├── .gitignore ├── LICENSE ├── README.md ├── roles ├── cluster-master │ └── tasks │ │ └── main.yml ├── common │ └── tasks │ │ └── main.yml ├── deployment-server │ └── tasks │ │ └── main.yml ├── license-master │ ├── tasks │ │ └── main.yml │ └── vars │ │ └── main.yml ├── peer-nodes │ ├── tasks │ │ └── main.yml │ └── vars │ │ └── main.yml ├── search-heads │ ├── tasks │ │ └── main.yml │ └── vars │ │ └── main.yml └── splunk-base │ ├── files │ └── config_splunk_inputs.sh │ ├── handlers │ └── main.yml │ ├── tasks │ └── main.yml │ └── vars │ └── main.yml ├── splunk-base.yml └── splunk-site.yml /.gitignore: -------------------------------------------------------------------------------- 1 | *.conf 2 | *.pem 3 | *.key 4 | 5 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Alan Williams 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Ansible Playbook for Splunk 2 | ============== 3 | 4 | This Ansible playbook installs and configures a Splunk 6.1 cluster 5 | 6 | 7 | So far I've only used and tested this playbook on AWS instances. 8 | 9 | * The [core](https://github.com/alanwill/cfn-core) CloudFormation template is used to create the VPC 10 | * The [cfn-splunk](https://github.com/alanwill/cfn-splunk) CloudFormation template is used to create the Splunk components 11 | 12 | You don't have to use the above templates and can surely use a pre-created VPC and instances, just be sure that your instances are tagged as Ansible expects or tweak the splunk-site.yml file to adapt to your tagging convention. 13 | 14 | This playbook will do the following: 15 | 16 | * Install the latest OS security updates on all instances 17 | * Update the hostsnames on all instances to be the EC2 instance ID 18 | * Download and install the Splunk Enterprise RPM on all instances, if it's not already installed 19 | * Delete the RPM after successful install 20 | * Run config_splunk_inputs.sh which updates the inputs.conf on each component to include the instance hostname 21 | * Start Splunk and set to auto-start on boot 22 | * Update ACLs to allow Splunk to read /var/log files 23 | * Reset the default Splunk password 24 | * Copy custom configuration files (authentication.conf, web.conf, authorize.conf, ui-prefs.conf, alert_actions.conf) 25 | * Copy custom certs for Splunk Web 26 | * Add nodes to the License Master 27 | * Restart Splunk 28 | * Install packages to enable Cloudwatch metrics 29 | * Configure the Cluster Master with a replication factor of 3 and search factor of 2 then restart Splunk on the instance 30 | * Add the Search Heads to the cluster, then restart Splunk on them 31 | * Add the Peer Nodes to the cluster 32 | * Partition and mount the Peer node volumes 33 | * Disable Splunk web on the Peer Nodes 34 | 35 | By the time this playbook completes you'll have a working Splunk cluster. 36 | 37 | ##Future 38 | 39 | There's a few things I'm looking to do to make this playbook more re-usable, namely: 40 | 41 | * Increase the idempotency 42 | * Make the peer node role more dynamic to various instance sizes. As it, it works best with i2.2xlarge instances 43 | * Consolidate all variables to a single master file 44 | 45 | ##Contributing 46 | 47 | I can't say this enough, Pull Requests are very much welcomed. Hope this playbook helps others as much as it helps me. If you have any feedback on ways to improve it, I'm all ears. Submit an Issue if something doesn't work as advertised. 48 | 49 | alan 50 | 51 | 52 | 53 | 54 | 55 | -------------------------------------------------------------------------------- /roles/cluster-master/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This role contains plays to install and configure the Cluster Master 3 | 4 | - name: Check if clustering is enabled 5 | command: runuser -l splunk -c "/opt/splunk/bin/splunk list cluster-peers -auth admin:{{ new_pass }}" 6 | register: cluster_master_clustering_enabled 7 | ignore_errors: True 8 | 9 | - name: Enable Cluster Master 10 | command: runuser -l splunk -c "splunk edit cluster-config -mode master -replication_factor 3 -search_factor 2 -secret {{ replication_key }}" 11 | when: cluster_master_clustering_enabled|failed 12 | register: cluster_master_configure 13 | 14 | - name: Restart Cluster Master 15 | command: runuser -l splunk -c "splunk restart" 16 | when: cluster_master_clustering_enabled|failed 17 | -------------------------------------------------------------------------------- /roles/common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This role contains common plays that will run on all nodes. 3 | 4 | - name: Upgrade all packages 5 | yum: name=* state=latest 6 | 7 | - name: Create security update cron job 8 | action: cron name="yum security update" weekday=* minute=5 hour=23 user="root" job="/usr/bin/yum --security -y update" state=present 9 | -------------------------------------------------------------------------------- /roles/deployment-server/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This role contains plays to configure the Deployment Server 3 | 4 | -------------------------------------------------------------------------------- /roles/license-master/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This role contains plays to configure the License Master 3 | 4 | - name: Create license folder 5 | file: path=/opt/splunk/licenses state=directory owner=splunk group=splunk mode=744 6 | 7 | - name: Download license key from S3 8 | s3: bucket={{ splunk-config-bucket }} object=/licenses/splunk.license dest=/opt/splunk/licenses/splunk.license mode=get 9 | 10 | - name: Install license key 11 | command: runuser -l splunk -c "/opt/splunk/bin/splunk add licenses /opt/splunk/licenses/splunk.license" 12 | ignore_errors: True 13 | 14 | - name: Restart Splunk 15 | command: runuser -l splunk -c "splunk restart" 16 | 17 | -------------------------------------------------------------------------------- /roles/license-master/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # S3 bucket name containing Splunk licenses and configs 3 | splunk-config-bucket: 4 | -------------------------------------------------------------------------------- /roles/peer-nodes/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This role contains plays to install and configure the Peer Nodes 3 | 4 | - name: Check if clustering is enabled 5 | command: runuser -l splunk -c "/opt/splunk/bin/splunk list cluster-peers -auth admin:{{ new_pass }}" 6 | register: peer_nodes_clustering_enabled 7 | ignore_errors: True 8 | 9 | - name: Enable Peer Nodes 10 | command: runuser -l splunk -c "splunk edit cluster-config -mode slave -master_uri https://{{ splunk_cluster_master_ip }}:8089 -replication_port 9887 -secret {{ replication_key }}" 11 | when: peer_nodes_clustering_enabled|failed 12 | register: peer_nodes_cluster_configure 13 | 14 | - name: Check if Splunk data volume exists 15 | mount: name=/opt/splunk/data src=/dev/md127 fstype=ext4 state=mounted 16 | register: splunk_volume_exists 17 | ignore_errors: True 18 | 19 | - name: Gather EC2 facts 20 | action: ec2_facts 21 | 22 | #- name: Prewarm EBS volume1 23 | # command: dd if=/dev/zero of=/dev/sdf bs=1M 24 | # when: splunk_volume_exists|failed 25 | # ignore_errors: True 26 | 27 | #- name: Prewarm EBS volume2 28 | # command: dd if=/dev/zero of=/dev/sdg bs=1M 29 | # when: splunk_volume_exists|failed 30 | # ignore_errors: True 31 | 32 | - name: Partition 90% of disk0 for use 33 | shell: (echo n; echo p; echo 1; echo 2048; echo +720G; echo w) | fdisk /dev/xvdb 34 | when: splunk_volume_exists|failed 35 | 36 | - name: Partition 90% of disk1 for use 37 | shell: (echo n; echo p; echo 1; echo 2048; echo +720G; echo w) | fdisk /dev/xvdc 38 | when: splunk_volume_exists|failed 39 | 40 | - name: Create RAID 0 device 41 | command: mdadm --create --verbose /dev/md127 --level=stripe --raid-devices=2 /dev/xvdb1 /dev/xvdc1 42 | when: splunk_volume_exists|failed 43 | 44 | - name: Create filesystem 45 | filesystem: fstype=ext4 dev=/dev/md127 46 | when: splunk_volume_exists|failed 47 | 48 | - name: Create data directory 49 | command: runuser -l splunk -c "mkdir -p /opt/splunk/data" 50 | when: splunk_volume_exists|failed 51 | 52 | - name: Mount volume 53 | mount: name=/opt/splunk/data src=/dev/md127 fstype=ext4 state=mounted 54 | when: splunk_volume_exists|failed 55 | 56 | - name: Set default data store 57 | command: runuser -l splunk -c "splunk set datastore-dir /opt/splunk/data -auth admin:{{ new_pass }}" 58 | 59 | - name: Change permissions of data mount point 60 | command: chown -R splunk.splunk /opt/splunk/data 61 | 62 | - name: Disable splunkweb 63 | command: runuser -l splunk -c "splunk disable webserver -auth admin:{{ new_pass }}" 64 | 65 | - name: Restart Peer Nodes 66 | command: runuser -l splunk -c "splunk restart" 67 | when: peer_nodes_cluster_configure|success 68 | -------------------------------------------------------------------------------- /roles/peer-nodes/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # IP address of the cluster master 3 | splunk_cluster_master_ip: 4 | -------------------------------------------------------------------------------- /roles/search-heads/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This role contains plays to install and configure the Search Heads 3 | 4 | - name: Check if clustering is enabled 5 | command: runuser -l splunk -c "/opt/splunk/bin/splunk list cluster-peers -auth admin:{{ new_pass }}" 6 | register: search_head_clustering_enabled 7 | ignore_errors: True 8 | 9 | - name: Enable Search Heads 10 | command: runuser -l splunk -c "/opt/splunk/bin/splunk edit cluster-config -mode searchhead -master_uri https://{{ splunk_cluster_master_ip }}:8089 -secret {{ replication_key }}" 11 | when: search_head_clustering_enabled|failed 12 | register: search_head_cluster_configure 13 | 14 | - name: Restart Search Heads 15 | command: runuser -l splunk -c "splunk restart" 16 | 17 | - name: Install nfs-utils 18 | yum: name={{ item }} state=present 19 | with_items: 20 | - nfs-utils 21 | -------------------------------------------------------------------------------- /roles/search-heads/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # IP address of the cluster master 3 | splunk_cluster_master_ip: 4 | -------------------------------------------------------------------------------- /roles/splunk-base/files/config_splunk_inputs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -v 2 | 3 | # Set environment variables 4 | export SPLUNK_HOST_NAME=`curl http://169.254.169.254/latest/meta-data/instance-id` 5 | export SPLUNK_HOME=/opt/splunk 6 | 7 | # Configure Splunk inputs.conf 8 | echo [default] > $SPLUNK_HOME/etc/system/local/inputs.conf 9 | echo host=$SPLUNK_HOST_NAME >> $SPLUNK_HOME/etc/system/local/inputs.conf 10 | chown splunk.splunk $SPLUNK_HOME/etc/system/local/inputs.conf 11 | -------------------------------------------------------------------------------- /roles/splunk-base/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alanwill/ansible-splunk/847d786242e3bca7045b71f4a7d65b02e8079e92/roles/splunk-base/handlers/main.yml -------------------------------------------------------------------------------- /roles/splunk-base/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This role contains plays to install and configure the base splunk instance 3 | 4 | - set_fact: new_password={{ new_pass }} 5 | - set_fact: current_password={{ current_pass }} 6 | - set_fact: ldap_password={{ ldap_pass }} 7 | 8 | - name: Update hostname in /etc/sysconfig/network 9 | shell: sed -i "/HOSTNAME=localhost.localdomain/ c\\HOSTNAME=`curl http://169.254.169.254/latest/meta-data/instance-id`.{{ splunk_host_domain }}" /etc/sysconfig/network 10 | 11 | - name: Dynamically change hostname 12 | shell: "hostname `curl http://169.254.169.254/latest/meta-data/instance-id`.{{ splunk_host_domain }}" 13 | 14 | - name: Install the GPG key for Splunk 15 | rpm_key: state=present key={{ splunk_pgp_public_key }} 16 | 17 | - name: Check if Splunk is already installed 18 | yum: name=splunk state=present 19 | register: splunk_installed_result 20 | ignore_errors: True 21 | 22 | - name: Check if Splunk is running 23 | shell: /opt/splunk/bin/splunk status 24 | register: splunk_running 25 | ignore_errors: True 26 | 27 | - name: Download Splunk server binary 28 | get_url: dest=/home/ec2-user url={{ splunk_binary_url }} sha256sum={{ splunk_binary_sha256sum }} 29 | when: splunk_installed_result|failed 30 | 31 | - name: Check that Splunk installer binary exists 32 | stat: path=/home/ec2-user/{{ splunk_binary_file }} 33 | register: splunk_installer_present 34 | 35 | - name: Install Splunk server binary 36 | yum: pkg=/home/ec2-user/{{ splunk_binary_file }} state=installed 37 | when: splunk_installer_present.stat.exists == true 38 | 39 | - name: Clean up RPM file 40 | shell: rm -rf /home/ec2-user/{{ splunk_binary_file }} 41 | when: splunk_installer_present.stat.exists == true 42 | 43 | - name: Copy scripts to run 44 | copy: src="{{ item }}" dest="/home/ec2-user/{{ item }}" mode=755 45 | with_items: 46 | - config_splunk_inputs.sh 47 | when: splunk_running|failed 48 | 49 | - name: Execute config_splunk_inputs.sh script 50 | shell: /home/ec2-user/config_splunk_inputs.sh 51 | when: splunk_running|failed 52 | 53 | - name: Clean up shell file 54 | command: rm -rf /home/ec2-user/config_splunk_inputs.sh 55 | 56 | - name: Start Splunk for the first time 57 | command: /bin/su --shell=/bin/bash --session-command="/opt/splunk/bin/splunk start --accept-license" splunk 58 | when: splunk_running|failed 59 | 60 | - name: Enable Splunk to auto-start on boot 61 | command: /bin/su --shell=/bin/bash --session-command="/opt/splunk/bin/splunk enable boot-start -user splunk" 62 | when: splunk_running|failed 63 | 64 | - name: Set appropriate file ACLs for /var/log 65 | command: /usr/bin/setfacl -m "u:splunk:r-x" /var/log 66 | command: /usr/bin/setfacl -m "u:splunk:r--" /var/log/* 67 | command: /usr/bin/setfacl -m d:user:splunk:r /var/log 68 | 69 | - name: Reset Splunk password 70 | command: runuser -l splunk -c "/opt/splunk/bin/splunk edit user admin -password '{{ new_password }}' -role admin -auth admin:{{ current_password }}" 71 | ignore_errors: True 72 | 73 | - name: Copy Splunk conf files 74 | copy: src="{{ item }}" dest="/opt/splunk/etc/system/local/{{ item }}" mode=600 owner=splunk group=splunk 75 | with_items: 76 | - authentication.conf 77 | - web.conf 78 | - authorize.conf 79 | - ui-prefs.conf 80 | - alert_actions.conf 81 | 82 | - name: Creates cert directory 83 | file: path=/opt/splunk/etc/auth/{{ company }} state=directory owner=splunk group=splunk mode=744 84 | 85 | - name: Copy splunkweb cert and key 86 | copy: src="{{ item }}" dest="/opt/splunk/etc/auth/{{ company }}/{{ item }}" mode=400 owner=splunk group=splunk 87 | with_items: 88 | - SplunkWebCert.pem 89 | - SplunkWebPrivateKey.key 90 | 91 | - name: Decrypt splunkweb cert 92 | command: openssl aes-256-cbc -salt -a -d -in /opt/splunk/etc/auth/{{ company }}/{{ item }} 93 | -out /opt/splunk/etc/auth/{{ company }}/decrypted.pem -k {{ cert_decryption_password }} 94 | creates=/opt/splunk/etc/auth/{{ company }}/decrypted.pem 95 | with_items: 96 | - SplunkWebCert.pem 97 | 98 | - name: Decrypt splunkweb key 99 | command: openssl aes-256-cbc -salt -a -d -in /opt/splunk/etc/auth/{{ company }}/{{ item }} 100 | -out /opt/splunk/etc/auth/{{ company }}/decrypted.key -k {{ cert_decryption_password }} 101 | creates=/opt/splunk/etc/auth/{{ company }}/decrypted.key 102 | with_items: 103 | - SplunkWebPrivateKey.key 104 | 105 | - name: Rename the decrypted cert 106 | command: mv /opt/splunk/etc/auth/{{ company }}/decrypted.pem /opt/splunk/etc/auth/{{ company }}/{{ item }} 107 | removes=/opt/splunk/etc/auth/{{ company }}/decrypted.pem 108 | with_items: 109 | - SplunkWebCert.pem 110 | 111 | - name: Rename the decrypted key 112 | command: mv /opt/splunk/etc/auth/{{ company }}/decrypted.key /opt/splunk/etc/auth/{{ company }}/{{ item }} 113 | removes=/opt/splunk/etc/auth/{{ company }}/decrypted.key 114 | with_items: 115 | - SplunkWebPrivateKey.key 116 | 117 | - name: Set configuration file permissions 118 | file: path=/opt/splunk/etc/system/local/authentication.conf state=file owner=splunk group=splunk mode=0600 119 | file: path=/opt/splunk/etc/system/local/web.conf state=file owner=splunk group=splunk mode=0600 120 | file: path=/opt/splunk/etc/system/local/authorize.conf state=file owner=splunk group=splunk mode=0600 121 | file: path=/opt/splunk/etc/system/local/ui-prefs.conf state=file owner=splunk group=splunk mode=0600 122 | file: path=/opt/splunk/etc/system/local/alert_actions.conf state=file owner=splunk group=splunk mode=0600 123 | 124 | - name: Set certificate file permissions 125 | file: path=/opt/splunk/etc/auth/{{ company }}/SplunkWebCert.pem state=file owner=splunk group=splunk mode=0400 126 | 127 | - name: Set key file permissions 128 | file: path=/opt/splunk/etc/auth/{{ company }}/SplunkWebPrivateKey.key state=file owner=splunk group=splunk mode=0400 129 | 130 | - name: Update LDAP password 131 | shell: sed -i 's/^bindDNpassword.*/bindDNpassword = {{ ldap_password }}/' /opt/splunk/etc/system/local/authentication.conf 132 | 133 | - name: Add nodes to license master 134 | command: runuser -l splunk -c "splunk edit licenser-localslave -master_uri 'https://{{ splunk_license_master }}:8089' -auth admin:{{ new_pass }}" 135 | ignore_errors: True 136 | 137 | - name: Restart Splunk 138 | command: runuser -l splunk -c "splunk restart" 139 | when: splunk_running|failed 140 | 141 | - name: Install packages for git, Splunk CPU usage reporting and Cloudwatch monitoring 142 | yum: name={{ item }} state=present 143 | with_items: 144 | - git 145 | - sysstat 146 | - yum-cron 147 | - perl-Switch 148 | - perl-Sys-Syslog 149 | - perl-LWP-Protocol-https 150 | 151 | -------------------------------------------------------------------------------- /roles/splunk-base/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variables here are applicable to all splunk installs 3 | 4 | # URL the the Splunk server rpm file, e.g. https://s3.amazonaws.com/yourbucket/splunk-6.1.3-220630-linux-2.6-x86_64.rpm 5 | splunk_binary_url: 6 | 7 | # The name of the Splunk rpm file, e.g. splunk-6.1.3-220630-linux-2.6-x86_64.rpm 8 | splunk_binary_file: 9 | 10 | # SHA256 of the Splunk rpm file above, e.g. c759e68dc39779b65fbd2ebc2b9e4d5509d1a1ca507f8bf4c2e489999df547da 11 | splunk_binary_sha256sum: 12 | 13 | # URL link Splunk's PGP public key, e.g. https://s3.amazonaws.com/yourbucket/splunk-pgp-public.key 14 | splunk_pgp_public_key: 15 | 16 | # Domain name for all Splunk components, e.g. yourcompany.com 17 | splunk_host_domain: 18 | 19 | # IP address of the License Master 20 | splunk_license_master: 21 | 22 | # Your company name, e.g. acme 23 | company: 24 | -------------------------------------------------------------------------------- /splunk-base.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Apply common configuration to all hosts (security and core services) 3 | - hosts: tag_app_splunk 4 | remote_user: ec2-user 5 | sudo: true 6 | 7 | roles: 8 | - common 9 | 10 | # Install and configure base Splunk components 11 | - hosts: tag_app_splunk 12 | remote_user: ec2-user 13 | sudo: true 14 | 15 | vars_files: 16 | - '../.splunk-secrets.yml' 17 | 18 | roles: 19 | - splunk-base 20 | -------------------------------------------------------------------------------- /splunk-site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook creates a Splunk 6.1 clustered deployment. 3 | 4 | # Apply common configuration to all hosts (security and core services) 5 | - hosts: tag_app_splunk 6 | remote_user: ec2-user 7 | sudo: true 8 | 9 | roles: 10 | - common 11 | 12 | # Install and configure base Splunk components 13 | - hosts: tag_app_splunk 14 | remote_user: ec2-user 15 | sudo: true 16 | 17 | vars_files: 18 | - '../.splunk-secrets.yml' 19 | 20 | roles: 21 | - splunk-base 22 | 23 | # Configure the License Master 24 | - hosts: tag_Name_Splunk*License*Master 25 | remote_user: ec2-user 26 | sudo: true 27 | 28 | vars_files: 29 | - '../.splunk-secrets.yml' 30 | 31 | roles: 32 | - license-master 33 | 34 | # Install and configure Cluster Master 35 | - hosts: tag_Name_Splunk*Cluster*Master 36 | remote_user: ec2-user 37 | sudo: true 38 | 39 | vars_files: 40 | - '../.splunk-secrets.yml' 41 | 42 | roles: 43 | - cluster-master 44 | 45 | # Install and configure Peer Nodes 46 | - hosts: tag_Name_Splunk*Peer*Node 47 | remote_user: ec2-user 48 | sudo: true 49 | 50 | vars_files: 51 | - '../.splunk-secrets.yml' 52 | 53 | roles: 54 | - peer-nodes 55 | 56 | # Install and configure Search Heads 57 | - hosts: tag_Name_*Search*Head 58 | remote_user: ec2-user 59 | sudo: true 60 | 61 | vars_files: 62 | - '../.splunk-secrets.yml' 63 | 64 | roles: 65 | - search-heads 66 | 67 | 68 | # Install and configure Deployment Server 69 | #- hosts: tag_Name_Deployment* 70 | # remote_user: ec2-user 71 | # sudo: true 72 | # roles: 73 | # - splunk-base 74 | # - deployment-server 75 | 76 | # Install and configure License Master 77 | - hosts: tag_Name_License* 78 | remote_user: ec2-user 79 | sudo: true 80 | roles: 81 | - splunk-base 82 | - license-master 83 | --------------------------------------------------------------------------------