- +- name: "Set privilege escalation user" + set_fact: + privileged_user: "{% if ansible_system is match('CYGWIN*|Win32NT') %}Administrator{% else %}root{% endif %}" + +- name: Copier la sources sur le client + get_url: + url: "https://{{ repo_url }}/{{ projet }}/{{ app_name }}" + dest: /tmp/ + username: "{{ repo_user }}" + password: "{{ repo_password }}" + validate_certs: false + +- name: "Check for existing installation" + stat: + path: "{{ splunk_exec }}" + become: yes + register: pre_existing_splunk_exec + +- name: "Set splunk install fact" + set_fact: + splunk_install: "{{ not pre_existing_splunk_exec.stat.exists | default(True) }}" + +- name: "Check for existing splunk secret" + stat: + path: "{{ splunk_home }}/etc/auth/splunk.secret" + register: pre_existing_splunk_secret + become: yes + become_user: "{{ privileged_user }}" + +- name: "Set first run fact" + set_fact: + first_run: "{{ not pre_existing_splunk_secret.stat.exists | default(True) }}" + become: yes + become_user: "{{ privileged_user }}" + +- name : "Set splunk_build_type fact" + include_tasks: get_facts_build_type.yml + +- name: "Set target version fact" + include_tasks: get_facts_target_version.yml + when: splunk_target_version is not defined or splunk_target_version == none + +- name: "Find manifest" + find: + paths: "{{ splunk_home }}" + patterns: ".*-manifest$" + use_regex: yes + become: yes + register: manifests + +- name: "Set current version fact" + set_fact: + splunk_current_version: "{{ manifests.files[0].path | regex_search(regexp, '\\1') if (manifests.matched == 1) else '0' }}" + vars: + regexp: 'splunk\D*?-((\d+)\.(\d+)\.(\d+))' + +- name: "Setting upgrade fact" + set_fact: + splunk_upgrade: "{{ splunk_build_location and not splunk_install and splunk_target_version and splunk_target_version != splunk_current_version | default(False) }}" + +- name: "Register the fact that we've gather the fact" + set_fact: + splunk_get_fact: true \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/get_facts_build_type.yml b/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/get_facts_build_type.yml new file mode 100755 index 0000000..5c1db86 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/get_facts_build_type.yml @@ -0,0 +1,21 @@ +- name: Set splunk_build_type from variable + set_fact: + splunk_build_type: "{{ splunk_build_type }}" + when: + - "splunk_build_type is defined" + +- name: Set splunk_build_type from build_location + block: + #check if the build_location is a tgz + - name: "Set build_type (tgz)" + set_fact: + splunk_build_type: "tgz" + when: splunk_build_location is match(".*(\.tar\.gz|\.tgz)$") + - name: "Set build_type (msi)" + set_fact: + splunk_build_type: "msi" + when: splunk_build_location is match(".*\.msi$") + when: + - splunk_build_type is not defined + - splunk_build_type is not none + - splunk_build_location is not none diff --git a/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/get_facts_target_version.yml b/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/get_facts_target_version.yml new file mode 100755 index 0000000..4957e66 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/pre_install_subtasks/get_facts_target_version.yml @@ -0,0 +1,13 @@ +# Use a manually set version, if a it is set +- name: "Set target version fact" + set_fact: + splunk_target_version: "{{ splunk_target_version }}" + when: "splunk_target_version is defined" + +# Extracting the numbers from the Splunk installer file name allows us to know the version we are targeting. +- name: "Set target version fact (file)" + set_fact: + splunk_target_version: "{{ splunk_build_location | regex_search(regexp, '\\1') | default('0') }}" + vars: + regexp: 'splunk\D*?-((\d+)\.(\d+)\.(\d+))' + when: "splunk_build_type is defined and splunk_build_type is match('(tgz|msi|rpm|deb)')" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common/tasks/start_splunk.yml b/Splunk_Install/roles/splunk_common/tasks/start_splunk.yml new file mode 100755 index 0000000..f656f23 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/start_splunk.yml @@ -0,0 +1,45 @@ +--- +- name: "Get Splunk status" + command: "{{ splunk_exec }} status --accept-license --answer-yes --no-prompt" + become: yes + become_user: "{{ splunk_user }}" + register: splunk_status + changed_when: False + failed_when: False + ignore_errors: yes + +- name: "Start Splunk via cli" + command: "{{ splunk_exec }} start --accept-license --answer-yes --no-prompt" + become: yes + become_user: "{{ splunk_user }}" + register: start_splunk + changed_when: start_splunk.rc == 0 and 'already running' not in start_splunk.stdout + when: + - not splunk_enable_service or pid1 is not defined + - splunk_status.rc != 0 + ignore_errors: yes + +- name: "Start Splunk via service" + service: + name: "{% if pid1.stdout.find('systemd') != -1 %}Splunkd{% else %}splunk{% endif %}" + state: restarted + when: + - splunk_enable_service + - splunk_status.rc != 0 + - ansible_system is match("Linux") + - pid1 is defined + become: yes + become_user: "{{ privileged_user }}" + +- name: "Start Splunk via Windows service" + win_service: + name: splunkd + state: restarted + when: + - splunk_enable_service + - splunk_status.rc != 0 + - ansible_os_family == "Windows" + +- name: "Wait for splunkd management port" + wait_for: + port: "{{ splunk_svc_port }}" diff --git a/Splunk_Install/roles/splunk_common/tasks/stop_splunk.yml b/Splunk_Install/roles/splunk_common/tasks/stop_splunk.yml new file mode 100755 index 0000000..0b19892 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/tasks/stop_splunk.yml @@ -0,0 +1,40 @@ +--- +- name: "Get Splunk status" + command: "{{ splunk_exec }} status --accept-license --answer-yes --no-prompt" + become: yes + become_user: "{{ splunk_user }}" + register: splunk_status + changed_when: False + failed_when: False + ignore_errors: yes + +- name: "Stop Splunk via cli" + command: "{{ splunk_exec }} stop --accept-license --answer-yes --no-prompt" + become: yes + become_user: "{{ splunk_user }}" + register: stop_splunk + changed_when: stop_splunk.rc == 0 + when: + - not splunk_enable_service + - splunk_status.rc == 0 + +- name: "Stop Splunk via systemctl" + service: + name: Splunkd + state: stopped + when: + - splunk_enable_service + - splunk_status.rc == 0 + - ansible_system is match("Linux") + become: yes + become_user: "{{ privileged_user }}" + ignore_errors: yes + +- name: "Stop Splunk via Windows service" + win_service: + name: splunkd + state: stopped + when: + - splunk_enable_service + - splunk_status.rc == 0 + - ansible_os_family == "Windows" diff --git a/Splunk_Install/roles/splunk_common/vars/main.yml b/Splunk_Install/roles/splunk_common/vars/main.yml new file mode 100755 index 0000000..2e97eb2 --- /dev/null +++ b/Splunk_Install/roles/splunk_common/vars/main.yml @@ -0,0 +1,3 @@ +splunk_version: "8.3.1" +splunk_download_url: "https://download.splunk.com/products/splunk/releases/{{ splunk_version }}/linux/splunk-{{ splunk_version }}-aa7ca5cfbb32-Linux-x86_64.tgz" +splunk_user: "splunk" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/install_splunk.yml b/Splunk_Install/roles/splunk_common_uf/tasks/install_splunk.yml new file mode 100755 index 0000000..a46c54c --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/install_splunk.yml @@ -0,0 +1,39 @@ +--- +- name: Remove old manifest files + file: + path: "{{ item.path }}" + state: "absent" + ignore_errors: yes + become: yes + become_user: "{{ privileged_user }}" + with_items: + - "{{ manifests.files }}" + when: splunk_upgrade | bool + +- name: Remove old directories + file: + path: "{{ item }}" + state: "absent" + ignore_errors: yes + become: yes + become_user: "{{ privileged_user }}" + with_items: + - "{{ splunk_home_uf }}/bin" + - "{{ splunk_home_uf }}/lib" + - "{{ splunk_home_uf }}/share" + - "{{ splunk_home_uf }}/Python-2.7" + when: splunk_upgrade | bool + +- name: Install Splunk + include_tasks: install_tasks/install_splunk_{{ splunk_build_type }}.yml + +- name: Remove installers + file: + dest: "{{ item }}" + state: "absent" + ignore_errors: yes + become: yes + become_user: "{{ privileged_user }}" + with_items: + - "{{ splunk_build_location_uf }}" + - "/tmp/splunk_msi" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/install_tasks/install_splunk_tgz.yml b/Splunk_Install/roles/splunk_common_uf/tasks/install_tasks/install_splunk_tgz.yml new file mode 100755 index 0000000..dd2a34e --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/install_tasks/install_splunk_tgz.yml @@ -0,0 +1,13 @@ +- name: Install Splunk (Linux) + unarchive: + src: "{{ splunk_build_location_uf }}" + dest: "{{ splunk_opt }}" + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + remote_src: "{{ splunk_build_remote_src }}" + register: install_result + until: install_result is succeeded + retries: "{{ retry_num }}" + delay: 3 + become: yes + become_user: "{{ privileged_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/main.yml b/Splunk_Install/roles/splunk_common_uf/tasks/main.yml new file mode 100755 index 0000000..b84b328 --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/main.yml @@ -0,0 +1,92 @@ +--- +- name: Check if splunk user exists + getent: + database: passwd + key: "{{ splunk_user }}" + fail_key: yes + register: user_exist + ignore_errors: true + become: yes + +- name: Setup the splunk user + user: + name: "{{ splunk_user }}" + comment: Splunk User + shell: /bin/bash + generate_ssh_key: yes + ssh_key_bits: 2048 + ssh_key_file: .ssh/id_rsa + state: present + when: user_exist["failed"] == true + become: yes + become_user: "{{ privileged_user }}" + +- name: Changing Splunk directory Owner + include_tasks: pre_install_subtasks/change_splunk_directory_owner.yml + when: + - ansible_system is match("Linux") + - splunk_home_ownership_enforcement is defined + - splunk_home_ownership_enforcement | bool + +- name: Stop existing Splunk + include_tasks: stop_splunk.yml + when: + - splunk_upgrade | bool + +# Below we will either install or upgrade, which at this moment is the same task. +- name: "Install Splunk" + include_tasks: install_splunk.yml + when: + - splunk_install | bool or (first_run | bool and splunk_build_location and splunk_build_location is match("^(https?|file)://.*")) + +- name: "Upgrade Splunk" + include_tasks: install_splunk.yml + when: + - not splunk_install + - not first_run + - splunk_upgrade | bool + +- name: Remove First Login + include_tasks: post_install_subtasks/remove_first_login.yml + when: + - first_run | bool + +# This needs to be done before any encrypted passkeys are generated +- name: setup splunk_secret + include_tasks: post_install_subtasks/set_splunk_secret.yml + when: + - first_run | bool + +- name: Generate user_seed.conf + include_tasks: post_install_subtasks/set_user_seed.yml + when: + - first_run | bool + +- name: setup the [general] pass4SymmKey in system/local + include_tasks: "{{ playbook_dir }}/common/tasks/set_conf_stanza.yml" + vars: + conf_file: "server.conf" + conf_directory: "{{ splunk_home_uf }}/etc/system/local" + stanza_name: general + conf_stanzas: + - pass4SymmKey: "{{ splunk_general_pass4SymmKey }}" + +- name: Enable Splunk Service + include_tasks: post_install_subtasks/enable_service.yml + when: + - splunk_enable_service and ansible_system is match("Linux") + - first_run | bool + +- name: Start Splunk + include_tasks: start_splunk.yml + +- name: Clean user_seed.conf + include_tasks: post_install_subtasks/clean_user_seed.yml + when: + - first_run | bool + +- name: Get splunk.secret if not provided initially + include_tasks: post_install_subtasks/register_splunk_secret.yml + when: + - first_run | bool + - splunk_secret is undefined or splunk_secret is none \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/clean_user_seed.yml b/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/clean_user_seed.yml new file mode 100755 index 0000000..d0334cd --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/clean_user_seed.yml @@ -0,0 +1,7 @@ +--- +- name: Remove user-seed.conf + file: + dest: "{{ splunk_home_uf }}/etc/system/local/user-seed.conf" + state: "absent" + notify: + - Restart the splunkd service \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/enable_service.yml b/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/enable_service.yml new file mode 100755 index 0000000..efe3720 --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/enable_service.yml @@ -0,0 +1,109 @@ +--- +- name: "Retrieve PID 1 process information (Linux)" + command: "ps 1" + register: pid1 + when: ansible_system is match("Linux") + +- name: "Retrieve Splunk version" + command: "{{ splunk_exec_uf }} version --accept-license --answer-yes --no-prompt" + register: installed_splunk_version + when: ansible_system is match("Linux") + become: yes + become_user: "{{ splunk_user }}" + +- name: "Set installed version fact" + set_fact: + installed_splunk_version: "{{ installed_splunk_version.stdout | regex_search(regexp, '\\1') }}" + vars: + regexp: 'Splunk\s((\d+)\.(\d+)\.(\d+)).*' + when: ansible_system is match("Linux") + +- name: "Enable service via boot-start - Linux (systemd)" + become: yes + become_user: "{{ privileged_user }}" + command: "{{ splunk_exec_uf }} enable boot-start -systemd-managed 1 -user {{ splunk_user }} --accept-license --answer-yes --no-prompt" + when: + - ansible_system is match("Linux") + - pid1.stdout.find("systemd") != -1 + - installed_splunk_version[0] is version("7.2.2", ">=") + +# Using service file approach for systemd rather than 'boot-start' with +# 'systemd-unit-file-name' option because cli's versions older than 7.2.2 do +# not implement systemd in boot-start command. +- name: "Copy Splunkd unit file - Linux (systemd)" + template: + src: Splunkd.service.j2 + dest: /etc/systemd/system/Splunkd.service + owner: "{{ privileged_user }}" + group: "{{ privileged_user }}" + mode: 0644 + become: yes + become_user: "{{ privileged_user }}" + when: + - ansible_system is match("Linux") + - pid1.stdout.find("systemd") != -1 + - installed_splunk_version[0] is version("7.2.2", "<") + +- name: "Reload daemons via systemctl - Linux (systemd)" + become: yes + become_user: "{{ privileged_user }}" + systemd: + daemon-reload: yes + name: Splunkd.service + enabled: true + when: + - ansible_system is match("Linux") + - pid1.stdout.find('systemd') != -1 + +- name: "Enable service via boot-start - Linux (init)" + become: yes + become_user: "{{ privileged_user }}" + command: "{{ splunk_exec_uf }} enable boot-start -user {{ splunk_user }} --accept-license --answer-yes --no-prompt" + when: + - ansible_system is match("Linux") + - pid1.stdout.find('systemd') == -1 + +- name: "Enable service via boot-start - Windows" + command: "{{ splunk_exec_uf }} enable boot-start -user {{ splunk_user }} --accept-license --answer-yes --no-prompt" + when: ansible_os_family == "Windows" + +- name: add splunk user to sudoer for systemd + lineinfile: + path: /etc/sudoers + state: present + line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl restart Splunkd.service" + when: + - ansible_system is match("Linux") + - pid1.stdout.find("systemd") != -1 + become: yes + +- name: add splunk user to sudoer for systemd + lineinfile: + path: /etc/sudoers + state: present + line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl start Splunkd.service" + + when: + - ansible_system is match("Linux") + - pid1.stdout.find("systemd") != -1 + become: yes + +- name: add splunk user to sudoer for systemd + lineinfile: + path: /etc/sudoers + state: present + line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl stop Splunkd.service" + when: + - ansible_system is match("Linux") + - pid1.stdout.find("systemd") != -1 + become: yes + +- name: add splunk user to sudoer for systemd + lineinfile: + path: /etc/sudoers + state: present + line: "{{ splunk_user }} ALL=(root) NOPASSWD: /usr/bin/systemctl status Splunkd.service" + when: + - ansible_system is match("Linux") + - pid1.stdout.find("systemd") != -1 + become: yes \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/install_java.yml b/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/install_java.yml new file mode 100755 index 0000000..bca5d89 --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/install_java.yml @@ -0,0 +1,30 @@ +--- +- name: Install Oracle8 JDK + include_tasks: java_tasks/install_oracle8_jdk.yml + when: + - java_version == "oracle:8" + - ansible_system is match("Linux") + +- name: Install Openjdk8 JDK + include_tasks: java_tasks/install_openjdk8_jdk.yml + when: + - java_version == "openjdk:8" + - ansible_system is match("Linux") + +- name: Install Openjdk11 JDK + include_tasks: java_tasks/install_openjdk11_jdk.yml + when: + - java_version == "openjdk:11" + - ansible_system is match("Linux") + +- name: Install Openjdk13 JDK + include_tasks: java_tasks/install_openjdk11_jdk.yml + when: + - java_version == "openjdk:13" + - ansible_system is match("Linux") + +- name: Install Openjdk9 JDK for Windows + include_tasks: java_tasks/install_openjdk9_jdk_windows.yml + when: + - java_version == "openjdk:9" + - ansible_system is match("CYGWIN*|Win32NT") diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/register_splunk_secret.yml b/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/register_splunk_secret.yml new file mode 100755 index 0000000..343a207 --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/register_splunk_secret.yml @@ -0,0 +1,21 @@ +--- + +# - name: Get the Splunk secret +# shell: cat "{{ splunk_home }}/etc/auth/splunk.secret" +# register: splunk_secret_content +# when: +# - splunk_secret is undefined or splunk_secret is none +# - not tmp_splunk_secret.stat.exists +# become: yes +# become_user: "{{ privileged_user }}" + +- name: register Splunk secret for use on other hosts + fetch: + src: "{{ splunk_home_uf }}/etc/auth/splunk.secret" + dest: "/tmp/splunk_secret" + flat: yes + become: yes + become_user: "{{ privileged_user }}" + when: + - splunk_secret is undefined or splunk_secret is none + - not tmp_splunk_secret.stat.exists \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/remove_first_login.yml b/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/remove_first_login.yml new file mode 100755 index 0000000..829e63e --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/remove_first_login.yml @@ -0,0 +1,10 @@ +--- +- name: "Create .ui_login" + file: + path: "{{ splunk_home_uf }}/etc/.ui_login" + state: touch + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + mode: "u=rw,g=,o=" + become: yes + become_user: "{{ splunk_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/set_splunk_secret.yml b/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/set_splunk_secret.yml new file mode 100755 index 0000000..c2d56ad --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/set_splunk_secret.yml @@ -0,0 +1,33 @@ +--- + +- name: Set the Splunk secret from Config + copy: + dest: "{{ splunk_home_uf }}/etc/auth/splunk.secret" + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + mode: 0400 + content: "{{ splunk_secret }}" + when: + - splunk_secret is defined and splunk_secret is not none + become: yes + become_user: "{{ privileged_user }}" + +# Checking that a splunk_secret exists on ansible host +- name: "Checking that a splunk_secret exists on ansible host" + local_action: stat path=/tmp/splunk_secret + register: tmp_splunk_secret + become: yes + become_user: "{{ privileged_user }}" + +- name: Set the Splunk secret from First Host + copy: + dest: "{{ splunk_home_uf }}/etc/auth/splunk.secret" + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + mode: 0400 + src: "/tmp/splunk_secret" + when: + - splunk_secret is undefined or splunk_secret is none + - tmp_splunk_secret.stat.exists + become: yes + become_user: "{{ privileged_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/set_user_seed.yml b/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/set_user_seed.yml new file mode 100755 index 0000000..40c7841 --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/post_install_subtasks/set_user_seed.yml @@ -0,0 +1,42 @@ +--- +- name: "Hash the password" + command: "{{ splunk_exec_uf }} hash-passwd {{ splunk_password }}" + register: hashed_pwd + changed_when: hashed_pwd.rc == 0 + become: yes + become_user: "{{ splunk_user }}" + no_log: "{{ hide_password }}" + +- name: "Generate user-seed.conf (Linux)" + ini_file: + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + dest: "{{ splunk_home_uf }}/etc/system/local/user-seed.conf" + section: user_info + option: "{{ item.opt }}" + value: "{{ item.val }}" + with_items: + - { opt: "USERNAME", val: "{{ splunk_admin_user }}" } + - { opt: "HASHED_PASSWORD", val: "{{ hashed_pwd.stdout }}" } + loop_control: + label: "{{ item.opt }}" + when: ansible_system is match("Linux") + no_log: "{{ hide_password }}" + become: yes + become_user: "{{ splunk_user }}" + +- name: "Generate user-seed.conf (Windows)" + ini_file: + dest: "{{ splunk_home_uf }}/etc/system/local/user-seed.conf" + section: user_info + option: "{{ item.opt }}" + value: "{{ item.val }}" + with_items: + - { opt: "USERNAME", val: "{{ splunk_admin_user }}" } + - { opt: "HASHED_PASSWORD", val: "{{ hashed_pwd.stdout }}" } + loop_control: + label: "{{ item.opt }}" + when: ansible_system is match("CYGWIN*|Win32NT") + no_log: "{{ hide_password }}" + become: yes + become_user: "{{ splunk_user }}" diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/change_splunk_directory_owner.yml b/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/change_splunk_directory_owner.yml new file mode 100755 index 0000000..57a5880 --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/change_splunk_directory_owner.yml @@ -0,0 +1,10 @@ +--- +- name: Update Splunk directory owner + file: + path: "{{ splunk_home_uf }}" + owner: "{{ splunk_user }}" + group: "{{ splunk_group }}" + recurse: yes + state: directory + become: yes + become_user: "{{ privileged_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/config_lvm_uf.yml b/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/config_lvm_uf.yml new file mode 100755 index 0000000..81f5b4f --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/config_lvm_uf.yml @@ -0,0 +1,86 @@ +--- +- name: "Set privilege escalation user" + set_fact: + privileged_user: "{% if ansible_system is match('CYGWIN*|Win32NT') %}Administrator{% else %}root{% endif %}" + +### Initialisation des partitions + +- name: Init /dev/sdb + shell: "echo -e 'n\np\n1\n\n\nt\n8e\nw' | fdisk /dev/sdb" + become: yes + become_user: root + +- name: Init /dev/sdc + shell: "echo -e 'n\np\n1\n\n\nt\n8e\nw' | fdisk /dev/sdc" + become: yes + become_user: root + +### Config lvm for Splunk + +- name: Create PV + shell: "pvcreate /dev/sdb1" + become: yes + become_user: root + +- name: Create VG + shell: "vgcreate splunk_vg /dev/sdb1" + become: yes + become_user: root + +- name: Create LV + shell: "lvcreate -l+100%FREE -n lv_splunk splunk_vg" + become: yes + become_user: root + +- name: Create file system XFS + shell: "mkfs.xfs /dev/splunk_vg/lv_splunk" + become: yes + become_user: root + +- name: Mount /opt + shell: "mount /dev/splunk_vg/lv_splunk /opt" + become: yes + become_user: root + +- name: Add mount in fstab file + shell: "echo -e '/dev/mapper/splunk_vg-lv_splunk /opt xfs defaults 0 0' >> /etc/fstab" + become: yes + become_user: root + + +### Config lvm for rsyslog + +- name: Create PV + shell: "pvcreate /dev/sdc1" + become: yes + become_user: root + +- name: Create VG + shell: "vgcreate data_vg /dev/sdc1" + become: yes + become_user: root + +- name: Create LV + shell: "lvcreate -l+100%FREE -n lv_rsyslog data_vg" + become: yes + become_user: root + +- name: Create file system XFS + shell: "mkfs.xfs /dev/data_vg/lv_rsyslog" + become: yes + become_user: root + +- name: Create directory + shell: "mkdir /var/rsyslog" + become: yes + become_user: root + +- name: Mount /opt + shell: "mount /dev/data_vg/lv_rsyslog /var/rsyslog" + become: yes + become_user: root + +- name: Add mount in fstab file + shell: "echo -e '/dev/mapper/data_vg-lv_rsyslog /var/rsyslog xfs defaults 0 0' >> /etc/fstab" + become: yes + become_user: root diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/get_facts.yml b/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/get_facts.yml new file mode 100755 index 0000000..64627ef --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/get_facts.yml @@ -0,0 +1,66 @@ +--- +- name: "Set privilege escalation user" + set_fact: + privileged_user: "{% if ansible_system is match('CYGWIN*|Win32NT') %}Administrator{% else %}root{% endif %}" + +### Start Install + +- name: Copier la sources sur le client + get_url: + url: "https://{{ repo_url }}/{{ projet }}/{{ app_name_uf }}" + dest: /tmp/ + username: "{{ repo_user }}" + password: "{{ repo_password }}" + validate_certs: false + +- name: "Check for existing installation" + stat: + path: "{{ splunk_exec_uf }}" + become: yes + become_user: root + register: pre_existing_splunk_exec + +- name: "Set splunk install fact" + set_fact: + splunk_install: "{{ not pre_existing_splunk_exec.stat.exists | default(True) }}" + +- name: "Check for existing splunk secret" + stat: + path: "{{ splunk_home_uf }}/etc/auth/splunk.secret" + register: pre_existing_splunk_secret + become: yes + become_user: root + +- name: "Set first run fact" + set_fact: + first_run: "{{ not pre_existing_splunk_secret.stat.exists | default(True) }}" + +- name: "Set splunk_build_type fact" + include_tasks: get_facts_build_type.yml + +- name: "Set target version fact" + include_tasks: get_facts_target_version.yml + when: splunk_target_version is not defined or splunk_target_version == none + +- name: "Find manifests" + find: + paths: "{{ splunk_home_uf }}" + patterns: ".*-manifest$" + use_regex: yes + become: yes + become_user: root + register: manifests + +- name: "Set current version fact" + set_fact: + splunk_current_version: "{{ manifests.files[0].path | regex_search(regexp, '\\1') if (manifests.matched == 1) else '0' }}" + vars: + regexp: 'splunk\D*?-((\d+)\.(\d+)\.(\d+))' + +- name: "Setting upgrade fact" + set_fact: + splunk_upgrade: "{{ splunk_build_location_uf and not splunk_install and splunk_target_version and splunk_target_version != splunk_current_version | default(False) }}" + +- name: "Register the fact that we've gather the fact" + set_fact: + splunk_get_fact: true \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/get_facts_build_type.yml b/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/get_facts_build_type.yml new file mode 100755 index 0000000..fdf20dd --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/get_facts_build_type.yml @@ -0,0 +1,21 @@ +- name: Set splunk_build_type from variable + set_fact: + splunk_build_type: "{{ splunk_build_type }}" + when: + - "splunk_build_type is defined" + +- name: Set splunk_build_type from build_location + block: + #check if the build_location is a tgz + - name: "Set build_type (tgz)" + set_fact: + splunk_build_type: "tgz" + when: splunk_build_location is match(".*(\.tar\.gz|\.tgz)$") + - name: "Set build_type (msi)" + set_fact: + splunk_build_type: "msi" + when: splunk_build_location is match(".*\.msi$") + when: + - splunk_build_type is not defined + - splunk_build_type is not none + - splunk_build_location is not none \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/get_facts_target_version.yml b/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/get_facts_target_version.yml new file mode 100755 index 0000000..4957e66 --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/pre_install_subtasks/get_facts_target_version.yml @@ -0,0 +1,13 @@ +# Use a manually set version, if a it is set +- name: "Set target version fact" + set_fact: + splunk_target_version: "{{ splunk_target_version }}" + when: "splunk_target_version is defined" + +# Extracting the numbers from the Splunk installer file name allows us to know the version we are targeting. +- name: "Set target version fact (file)" + set_fact: + splunk_target_version: "{{ splunk_build_location | regex_search(regexp, '\\1') | default('0') }}" + vars: + regexp: 'splunk\D*?-((\d+)\.(\d+)\.(\d+))' + when: "splunk_build_type is defined and splunk_build_type is match('(tgz|msi|rpm|deb)')" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/start_splunk.yml b/Splunk_Install/roles/splunk_common_uf/tasks/start_splunk.yml new file mode 100755 index 0000000..cb15372 --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/start_splunk.yml @@ -0,0 +1,45 @@ +--- +- name: "Get Splunk status" + command: "{{ splunk_exec_uf }} status --accept-license --answer-yes --no-prompt" + become: yes + become_user: "{{ splunk_user }}" + register: splunk_status + changed_when: False + failed_when: False + ignore_errors: yes + +- name: "Start Splunk via cli" + command: "{{ splunk_exec_uf }} start --accept-license --answer-yes --no-prompt" + become: yes + become_user: "{{ splunk_user }}" + register: start_splunk + changed_when: start_splunk.rc == 0 and 'already running' not in start_splunk.stdout + when: + - not splunk_enable_service or pid1 is not defined + - splunk_status.rc != 0 + ignore_errors: yes + +- name: "Start Splunk via service" + service: + name: "{% if pid1.stdout.find('systemd') != -1 %}Splunkd{% else %}splunk{% endif %}" + state: restarted + when: + - splunk_enable_service + - splunk_status.rc != 0 + - ansible_system is match("Linux") + - pid1 is defined + become: yes + become_user: "{{ privileged_user }}" + +- name: "Start Splunk via Windows service" + win_service: + name: splunkd + state: restarted + when: + - splunk_enable_service + - splunk_status.rc != 0 + - ansible_os_family == "Windows" + +#- name: "Wait for splunkd management port" + #wait_for: + #port: "{{ splunk_svc_port }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_common_uf/tasks/stop_splunk.yml b/Splunk_Install/roles/splunk_common_uf/tasks/stop_splunk.yml new file mode 100755 index 0000000..3b8a097 --- /dev/null +++ b/Splunk_Install/roles/splunk_common_uf/tasks/stop_splunk.yml @@ -0,0 +1,40 @@ +--- +- name: "Get Splunk status" + command: "{{ splunk_exec_uf }} status --accept-license --answer-yes --no-prompt" + become: yes + become_user: "{{ splunk_user }}" + register: splunk_status + changed_when: False + failed_when: False + ignore_errors: yes + +- name: "Stop Splunk via cli" + command: "{{ splunk_exec_uf }} stop --accept-license --answer-yes --no-prompt" + become: yes + become_user: "{{ splunk_user }}" + register: stop_splunk + changed_when: stop_splunk.rc == 0 + when: + - not splunk_enable_service + - splunk_status.rc == 0 + +- name: "Stop Splunk via systemctl" + service: + name: Splunkd + state: stopped + when: + - splunk_enable_service + - splunk_status.rc == 0 + - ansible_system is match("Linux") + become: yes + become_user: "{{ privileged_user }}" + ignore_errors: yes + +- name: "Stop Splunk via Windows service" + win_service: + name: splunkd + state: stopped + when: + - splunk_enable_service + - splunk_status.rc == 0 + - ansible_os_family == "Windows" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_deploy/tasks/Deploy_Conf-to-Splunk.yml b/Splunk_Install/roles/splunk_deploy/tasks/Deploy_Conf-to-Splunk.yml new file mode 100755 index 0000000..096a0b4 --- /dev/null +++ b/Splunk_Install/roles/splunk_deploy/tasks/Deploy_Conf-to-Splunk.yml @@ -0,0 +1,24 @@ +--- +- name: Copier la configuration DS dans Splunk + become: yes + become_user: "{{ privileged_user }}" + copy: + src: "{{ playbook_dir }}/Apps_for_Splunk/01-Conf_deploy_client" + dest: /opt/splunk/etc/apps/ + owner: splunk + group: splunk + +# - name: "Stop Splunk via cli" +# command: "{{ splunk_exec }} stop" +# become: yes +# become_user: "{{ privileged_user }}" + +- name: "Enable boot-start Splunk via cli" + shell: "/opt/splunk/bin/splunk enable boot-start" + become: yes + become_user: "{{ privileged_user }}" + +- name: "Start Splunk via cli" + command: "{{ splunk_exec }} start" + become: yes + become_user: "{{ privileged_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_deploy/tasks/Deploy_Conf_DSMC.yml b/Splunk_Install/roles/splunk_deploy/tasks/Deploy_Conf_DSMC.yml new file mode 100755 index 0000000..48a7ef8 --- /dev/null +++ b/Splunk_Install/roles/splunk_deploy/tasks/Deploy_Conf_DSMC.yml @@ -0,0 +1,47 @@ +--- +- name: Copier configuration serverClass sur le DS + copy: + src: "{{ playbook_dir }}/Apps_for_Splunk/01-Conf_ServerClass" + dest: /opt/splunk/etc/apps/ + owner: splunk + group: splunk +- name: Copier configuration cluster_SH sur le DS + copy: + src: "{{ playbook_dir }}/Apps_for_DS/02-M-TIC_sh_cluster_base" + dest: /opt/splunk/etc/apps/ + owner: splunk + group: splunk +- name: Copier configuration deployer sur le DS + copy: + src: "{{ playbook_dir }}/Apps_for_DS/02-M-TIC_deployer_base" + dest: /opt/splunk/etc/apps/ + owner: splunk + group: splunk +- name: Copier configuration volume_sh sur le DS + copy: + src: "{{ playbook_dir }}/Apps_for_DS/02-M-TIC_sh_volume_indexes" + dest: /opt/splunk/etc/apps/ + owner: splunk + group: splunk +- name: Copier configuration distributsearch + copy: + src: "{{ playbook_dir }}/Apps_for_DS/For_MC/local/" + dest: /opt/splunk/etc/system/local/ + owner: splunk + group: splunk +- name: Copier configuration MonitoringConsole + copy: + src: "{{ playbook_dir }}/Apps_for_DS/splunk_monitoring_console/" + dest: /opt/splunk/etc/apps/splunk_monitoring_console/ + owner: splunk + group: splunk +- name: Copier application sur le DS + copy: + src: "{{ playbook_dir }}/Apps_for_DS/" + dest: /opt/splunk/etc/deployment-apps/ + owner: splunk + group: splunk +- name: "Restart Splunk via cli" + command: "{{ splunk_exec }} start" + become: yes + become_user: "{{ privileged_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_deploy/tasks/Deploy_Conf_SHC_BS.yml b/Splunk_Install/roles/splunk_deploy/tasks/Deploy_Conf_SHC_BS.yml new file mode 100755 index 0000000..721e59f --- /dev/null +++ b/Splunk_Install/roles/splunk_deploy/tasks/Deploy_Conf_SHC_BS.yml @@ -0,0 +1,5 @@ +--- +- name: "Boot-Strap" + command: "{{ splunk_exec }} bootstrap shcluster-captain -auth {{ splunk_admin_user }}:'{{ splunk_password }}' -servers_list https://{{ groups.splunk_search_head[0] }}:{{ splunk_svc_port }},https://{{ groups.splunk_search_head[1] }}:{{ splunk_svc_port }}" + become: yes + become_user: "{{ privileged_user }}" diff --git a/Splunk_Install/roles/splunk_deploy/tasks/Deploy_Conf_SHC_Init.yml b/Splunk_Install/roles/splunk_deploy/tasks/Deploy_Conf_SHC_Init.yml new file mode 100755 index 0000000..3f9b5f2 --- /dev/null +++ b/Splunk_Install/roles/splunk_deploy/tasks/Deploy_Conf_SHC_Init.yml @@ -0,0 +1,6 @@ +--- +- name: "Initialize the Members" + command: "{{ splunk_exec }} init shcluster-config -auth {{ splunk_admin_user }}:'{{ splunk_password }}' -mgmt_uri https://{{ inventory_hostname }}:{{ splunk_svc_port }} -replication_port {{ splunk_shcluster_replication_port }} -secret {{ splunk_password }} -shcluster_label {{ splunk_shcluster_label }} -replication_factor {{ splunk_replication_factor_sh }}" + become: yes + become_user: "{{ privileged_user }}" + diff --git a/Splunk_Install/roles/splunk_deploy/tasks/Restart_SPL.yml b/Splunk_Install/roles/splunk_deploy/tasks/Restart_SPL.yml new file mode 100755 index 0000000..31d5b49 --- /dev/null +++ b/Splunk_Install/roles/splunk_deploy/tasks/Restart_SPL.yml @@ -0,0 +1,4 @@ +- name: "Stop Splunk via cli" + command: "{{ splunk_exec }} restart" + become: yes + become_user: "{{ privileged_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_deploy/tasks/Stop_SPL.yml b/Splunk_Install/roles/splunk_deploy/tasks/Stop_SPL.yml new file mode 100755 index 0000000..3d12c75 --- /dev/null +++ b/Splunk_Install/roles/splunk_deploy/tasks/Stop_SPL.yml @@ -0,0 +1,4 @@ +- name: "Stop Splunk via cli" + command: "{{ splunk_exec }} stop" + become: yes + become_user: "{{ privileged_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_deploy_uf/tasks/Deploy_Conf-to-uf-idn.yml b/Splunk_Install/roles/splunk_deploy_uf/tasks/Deploy_Conf-to-uf-idn.yml new file mode 100755 index 0000000..a24c642 --- /dev/null +++ b/Splunk_Install/roles/splunk_deploy_uf/tasks/Deploy_Conf-to-uf-idn.yml @@ -0,0 +1,36 @@ +#- name: Copier le répertoire dans SplunkForwarder +# become: yes +# copy: +# src: "{{ playbook_dir }}/Apps_for_Splunk/IDN-Conf_Proxy_Forwarder" +# dest: /opt/splunkforwarder/etc/apps/ +# owner: splunk +# group: splunk + +- name: Copier la configuration Rsyslog + become: yes + copy: + src: "{{ playbook_dir }}/Config_Rsyslog/01-Splunk_Forwarder-IDN_Lyon.conf" + dest: /etc/rsyslog.d/ + owner: root + group: root + +- name: restart-service-rsyslog + service: + name: rsyslog.service + enabled: yes + state: restarted + +- name: "Stop Splunk via cli" + command: "{{ splunk_exec_uf }} stop" + become: yes + become_user: "{{ splunk_user }}" + +- name: "Enable boot-start Splunk via cli" + command: "{{ splunk_exec_uf }} enable boot-start" + become: yes + become_user: "{{ privileged_user }}" + +- name: "Start Splunk via cli" + command: "{{ splunk_exec_uf }} start" + become: yes + become_user: "{{ privileged_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_deploy_uf/tasks/Deploy_Conf-to-uf.yml b/Splunk_Install/roles/splunk_deploy_uf/tasks/Deploy_Conf-to-uf.yml new file mode 100755 index 0000000..5b42a24 --- /dev/null +++ b/Splunk_Install/roles/splunk_deploy_uf/tasks/Deploy_Conf-to-uf.yml @@ -0,0 +1,36 @@ +- name: Copier le répertoire dans SplunkForwarder + become: yes + copy: + src: "{{ playbook_dir }}/Apps_for_Splunk/01-Conf_deploy_client" + dest: /opt/splunkforwarder/etc/apps/ + owner: splunk + group: splunk + +- name: Copier la configuration Rsyslog + become: yes + copy: + src: "{{ playbook_dir }}/Config_Rsyslog/01-Splunk_Forwarder.conf" + dest: /etc/rsyslog.d/ + owner: root + group: root + +- name: restart-service-rsyslog + service: + name: rsyslog.service + enabled: yes + state: restarted + +- name: "Stop Splunk via cli" + command: "{{ splunk_exec_uf }} stop" + become: yes + become_user: "{{ splunk_user }}" + +- name: "Enable boot-start Splunk via cli" + command: "{{ splunk_exec_uf }} enable boot-start" + become: yes + become_user: "{{ privileged_user }}" + +- name: "Start Splunk via cli" + command: "{{ splunk_exec_uf }} start" + become: yes + become_user: "{{ privileged_user }}" \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_deploy_uf/tasks/Deploy_Conf-to-uf_Win.yml b/Splunk_Install/roles/splunk_deploy_uf/tasks/Deploy_Conf-to-uf_Win.yml new file mode 100755 index 0000000..43f3c46 --- /dev/null +++ b/Splunk_Install/roles/splunk_deploy_uf/tasks/Deploy_Conf-to-uf_Win.yml @@ -0,0 +1,9 @@ +- name: Copier le répertoire dans SplunkForwarder + win_copy: + src: "{{ playbook_dir }}/Apps_for_Splunk/01-Conf_deploy_client" + dest: "C:/Program Files/SplunkUniversalForwarder/etc/apps" + +- name: Redemarrage du service + win_service: + name: "splunkforwarder" + state: restarted \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_power/tasks/Restart_cm.yml b/Splunk_Install/roles/splunk_power/tasks/Restart_cm.yml new file mode 100755 index 0000000..ed9eb72 --- /dev/null +++ b/Splunk_Install/roles/splunk_power/tasks/Restart_cm.yml @@ -0,0 +1,2 @@ +- name: "Stop Splunk via cli" + command: "{{ splunk_exec }}" restart \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_power/tasks/Restart_dsmc.yml b/Splunk_Install/roles/splunk_power/tasks/Restart_dsmc.yml new file mode 100755 index 0000000..ed9eb72 --- /dev/null +++ b/Splunk_Install/roles/splunk_power/tasks/Restart_dsmc.yml @@ -0,0 +1,2 @@ +- name: "Stop Splunk via cli" + command: "{{ splunk_exec }}" restart \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_power/tasks/Restart_fw.yml b/Splunk_Install/roles/splunk_power/tasks/Restart_fw.yml new file mode 100755 index 0000000..a8ce4d7 --- /dev/null +++ b/Splunk_Install/roles/splunk_power/tasks/Restart_fw.yml @@ -0,0 +1,2 @@ +- name: "Stop Splunk via cli" + command: "{{ splunk_exec_uf }}" restart \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_power/tasks/Restart_sh.yml b/Splunk_Install/roles/splunk_power/tasks/Restart_sh.yml new file mode 100755 index 0000000..ed9eb72 --- /dev/null +++ b/Splunk_Install/roles/splunk_power/tasks/Restart_sh.yml @@ -0,0 +1,2 @@ +- name: "Stop Splunk via cli" + command: "{{ splunk_exec }}" restart \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_power/tasks/Stop_cm.yml b/Splunk_Install/roles/splunk_power/tasks/Stop_cm.yml new file mode 100755 index 0000000..f3a1194 --- /dev/null +++ b/Splunk_Install/roles/splunk_power/tasks/Stop_cm.yml @@ -0,0 +1,2 @@ +- name: "Stop Splunk via cli" + command: "{{ splunk_exec }}" stop \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_power/tasks/Stop_dsmc.yml b/Splunk_Install/roles/splunk_power/tasks/Stop_dsmc.yml new file mode 100755 index 0000000..f3a1194 --- /dev/null +++ b/Splunk_Install/roles/splunk_power/tasks/Stop_dsmc.yml @@ -0,0 +1,2 @@ +- name: "Stop Splunk via cli" + command: "{{ splunk_exec }}" stop \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_power/tasks/Stop_fw.yml b/Splunk_Install/roles/splunk_power/tasks/Stop_fw.yml new file mode 100755 index 0000000..91bd5e7 --- /dev/null +++ b/Splunk_Install/roles/splunk_power/tasks/Stop_fw.yml @@ -0,0 +1,2 @@ +- name: "Stop Splunk via cli" + command: "{{ splunk_exec_uf }}" stop \ No newline at end of file diff --git a/Splunk_Install/roles/splunk_power/tasks/Stop_sh.yml b/Splunk_Install/roles/splunk_power/tasks/Stop_sh.yml new file mode 100755 index 0000000..f3a1194 --- /dev/null +++ b/Splunk_Install/roles/splunk_power/tasks/Stop_sh.yml @@ -0,0 +1,2 @@ +- name: "Stop Splunk via cli" + command: "{{ splunk_exec }}" stop \ No newline at end of file