├── .fixtures.yml
├── .github
└── workflows
│ └── testing.yaml
├── CHANGELOG.md
├── Gemfile
├── LICENSE
├── README.md
├── Rakefile
├── TEST_COVERAGE.md
├── adfs_claim_rules_get_attrs.png
├── data
└── common.yaml
├── example1.png
├── example2.png
├── example3.png
├── example4.png
├── hiera.yaml
├── manifests
├── addsearchpeers.pp
├── authentication.pp
├── certs
│ ├── s2s.pp
│ └── web.pp
├── deploymentclient.pp
├── distsearch.pp
├── first_time_run.pp
├── init.pp
├── inputs.pp
├── installed.pp
├── limits.pp
├── loglocal.pp
├── mgmtport.pp
├── outputs.pp
├── params.pp
├── passwd.pp
├── secret.pp
├── server
│ ├── clustering.pp
│ ├── diskusage.pp
│ ├── forwarder.pp
│ ├── general.pp
│ ├── kvstore.pp
│ ├── license.pp
│ ├── shclustering.pp
│ └── ssl.pp
├── service.pp
├── splunk_launch.pp
└── web.pp
├── metadata.json
├── puppet_enterprise_add_splunk_class.png
├── spec
├── classes
│ └── init_spec.rb
├── fixtures
│ └── modules
│ │ └── splunk
│ │ ├── manifests
│ │ └── templates
└── spec_helper.rb
├── templates
├── log
│ └── log-local.cfg
├── puppet_common_auth_ldap_base
│ ├── local
│ │ ├── app.conf
│ │ └── authentication.conf
│ └── metadata
│ │ └── local.meta
├── puppet_common_auth_saml_base
│ ├── local
│ │ ├── app.conf
│ │ └── authentication.conf
│ └── metadata
│ │ └── local.meta
├── puppet_common_deploymentclient_base
│ ├── local
│ │ ├── app.conf
│ │ └── deploymentclient.conf
│ └── metadata
│ │ └── local.meta
├── puppet_common_diskusage_base
│ ├── local
│ │ └── server.conf
│ └── metadata
│ │ └── local.meta
├── puppet_common_kvstore_base
│ ├── local
│ │ ├── app.conf
│ │ └── server.conf
│ └── metadata
│ │ └── local.meta
├── puppet_common_license_client_base
│ ├── local
│ │ ├── app.conf
│ │ └── server.conf
│ └── metadata
│ │ └── local.meta
├── puppet_common_mgmtport_base
│ └── local
│ │ └── web.conf
├── puppet_common_mgmtport_disabled
│ └── local
│ │ └── server.conf
├── puppet_common_pass4symmkey_base
│ ├── local
│ │ ├── app.conf
│ │ └── server.conf
│ └── metadata
│ │ └── local.meta
├── puppet_common_ssl_base
│ ├── local
│ │ ├── app.conf
│ │ └── server.conf
│ └── metadata
│ │ └── local.meta
├── puppet_common_ssl_inputs
│ ├── local
│ │ ├── app.conf
│ │ └── inputs.conf
│ └── metadata
│ │ └── local.meta
├── puppet_common_ssl_outputs
│ ├── local
│ │ ├── app.conf
│ │ └── outputs.conf
│ └── metadata
│ │ └── local.meta
├── puppet_common_ssl_web_base
│ ├── local
│ │ ├── app.conf
│ │ └── web.conf
│ └── metadata
│ │ └── local.meta
├── puppet_common_thruput_base
│ ├── local
│ │ ├── app.conf
│ │ └── limits.conf
│ └── metadata
│ │ └── local.meta
├── puppet_forwarder_base
│ ├── local
│ │ └── server.conf
│ └── metadata
│ │ └── local.meta
├── puppet_indexer_cluster_forwarder_base
│ └── local
│ │ └── server.conf
├── puppet_indexer_cluster_master_base
│ ├── local
│ │ ├── app.conf
│ │ └── server.conf
│ └── metadata
│ │ └── local.meta
├── puppet_indexer_cluster_pass4symmkey_base
│ ├── local
│ │ ├── app.conf
│ │ └── server.conf
│ └── metadata
│ │ └── meta.local
├── puppet_indexer_cluster_searchhead_base
│ ├── local
│ │ ├── app.conf
│ │ └── server.conf
│ └── metadata
│ │ └── local.meta
├── puppet_indexer_cluster_slave_base
│ ├── local
│ │ ├── app.conf
│ │ └── server.conf
│ └── metadata
│ │ └── local.meta
├── puppet_indexer_indexes_base
│ ├── local
│ │ └── app.conf
│ └── metadata
│ │ └── local.meta
├── puppet_indexer_inputs
│ ├── local
│ │ └── app.conf
│ └── metadata
│ │ └── local.meta
├── puppet_indexer_volumes_base
│ ├── local
│ │ └── app.conf
│ └── metadata
│ │ └── local.meta
├── puppet_search_shcluster_base
│ ├── local
│ │ ├── app.conf
│ │ └── server.conf
│ └── metadata
│ │ └── local.meta
└── puppet_search_shcluster_pass4symmkey_base
│ ├── local
│ ├── app.conf
│ └── server.conf
│ └── metadata
│ └── meta.local
└── tests
└── init.pp
/.fixtures.yml:
--------------------------------------------------------------------------------
1 | ---
2 | fixtures:
3 | forge_modules:
4 | stdlib:
5 | repo: "puppetlabs/stdlib"
6 | ref: "3.2.0"
7 | augeas_core:
8 | repo: "puppetlabs/augeas_core"
9 | ref: "1.0.5"
10 |
--------------------------------------------------------------------------------
/.github/workflows/testing.yaml:
--------------------------------------------------------------------------------
1 | name: Puppet-Splunk
2 |
3 | on:
4 | push:
5 | branches: "*"
6 | pull_request:
7 | branches: "*"
8 |
9 | jobs:
10 | build:
11 | strategy:
12 | matrix:
13 | os: ["ubuntu-20.04"]
14 | puppet_version: ["3.8.7", "4.10.12", "5.5.22", "6.27.0", "7.17.0"]
15 | include:
16 | - puppet_version: "3.8.7"
17 | ruby: "1.9"
18 | - puppet_version: "4.10.12"
19 | ruby: "2.1"
20 | - puppet_version: "5.5.22"
21 | ruby: "2.4"
22 | - puppet_version: "6.27.0"
23 | ruby: "2.5"
24 | - puppet_version: "7.17.0"
25 | ruby: "2.7"
26 |
27 | runs-on: ${{ matrix.os }}
28 | env:
29 | PUPPET_GEM_VERSION: ~> ${{ matrix.puppet_version}}
30 | steps:
31 | - name: Checkout
32 | uses: actions/checkout@v2
33 | - name: Install Ruby
34 | uses: ruby/setup-ruby@v1
35 | with:
36 | ruby-version: ${{ matrix.ruby }}
37 | - name: Bundle
38 | run: |
39 | bundle config set system 'true'
40 | bundle update --jobs 4 --retry 3
41 | - name: Unit tests
42 | run: bundle exec rake test
43 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ### 3.14.0
2 |
3 | - Added support for parallelIngestionPipelines
4 | - Clarified use of UF site affinity in documentation example 10
5 | - Updated testing to verify Puppet 7.x compatibility
6 |
7 | ### 3.13.2
8 |
9 | - Set hiera merge behaviour for splunk::auth
10 |
11 | ### 3.13.1
12 |
13 | - Set hiera merge behaviour for splunk::admin
14 | - Update testing to verify Puppet 6.x compatibility
15 |
16 | ### 3.13.0
17 |
18 | - Add service[managed] option to disable managing of the Splunk service
19 | - Add ldap_port option
20 |
21 | ### 3.12.4
22 |
23 | - Fix missing $ in $package_source variable
24 |
25 | ### 3.12.3
26 |
27 | - Fix for splunk_os_user not being honored if set
28 |
29 | ### 3.12.2
30 |
31 | - Fixed multisite examples
32 | - Updated docs: Puppet Enterprise JSON values in docs
33 |
34 | ### 3.12.1
35 |
36 | - Updated docs: link to Splunk demo of this module on conf2017
37 |
38 | ### 3.12.0
39 |
40 | - Added option to also use Puppet certs for Splunkweb
41 |
42 | ### 3.11.0
43 |
44 | - Added pool_suggestion parameter
45 |
46 | ### 3.10.2
47 |
48 | - Improved searchpeer documentation and error handling
49 |
50 | ### 3.10.1
51 |
52 | - Added SAML parameters to configure Search Head Clustering with ADFS
53 | - Removed attribute query from ADFS config
54 |
55 | ### 3.10.0
56 |
57 | - Added ADFS troubleshooting
58 | - Changed defaults to require signing outgoing requests, and receiving signed responses
59 |
60 | ### 3.9.3
61 |
62 | - Fixed authentication.conf template spacing issue causing restart loopt when notifying an Exec
63 |
64 | ### 3.9.2
65 |
66 | - Added section to configure Splunk class in Puppet Enterprise web interface
67 | - Removed documentation reference to unimplemented splunk_home parameter
68 | - Fixed server.conf template spacing issue causing restart loops when notifying an Exec
69 |
70 | ### 3.9.1
71 |
72 | - Fixed issue where splunk first time run would happen before install
73 |
74 | ### 3.9.0
75 |
76 | - Add setting to control maxKBps in limits.conf
77 | - Add setting to control sslpassword plaintext or hashed
78 | - Add setting to control sslverifyservercert for outputs and splunkd
79 |
80 | ### 3.8.0
81 |
82 | - Add settings to control maxfilesize and rotation in log-local.cfg
83 |
84 | ### 3.7.0
85 |
86 | - Add setting to control splunk.secret. (Issue #18)
87 | - Add setting to control mgmtHostPort or disable the default Splunk management port (8089/tcp) entirely, e.g. on Universal Forwarders
88 | - Add setting to control SPLUNK_DB. (Issue #5)
89 | - Add additional LDAP authentication fields. (Issue #8)
90 |
91 | ### 3.6.0
92 |
93 | - Add settings to allow forwarders to fail over between indexers in multiple sites.
94 |
95 | ### 3.5.0
96 |
97 | - Added the optional 'nestedGroups' setting for LDAP authentication.
98 |
99 | ### 3.4.3
100 |
101 | - Added explicit error when using indexer_discovery without setting cm
102 |
103 | ### 3.4.2
104 |
105 | - Fixed service status confusion (Issue #16)
106 |
107 | ### 3.4.1
108 |
109 | - Added package_source for Linux in repository-less environments
110 | - Perform first-time-run after an upgrade
111 | - Fix boot-start for older Splunk UF versions
112 | - Add ssl3 to intermediate_compatibility due to SPL-141961 and SPL-141964
113 |
114 | ### 3.4.0
115 |
116 | - Added indexer discovery
117 |
118 | ### 3.3.0
119 |
120 | - Added requireclientcert
121 | - Successfully verified compatibility with Puppet 5.0.0 (Ruby 2.4) through Travis
122 |
123 | ### 3.2.0
124 |
125 | - Added support for Windows
126 |
127 | ### 3.1.3
128 |
129 | - Fixed typo in ds_intermediate parameter (Issue #11)
130 | - Added forgotten ecdhcurvename_intermediate parameter (Issue #11)
131 | - Removed obsolete use_certs parameter (Issue #11)
132 | - Added TEST_COVERAGE.md
133 |
134 | ### 3.1.2
135 |
136 | - Fixed forgotten repositorylocation (issue #9)
137 | - Added instructions to generate SHA512 password hashes (Issue #10)
138 | - Updated arrows to follow Puppet style guide
139 |
140 | ### 3.1.1
141 |
142 | - Fixed typo in Puppet SSL directory pathname
143 |
144 | ### 3.1.0
145 |
146 | - Added minfreespace parameter
147 | - Fixed metadata.json
148 | - Fixed hardcoded ecdhcurve
149 |
150 | ### 3.0.2
151 |
152 | - Changed curve to secp384r1 to support Chrome
153 | - Added AES256-GCM-SHA384 to cipherlist because mongod doesn't support curves and fails client helo's from Splunk. These failures appeared with Splunk 6.5.x
154 |
155 | ### 3.0.1
156 |
157 | - Fixed failing ca.crt reuse from open-source Puppet
158 |
159 | ### 3.0.0
160 |
161 | - Added support for multisite indexer clustering
162 | - Added replication_port parameter to configure index cluster replication port.
163 | - Moved useACK paramter to use_ack due to [Puppet stricter language check](https://docs.puppet.com/puppet/latest/reference/lang_reserved.html#parameters)
164 |
165 | ### 2.1.2
166 |
167 | - Improved SAML support and updated settings for Splunk 6.4 and Splunk 6.5
168 |
169 | ### 2.1.1
170 |
171 | - Improved search head clustering (SHC) support: Puppet now only places the initial SHC node configuration, and won't touch it afterwards. This allows the SH deployer to take over after initial configuration. A staging SHC instance is no longer necessary.
172 | - Improved search head clustering (SHC) support: `splunk init shcluster` is no longer necessary, only `splunk bootstrap shcluster-captain`
173 |
174 | ### 2.1.0
175 |
176 | - Added search head clustering (SHC) support, although only useful for staging purposes due to the overruling nature of the search head deployer (SHD)
177 | - Added support to reuse Puppet certs from /etc/puppetlabs/puppet/ssl whenever commercial Puppet is used.
178 |
179 | ### 2.0.0
180 |
181 | - Moved Splunk configuration out of etc/system/local to individual Splunk config apps
182 | - Add LDAP authentication support
183 |
184 | ### 1.0.9
185 |
186 | - Added phonehomeintervalinsec parameter to configure phoneHomeIntervalInSec for the deploymentclient
187 |
188 | ### 1.0.8
189 |
190 | - Improved adding search peers
191 | - Added class containment, to properly support `require =>` from other resources or classes. This add a dependency on puppetlabs-stdlib.
192 |
193 | ### 1.0.7
194 |
195 | - Added rpsec tests
196 | - Added github->travis-ci integration
197 | - Fixed issues for Puppet 2.7
198 |
199 | ### 1.0.6
200 |
201 | - Add SAML authentication support through ADFS as IdP
202 |
203 | ### 1.0.5
204 |
205 | - Specify IP to bind to
206 |
207 | ### 1.0.4
208 |
209 | - Optionally specify Splunk version to install
210 | - Merged PR #1 from @timidri
211 |
212 | ### 1.0.3
213 |
214 | - Added `ds_intermediate` parameter to create a deployment server that can deploy apps from an another upstream deployment server.
215 |
216 | ### 1.0.2
217 |
218 | - Added `use_ack` parameter to manage indexer acknowledgement
219 | - Updated README with Debian / Ubuntu prerequisites.
220 |
221 | ### 1.0.1
222 |
223 | - Added `service` parameter to manage start and running state of the Splunk or Splunkforwarder service.
224 |
225 | ### 1.0.0
226 |
227 | Initial release:
228 |
229 | - License master
230 | - Splunk web
231 | - Standalone search head
232 | - KVstore
233 | - Standalone indexer
234 | - Deployment server
235 | - Deployment client
236 | - Distributed search
237 | - Forwarding with load-balancing
238 | - Data input with SSL
239 | - Index clustering: cluster master
240 | - Index clustering: cluster peer
241 | - Index clustering: search head
242 |
--------------------------------------------------------------------------------
/Gemfile:
--------------------------------------------------------------------------------
1 | source 'https://rubygems.org'
2 |
3 | if puppetversion = ENV['PUPPET_GEM_VERSION']
4 | gem 'puppet', puppetversion, :require => false
5 | else
6 | gem 'puppet', '3.7.5'
7 | end
8 |
9 | # json > v2.0 requires ruby>2.0
10 | if RUBY_VERSION >= '1.9' and RUBY_VERSION < '2.0'
11 | gem 'fast_gettext', '~> 1.1.0'
12 | gem 'metadata-json-lint', '~> 1.1.0'
13 | gem 'rspec', '~> 2.0'
14 | gem 'rake', '~> 10.4.2'
15 | gem 'puppet-lint', '~> 1.1.0'
16 | gem 'puppet-syntax', '~> 2.0.0'
17 | gem 'facter', '~> 2.4.4'
18 | gem 'puppetlabs_spec_helper', '~> 1.0.0'
19 | gem 'json', '~> 1.8.3'
20 | gem 'json_pure', '~> 1.8.3'
21 | gem 'rspec-puppet', '~> 2.5.0'
22 | end
23 |
24 | if RUBY_VERSION >= '2.0' and RUBY_VERSION < '2.1'
25 | gem 'fast_gettext', '~> 1.1.0'
26 | gem 'metadata-json-lint'
27 | gem 'puppet-syntax'
28 | gem 'puppetlabs_spec_helper', '~> 2.15.0'
29 | gem 'puppet-lint'
30 | gem 'facter'
31 | gem 'rspec-puppet', '~> 2.5.0'
32 | end
33 |
34 | if RUBY_VERSION >= '2.1' and RUBY_VERSION < '2.5'
35 | gem 'metadata-json-lint'
36 | gem 'puppet-syntax'
37 | gem 'puppetlabs_spec_helper', '~> 2.15.0'
38 | gem 'puppet-lint'
39 | gem 'facter'
40 | gem 'rspec-puppet', '~> 2.5.0'
41 | end
42 |
43 | if RUBY_VERSION >= '2.5' and RUBY_VERSION < '2.8'
44 | gem 'metadata-json-lint'
45 | gem 'puppet-syntax'
46 | gem 'puppetlabs_spec_helper'
47 | gem 'puppet-lint'
48 | gem 'facter'
49 | gem 'rspec-puppet', '~> 2.8.0'
50 | end
51 |
52 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2016-2022 Jorrit Folmer
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
23 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Splunk deployments with Puppet
2 |
3 | 
4 |
5 | This Puppet module deploys Splunk instances on Windows and Linux in simple, distributed or (multisite) clustered topologies. It is used in production by organisations large and small, but can also be used to quickly validate solution architectures. For example on a 2016 MacBook Pro, setting up a multisite indexer cluster, a cluster master, a search head cluster, a search head deployer, LDAP authentication, etc, takes less than an hour.
6 |
7 | Splunk demoed this module at the [Splunk .conf2017 breakout session](https://conf.splunk.com/sessions/2017-sessions.html#types=Breakout%20Session&loadall=204) "Automate All the Things! Moving Faster With Puppet and Splunk" beginning at the 29:42 mark.
8 |
9 | Project homepage is at [https://github.com/jorritfolmer/puppet-splunk](https://github.com/jorritfolmer/puppet-splunk)
10 |
11 | ## Prerequisites
12 |
13 | 1. A Puppet master
14 | 2. A repository with splunk and splunkforwarder packages. See "Setting up a Splunk repository" if you need help setting it up for Red Hat, Debian or Windows environments
15 |
16 | ## Installation
17 |
18 | 1. SSH to your Puppet master
19 | 2. `puppet module install jorritfolmer-splunk`
20 | 3. Create your Splunk topology, see below for examples.
21 |
22 | ## Quick-start
23 |
24 | Define a single standalone Splunk instance on Linux that you can use to index and search, for example with the trial license:
25 |
26 | 
27 |
28 | ```puppet
29 | node 'splunk-server.internal.corp.example' {
30 | class { 'splunk':
31 | httpport => 8000,
32 | kvstoreport => 8191,
33 | inputport => 9997,
34 | }
35 | }
36 | ```
37 |
38 | (The equivalent in Hiera YAML format:)
39 |
40 | ```yaml
41 | ---
42 | classes:
43 | - splunk
44 |
45 | splunk::httpport: 8000
46 | splunk::kvstoreport: 8191
47 | splunk::inputport: 9997
48 | ```
49 |
50 | Or define a single standalone Splunk instance on Windows with:
51 |
52 | ```puppet
53 | node 'splunk-server.internal.corp.example' {
54 | class { 'splunk':
55 | package_source => '//dc01/Company/splunk-6.6.1-aeae3fe0c5af-x64-release.msi',
56 | httpport => 8000,
57 | kvstoreport => 8191,
58 | inputport => 9997,
59 | }
60 | }
61 | ```
62 |
63 | (The equivalent in Hiera YAML format:)
64 |
65 | ```yaml
66 | ---
67 | classes:
68 | - splunk
69 |
70 | splunk::httpport: 8000
71 | splunk::kvstoreport: 8191
72 | splunk::inputport: 9997
73 | splunk::package_source: //dc01/Company/splunk-6.6.1-aeae3fe0c5af-x64-release.msi
74 | ```
75 |
76 | See the other examples below for more elaborate topologies.
77 |
78 | ## Usage
79 |
80 | By default, this module uses the Puppet client SSL key (4096 bits) and client certificates. By reusing the existing Puppet Certificate Authority, we don't have to set up a parallel CA.
81 |
82 | For quick testing in heterogeneous non-production environments you can revert to using the Splunk provides certs and CA with `reuse_puppet_certs => false`. Or you can point to your own key and certificates with `sslcertpath` and `sslrootcapath` if you are planning a zero-trust architecture.
83 |
84 | The Splunk module doesn't manage the state of the splunk service, except to configure Splunk or Splunkforwarder at boot time. Have a look at the `service` parameter if you want to do more or less management of the Splunk service by this module.
85 |
86 | ### Example 1:
87 |
88 | Define a single standalone Splunk instance that you can use to index and search, for example with the trial license.
89 | This time use the Splunk provided non-production testing certificates instead of reusing the ones signed by the Puppet CA, for example for testing in heterogeneous environments with non-Puppetized Splunk forwarders.
90 |
91 | 
92 |
93 | ```puppet
94 | node 'splunk-server.internal.corp.example' {
95 | class { 'splunk':
96 | httpport => 8000,
97 | kvstoreport => 8191,
98 | inputport => 9997,
99 | reuse_puppet_certs => false,
100 | sslcertpath => 'server.pem',
101 | sslrootcapath => 'cacert.pem',
102 | sslpassword => 'password',
103 | }
104 | }
105 | ```
106 |
107 | To define a standalone Splunk instance running on Windows:
108 |
109 | ```puppet
110 | node 'splunk-server.internal.corp.example' {
111 | class { 'splunk':
112 | package_source => '//dc01/Company/splunk-6.6.1-aeae3fe0c5af-x64-release.msi',
113 | httpport => 8000,
114 | kvstoreport => 8191,
115 | inputport => 9997,
116 | reuse_puppet_certs => false,
117 | sslcertpath => 'server.pem',
118 | sslrootcapath => 'cacert.pem',
119 | sslpassword => 'password',
120 | }
121 | }
122 | ```
123 |
124 | ### Example 2a:
125 |
126 | Extends the example above with a node that will run the Splunk universal forwarder. It uses the first server as Deployment Server (`ds =>`) where apps, inputs and outputs can be managed and deployed through Forwarder Management.
127 |
128 | 
129 |
130 | ```puppet
131 | node 'splunk-server.internal.corp.example' {
132 | class { 'splunk':
133 | httpport => 8000,
134 | kvstoreport => 8191,
135 | inputport => 9997,
136 | }
137 | }
138 |
139 | node 'some-server.internal.corp.example' {
140 | class { 'splunk':
141 | type => 'uf',
142 | ds => 'splunk-server.internal.corp.example:8089',
143 | }
144 | }
145 | ```
146 |
147 | The equivalent for Windows environments:
148 |
149 | ```puppet
150 | node 'splunk-server.internal.corp.example' {
151 | class { 'splunk':
152 | package_source => '//dc01/Company/splunk-6.6.1-aeae3fe0c5af-x64-release.msi',
153 | httpport => 8000,
154 | kvstoreport => 8191,
155 | inputport => 9997,
156 | }
157 | }
158 |
159 | node 'some-server.internal.corp.example' {
160 | class { 'splunk':
161 | package_source => '//dc01/Company/splunkforwarder-6.6.1-aeae3fe0c5af-x64-release.msi',
162 | type => 'uf',
163 | ds => 'splunk-server.internal.corp.example:8089',
164 | }
165 | }
166 | ```
167 |
168 | ### Example 2b:
169 |
170 | Almost identical to example 2a, except with some SSL downgrading, not suitable for production.
171 | This will allow non-Puppetized Splunk clients to connect to the various services since the default Splunk config isn't compatible with SSL modern compability. Setting the deployment server to intermediate compatibility will allow these clients to make the initial connection, after which you can deploy a common_ssl_base config app to them with modern ssl compatibility.
172 | The manifest below will also use the Splunk provided non-production certificates, instead of the ones signed by the Puppet CA.
173 |
174 | 
175 |
176 | ```puppet
177 | node 'splunk-server.internal.corp.example' {
178 | class { 'splunk':
179 | httpport => 8000,
180 | kvstoreport => 8191,
181 | inputport => 9997,
182 | sslcompatibility => 'intermediate',
183 | reuse_puppet_certs => false,
184 | sslcertpath => 'server.pem',
185 | sslrootcapath => 'cacert.pem',
186 | sslpassword => 'password',
187 | }
188 | }
189 |
190 | node 'some-server.internal.corp.example' {
191 | class { 'splunk':
192 | type => 'uf',
193 | ds => 'splunk-server.internal.corp.example:8089',
194 | reuse_puppet_certs => false,
195 | sslcertpath => 'server.pem',
196 | sslrootcapath => 'cacert.pem',
197 | sslpassword => 'password',
198 | }
199 | }
200 | ```
201 |
202 | ### Example 3:
203 |
204 | This example deploys one deployment/license server, one search head, and two indexers.
205 | Note that for the search head to add the indexer as its search peer, the
206 | indexer needs to be running **before** the search head manifest is executed.
207 | This means that you'll have to manage intra-node dependencies manually or
208 | through an orchestration tool like Terraform or Ansible.
209 |
210 | 
211 |
212 | ```puppet
213 | node 'splunk-ds.internal.corp.example' {
214 | class { 'splunk':
215 | admin => {
216 | # Set the admin password to changemeagain
217 | hash => '$6$MR9IJFF7RBnVA.k1$/30EBSzy0EJKZ94SjHFIUHjQjO3/P/4tx0JmWCp/En47MJceaXsevhBLE2w/ibjHlAUkD6k0U.PmY/noe9Jok0',
218 | fn => 'Deployment Server Administrator',
219 | email => 'changemeagain@example.com',
220 | },
221 | # Enable the web server
222 | httpport => 8000,
223 | # Use the best-practice to forward all local events to the indexers
224 | tcpout => [
225 | 'splunk-idx1.internal.corp.example:9997',
226 | 'splunk-idx2.internal.corp.example:9997',
227 | ],
228 | service => {
229 | ensure => running,
230 | enable => true,
231 | },
232 | }
233 | }
234 |
235 | node 'splunk-sh.internal.corp.example' {
236 | class { 'splunk':
237 | admin => {
238 | # A plaintext password needed to be able to add search peers,
239 | # so also make sure the indexer you're pointing to is running,
240 | # you can remove this if everything is up and running:
241 | pass => 'changemeagain',
242 | hash => '$6$MR9IJFF7RBnVA.k1$/30EBSzy0EJKZ94SjHFIUHjQjO3/P/4tx0JmWCp/En47MJceaXsevhBLE2w/ibjHlAUkD6k0U.PmY/noe9Jok0',
243 | fn => 'Search head Administrator',
244 | email => 'changemeagain@example.com',
245 | },
246 | httpport => 8000,
247 | kvstoreport => 8191,
248 | # Use a License Master and Deployment Server
249 | lm => 'splunk-ds.internal.corp.example:8089',
250 | ds => 'splunk-ds.internal.corp.example:8089',
251 | tcpout => [
252 | 'splunk-idx1.internal.corp.example:9997',
253 | 'splunk-idx2.internal.corp.example:9997', ],
254 | # Use these search peers
255 | searchpeers => [
256 | 'splunk-idx1.internal.corp.example:8089',
257 | 'splunk-idx2.internal.corp.example:8089', ],
258 | # splunk must be running to be able add search peers,
259 | # you can remove this if everything is up and running:
260 | service => {
261 | ensure => running,
262 | enable => true,
263 | },
264 | }
265 | }
266 |
267 | node 'splunk-idx1.internal.corp.example', 'splunk-idx2.internal.corp.example' {
268 | class { 'splunk':
269 | admin => {
270 | hash => '$6$MR9IJFF7RBnVA.k1$/30EBSzy0EJKZ94SjHFIUHjQjO3/P/4tx0JmWCp/En47MJceaXsevhBLE2w/ibjHlAUkD6k0U.PmY/noe9Jok0',
271 | fn => 'Indexer Administrator',
272 | email => 'changemeagain@example.com',
273 | },
274 | inputport => 9997,
275 | lm => 'splunk-ds.internal.corp.example:8089',
276 | ds => 'splunk-ds.internal.corp.example:8089',
277 | # splunk must be running for it to be added as search peer,
278 | # you can remove this if everything is up and running
279 | service => {
280 | ensure => running,
281 | enable => true,
282 | }
283 | }
284 | }
285 | ```
286 |
287 | ### Example 4:
288 |
289 | A Splunk indexer cluster consisting of one deployment/license/searchhead server, a cluster master, and three cluster peers.
290 | The cluster master also acts as license master.
291 |
292 | 
293 |
294 | ```puppet
295 | node 'splunk-sh.internal.corp.example' {
296 | class { 'splunk':
297 | admin => {
298 | hash => '$6$MR9IJFF7RBnVA.k1$/30EBSzy0EJKZ94SjHFIUHjQjO3/P/4tx0JmWCp/En47MJceaXsevhBLE2w/ibjHlAUkD6k0U.PmY/noe9Jok0',
299 | fn => 'Search Head Administrator',
300 | email => 'changemeagain@example.com',
301 | },
302 | httpport => 8000,
303 | kvstoreport => 8191,
304 | lm => 'splunk-cm.internal.corp.example:8089',
305 | tcpout => [ 'splunk-idx1.internal.corp.example:9997', 'splunk-idx2.internal.corp.example:9997', ],
306 | clustering => {
307 | mode => 'searchhead',
308 | cm => 'splunk-cm.internal.corp.example:8089',
309 | }
310 | }
311 | }
312 |
313 | node 'splunk-cm.internal.corp.example' {
314 | class { 'splunk':
315 | admin => {
316 | hash => '$6$MR9IJFF7RBnVA.k1$/30EBSzy0EJKZ94SjHFIUHjQjO3/P/4tx0JmWCp/En47MJceaXsevhBLE2w/ibjHlAUkD6k0U.PmY/noe9Jok0',
317 | fn => 'Cluster Master Administrator',
318 | email => 'changemeagain@example.com',
319 | },
320 | httpport => 8000,
321 | tcpout => [ 'splunk-idx1.internal.corp.example:9997', 'splunk-idx2.internal.corp.example:9997', ],
322 | clustering => {
323 | mode => 'master',
324 | replication_factor => 2,
325 | search_factor => 2,
326 | }
327 | }
328 | }
329 |
330 | node 'splunk-idx1.internal.corp.example',
331 | 'splunk-idx2.internal.corp.example',
332 | 'splunk-idx3.internal.corp.example' {
333 | class { 'splunk':
334 | admin => {
335 | hash => '$6$MR9IJFF7RBnVA.k1$/30EBSzy0EJKZ94SjHFIUHjQjO3/P/4tx0JmWCp/En47MJceaXsevhBLE2w/ibjHlAUkD6k0U.PmY/noe9Jok0',
336 | fn => 'Cluster Peer Administrator',
337 | email => 'changemeagain@example.com',
338 | },
339 | inputport => 9997,
340 | lm => 'splunk-cm.internal.corp.example:8089',
341 | clustering => {
342 | mode => 'slave',
343 | cm => 'splunk-cm.internal.corp.example:8089',
344 | }
345 | }
346 | }
347 | ```
348 |
349 | ### Example 5
350 |
351 | This snippet enables Single Sign-On on the Search Head through Active Directory Federation Services (ADFS) as an Identity provider. See the chapter "Splunk with ADFS" for more details and troubleshooting.
352 |
353 | ```
354 | node 'splunk-sh.internal.corp.example' {
355 | class { 'splunk':
356 | ...
357 | auth => {
358 | authtype => 'SAML',
359 | saml_idptype => 'ADFS',
360 | saml_idpurl => 'https://sso.internal.corp.example/adfs/ls',
361 | },
362 | ...
363 | }
364 | }
365 | ```
366 |
367 | To enable ADFS SAML authentication in a Search Head Cluster, add fqdn and entityid parameters:
368 |
369 | ```
370 | node 'splunk-sh01.internal.corp.example' {
371 | class { 'splunk':
372 | ...
373 | auth => {
374 | authtype => 'SAML',
375 | saml_idptype => 'ADFS',
376 | saml_idpurl => 'https://sso.internal.corp.example/adfs/ls',
377 | saml_fqdn => 'https://splunk.internal.corp.example:8000',
378 | sqml_entityid => 'splunk.internal.corp.example',
379 | },
380 | ...
381 | }
382 | }
383 | ```
384 |
385 | ### Example 6
386 |
387 | This snippet enables LDAP authentication on a Search Head, e.g. with Active Directory. The example below also maps 2 groups in AD to Splunk admin, and 1 group to Splunk user.
388 |
389 | ```
390 | node 'splunk-sh.internal.corp.example' {
391 | class { 'splunk':
392 | ...
393 | auth => {
394 | authtype => 'LDAP',
395 | ldap_host => 'dc01.internal.corp.example',
396 | ldap_binddn => 'CN=Splunk Service Account,CN=Users,DC=corp,DC=example',
397 | ldap_binddnpassword => 'changeme',
398 | ldap_sslenabled => 0,
399 | ldap_userbasedn => 'CN=Users,DC=corp,DC=example',
400 | ldap_groupbasedn => 'CN=Users,DC=corp,DC=example;OU=Groups,DC=corp,DC=example',
401 | },
402 | rolemap => {
403 | 'admin' => 'Splunk Admins;Domain Admins',
404 | 'user' => 'Splunk Users',
405 | },
406 | ...
407 | }
408 | }
409 | ```
410 |
411 | ### Example 7
412 |
413 | Splunk search head clustering (SHC) not only requires configuration
414 | management, but also some orchestration to get it up and running.
415 |
416 | Since the SH Deployer also has an active role in configuration management, you
417 | will have to take some extra steps in the right order to prevent Puppet and SH
418 | deployer from interferring with each other.
419 |
420 | ```
421 | node 'splunk-sh1.internal.corp.example',
422 | 'splunk-sh2.internal.corp.example',
423 | 'splunk-sh3.internal.corp.example' {
424 | class { 'splunk':
425 | ...
426 | shclustering => {
427 | mode => 'searchhead',
428 | shd => 'splunk-shd.internal.corp.example:8089',
429 | pass4symmkey => 'SHCl33tsecret',
430 | label => 'My First SHC',
431 | },
432 | ...
433 | }
434 | }
435 |
436 | node 'splunk-shd.internal.corp.example' {
437 | class { 'splunk':
438 | ...
439 | shclustering => {
440 | mode => 'deployer',
441 | pass4symmkey => 'SHCl33tsecret',
442 | },
443 | ...
444 | }
445 | }
446 | ```
447 |
448 | Steps:
449 |
450 | 1. Do a puppet run on the SH deployer and SH cluster nodes, but don't start Splunk yet.
451 | 2. Copy the $SPLUNK_HOME/etc/apps/puppet_* directories created by Puppet from one of the Search Head Cluster nodes to etc/shcluster/apps/ on the Search Head Deployer
452 | 3. Disable Puppet on the Search Head Cluster nodes to prevent Puppet from interfering with the configuration bundle pushes from the Search Head Deployer.
453 | 3. Start the SH deployer and the SH cluster nodes
454 | 4. Do an apply shcluster-bundle on the Search Head Deployer
455 | 4. Perform a `splunk bootstrap shcluster-captain -servers_list "https://splunk-sh1.internal.corp.example:8089,https://splunk-sh2.internal.corp.example:8089,https://splunk-sh1.internal.corp.example:8089" -auth admin:changemeagain
456 |
457 | ### Example 8
458 |
459 | Configure a multisite cluster with 2 sites with 1 indexer each.
460 | Site 1 hosts splunk-cm and splunk-idx1. Site 2 hosts splunk-idx2.
461 |
462 | ```
463 | node 'splunk-cm.internal.corp.example' {
464 | class { 'splunk':
465 | admin => {
466 | hash => '$6$MR9IJFF7RBnVA.k1$/30EBSzy0EJKZ94SjHFIUHjQjO3/P/4tx0JmWCp/En47MJceaXsevhBLE2w/ibjHlAUkD6k0U.PmY/noe9Jok0',
467 | fn => 'Cluster Master Administrator',
468 | email => 'changemeagain@example.com',
469 | },
470 | httpport => 8000,
471 | tcpout => [ 'splunk-idx1.internal.corp.example:9997', 'splunk-idx2.internal.corp.example:9997', ],
472 | clustering => {
473 | mode => 'master',
474 | replication_factor => 2,
475 | search_factor => 2,
476 | thissite => 'site1',
477 | available_sites => 'site1,site2',
478 | site_replication_factor => 'origin:1, total:2',
479 | site_search_factor => 'origin:1, total:2',
480 | }
481 | }
482 | }
483 |
484 | node 'splunk-idx1.internal.corp.example' {
485 | class { 'splunk':
486 | admin => {
487 | hash => '$6$MR9IJFF7RBnVA.k1$/30EBSzy0EJKZ94SjHFIUHjQjO3/P/4tx0JmWCp/En47MJceaXsevhBLE2w/ibjHlAUkD6k0U.PmY/noe9Jok0',
488 | fn => 'Cluster Peer Administrator',
489 | email => 'changemeagain@example.com',
490 | },
491 | inputport => 9997,
492 | lm => 'splunk-cm.internal.corp.example:8089',
493 | clustering => {
494 | thissite => 'site1',
495 | mode => 'slave',
496 | cm => 'splunk-cm.internal.corp.example:8089',
497 | }
498 | }
499 | }
500 |
501 | node 'splunk-idx2.internal.corp.example' {
502 | class { 'splunk':
503 | admin => {
504 | hash => '$6$MR9IJFF7RBnVA.k1$/30EBSzy0EJKZ94SjHFIUHjQjO3/P/4tx0JmWCp/En47MJceaXsevhBLE2w/ibjHlAUkD6k0U.PmY/noe9Jok0',
505 | fn => 'Cluster Peer Administrator',
506 | email => 'changemeagain@example.com',
507 | },
508 | inputport => 9997,
509 | lm => 'splunk-cm.internal.corp.example:8089',
510 | clustering => {
511 | thissite => 'site2',
512 | mode => 'slave',
513 | cm => 'splunk-cm.internal.corp.example:8089',
514 | }
515 | }
516 | }
517 |
518 | ```
519 |
520 | ### Example 9
521 |
522 | Configure an index cluster with indexer discovery
523 |
524 | ```
525 | node 'splunk-cm.internal.corp.example' {
526 | class { 'splunk':
527 | admin => {
528 | hash => '$6$MR9IJFF7RBnVA.k1$/30EBSzy0EJKZ94SjHFIUHjQjO3/P/4tx0JmWCp/En47MJceaXsevhBLE2w/ibjHlAUkD6k0U.PmY/noe9Jok0',
529 | fn => 'Cluster Master Administrator',
530 | email => 'changemeagain@example.com',
531 | },
532 | httpport => 8000,
533 | tcpout => 'indexer_discovery',
534 | clustering => {
535 | mode => 'master',
536 | replication_factor => 2,
537 | search_factor => 2,
538 | indexer_discovery => true,
539 | }
540 | }
541 | }
542 |
543 | node 'splunk-idx1.internal.corp.example','splunk-idx2.internal.corp.example' {
544 | class { 'splunk':
545 | admin => {
546 | hash => '$6$MR9IJFF7RBnVA.k1$/30EBSzy0EJKZ94SjHFIUHjQjO3/P/4tx0JmWCp/En47MJceaXsevhBLE2w/ibjHlAUkD6k0U.PmY/noe9Jok0',
547 | fn => 'Cluster Peer Administrator',
548 | email => 'changemeagain@example.com',
549 | },
550 | inputport => 9997,
551 | lm => 'splunk-cm.internal.corp.example:8089',
552 | clustering => {
553 | mode => 'slave',
554 | cm => 'splunk-cm.internal.corp.example:8089',
555 | }
556 | }
557 | }
558 |
559 | node 'some-server.internal.corp.example' {
560 | class { 'splunk':
561 | type => 'uf',
562 | tcpout => 'indexer_discovery',
563 | clustering => {
564 | cm => 'splunk-cm.internal.corp.example:8089',
565 | }
566 | }
567 | }
568 | ```
569 |
570 | ### Example 10
571 |
572 | Configure a multisite cluster with 2 sites each containing 1 indexer and indexer discovery.
573 | Site 1 hosts splunk-cm and splunk-idx1. Site 2 hosts splunk-idx2.
574 | Site 1 hosts a Universal Forwarder.
575 |
576 | ```
577 | node 'splunk-cm.internal.corp.example' {
578 | class { 'splunk':
579 | admin => {
580 | hash => '$6$MR9IJFF7RBnVA.k1$/30EBSzy0EJKZ94SjHFIUHjQjO3/P/4tx0JmWCp/En47MJceaXsevhBLE2w/ibjHlAUkD6k0U.PmY/noe9Jok0',
581 | fn => 'Cluster Master Administrator',
582 | email => 'changemeagain@example.com',
583 | },
584 | httpport => 8000,
585 | tcpout => 'indexer_discovery',
586 | clustering => {
587 | mode => 'master',
588 | replication_factor => 2,
589 | search_factor => 2,
590 | thissite => 'site1',
591 | available_sites => 'site1,site2',
592 | site_replication_factor => 'origin:1, total:2',
593 | site_search_factor => 'origin:1, total:2',
594 | indexer_discovery => true,
595 | }
596 | }
597 | }
598 |
599 | node 'splunk-idx1.internal.corp.example' {
600 | class { 'splunk':
601 | admin => {
602 | hash => '$6$MR9IJFF7RBnVA.k1$/30EBSzy0EJKZ94SjHFIUHjQjO3/P/4tx0JmWCp/En47MJceaXsevhBLE2w/ibjHlAUkD6k0U.PmY/noe9Jok0',
603 | fn => 'Cluster Peer Administrator',
604 | email => 'changemeagain@example.com',
605 | },
606 | inputport => 9997,
607 | lm => 'splunk-cm.internal.corp.example:8089',
608 | clustering => {
609 | thissite => 'site1',
610 | mode => 'slave',
611 | cm => 'splunk-cm.internal.corp.example:8089',
612 | }
613 | }
614 | }
615 |
616 | node 'splunk-idx2.internal.corp.example' {
617 | class { 'splunk':
618 | admin => {
619 | hash => '$6$MR9IJFF7RBnVA.k1$/30EBSzy0EJKZ94SjHFIUHjQjO3/P/4tx0JmWCp/En47MJceaXsevhBLE2w/ibjHlAUkD6k0U.PmY/noe9Jok0',
620 | fn => 'Cluster Peer Administrator',
621 | email => 'changemeagain@example.com',
622 | },
623 | inputport => 9997,
624 | lm => 'splunk-cm.internal.corp.example:8089',
625 | clustering => {
626 | thissite => 'site2',
627 | mode => 'slave',
628 | cm => 'splunk-cm.internal.corp.example:8089',
629 | }
630 | }
631 | }
632 |
633 | node 'some-server.internal.corp.example' {
634 | class { 'splunk':
635 | type => 'uf',
636 | tcpout => 'indexer_discovery',
637 | clustering => {
638 | cm => 'splunk-cm.internal.corp.example:8089',
639 | mode => 'forwarder'
640 | thissite => 'site1'
641 | }
642 | }
643 | }
644 | ```
645 |
646 |
647 | ## Puppet Enterprise
648 |
649 | If you're using the Puppet Enterprise web interface, type "splunk" at the Add
650 | new class input and configure the parameters like httpport, inputport etc like
651 | in the screenshot below:
652 |
653 | 
654 |
655 | Structured parameters like admin, clustering, auth need to be specified in valid JSON. See the "Tips for specifying parameter and variable values" over at Puppet Enterprise docs: https://puppet.com/docs/pe/2018.1/managing_nodes/grouping_and_classifying_nodes.html#set-node-group-variables.
656 |
657 | One caveat: you cannot specify the admin hash in JSON due to the dollar signs in the SHA512 hash. Even though the PE docs mention you should escape $ to prevent variable interpolation, this doesn't seem to work for values in JSON.
658 |
659 | | Status | Statement | Reason
660 | |------|-----|-----
661 | | **Works** | `{"pass": "changemeagain"}` | Valid JSON
662 | | Doesn't work | `{'pass': 'changemeagain'}` | Invalid JSON
663 | | Doesn't work | `{pass: "changemeagain"}` | Invalid JSON
664 | | Doesn't work | `{pass= "changemeagain"}` | Invalid JSON
665 | | Doesn't work | `{"hash": "$6$MR9IJetc"}` | Valid JSON but $ causes variable interpolation
666 | | Doesn't work | `{"hash": "\$6\$MR9IJetc"}` | Valid JSON but escaped $ causes PE webgui to interfere
667 |
668 | If for one reason or another the PE web gui says "Converted to string" while you're entering JSON, you should assume your structured parameter to not be interpreted incorrectly.
669 |
670 | ## Splunk with ADFS
671 |
672 | ### Setup
673 |
674 | 1. Add a new Relying Party Trust in AD FS Management Console, by importing the XML from `https://splunk-sh.internal.corp.example/saml/spmetadata`. Since this metadata is kept behind a Splunk login, you'll have to:
675 |
676 | - first browse to `https://splunk-sh.internal.corp.example/account/login?loginType=Splunk`
677 | - then browse to `https://splunk-sh.internal.corp.example/saml/spmetadata`, and copy/paste the SAML metadata XML to the Windows server.
678 | - import the SAML metadata XML from the relying party (Splunk) from a file
679 |
680 | 1. Add a new claim rule to map Active Directory attributes to new claims
681 |
682 | 
683 |
684 | 1. Disable EncryptClaims on the ADFS side: Splunk only supports signed SAML responses: `Set-ADFSRelyingPartyTrust -TargetIdentifier splunk-sh1.internal.corp.example -EncryptClaims $False`
685 | 1. Disable SigningCertificateRevocationCheck on the ADFS side if you're using your own self signed certificates without CRL: `Set-ADFSRelyingPartyTrust -TargetIdentifier splunk-sh1.internal.corp.example -SigningCertificateRevocationCheck none`
686 |
687 | You can use the SAML tracer Firefox plugin to see what gets posted to Splunk via ADFS after a succesful authentication. The relevant part should look something like this:
688 |
689 | ```
690 | ...
691 |
692 | jfolmer@testlab.example
693 |
694 |
698 |
699 |
700 |
703 |
704 | host15.testlab.example
705 |
706 |
707 |
708 |
709 | Jorrit Folmer
710 |
711 |
712 | jfolmer@testlab.example
713 |
714 |
715 | Domain Users
716 | Splunk Admins
717 |
718 |
719 | ...
720 | ```
721 |
722 | ### ADFS troubleshooting
723 |
724 | Steps:
725 |
726 | 1. Get the ADFS relaying party trust settings from the ADFS server, e.g. through powershell: `Get-AdfsRelyingPartyTrust -Identifier host11.testlab.example`. Configuration settings to check:
727 | - SigningCertificateRevocationCheck: should be None for self-signed certs
728 | - EncryptClaims: should be $false because Splunk only supports signed claims
729 | - Identifier: should match the entityId in Splunk's authentication.conf
730 | - SignedSamlRequestsRequired: should be $true if you don't want your samlrequests to be man-in-the-middled
731 | - SignatureAlgorithm: should match the one in Splunk's authentication.conf, defaults to SHA-1, on ADFS defaults to SHA-256
732 | 2. Check the ADFS/Admin channel in the Windows Event Log for errors.
733 |
734 | The Splunk provided SPMetadata.xml only covers some parameters for a Relaying Party Trust. This means there is a possibility for settings between Splunk and ADFS to diverge. For example regarding hashing with SHA-1 or SHA-256, CRL checking, Claim encryption etc.
735 |
736 | Errors you may encounter with Splunk and ASFS 3.0 on Server 2012R2 or ADFS 4.0 on Server 2016:
737 |
738 | | Splunk | ADFS | Error | Solution
739 | |--------|------|-------|-----------
740 | | X | | IDP failed to authenticate request. Status Message="" Status Code="Responder" | Splunk received a "urn:oasis:names:tc:SAML:2.0:status:Responder" code in the SAML response. Check the AD FS/Admin event log channel on the AD FS server.
741 | | X | | The '/samlp:Response/saml:Assertion' field in the saml response from the IdP does not match the configuration. Ensure the configuration in Splunk matches the configuration in the IdP. | Disable EncryptClaims on the ADFS side. Splunk only supports signed SAML responses, non encrypted ones.
742 | | | X | SamlProtocolSignatureAlgorithmMismatchExeption: MSIS7093: The message is not signed with expected signature algorithm. Message is signed with signature algorithm http://www.w3.org/2000/09/xmldsig#rsa sha1. Expected signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256. | AD FS expects a SHA256 hash in the SAML request, but probably gets a SHA1 which is the Splunk default. Change the hash to SHA1 in the AD FS Relaying Trust properties -> Advanced. Or upgrade the `signatureAlgorithm` in Splunk's authentication.conf
743 | | | X | "An error occurred" with RequestFailedException: MSIS7065: There are no registered protocol handlers on path /adfs/ls to process the incoming request. | Don't use a private browser window
744 | | | X | "An error occurred" with AD FS / Admin / Event ID 364: Exception details: System.UriFormatException: Invalid URI: The format of the URI could not be determined. | There is a mismatch between the entityId as declared in Splunks authentication.conf and AD FS Relaying Party Identifier. They should be the same.
745 | | | X | Exception details: System.ArgumentOutOfRangeException: Not a valid Win32 FileTime. Parameter name: fileTime | Although the error message suggests time issues, this appears to happen only in some environments when a user logs in with the canonical domain name e.g. ad\user, instead of user@ad.corp.example or ad.corp.example\user. Authentication succeeds in all 3 cases, but only 2 without error.
746 | | | X | SamlProtocolSignatureVerificationException: MSIS7085: The server requires a signed SAML authentication request but no signature is present. | Splunk doesn't sign SAML requests but the IdP requires it.
747 | | | X | On logout "An error occurred" with AD FS / Admin / Event ID 364:System.ArgumentNullException: Value cannot be null. Parameter name: collection | This happens on ADFS 4.0 servers and is supposed to be fixed with a june 2017 Microsoft KB
748 | | | X | RevocationValidationException: MSIS3015: The signing certificate of the claims provider trust 'somehost' identified by thumbprint '33BC4ABFF11151559240DE9CA2C95C632C3E321B' is not valid | If you're using self-signed certificates disable signing certificate revocation checking
749 | | | X | System.NotSupportedException: ID6027: Enveloped Signature Transform cannot be the last transform in the chain. | Set Splunk to NOT sign outgoing SAML requests, and require ADFS to not require signed requests. This happened on older Splunk versions that sent malformed signatures.
750 | | X | | Verification of SAML assertion using the IDP's certificate provided failed. Unknown signer of SAML response | Splunk doesn't use the right certificate to validate SAML responses. Splunk should have the ADFS "Token signing certificate" to verify assertions. Specify this certificate in authentication.conf under `idpCertPath`
751 | | X | | The 'NotBefore' condition could not be verified successfully. The saml response is not valid. | Splunk received a SAML response with a NotBefore data in the future. Ensure NTP is deployed and working on all participating systems. If NTP is deployed but there is a small subsecond drift, you could also adjust the NotBeforeSkew setting with Powershell on the ADFS side to 1 minute. Even if `ntpq -pn` show a positive drift of only 100 ms, this will become an issue because the SAML response includes a NotBefore with millisecond resolution.
752 |
753 | ## Setting up a Splunk repository
754 |
755 | ### Red Hat/CentOS (YUM)
756 |
757 | If you don't already have a local repository server, the quickest way is to install Apache on the Puppet master and have this serve the yum repository.
758 |
759 | 1. `yum install httpd`
760 | 2. `yum install createrepo`
761 | 3. `mkdir /var/www/html/splunk`
762 | 4. `cd /var/www/html/splunk`
763 | 5. download splunk-x.y.x.rpm
764 | 6. download splunk-forwarder-x.y.x.rpm
765 | 7. `createrepo .`
766 | 8. make sure Apache allows directory index listing
767 | 9. surf to http://your.repo.server.example/splunk and check if you get a directory listing
768 |
769 | Then add something like this to every node definition in site.pp, and require it from the splunk class so it it evaluated before the splunk class.
770 |
771 | ```
772 | yumrepo { "splunk":
773 | baseurl => "http://your.repo.server.example/splunk",
774 | descr => "Splunk repo",
775 | enabled => 1,
776 | gpgcheck => 0
777 | }
778 | ```
779 |
780 | ### Debian/Ubuntu (APT)
781 |
782 | If you don't already have a local repository server, the quickest way is to install Apache on the Puppet master and have this serve the APT repository.
783 |
784 | 1. `apt-get install apache2`
785 | 2. `apt-get install dpkg-dev`
786 | 3. `mkdir /var/www/html/splunk`
787 | 4. `cd /var/www/html/splunk`
788 | 5. download splunk-x.y.x.deb
789 | 6. download splunk-forwarder-x.y.x.deb
790 | 7. `dpkg-scanpackages . /dev/null |gzip -c > Packages.gz`
791 | 8. make sure Apache allows directory index listing
792 | 9. surf to http://your.rhel-repo.server.example/splunk and check if you get a directory listing
793 |
794 | Then add something like this to every node definition in site.pp, and make sure to require these files from the splunk class so they are evaluated before the splunk class. Because the APT repository above isn't signed, puppet won't be able to install splunk or splunkforwarder, except when setting `APT::Get::AllowUnauthenticated` somewhere in `/etc/apt/apt.conf.d/`. You may have to run apt-get update before the Splunk repository is available in apt-get.
795 |
796 | ```
797 | file { "/etc/apt/apt.conf.d/99allowunsigned":
798 | ensure => present,
799 | content => "APT::Get::AllowUnauthenticated "true";\n",
800 | }
801 | file { "/etc/apt/sources.list.d/splunk.list":
802 | ensure => present,
803 | content => "deb http://your.apt-repo.server.example/splunk ./\n",
804 | }
805 | ```
806 |
807 | ### Windows CIFS share (MSI)
808 |
809 | For Windows installations just put the .msi Splunk installation files for
810 | Windows on a share that is accessible from all your Windows servers.
811 |
812 | 1. create a share that can be accessed by all your Windows servers
813 | 2. download the relevant Splunk .msi files from the Splunk website into this share
814 | 3. specify `package_source` and point to one of these .msi files
815 |
816 |
817 | ## Parameters
818 |
819 | ### `admin`
820 |
821 | Optional. Used to create a local admin user with predefined hash, full
822 | name and email This is a hash with 3 members:
823 |
824 | - `hash` (SHA512 hash of the admin password. To generate the hash use one of:
825 | - `grub-crypt --sha-512` (RHEL/CENTOS)
826 | - `mkpasswd -m sha-512` (Debian)
827 | - `python -c 'import crypt,getpass; print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512)))'`
828 | - `pass` (Plaintext password, only used for search heads to add search peers in distributed search)
829 | - `fn` (Full name)
830 | - `email` (Email address)
831 |
832 |
833 | ### `auth`
834 |
835 | Optional. Used to configure Splunk authentication.
836 | Currently supports 'Splunk' (default), 'SAML' and 'LDAP'.
837 | This is a hash with the following members:
838 |
839 | - `authtype` (can be one of `Splunk`,`LDAP`,`SAML`)
840 | - `saml_idptype` (specifies the SAML identity provider type to use, currently only supports `ADFS`)
841 | - `saml_idpurl` (specifies the base url for the identity provider, for ADFS IdP's this will be something like https://sso.corp.example/adfs/ls )
842 | - `saml_signauthnrequest` (sign outgoing SAML requests to ADFS: defaults to true)
843 | - `saml_signedassertion` (expect assertions from ADFS to be signed: defaults to true)
844 | - `saml_signaturealgorithm` (specifies the signature algorithm to hash requests to ADFS with, and support responses from ADFS.)
845 | - `saml_entityid` (defaults to $fqdn, override in search head clustering setups to make every search head use the same Relaying Party Trust in ADFS)
846 | - `saml_fqdn` (not present by default, override in search head clustering setups to have ADFS redirect to this URL which should normally be the URL handled by a load balancer. If you omit this, ADFS will redirect to the individual search head that make de SAML request which isn't what you want in SHC)
847 | - `ldap_host`
848 | - `ldap_port`: optional if you use a non-standard port
849 | - `ldap_binddn`
850 | - `ldap_binddnpassword`
851 | - `ldap_userbasedn`
852 | - `ldap_groupbasedn`
853 | - `ldap_sslenabled`: default
854 | - `ldap_usernameattribute`
855 | - `ldap_groupmemberattribute`
856 | - `ldap_groupnameattribute`
857 | - `ldap_realnameattribute`
858 | - `ldap_nestedgroups`: optional, set to 1 if you want Splunk to expand nested groups
859 |
860 | ### `clustering`
861 |
862 | Optional. Used to configure Splunk indexer clustering. This is a hash with 6 members:
863 |
864 | - `mode` (can be one of `master`,`searchhead`,`slave`, or `forwarder`)
865 | - `replication_factor`
866 | - `search_factor`
867 | - `cm` (points to cluster master in case of searchhead,slave, or forwarder in case of indexer discovery)
868 | - `indexer_discovery` (enables indexer discovery on the master node)
869 | - `forwarder_site_failover` (Configures sites that fowarders are allowed to fail over to. `site1:site` allows fowarders in site1 to fail over to indexers in site2 if the local indexers are unavailable.)
870 |
871 | For multisite indexer clustering:
872 |
873 | - `thissite` (assigns this node to a site, value can be site1..site63. `site` is a reserved word in Puppet 4.x hence the choice for `thissite`)
874 |
875 | For cluster masters of multisite indexer clusters:
876 |
877 | - `available_sites` (e.g. 'site1,site2')
878 | - `site_replication_factor` (e.g. 'origin:1, total:2')
879 | - `site_search_factor` (e.g. 'origin:1, total:2')
880 |
881 | ### `ds`
882 |
883 | Optional. Used to point to a Splunk deployment server
884 |
885 | ### `ds_intermediate`
886 |
887 | Optional. Used to configure the deployment server as a deploymentclient.
888 | This is useful if you want to retain one central deployment server instead of
889 | multiple, for example one for each DMZ. Defaults to undef.
890 |
891 | ### `httpport`
892 |
893 | Optional. When omitted, it will not start Splunk web.
894 | Set `httpport => 8000` if you do want to have Splunk web available.
895 |
896 | ### `inputport`
897 |
898 | Optional. When omitted, it will not start an Splunk2Splunk listener.
899 | Set `kvstoreport => 9997` if you do want to use this instance as an indexer.
900 |
901 | ### `kvstoreport`
902 |
903 | Optional. When omitted, it will not start Mongodb.
904 | Set `kvstoreport => 8191` if you do want to have KVstore available.
905 |
906 | ### `lm`
907 |
908 | Optional. Used to point to a Splunk license manager.
909 |
910 | ### `maxbackupindex`
911 |
912 | Optional. Specifies the number of rotated log files in `$SPLUNK_HOME/var/log/splunk` to keep around.
913 | Defaults to 1.
914 |
915 | ### `maxfilesize`
916 |
917 | Optional. Specifies the max file size of log files in `$SPLUNK_HOME/var/log/splunk`.
918 | Defaults to 10MB.
919 |
920 | ### `maxKBps`
921 |
922 | Optional. Specifies the max throughput rate for outgoing data.
923 |
924 | ### `mgmthostport`
925 |
926 | Optional. When omitted, Splunk defaults apply and Splunk will use the default 8089 port.
927 | Set `mgmthostport => '127.0.0.1:9991' if you want to move the 8089 port to 9991`
928 | Set `mgmthostport => 'disable' if you want to disable the Splunk management port, for example on Universal Forwarders
929 |
930 | ### `minfreespace`
931 |
932 | Optional. Used to specify the minimum amount of freespace in kb before Splunk stops indexing data.
933 |
934 | ### `package_source`
935 |
936 | Optional.
937 |
938 | * For Windows: Use this to point to the .msi installation file. This can be a UNC path like \\DC01\Company\splunkforwarder-6.6.1-aeae3fe0c5af-x64-release.msi
939 | * For Linux: Use this to point to the URL of a Splunk RPM file. WARNING: this will cause the entire RPM file to be downloaded at *every* Puppet run by the package provider, even though it is already installed. Create your own local repository if you don't want this.
940 |
941 | ### `phonehomeintervalinsec`
942 |
943 | Optional. Used to configure the phonehomeinterval of the deploymentclient.
944 | Defaults to undef.
945 |
946 | ### `pool_suggestion`
947 |
948 | Optional. Used to perform license pool management at the indexers instead of at the licence master.
949 |
950 | ### `repositorylocation`
951 |
952 | Optional. Used to configure the location on the deployment client where the incoming apps from the deployment server are stored. Use `master-apps` or `shcluster/apps` if you want to use the deployment server to also deploy to intermediate locations on the cluster master or search head deployer.
953 |
954 | ### `reuse_puppet_certs`
955 |
956 | Optional. By default the certificates signed by the Puppet CA will be reused. However if you want to do some quick testing with non-Puppetized nodes, set this to `false`, and make sure to point `sslcertpath => 'server.pem'` and `sslrootcapath => 'cacert.pem'` to the default Splunk testing certs.
957 |
958 | - `true` (default)
959 | - `false`
960 |
961 | ### `reuse_puppet_certs_for_web`
962 |
963 | Optional. By default the certificates signed by the SplunkCommonCA will be used to secure the Splunkweb interface at 8000/tcp
964 | If you want to use the one signed by the Puppet CA, set this option to true.
965 |
966 | - `false` (default)
967 | - `true`
968 |
969 | ### `requireclientcert`
970 |
971 | Optional. Used on a server to require clients to present an SSL certificate.
972 | Can be an array with:
973 |
974 | - `inputs`: require clients to present a certificate when sending data to Splunk
975 | - `splunkd`: require deployment clients and search peers to present a certificate when
976 |
977 |
978 | For example require both splunkd and inputs connections to present a certificate:
979 |
980 | ```
981 | requireclientcert => ['splunkd','inputs'],
982 | ```
983 |
984 | Or only require forwarders to present a certificate when sending data;
985 |
986 | ```
987 | requireclientcert => 'inputs',
988 | ```
989 |
990 | ### `rolemap`
991 |
992 | Optional. Specifies the role mapping for SAML and LDAP
993 | Defaults to:
994 |
995 | ```
996 | {
997 | 'admin' => 'Domain Admins',
998 | 'power' => 'Power Users',
999 | 'user' => 'Domain Users',
1000 | }
1001 | ```
1002 |
1003 | ### `service`
1004 |
1005 | Optional. Used to manage the running and startup state of the Splunk/Splunkforwarder service. This is a hash with 3 members:
1006 |
1007 | - `ensure` (not enabled by default)
1008 | - `enable` (defaults to true)
1009 | - `managed` (default to undef): set this to `false` if you don't want the module to anything with the Splunk service at all. For example if you want to use systemd unit files instead of the SysV scripts provided by Splunk.
1010 |
1011 | ### `searchpeers`
1012 |
1013 | Optional. Used to add a search peer to the current Splunk instance.
1014 |
1015 | This parameter requires the admin password to be present in plain text as the 'pass' member of the auth parameter.
1016 | Best practice is to remove this plaintext and searchpeer parameter after adding all the required search peers.
1017 |
1018 | You can use this to:
1019 | - add one or more indexers to a search head
1020 | - add a Splunk instance so the Monitoring Console can monitor it, for example if you're montoring a clustered Splunk deloyment from the cluster master. In this case the search head isn't automatically present in the MC overview, so you have to add the search head as a search peer.
1021 |
1022 | After adding the search peeer, an empty `hostname:8090.done` file in created in`$SPLUNK_HOME/etc/auth/distServerKeys`, so the Puppet module knows not to run the add search peer command again and again. Remove this file if you want to re-add the same search peer.
1023 |
1024 | ### `secret`
1025 |
1026 | Optional. Specifies the contents for the `$SPLUNK_HOME/etc/auth/splunk.secret` file. This can be helpful when distributing prehashed passwords across multiple Splunk instances.
1027 |
1028 | Example:
1029 |
1030 | ```
1031 | secret => 'kGzHMGUe7GH0ZlOOIMVKkuEpDx1i1PKgq3E4p2ibmXuCKqJAKCENvY5a4QijxyrYt5Spt4T0.Qda5az6CDBvoTiYjMKsvz/p/ey/eLWOC6GQIEzARBUDasl84v9PIo6TA4AF4SxdygKGjbBekm9kV4UL2uMLnUGpQ5d.yIqBxqpHy8lgQhCTEIwQPxKRu9UMnBmEjnAmakn7Rmd3kMKq/.fnJdMgHhIZIK1ZcT6jm2vllL3sE42DBHy1DoRnYK'
1032 | ```
1033 |
1034 | ### `shclustering`
1035 |
1036 | Optional. Used to configure Splunk search head clustering. This is a hash with 3 members:
1037 |
1038 | - `mode` (can be one of `searchhead`,`deployer`)
1039 | - `replication_factor`
1040 | - `shd` (points to search head deployer, but see caveat in Example 7)
1041 |
1042 | ### `sslcompatibility`
1043 |
1044 | Optional. Used to configure the SSL compatibility level as defined by Mozilla Labs:
1045 |
1046 | - `modern` (default)
1047 | - `intermediate`
1048 | - `old`
1049 |
1050 | Also see the Compatibility section below.
1051 |
1052 | ### `splunk_os_user`
1053 |
1054 | Optional. Run the Splunk instance as this user. Defaults to `splunk`
1055 |
1056 | ### `splunk_bindip`
1057 |
1058 | Optional. Bind to this specific IP instead of 0.0.0.0
1059 |
1060 | ### `splunk_db`
1061 |
1062 | Optional. Used to set the location where Splunk stores its indexes. Unsupported on Windows instances.
1063 |
1064 | For 3.x releases of Puppet-Splunk this will only change the SPLUNK_DB variable in etc/splunk-launch.conf if set. If unset, it will not remove the setting to prevent surprises when it has been previously set manually.
1065 |
1066 | For 4.x future releases this may change.
1067 |
1068 | ### `sslcertpath`
1069 |
1070 | Optional. Can be together with `reuse_puppet_certs => false` to point to either your own certificates, or to the default Splunk provided testing certficates.
1071 |
1072 | Note that the path is relative to `$SPLUNK_HOME/etc/auth/`
1073 |
1074 | ### `sslrootcapath`
1075 |
1076 | Optional. Can be together with `reuse_puppet_certs => false` to point to either your own CA certificates, or to the default Splunk provided testing CA certficates.
1077 |
1078 | Note that the path is relative to `$SPLUNK_HOME/etc/auth/`
1079 |
1080 | ### `sslpassword`
1081 |
1082 | Optional. Specify the password for the RSA key. Can be plaintext or a Splunk hash. For a Splunk hash you should also specify the Splunk secret.
1083 |
1084 | ### `sslverifyservercert`
1085 |
1086 | Optional. Used on a client to require servers to present an SSL certificate from the same CA as the client.
1087 | Can be an array with:
1088 |
1089 | - `outputs`: require servers to present a certificate when sending data to Splunk
1090 | - `splunkd`: require deployment servers and search peers to present a certificate from the same CA
1091 |
1092 |
1093 | For example require both splunkd and outputs connections to present a certificate from the same CA:
1094 |
1095 | ```
1096 | sslverifyservercert => ['splunkd','outputs'],
1097 | ```
1098 |
1099 | Or only require Splunk indexers to present a certificate with the same CA when sending data;
1100 |
1101 | ```
1102 | sslverifyservercert => 'outputs',
1103 | ```
1104 |
1105 | ### `type`
1106 |
1107 | Optional. When omitted it installs the Splunk server type.
1108 | Use `type => "uf"` if you want to have a Splunk Universal Forwarder.
1109 |
1110 | ### `tcpout`
1111 |
1112 | Optional. When omitted, it will not forward events to a Splunk indexer.
1113 |
1114 | Set `tcpout => 'splunk-idx1.internal.corp.example:9997'` if you do want to forward events to a Splunk indexer.
1115 |
1116 | Set `tcpout => 'indexer_discovery' if you want to use indexer discovery instead of specifying indexers manually. Requires specifying a cluster master through:
1117 |
1118 | ```
1119 | clustering => {
1120 | cm => 'splunk-cm.internal.corp.example:8089'
1121 | }
1122 | ```
1123 |
1124 | ### `use_ack`
1125 |
1126 | Optional. Used to request indexer acknowlegement when sending data.
1127 | Defaults to false.
1128 |
1129 | ### `version`
1130 |
1131 | Optional. Specify the Splunk version to use.
1132 | For example to install the 6.2.2 version: `verion => '6.2.2-255606'`.
1133 |
1134 | ## Compatibility
1135 |
1136 | Set sslcompatibility in these cases:
1137 |
1138 | * If you have older 6.0, 6.1, 6,2 or 6.3 releases that connect to Splunk 6.6 (see SPL-141961, SPL-141964)
1139 | * If you have older 6.0, 6,1 releases that connect to Splunk 6.2, 6,3, 6,4 or 6,5
1140 | * If you have 6.2, 6,3, 6.4 or 6.5 releases with default Splunk ssl settings that connect to Splunk managed by this module
1141 |
1142 | ## Principles
1143 |
1144 | Development of this module is done with the following principles in mind:
1145 |
1146 | 1. **Technical Management** Puppet is used to configure the technical infrastructure of a Splunk deployment. It tries to keep away from Splunk functional administration as much as possible. For example, deploying Splunk apps to forwarders is best left to Splunk's multi-platform deployment server.
1147 | 2. **Power to the Splunkers.** A Splunk installation used for security monitoring should typically not be administered by the same IT or IT-infra teams it's supposed to be monitoring. This Puppet module should smooth the path towards implementing segregation of duties between administrators and watch(wo)men (ISO 27002 12.4.3 or BIR 10.10.3).
1148 | 3. **Supports any topology.** Single server? Redundant multisite clustering? Heavy forwarder in a DMZ?
1149 | 4. **Secure by default**.
1150 | - Splunk runs as user splunk instead of root.
1151 | - No services are listening by default except the bare minimum (8089/tcp)
1152 | - TLSv1.1 and TLSv1.2 are enabled by default
1153 | - Perfect Forward Secrecy (PFS) using Elliptic curve Diffie-Hellman (ECDH)
1154 | - Ciphers are set to [modern compatibility](https://wiki.mozilla.org/Security/Server_Side_TLS)
1155 | - Admin password can be set using its SHA512 hash in the Puppet manifests instead of plain-text.
1156 |
1157 | ## Changelog
1158 |
1159 | Moved to CHANGELOG.md
1160 |
1161 | ## Test coverage
1162 |
1163 | Moved to TEST_COVERAGE.md
1164 |
1165 | ## Roadmap
1166 |
1167 | - Managed service account for Windows installations
1168 | - Convert examples to patterns or building blocks
1169 |
1170 | ## Out-of-scope
1171 |
1172 | - Search head load-balancing
1173 | - Search head pooling
1174 | - Managing apps or inputs on Splunkforwarders, see principle 1.
1175 |
1176 | ## Contributers
1177 |
1178 | These people haves contributed pull requests, issues, ideas or otherwise spent time improving this module:
1179 |
1180 | - Alexander M (Rathios)
1181 | - Chris Bowles (cbowlesUT)
1182 | - Dimitri Tischenko (timidri)
1183 | - dkangel37
1184 | - Dustin Wheeler (mdwheele)
1185 | - Florian Dematraz (Nemega)
1186 | - FlorinTar
1187 | - Georgi Georgiev (chutzimir)
1188 | - Jason Spencer (jespencer)
1189 | - Joachim la Poutré (sickbock)
1190 | - jsushetski
1191 | - Michael Fyffe (TraGicCode)
1192 | - Miro (mirogta)
1193 | - Nate McCurdy (natemccurdy)
1194 | - negast
1195 | - RampentPotato
1196 | - Ryan (vidkun)
1197 | - Steve Myers (stmyers)
1198 | - TheChuckMo
1199 |
1200 | ## License
1201 |
1202 | Copyright (c) 2016-2022 Jorrit Folmer
1203 |
1204 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
1205 |
1206 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
1207 |
1208 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
1209 |
1210 | ## Support
1211 |
1212 | This is an open source project without warranty of any kind. No support is provided. However, a public repository and issue tracker are available at [https://github.com/jorritfolmer/puppet-splunk](https://github.com/jorritfolmer/puppet-splunk)
1213 |
--------------------------------------------------------------------------------
/Rakefile:
--------------------------------------------------------------------------------
1 | require 'rubygems'
2 | require 'puppetlabs_spec_helper/rake_tasks'
3 | require 'puppet-syntax/tasks/puppet-syntax'
4 | require 'puppet-lint/tasks/puppet-lint'
5 | require 'rspec/core/rake_task'
6 |
7 | PuppetLint.configuration.send('disable_80chars')
8 | PuppetLint.configuration.send('disable_autoloader_layout')
9 | PuppetLint.configuration.send('disable_class_inherits_from_params_class')
10 | PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
11 |
12 | RSpec::Core::RakeTask.new(:rspec) do |t|
13 | t.pattern = 'spec/*/*_spec.rb'
14 | end
15 |
16 | desc "Validate manifests, templates, and ruby files"
17 | task :test => [
18 | :syntax,
19 | :validate_output,
20 | :validate,
21 | :spec_output,
22 | :spec,
23 | :lint_output,
24 | :lint,
25 | ]
26 |
27 | task :validate_output do
28 | puts '---> parser validate'
29 | end
30 |
31 | task :spec_output do
32 | puts '---> spec'
33 | end
34 |
35 | task :lint_output do
36 | puts '---> puppet-lint'
37 | end
38 |
39 | task :validate do
40 | Dir['manifests/**/*.pp'].each do |manifest|
41 | sh "puppet parser validate --noop #{manifest}"
42 | end
43 | end
44 |
--------------------------------------------------------------------------------
/TEST_COVERAGE.md:
--------------------------------------------------------------------------------
1 | # Parameter test coverage
2 |
3 | ## By version:
4 |
5 | | version | tested | total |
6 | |---------|--------|-------|
7 | | v3.1.3 | 22 | 40 |
8 | | v3.2.0 | 23 | 42 |
9 | | v3.3.0 | 24 | 43 |
10 | | v3.4.0 | 26 | 45 |
11 | | v3.4.1 | 27 | 45 |
12 | | v3.4.2 | 28 | 45 |
13 | | v3.7.0 | 30 | 48 |
14 | | v3.8.0 | 30 | 50 |
15 | | v3.9.0 | 33 | 53 |
16 | | v3.11.0 | 34 | 54 |
17 | | v3.14.0 | 36 | 56 |
18 |
19 | ## By operating system:
20 |
21 | | os | tested | total |
22 | |---------|--------|-------|
23 | | linux | 36 | 56 |
24 | | windows | 0 | 56 |
25 |
26 | ## By parameter:
27 |
28 | | parameter | rspec test |
29 | |-----------|------------|
30 | | `admin` | Y |
31 | | `auth => { authtype => 'LDAP'` | Y |
32 | | `auth => { authtype => 'SAML`` | Y |
33 | | `ciphersuite_intermediate` | no |
34 | | `ciphersuite_modern` | no |
35 | | `clustering => { mode => 'master'` | Y |
36 | | `clustering => { mode => 'searchhead'` | Y |
37 | | `clustering => { mode => 'slave'` | Y |
38 | | `clustering => { indexer_discovery => true` | Y |
39 | | `clustering => { mode => forwarder` | Y |
40 | | `dhparamsize_intermediate` | no |
41 | | `dhparamsize_modern` | no |
42 | | `ds_intermediate` | Y |
43 | | `ds` | Y |
44 | | `ecdhcurvename_intermediate` | no |
45 | | `ecdhcurvename_modern` | no |
46 | | `httpport` | Y |
47 | | `inputport`| Y |
48 | | `kvstoreport`| Y |
49 | | `lm`| Y |
50 | | `maxbackupindex`| no |
51 | | `maxfilesize`| no |
52 | | `maxkbps`| Y |
53 | | `mgmthostport` | Y |
54 | | `minfreespace` | no |
55 | | `package_source` | Y |
56 | | `pass4symmkey` | no |
57 | | `phonehomeintervalinsec` | no |
58 | | `pipelines` | Y |
59 | | `pool_suggestion` | Y |
60 | | `replication_port`| Y |
61 | | `repositorylocation`| Y |
62 | | `requireclientcert`| Y |
63 | | `reuse_puppet_certs`| Y |
64 | | `rolemap` | no |
65 | | `searchpeers`| Y |
66 | | `secret`| Y |
67 | | `service` | Y |
68 | | `shclustering => { mode => 'deployer'`| Y |
69 | | `shclustering => { mode => 'searchhead'`| Y |
70 | | `splunk_bindip` | no |
71 | | `splunk_db` | no |
72 | | `splunk_os_user` | no |
73 | | `splunk_os_group` | no |
74 | | `sslcertpath`| Y |
75 | | `sslcompatibility` | no |
76 | | `sslpassword` | Y |
77 | | `sslrootcapath` | Y |
78 | | `sslverifyservercert` | Y |
79 | | `sslversions_intermediate` | no |
80 | | `sslversions_modern` | no |
81 | | `tcpout` | Y |
82 | | `tcpout` => 'indexer_discovery'`| Y |
83 | | `type => 'uf'` | Y |
84 | | `use_ack` | Y |
85 | | `version` | no |
86 |
--------------------------------------------------------------------------------
/adfs_claim_rules_get_attrs.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jorritfolmer/puppet-splunk/6be25a2e8995adf5013edef1131dfd413d76c772/adfs_claim_rules_get_attrs.png
--------------------------------------------------------------------------------
/data/common.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | lookup_options:
3 | splunk::admin:
4 | merge: hash
5 | splunk::auth:
6 | merge: hash
7 |
--------------------------------------------------------------------------------
/example1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jorritfolmer/puppet-splunk/6be25a2e8995adf5013edef1131dfd413d76c772/example1.png
--------------------------------------------------------------------------------
/example2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jorritfolmer/puppet-splunk/6be25a2e8995adf5013edef1131dfd413d76c772/example2.png
--------------------------------------------------------------------------------
/example3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jorritfolmer/puppet-splunk/6be25a2e8995adf5013edef1131dfd413d76c772/example3.png
--------------------------------------------------------------------------------
/example4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jorritfolmer/puppet-splunk/6be25a2e8995adf5013edef1131dfd413d76c772/example4.png
--------------------------------------------------------------------------------
/hiera.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | version: 5
3 | defaults:
4 | datadir: data
5 | data_hash: yaml_data
6 |
7 | hierarchy:
8 | - name: 'Splunk module hierarchy'
9 | paths:
10 | - 'common.yaml'
11 |
--------------------------------------------------------------------------------
/manifests/addsearchpeers.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | define splunk::addsearchpeers {
7 | if $title != 'empty' {
8 | $package = $splunk::package
9 | $splunk_home = $splunk::splunk_home
10 | $admin = $splunk::admin
11 | $dontruncmds = $splunk::dontruncmds
12 |
13 | if $admin[pass] == undef {
14 | fail('Plaintext admin password is not set but required for adding search peers')
15 | } elsif $dontruncmds == true {
16 | notice('Skipping splunk add search-server due to $dontruncmds=true')
17 | } else {
18 | $adminpass = $admin[pass]
19 | exec { "splunk add search-server ${title}":
20 | command => "splunk add search-server -host ${title} -auth admin:${adminpass} -remoteUsername admin -remotePassword ${adminpass} && touch ${splunk_home}/etc/auth/distServerKeys/${title}.done",
21 | path => ["${splunk_home}/bin", '/bin', '/sbin', '/usr/bin', '/usr/sbin'],
22 | environment => ["SPLUNK_HOME=${splunk_home}"],
23 | creates => [
24 | "${splunk_home}/etc/auth/distServerKeys/${title}.done",
25 | ],
26 | logoutput => true,
27 | }
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/manifests/authentication.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::authentication
7 | (
8 | $splunk_home = $splunk::splunk_home,
9 | $splunk_os_user = $splunk::real_splunk_os_user,
10 | $splunk_os_group = $splunk::real_splunk_os_group,
11 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
12 | $splunk_file_mode = $splunk::real_splunk_file_mode,
13 | $auth = $splunk::auth,
14 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
15 | $splunk_app_replace = $splunk::splunk_app_replace,
16 | $rolemap = $splunk::rolemap
17 | ){
18 | $splunk_app_name = 'puppet_common_auth'
19 | case $auth['authtype'] {
20 | 'Splunk': {
21 | file {"${splunk_home}/etc/apps/${splunk_app_name}_ldap_base":
22 | ensure => absent,
23 | recurse => true,
24 | purge => true,
25 | force => true,
26 | }
27 | file {"${splunk_home}/etc/apps/${splunk_app_name}_saml_base":
28 | ensure => absent,
29 | recurse => true,
30 | purge => true,
31 | force => true,
32 | }
33 | }
34 |
35 | 'SAML': {
36 | $auth_defaults = $splunk::params::auth
37 | case $auth['saml_idptype'] {
38 | 'ADFS': {
39 | # parameters are set in the erb template
40 | }
41 | default: {
42 | fail 'Unsupported Identity Provider' }
43 | }
44 | file {"${splunk_home}/etc/apps/${splunk_app_name}_ldap_base":
45 | ensure => absent,
46 | recurse => true,
47 | purge => true,
48 | force => true,
49 | }
50 | -> file { [
51 | "${splunk_home}/etc/apps/${splunk_app_name}_saml_base",
52 | "${splunk_home}/etc/apps/${splunk_app_name}_saml_base/${splunk_app_precedence_dir}",
53 | "${splunk_home}/etc/apps/${splunk_app_name}_saml_base/metadata",]:
54 | ensure => directory,
55 | owner => $splunk_os_user,
56 | group => $splunk_os_group,
57 | mode => $splunk_dir_mode,
58 | }
59 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_saml_base/${splunk_app_precedence_dir}/authentication.conf":
60 | ensure => present,
61 | owner => $splunk_os_user,
62 | group => $splunk_os_group,
63 | mode => $splunk_file_mode,
64 | replace => $splunk_app_replace,
65 | content => template("splunk/${splunk_app_name}_saml_base/local/authentication.conf"),
66 | }
67 |
68 | }
69 | 'LDAP': {
70 | $auth_defaults = $splunk::params::auth
71 | file {"${splunk_home}/etc/apps/${splunk_app_name}_saml_base":
72 | ensure => absent,
73 | recurse => true,
74 | purge => true,
75 | force => true,
76 | }
77 | -> file { [
78 | "${splunk_home}/etc/apps/${splunk_app_name}_ldap_base",
79 | "${splunk_home}/etc/apps/${splunk_app_name}_ldap_base/${splunk_app_precedence_dir}",
80 | "${splunk_home}/etc/apps/${splunk_app_name}_ldap_base/metadata",]:
81 | ensure => directory,
82 | owner => $splunk_os_user,
83 | group => $splunk_os_group,
84 | mode => $splunk_dir_mode,
85 | }
86 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_ldap_base/${splunk_app_precedence_dir}/authentication.conf":
87 | ensure => present,
88 | owner => $splunk_os_user,
89 | group => $splunk_os_group,
90 | mode => $splunk_file_mode,
91 | replace => $splunk_app_replace,
92 | content => template("splunk/${splunk_app_name}_ldap_base/local/authentication.conf"),
93 | }
94 | }
95 | default: {
96 | }
97 | }
98 | }
99 |
--------------------------------------------------------------------------------
/manifests/certs/s2s.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::certs::s2s (
7 | $dhparamsize = $splunk::dhparamsize,
8 | $package = $splunk::package,
9 | $splunk_os_user = $splunk::real_splunk_os_user,
10 | $splunk_os_group = $splunk::real_splunk_os_group,
11 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
12 | $splunk_file_mode = $splunk::real_splunk_file_mode,
13 | $splunk_home = $splunk::splunk_home,
14 | $sslcertpath = $splunk::sslcertpath,
15 | $sslrootcapath = $splunk::sslrootcapath,
16 | $reuse_puppet_certs = $splunk::reuse_puppet_certs
17 | ){
18 | case $::osfamily {
19 | /^[Ww]indows$/: {
20 | #################################### WINDOWS #################################
21 | file { "${splunk_home}/etc/auth/certs":
22 | ensure => directory,
23 | owner => $splunk_os_user,
24 | group => $splunk_os_group,
25 | mode => $splunk_dir_mode,
26 | }
27 | -> exec { 'openssl dhparam':
28 | command => "openssl dhparam -outform PEM -out \"${splunk_home}/etc/auth/certs/dhparam.pem\" ${dhparamsize}",
29 | path => ["${splunk_home}/bin"],
30 | environment => "OPENSSL_CONF=${splunk_home}/openssl.cnf",
31 | creates => [
32 | "${splunk_home}/etc/auth/certs/dhparam.pem",
33 | ],
34 | # this may take some time
35 | logoutput => true,
36 | timeout => 900,
37 | }
38 | -> file { "${splunk_home}/etc/auth/certs/dhparam.pem":
39 | owner => $splunk_os_user,
40 | group => $splunk_os_group,
41 | mode => $splunk_file_mode,
42 | }
43 |
44 | if $reuse_puppet_certs {
45 | # reuse certs from open source Puppet
46 | exec { 'openssl s2s ca opensource puppet':
47 | command => "powershell -command \"Copy-Item c:/ProgramData/PuppetLabs/puppet/etc/ssl/certs/ca.pem \'${splunk_home}/etc/auth/${sslrootcapath}\'\"",
48 | path => ['c:/windows/system32/windowspowershell/v1.0', 'c:/windows/system32', "${splunk_home}/bin"],
49 | environment => "OPENSSL_CONF=${splunk_home}/openssl.cnf",
50 | creates => [ "${splunk_home}/etc/auth/${sslrootcapath}", ],
51 | require => File["${splunk_home}/etc/auth/certs"],
52 | onlyif => 'powershell -command "Test-Path C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs/ca.pem"'
53 | }
54 | -> file { "${splunk_home}/etc/auth/certs/ca.pem":
55 | owner => $splunk_os_user,
56 | group => $splunk_os_group,
57 | mode => $splunk_file_mode,
58 | }
59 | -> exec { 'openssl s2s 1 opensource puppet':
60 | command => "powershell -command \"Get-Content C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys/${::fqdn}.pem , C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs/${::fqdn}.pem | Set-Content \'${splunk_home}/etc/auth/${sslcertpath}\'\"",
61 | path => ['c:/windows/system32/windowspowershell/v1.0', 'c:/windows/system32', "${splunk_home}/bin"],
62 | environment => "OPENSSL_CONF=${splunk_home}/openssl.cnf",
63 | creates => [ "${splunk_home}/etc/auth/${sslcertpath}", ],
64 | onlyif => "powershell -command \"Test-Path C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys/${::fqdn}.pem\""
65 | }
66 | -> file { "${splunk_home}/etc/auth/${sslcertpath}":
67 | owner => $splunk_os_user,
68 | group => $splunk_os_group,
69 | mode => $splunk_file_mode,
70 | }
71 |
72 | }
73 | }
74 | default: {
75 | #################################### NIX #################################
76 | file { "${splunk_home}/etc/auth/certs":
77 | ensure => directory,
78 | owner => $splunk_os_user,
79 | group => $splunk_os_group,
80 | mode => $splunk_dir_mode,
81 | recurse => true,
82 | }
83 | -> exec { 'openssl dhparam':
84 | command => "openssl dhparam -outform PEM -out ${splunk_home}/etc/auth/certs/dhparam.pem ${dhparamsize}",
85 | user => $splunk_os_user,
86 | path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin', "${splunk_home}/bin"],
87 | creates => [
88 | "${splunk_home}/etc/auth/certs/dhparam.pem",
89 | ],
90 | # this may take some time
91 | logoutput => true,
92 | timeout => 900,
93 | }
94 |
95 | if $reuse_puppet_certs {
96 | # reuse certs from open source Puppet
97 | exec { 'openssl s2s ca opensource puppet':
98 | command => "cat /etc/puppet/ssl/certs/ca.pem > ${splunk_home}/etc/auth/${sslrootcapath}",
99 | path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin', "${splunk_home}/bin"],
100 | creates => [ "${splunk_home}/etc/auth/${sslrootcapath}", ],
101 | require => File["${splunk_home}/etc/auth/certs"],
102 | onlyif => '/usr/bin/test -e /etc/puppet/ssl/certs/ca.pem'
103 | }
104 | -> exec { 'openssl s2s 1 opensource puppet':
105 | command => "cat /etc/puppet/ssl/private_keys/${::fqdn}.pem /etc/puppet/ssl/certs/${::fqdn}.pem > ${splunk_home}/etc/auth/${sslcertpath}",
106 | path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin', "${splunk_home}/bin"],
107 | creates => [ "${splunk_home}/etc/auth/${sslcertpath}", ],
108 | onlyif => "/usr/bin/test -e /etc/puppet/ssl/private_keys/${::fqdn}.pem"
109 | }
110 |
111 | # reuse certs from commercial Puppet
112 | -> exec { 'openssl s2s ca commercial puppet':
113 | command => "cat /etc/puppetlabs/puppet/ssl/certs/ca.pem > ${splunk_home}/etc/auth/${sslrootcapath}",
114 | path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin', "${splunk_home}/bin"],
115 | creates => [ "${splunk_home}/etc/auth/${sslrootcapath}", ],
116 | require => File["${splunk_home}/etc/auth/certs"],
117 | onlyif => '/usr/bin/test -e /etc/puppetlabs/puppet/ssl/certs/ca.pem'
118 | }
119 | -> exec { 'openssl s2s 1 commercial puppet':
120 | command => "cat /etc/puppetlabs/puppet/ssl/private_keys/${::fqdn}.pem /etc/puppetlabs/puppet/ssl/certs/${::fqdn}.pem > ${splunk_home}/etc/auth/${sslcertpath}",
121 | path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin', "${splunk_home}/bin"],
122 | creates => [ "${splunk_home}/etc/auth/certs/s2s.pem", ],
123 | onlyif => "/usr/bin/test -e /etc/puppetlabs/puppet/ssl/private_keys/${::fqdn}.pem"
124 | }
125 |
126 | # reuse certs from Red Hat packaged Puppet
127 | -> exec { 'openssl s2s ca redhat puppet':
128 | command => "cat /var/lib/puppet/ssl/certs/ca.pem > ${splunk_home}/etc/auth/${sslrootcapath}",
129 | path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin', "${splunk_home}/bin"],
130 | creates => [ "${splunk_home}/etc/auth/${sslrootcapath}", ],
131 | require => File["${splunk_home}/etc/auth/certs"],
132 | onlyif => '/usr/bin/test -e /var/lib/puppet/ssl/certs/ca.pem'
133 | }
134 | -> exec { 'openssl s2s 1 redhat puppet':
135 | command => "cat /var/lib/puppet/ssl/private_keys/${::fqdn}.pem /var/lib/puppet/ssl/certs/${::fqdn}.pem > ${splunk_home}/etc/auth/${sslcertpath}",
136 | path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin', "${splunk_home}/bin"],
137 | creates => [ "${splunk_home}/etc/auth/certs/s2s.pem", ],
138 | onlyif => "/usr/bin/test -e /var/lib/puppet/ssl/private_keys/${::fqdn}.pem"
139 | }
140 |
141 | # Fix permissions
142 | -> file { "${splunk_home}/etc/auth/${sslrootcapath}":
143 | owner => $splunk_os_user,
144 | group => $splunk_os_group,
145 | mode => $splunk_file_mode,
146 | }
147 | -> file { "${splunk_home}/etc/auth/${sslcertpath}":
148 | owner => $splunk_os_user,
149 | group => $splunk_os_group,
150 | mode => $splunk_file_mode,
151 | }
152 | }
153 | }
154 | }
155 | }
156 |
--------------------------------------------------------------------------------
/manifests/certs/web.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::certs::web (
7 | $package = $splunk::package,
8 | $splunk_os_user = $splunk::real_splunk_os_user,
9 | $splunk_os_group = $splunk::real_splunk_os_group,
10 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
11 | $splunk_file_mode = $splunk::real_splunk_file_mode,
12 | $splunk_home = $splunk::splunk_home,
13 | $privkeypath = $splunk::privkeypath,
14 | $servercert = $splunk::servercert,
15 | $reuse_puppet_certs_for_web = $splunk::reuse_puppet_certs_for_web
16 | ){
17 | case $::osfamily {
18 | /^[Ww]indows$/: {
19 | #################################### WINDOWS #################################
20 | if $reuse_puppet_certs_for_web {
21 | # reuse certs from open source Puppet
22 | exec { 'openssl web privkey opensource puppet':
23 | command => "powershell -command \"Copy-Item c:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys/${::fqdn}.pem \'${splunk_home}/etc/auth/${privkeypath}\'\"",
24 | path => ['c:/windows/system32/windowspowershell/v1.0', 'c:/windows/system32', "${splunk_home}/bin"],
25 | environment => "OPENSSL_CONF=${splunk_home}/openssl.cnf",
26 | creates => [ "${splunk_home}/etc/auth/${privkeypath}", ],
27 | require => File["${splunk_home}/etc/auth/certs"],
28 | onlyif => "powershell -command \"Test-Path C:/ProgramData/PuppetLabs/puppet/etc/ssl/private_keys/${::fqdn}.pem\""
29 | }
30 | -> file { "${splunk_home}/etc/auth/certs/${privkeypath}":
31 | owner => $splunk_os_user,
32 | group => $splunk_os_group,
33 | mode => $splunk_file_mode,
34 | }
35 | -> exec { 'openssl web cert opensource puppet':
36 | command => "powershell -command \"Copy-Item C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs/${::fqdn}.pem \'${splunk_home}/etc/auth/${servercert}\'\"",
37 | path => ['c:/windows/system32/windowspowershell/v1.0', 'c:/windows/system32', "${splunk_home}/bin"],
38 | environment => "OPENSSL_CONF=${splunk_home}/openssl.cnf",
39 | creates => [ "${splunk_home}/etc/auth/${servercert}", ],
40 | onlyif => "powershell -command \"Test-Path C:/ProgramData/PuppetLabs/puppet/etc/ssl/certs/${::fqdn}.pem\""
41 | }
42 | -> file { "${splunk_home}/etc/auth/${servercert}":
43 | owner => $splunk_os_user,
44 | group => $splunk_os_group,
45 | mode => $splunk_file_mode,
46 | }
47 |
48 | }
49 | }
50 | default: {
51 | #################################### NIX #################################
52 | if $reuse_puppet_certs_for_web {
53 | # reuse certs from open source Puppet
54 | exec { 'openssl web privkey opensource puppet':
55 | command => "cat /etc/puppet/ssl/private_keys/${::fqdn}.pem > ${splunk_home}/etc/auth/${privkeypath}",
56 | path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin', "${splunk_home}/bin"],
57 | creates => [ "${splunk_home}/etc/auth/${privkeypath}", ],
58 | onlyif => "/usr/bin/test -e /etc/puppet/ssl/private_keys/${::fqdn}.pem"
59 | }
60 | -> exec { 'openssl web cert opensource puppet':
61 | command => "cat /etc/puppet/ssl/certs/${::fqdn}.pem > ${splunk_home}/etc/auth/${servercert}",
62 | path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin', "${splunk_home}/bin"],
63 | creates => [ "${splunk_home}/etc/auth/${servercert}", ],
64 | onlyif => "/usr/bin/test -e /etc/puppet/ssl/certs/${::fqdn}.pem"
65 | }
66 | # reuse certs from commercial Puppet
67 | -> exec { 'openssl web privkey commercial puppet':
68 | command => "cat /etc/puppetlabs/puppet/ssl/private_keys/${::fqdn}.pem > ${splunk_home}/etc/auth/${privkeypath}",
69 | path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin', "${splunk_home}/bin"],
70 | creates => [ "${splunk_home}/etc/auth/${privkeypath}", ],
71 | onlyif => "/usr/bin/test -e /etc/puppetlabs/puppet/ssl/private_keys/${::fqdn}.pem"
72 | }
73 | -> exec { 'openssl web cert commercial puppet':
74 | command => "cat /etc/puppetlabs/puppet/ssl/certs/${::fqdn}.pem > ${splunk_home}/etc/auth/${servercert}",
75 | path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin', "${splunk_home}/bin"],
76 | creates => [ "${splunk_home}/etc/auth/${servercert}", ],
77 | onlyif => "/usr/bin/test -e /etc/puppetlabs/puppet/ssl/certs/${::fqdn}.pem"
78 | }
79 | # reuse certs from Red Hat packaged Puppet
80 | -> exec { 'openssl web privkey redhat puppet':
81 | command => "cat /var/lib/puppet/ssl/private_keys/${::fqdn}.pem > ${splunk_home}/etc/auth/${privkeypath}",
82 | path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin', "${splunk_home}/bin"],
83 | creates => [ "${splunk_home}/etc/auth/${privkeypath}", ],
84 | onlyif => "/usr/bin/test -e /var/lib/puppet/ssl/private_keys/${::fqdn}.pem"
85 | }
86 | -> exec { 'openssl web cert redhat puppet':
87 | command => "cat /var/lib/puppet/ssl/private_keys/${::fqdn}.pem > ${splunk_home}/etc/auth/${servercert}",
88 | path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin', "${splunk_home}/bin"],
89 | creates => [ "${splunk_home}/etc/auth/${servercert}", ],
90 | onlyif => "/usr/bin/test -e /var/lib/puppet/ssl/private_keys/${::fqdn}.pem"
91 | }
92 |
93 | # Fix permissions
94 | -> file { "${splunk_home}/etc/auth/${privkeypath}":
95 | owner => $splunk_os_user,
96 | group => $splunk_os_group,
97 | mode => $splunk_file_mode,
98 | }
99 | -> file { "${splunk_home}/etc/auth/${servercert}":
100 | owner => $splunk_os_user,
101 | group => $splunk_os_group,
102 | mode => $splunk_file_mode,
103 | }
104 | }
105 | }
106 | }
107 | }
108 |
--------------------------------------------------------------------------------
/manifests/deploymentclient.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::deploymentclient
7 | (
8 | $ds = $splunk::ds,
9 | $ds_intermediate = $splunk::ds_intermediate,
10 | $repositorylocation = $splunk::repositorylocation,
11 | $splunk_home = $splunk::splunk_home,
12 | $splunk_os_user = $splunk::real_splunk_os_user,
13 | $splunk_os_group = $splunk::real_splunk_os_group,
14 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
15 | $splunk_file_mode = $splunk::real_splunk_file_mode,
16 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
17 | $splunk_app_replace = $splunk::splunk_app_replace,
18 | $phonehomeintervalinsec = $splunk::phonehomeintervalinsec
19 | ){
20 | $splunk_app_name = 'puppet_common_deploymentclient_base'
21 | if $ds == undef {
22 | file {"${splunk_home}/etc/apps/${splunk_app_name}":
23 | ensure => absent,
24 | recurse => true,
25 | purge => true,
26 | force => true,
27 | }
28 | } else {
29 | file { ["${splunk_home}/etc/apps/${splunk_app_name}",
30 | "${splunk_home}/etc/apps/${splunk_app_name}/${splunk_app_precedence_dir}",
31 | "${splunk_home}/etc/apps/${splunk_app_name}/metadata",]:
32 | ensure => directory,
33 | owner => $splunk_os_user,
34 | group => $splunk_os_group,
35 | mode => $splunk_dir_mode,
36 | }
37 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}/${splunk_app_precedence_dir}/deploymentclient.conf":
38 | ensure => present,
39 | owner => $splunk_os_user,
40 | group => $splunk_os_group,
41 | mode => $splunk_file_mode,
42 | replace => $splunk_app_replace,
43 | content => template("splunk/${splunk_app_name}/local/deploymentclient.conf"),
44 | }
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/manifests/distsearch.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::distsearch (
7 | $searchpeers = $splunk::searchpeers,
8 | $splunk_os_user = $splunk::real_splunk_os_user,
9 | $splunk_home = $splunk::splunk_home
10 | ){
11 | if $searchpeers == undef {
12 | file { "${splunk_home}/etc/system/local/distsearch.conf":
13 | ensure => 'absent',
14 | }
15 | } else {
16 | # do nothing, because we use $SPLUNK_HOME/bin/splunk add search-server
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/manifests/first_time_run.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::first_time_run (
7 | $package = $splunk::package,
8 | $package_source = $splunk::package_source,
9 | $splunk_home = $splunk::splunk_home,
10 | $splunk_os_user = $splunk::real_splunk_os_user,
11 | $version = $splunk::version
12 | ) {
13 | case $::osfamily {
14 | /^[Ww]indows$/: {
15 | # Do nothing
16 | }
17 | default: {
18 | exec { 'splunk first time run':
19 | command => "${splunk_home}/bin/splunk ftr -user ${splunk_os_user} --accept-license --answer-yes --no-prompt",
20 | path => ["${splunk_home}/bin", '/bin', '/sbin', '/usr/bin', '/usr/sbin'],
21 | require => Package[$package],
22 | user => $splunk_os_user,
23 | onlyif => "/usr/bin/test -e ${splunk_home}/ftr"
24 | }
25 | }
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/manifests/init.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 | # Permission is hereby granted, free of charge, to any person obtaining a copy
6 | # of this software and associated documentation files (the "Software"), to deal
7 | # in the Software without restriction, including without limitation the rights
8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | # copies of the Software, and to permit persons to whom the Software is
10 | # furnished to do so, subject to the following conditions:
11 | #
12 | # The above copyright notice and this permission notice shall be included in all
13 | # copies or substantial portions of the Software.
14 | #
15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | # SOFTWARE.
22 |
23 | class splunk (
24 | $admin = $splunk::params::admin,
25 | $auth = $splunk::params::auth,
26 | $ciphersuite_intermediate = $splunk::params::ciphersuite_intermediate,
27 | $ciphersuite_modern = $splunk::params::ciphersuite_modern,
28 | $clustering = $splunk::params::clustering,
29 | $dhparamsize_intermediate = $splunk::params::dhparamsize_intermediate,
30 | $dhparamsize_modern = $splunk::params::dhparamsize_modern,
31 | $dontruncmds = $splunk::params::dontruncmds,
32 | $ds = $splunk::params::ds,
33 | $ds_intermediate = $splunk::params::ds_intermediate,
34 | $ecdhcurvename_intermediate = $splunk::params::ecdhcurvename_intermediate,
35 | $ecdhcurvename_modern = $splunk::params::ecdhcurvename_modern,
36 | $httpport = $splunk::params::httpport,
37 | $inputport = $splunk::params::inputport,
38 | $kvstoreport = $splunk::params::kvstoreport,
39 | $lm = $splunk::params::lm,
40 | $maxbackupindex = $splunk::params::maxbackupindex,
41 | $maxfilesize = $splunk::params::maxfilesize,
42 | $maxkbps = $splunk::params::maxkbps,
43 | $minfreespace = $splunk::params::minfreespace,
44 | $mgmthostport = $splunk::params::mgmthostport,
45 | $package_source = $splunk::params::package_source,
46 | $pass4symmkey = $splunk::params::pass4symmkey,
47 | $phonehomeintervalinsec = $splunk::params::phonehomeintervalinsec,
48 | $pipelines = $splunk::params::pipelines,
49 | $pool_suggestion = $splunk::params::pool_suggestion,
50 | $privkeypath = $splunk::params::privkeypath,
51 | $replication_port = $splunk::params::replication_port,
52 | $repositorylocation = $splunk::params::repositorylocation,
53 | $requireclientcert = $splunk::params::requireclientcert,
54 | $reuse_puppet_certs = $splunk::params::reuse_puppet_certs,
55 | $reuse_puppet_certs_for_web = $splunk::params::reuse_puppet_certs_for_web,
56 | $rolemap = $splunk::params::rolemap,
57 | $searchpeers = $splunk::params::searchpeers,
58 | $secret = $splunk::params::secret,
59 | $service = $splunk::params::service,
60 | $servercert = $splunk::params::servercert,
61 | $shclustering = $splunk::params::shclustering,
62 | $sslcompatibility = $splunk::params::sslcompatibility,
63 | $sslversions_modern = $splunk::params::sslversions_modern,
64 | $sslversions_intermediate = $splunk::params::sslversions_intermediate,
65 | $sslcertpath = $splunk::params::sslcertpath,
66 | $sslrootcapath = $splunk::params::sslrootcapath,
67 | $sslpassword = $splunk::params::sslpassword,
68 | $sslverifyservercert = $splunk::params::sslverifyservercert,
69 | $splunk_os_user = $splunk::params::splunk_os_user,
70 | $splunk_os_group = $splunk::params::splunk_os_group,
71 | $splunk_bindip = $splunk::params::splunk_bindip,
72 | $splunk_db = $splunk::params::splunk_db,
73 | $tcpout = $splunk::params::tcpout,
74 | $type = $splunk::params::type,
75 | $use_ack = $splunk::params::use_ack,
76 | $version = $splunk::params::version
77 | ) inherits splunk::params {
78 |
79 | case $::osfamily {
80 | /^[Ww]indows$/: {
81 | if $type == 'uf' {
82 | $splunk_home = 'c:/program files/splunkuniversalforwarder'
83 | $package = 'UniversalForwarder'
84 | } else {
85 | $splunk_home = 'c:/program files/splunk'
86 | $package = 'Splunk Enterprise'
87 | }
88 | if $splunk_os_user == undef {
89 | $real_splunk_os_user = 'S-1-5-18'
90 | }
91 | if $splunk_os_group == undef {
92 | $real_splunk_os_group = 'Administrators'
93 | }
94 | $real_splunk_dir_mode = '0775'
95 | $real_splunk_file_mode = '0774'
96 | }
97 | default: {
98 | if $type == 'uf' {
99 | $splunk_home = '/opt/splunkforwarder'
100 | $package = 'splunkforwarder'
101 | } else {
102 | $splunk_home = '/opt/splunk'
103 | $package = 'splunk'
104 | }
105 | if $splunk_os_user == undef {
106 | $real_splunk_os_user = 'splunk'
107 | } else {
108 | $real_splunk_os_user = $splunk_os_user
109 | }
110 | if $splunk_os_group == undef {
111 | $real_splunk_os_group = 'splunk'
112 | } else {
113 | $real_splunk_os_group = $splunk_os_group
114 | }
115 | $real_splunk_dir_mode = '0700'
116 | $real_splunk_file_mode = '0600'
117 | }
118 | }
119 |
120 | case $sslcompatibility {
121 | 'modern': {
122 | $ciphersuite = $ciphersuite_modern
123 | $sslversions = $sslversions_modern
124 | $dhparamsize = $dhparamsize_modern
125 | $ecdhcurvename = $ecdhcurvename_modern }
126 | 'intermediate': {
127 | $ciphersuite = $ciphersuite_intermediate
128 | $sslversions = $sslversions_intermediate
129 | $dhparamsize = $dhparamsize_intermediate
130 | $ecdhcurvename = undef }
131 | default: {
132 | $ciphersuite = undef
133 | $sslversions = undef
134 | $dhparamsize = undef
135 | $ecdhcurvename = undef }
136 | }
137 |
138 | if $shclustering[mode] == 'searchhead' {
139 | # for SHC nodes we only place bootstrap config, so make
140 | # sure that staging directories end up using default dir
141 | # instead of local, and don't replace any existing config
142 | $splunk_app_precedence_dir = 'default'
143 | $splunk_app_replace = false
144 | } else {
145 | $splunk_app_precedence_dir = 'local'
146 | $splunk_app_replace = true
147 | }
148 |
149 | include splunk::installed
150 | include splunk::inputs
151 | include splunk::outputs
152 | include splunk::certs::s2s
153 | include splunk::certs::web
154 | include splunk::web
155 | include splunk::server::general
156 | include splunk::server::ssl
157 | include splunk::server::license
158 | include splunk::server::kvstore
159 | include splunk::server::clustering
160 | include splunk::server::shclustering
161 | include splunk::server::diskusage
162 | include splunk::server::forwarder
163 | include splunk::splunk_launch
164 | include splunk::deploymentclient
165 | include splunk::distsearch
166 | include splunk::passwd
167 | include splunk::authentication
168 | include splunk::secret
169 | include splunk::mgmtport
170 | include splunk::first_time_run
171 | include splunk::loglocal
172 | include splunk::limits
173 | include splunk::service
174 |
175 | # make sure classes are properly ordered and contained
176 | anchor { 'splunk_first': }
177 | -> Class['splunk::installed']
178 | -> Class['splunk::inputs']
179 | -> Class['splunk::outputs']
180 | -> Class['splunk::certs::s2s']
181 | -> Class['splunk::certs::web']
182 | -> Class['splunk::web']
183 | -> Class['splunk::server::general']
184 | -> Class['splunk::server::ssl']
185 | -> Class['splunk::server::license']
186 | -> Class['splunk::server::kvstore']
187 | -> Class['splunk::server::clustering']
188 | -> Class['splunk::server::shclustering']
189 | -> Class['splunk::server::diskusage']
190 | -> Class['splunk::server::forwarder']
191 | -> Class['splunk::splunk_launch']
192 | -> Class['splunk::deploymentclient']
193 | -> Class['splunk::distsearch']
194 | -> Class['splunk::passwd']
195 | -> Class['splunk::authentication']
196 | -> Class['splunk::secret']
197 | -> Class['splunk::mgmtport']
198 | -> Class['splunk::first_time_run']
199 | -> Class['splunk::loglocal']
200 | -> Class['splunk::limits']
201 | -> Class['splunk::service']
202 | -> splunk::addsearchpeers { $searchpeers: }
203 | anchor { 'splunk_last': }
204 | }
205 |
206 |
--------------------------------------------------------------------------------
/manifests/inputs.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::inputs (
7 | $inputport = $splunk::inputport,
8 | $ciphersuite = $splunk::ciphersuite,
9 | $sslversions = $splunk::sslversions,
10 | $ecdhcurvename = $splunk::ecdhcurvename,
11 | $requireclientcert = $splunk::requireclientcert,
12 | $splunk_home = $splunk::splunk_home,
13 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
14 | $splunk_app_replace = $splunk::splunk_app_replace,
15 | $splunk_os_user = $splunk::real_splunk_os_user,
16 | $splunk_os_group = $splunk::real_splunk_os_group,
17 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
18 | $splunk_file_mode = $splunk::real_splunk_file_mode,
19 | $sslrootcapath = $splunk::sslrootcapath,
20 | $sslpassword = $splunk::sslpassword,
21 | $sslcertpath = $splunk::sslcertpath
22 | ){
23 | $splunk_app_name = 'puppet_common_ssl_inputs'
24 | if $inputport == undef {
25 | file {"${splunk_home}/etc/apps/${splunk_app_name}":
26 | ensure => absent,
27 | recurse => true,
28 | purge => true,
29 | force => true,
30 | }
31 | } else {
32 | file { ["${splunk_home}/etc/apps/${splunk_app_name}",
33 | "${splunk_home}/etc/apps/${splunk_app_name}/${splunk_app_precedence_dir}",
34 | "${splunk_home}/etc/apps/${splunk_app_name}/metadata",]:
35 | ensure => directory,
36 | owner => $splunk_os_user,
37 | group => $splunk_os_group,
38 | mode => $splunk_dir_mode,
39 | }
40 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}/${splunk_app_precedence_dir}/inputs.conf":
41 | ensure => present,
42 | owner => $splunk_os_user,
43 | group => $splunk_os_group,
44 | mode => $splunk_file_mode,
45 | replace => $splunk_app_replace,
46 | content => template("splunk/${splunk_app_name}/local/inputs.conf"),
47 | }
48 | }
49 | }
50 |
51 |
--------------------------------------------------------------------------------
/manifests/installed.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::installed (
7 | $package = $splunk::package,
8 | $package_source = $splunk::package_source,
9 | $splunk_home = $splunk::splunk_home,
10 | $splunk_os_user = $splunk::real_splunk_os_user,
11 | $version = $splunk::version
12 | ) {
13 | case $::osfamily {
14 | /^[Ww]indows$/: {
15 | if $package_source == undef {
16 | fail('package_source variable is required for Windows installations')
17 | }
18 | package { $package:
19 | ensure => installed,
20 | source => $package_source,
21 | install_options => ['AGREETOLICENSE=Yes','LAUNCHSPLUNK=0','/quiet'],
22 | }
23 | }
24 | default: {
25 | if $version == undef and $package_source == undef {
26 | package { $package:
27 | ensure => installed,
28 | }
29 | -> exec { 'splunk initial run':
30 | command => "${splunk_home}/bin/splunk version --accept-license --answer-yes --no-prompt",
31 | path => ["${splunk_home}/bin", '/bin', '/sbin', '/usr/bin', '/usr/sbin'],
32 | require => Package[$package],
33 | user => $splunk_os_user,
34 | creates => "${splunk_home}/etc/system/local/server.conf",
35 | notify => Exec['splunk enable boot-start'],
36 | }
37 | -> exec { 'splunk enable boot-start':
38 | command => "${splunk_home}/bin/splunk enable boot-start -user ${splunk_os_user} --accept-license --answer-yes --no-prompt",
39 | path => ["${splunk_home}/bin", '/bin', '/sbin', '/usr/bin', '/usr/sbin'],
40 | require => Package[$package],
41 | refreshonly => true,
42 | }
43 | } elsif $version == undef and $package_source != undef {
44 | package { $package:
45 | ensure => installed,
46 | name => $package_source,
47 | }
48 | -> exec { 'splunk initial run':
49 | command => "${splunk_home}/bin/splunk version --accept-license --answer-yes --no-prompt",
50 | path => ["${splunk_home}/bin", '/bin', '/sbin', '/usr/bin', '/usr/sbin'],
51 | require => Package[$package],
52 | user => $splunk_os_user,
53 | creates => "${splunk_home}/etc/system/local/server.conf",
54 | notify => Exec['splunk enable boot-start'],
55 | }
56 | -> exec { 'splunk enable boot-start':
57 | command => "${splunk_home}/bin/splunk enable boot-start -user ${splunk_os_user} --accept-license --answer-yes --no-prompt",
58 | path => ["${splunk_home}/bin", '/bin', '/sbin', '/usr/bin', '/usr/sbin'],
59 | require => Package[$package],
60 | refreshonly => true,
61 | }
62 | } else {
63 | package { $package:
64 | ensure => $version,
65 | }
66 | -> exec { 'splunk initial run':
67 | command => "${splunk_home}/bin/splunk version --accept-license --answer-yes --no-prompt",
68 | path => ["${splunk_home}/bin", '/bin', '/sbin', '/usr/bin', '/usr/sbin'],
69 | require => Package[$package],
70 | user => $splunk_os_user,
71 | creates => "${splunk_home}/etc/system/local/server.conf",
72 | notify => Exec['splunk enable boot-start'],
73 | }
74 | -> exec { 'splunk enable boot-start':
75 | command => "${splunk_home}/bin/splunk enable boot-start -user ${splunk_os_user} --accept-license --answer-yes --no-prompt",
76 | path => ["${splunk_home}/bin", '/bin', '/sbin', '/usr/bin', '/usr/sbin'],
77 | require => Package[$package],
78 | refreshonly => true,
79 | }
80 | }
81 | }
82 | }
83 |
84 | }
85 |
--------------------------------------------------------------------------------
/manifests/limits.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::limits (
7 | $splunk_home = $splunk::splunk_home,
8 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
9 | $splunk_app_replace = $splunk::splunk_app_replace,
10 | $splunk_os_user = $splunk::real_splunk_os_user,
11 | $splunk_os_group = $splunk::real_splunk_os_group,
12 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
13 | $splunk_file_mode = $splunk::real_splunk_file_mode,
14 | $maxkbps = $splunk::maxkbps
15 | ){
16 | $splunk_app_name = 'puppet_common_thruput_base'
17 | if $maxkbps == undef {
18 | file {"${splunk_home}/etc/apps/${splunk_app_name}":
19 | ensure => absent,
20 | recurse => true,
21 | purge => true,
22 | force => true,
23 | }
24 | } else {
25 | file { ["${splunk_home}/etc/apps/${splunk_app_name}",
26 | "${splunk_home}/etc/apps/${splunk_app_name}/${splunk_app_precedence_dir}",
27 | "${splunk_home}/etc/apps/${splunk_app_name}/metadata",]:
28 | ensure => directory,
29 | owner => $splunk_os_user,
30 | group => $splunk_os_group,
31 | mode => $splunk_dir_mode,
32 | }
33 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}/${splunk_app_precedence_dir}/limits.conf":
34 | ensure => present,
35 | owner => $splunk_os_user,
36 | group => $splunk_os_group,
37 | mode => $splunk_file_mode,
38 | replace => $splunk_app_replace,
39 | content => template("splunk/${splunk_app_name}/local/limits.conf"),
40 | }
41 | }
42 | }
43 |
44 |
--------------------------------------------------------------------------------
/manifests/loglocal.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::loglocal (
7 | $splunk_home = $splunk::splunk_home,
8 | $splunk_os_user = $splunk::real_splunk_os_user,
9 | $splunk_os_group = $splunk::real_splunk_os_group,
10 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
11 | $splunk_file_mode = $splunk::real_splunk_file_mode,
12 | $maxbackupindex = $splunk::maxbackupindex,
13 | $maxfilesize = $splunk::maxfilesize
14 | ){
15 | file { "${splunk_home}/etc/log-local.cfg":
16 | ensure => present,
17 | content => template('splunk/log/log-local.cfg'),
18 | owner => $splunk_os_user,
19 | group => $splunk_os_group,
20 | mode => $splunk_file_mode,
21 | replace => false
22 | }
23 | }
24 |
25 |
--------------------------------------------------------------------------------
/manifests/mgmtport.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::mgmtport (
7 | $type = $splunk::type,
8 | $mgmthostport = $splunk::mgmthostport,
9 | $splunk_os_user = $splunk::real_splunk_os_user,
10 | $splunk_os_group = $splunk::real_splunk_os_group,
11 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
12 | $splunk_file_mode = $splunk::real_splunk_file_mode,
13 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
14 | $splunk_app_replace = $splunk::splunk_app_replace,
15 | $splunk_home = $splunk::splunk_home
16 | ){
17 | $splunk_app_name = 'puppet_common_mgmtport'
18 | # In future versions, if type == 'uf', then we should disable 8089/tcp to decrease attack surface
19 | if $mgmthostport == undef {
20 | file {"${splunk_home}/etc/apps/${splunk_app_name}_base":
21 | ensure => absent,
22 | recurse => true,
23 | purge => true,
24 | force => true,
25 | }
26 | } elsif $mgmthostport == 'disable' {
27 | file { ["${splunk_home}/etc/apps/${splunk_app_name}_disabled",
28 | "${splunk_home}/etc/apps/${splunk_app_name}_disabled/${splunk_app_precedence_dir}",
29 | "${splunk_home}/etc/apps/${splunk_app_name}_disabled/metadata",]:
30 | ensure => directory,
31 | owner => $splunk_os_user,
32 | group => $splunk_os_group,
33 | mode => $splunk_dir_mode,
34 | }
35 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_disabled/${splunk_app_precedence_dir}/server.conf":
36 | ensure => present,
37 | owner => $splunk_os_user,
38 | group => $splunk_os_group,
39 | mode => $splunk_file_mode,
40 | replace => $splunk_app_replace,
41 | content => template("splunk/${splunk_app_name}_disabled/local/server.conf"),
42 | }
43 | } else {
44 | file {"${splunk_home}/etc/apps/${splunk_app_name}_disabled":
45 | ensure => absent,
46 | recurse => true,
47 | purge => true,
48 | force => true,
49 | }
50 | -> file { ["${splunk_home}/etc/apps/${splunk_app_name}_base",
51 | "${splunk_home}/etc/apps/${splunk_app_name}_base/${splunk_app_precedence_dir}",
52 | "${splunk_home}/etc/apps/${splunk_app_name}_base/metadata",]:
53 | ensure => directory,
54 | owner => $splunk_os_user,
55 | group => $splunk_os_group,
56 | mode => $splunk_dir_mode,
57 | }
58 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_base/${splunk_app_precedence_dir}/web.conf":
59 | ensure => present,
60 | owner => $splunk_os_user,
61 | group => $splunk_os_group,
62 | mode => $splunk_file_mode,
63 | replace => $splunk_app_replace,
64 | content => template("splunk/${splunk_app_name}_base/local/web.conf"),
65 | }
66 | }
67 | }
68 |
--------------------------------------------------------------------------------
/manifests/outputs.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::outputs (
7 | $type = $splunk::type,
8 | $tcpout = $splunk::tcpout,
9 | $clustering = $splunk::clustering,
10 | $splunk_os_user = $splunk::real_splunk_os_user,
11 | $splunk_os_group = $splunk::real_splunk_os_group,
12 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
13 | $splunk_file_mode = $splunk::real_splunk_file_mode,
14 | $splunk_home = $splunk::splunk_home,
15 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
16 | $splunk_app_replace = $splunk::splunk_app_replace,
17 | $use_ack = $splunk::use_ack,
18 | $sslrootcapath = $splunk::sslrootcapath,
19 | $sslcertpath = $splunk::sslcertpath,
20 | $sslpassword = $splunk::sslpassword,
21 | $sslverifyservercert = $splunk::sslverifyservercert
22 | ){
23 | if $clustering[cm] == undef and $type == undef {
24 | $cm = "${::fqdn}:8089"
25 | } elsif $clustering[cm] == undef and $type == 'uf' and $tcpout == 'indexer_discovery' {
26 | fail 'please set cluster master when using indexer_discovery'
27 | } else {
28 | $cm = $clustering[cm]
29 | }
30 | if $clustering[pass4symmkey] == undef {
31 | $pass4symmkey = $splunk::pass4symmkey
32 | } else {
33 | $pass4symmkey = $clustering[pass4symmkey]
34 | }
35 | $splunk_app_name = 'puppet_common_ssl_outputs'
36 | if $tcpout == undef {
37 | file {"${splunk_home}/etc/apps/${splunk_app_name}":
38 | ensure => absent,
39 | recurse => true,
40 | purge => true,
41 | force => true,
42 | }
43 | } else {
44 | file { ["${splunk_home}/etc/apps/${splunk_app_name}",
45 | "${splunk_home}/etc/apps/${splunk_app_name}/${splunk_app_precedence_dir}",
46 | "${splunk_home}/etc/apps/${splunk_app_name}/metadata",]:
47 | ensure => directory,
48 | owner => $splunk_os_user,
49 | group => $splunk_os_group,
50 | mode => $splunk_dir_mode,
51 | }
52 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}/${splunk_app_precedence_dir}/outputs.conf":
53 | ensure => present,
54 | owner => $splunk_os_user,
55 | group => $splunk_os_group,
56 | mode => $splunk_file_mode,
57 | replace => $splunk_app_replace,
58 | content => template("splunk/${splunk_app_name}/local/outputs.conf"),
59 | }
60 | }
61 | }
62 |
63 |
--------------------------------------------------------------------------------
/manifests/params.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::params (
7 | ) {
8 | $admin = undef
9 | $auth = {
10 | 'type' => 'Splunk',
11 | 'saml_idptype' => undef,
12 | 'saml_idpurl' => undef,
13 | 'saml_signauthnrequest' => true,
14 | 'saml_signedassertion' => true,
15 | 'saml_signaturealgorithm' => 'RSA-SHA256',
16 | 'saml_fqdn' => undef,
17 | 'saml_entityid' => undef,
18 | 'ldap_anonymousreferrals' => undef,
19 | 'ldap_binddn' => undef,
20 | 'ldap_binddnpassword' => undef,
21 | 'ldap_groupnameattribute' => 'cn',
22 | 'ldap_groupmemberattribute' => 'member',
23 | 'ldap_groupbasedn' => undef,
24 | 'ldap_groupbasefilter' => '(objectclass=group)',
25 | 'ldap_host' => undef,
26 | 'ldap_port' => undef,
27 | 'ldap_nestedgroups' => undef,
28 | 'ldap_realnameattribute' => 'cn',
29 | 'ldap_sslenabled' => 1,
30 | 'ldap_userbasedn' => undef,
31 | 'ldap_userbasefilter' => '(objectclass=user)',
32 | 'ldap_usernameattribute' => 'sAMAccountName',
33 | }
34 | $ciphersuite_intermediate = 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'
35 | $ciphersuite_modern = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'
36 | $clustering = { }
37 | $dhparamsize_intermediate = 2048
38 | $dhparamsize_modern = 2048
39 | $ds = undef
40 | $ds_intermediate = undef
41 | $dontruncmds = false
42 | $ecdhcurvename_intermediate = 'secp384r1'
43 | $ecdhcurvename_modern = 'secp384r1'
44 | $httpport = undef
45 | $inputport = undef
46 | $kvstoreport = undef
47 | $lm = undef
48 | $maxbackupindex = 1
49 | $maxfilesize = 10000000
50 | $maxkbps = undef
51 | $mgmthostport = undef
52 | $minfreespace = undef
53 | $package_source = undef
54 | $pass4symmkey = 'changeme'
55 | $pipelines = 1
56 | $phonehomeintervalinsec = 60
57 | $pool_suggestion = undef
58 | $privkeypath = 'certs/webprivkey.pem'
59 | $outputs = undef
60 | $replication_port = 9887
61 | $repositorylocation = undef
62 | $requireclientcert = undef
63 | $reuse_puppet_certs = true
64 | $reuse_puppet_certs_for_web = undef
65 | $rolemap = {
66 | 'admin' => 'Domain Admins',
67 | 'power' => 'Power Users',
68 | 'user' => 'Domain Users',
69 | }
70 | # set to some string instead of undef to prevent 'Missing title' errors in Puppet 4.x
71 | $searchpeers = 'empty'
72 | $secret = undef
73 | $servercert = 'certs/webcert.pem'
74 | $service = {
75 | enable => true,
76 | ensure => undef,
77 | managed => undef,
78 | }
79 | $shclustering = { }
80 | $splunk_os_user = undef
81 | $splunk_os_group = undef
82 | $splunk_bindip = undef
83 | $splunk_db = undef
84 | $sslcompatibility = 'modern'
85 | $sslversions_modern = 'tls1.1, tls1.2'
86 | $sslversions_intermediate = '*,-ssl2'
87 | $sslcertpath = 'certs/s2s.pem'
88 | $sslrootcapath = 'certs/ca.crt'
89 | $sslpassword = undef
90 | $sslverifyservercert = undef
91 | $tcpout = undef
92 | $type = undef
93 | $use_ack = false
94 | $version = undef
95 | $webssl = true
96 | }
97 |
98 |
--------------------------------------------------------------------------------
/manifests/passwd.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::passwd (
7 | $admin = $splunk::admin,
8 | $splunk_home = $splunk::splunk_home,
9 | $splunk_os_user = $splunk::real_splunk_os_user,
10 | $splunk_os_group = $splunk::real_splunk_os_group,
11 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
12 | $splunk_file_mode = $splunk::real_splunk_file_mode
13 | ){
14 | case $::osfamily {
15 | /^[Ww]indows$/: {
16 | notify {'Setting admin password not supported on Windows':}
17 | warning('Setting admin password not supported on Windows')
18 | }
19 | default: {
20 | if $admin != undef {
21 | if $admin[hash] != undef {
22 | $hash = $admin[hash]
23 | $fn = $admin[fn] ? {
24 | undef => '',
25 | default => $admin[fn]
26 | }
27 | $email = $admin[email] ? {
28 | undef => '',
29 | default => $admin[email]
30 | }
31 | file { "${splunk_home}/etc/passwd":
32 | ensure => present,
33 | owner => $splunk_os_user,
34 | group => $splunk_os_group,
35 | mode => $splunk_dir_mode,
36 | content => ':admin:::',
37 | replace => 'no',
38 | }
39 | -> exec { 'set admin passwd':
40 | command => "sed -i -e 's#^:admin:.*$#:admin:${hash}::${fn}:admin:${email}::#g' ${splunk_home}/etc/passwd",
41 | unless => "grep -qe '^:admin:${hash}' ${splunk_home}/etc/passwd",
42 | path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'],
43 | }
44 | -> file { "${splunk_home}/etc/.ui_login":
45 | ensure => present,
46 | owner => $splunk_os_user,
47 | group => $splunk_os_group,
48 | mode => $splunk_file_mode,
49 | content => '',
50 | replace => 'no',
51 | }
52 | }
53 | }
54 | }
55 | }
56 | }
57 |
58 |
--------------------------------------------------------------------------------
/manifests/secret.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::secret (
7 | $splunk_home = $splunk::splunk_home,
8 | $splunk_secret = $splunk::secret,
9 | $splunk_os_user = $splunk::real_splunk_os_user,
10 | $splunk_os_group = $splunk::real_splunk_os_group,
11 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
12 | $splunk_file_mode = $splunk::real_splunk_file_mode
13 | ){
14 | if $splunk_secret != undef {
15 | file { "${splunk_home}/etc/auth/splunk.secret":
16 | ensure => present,
17 | owner => $splunk_os_user,
18 | group => $splunk_os_group,
19 | mode => $splunk_file_mode,
20 | content => $splunk_secret
21 | }
22 | }
23 | }
24 |
25 |
--------------------------------------------------------------------------------
/manifests/server/clustering.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::server::clustering (
7 | $splunk_home = $splunk::splunk_home,
8 | $splunk_os_user = $splunk::real_splunk_os_user,
9 | $splunk_os_group = $splunk::real_splunk_os_group,
10 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
11 | $splunk_file_mode = $splunk::real_splunk_file_mode,
12 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
13 | $splunk_app_replace = $splunk::splunk_app_replace,
14 | $clustering = $splunk::clustering,
15 | $replication_port = $splunk::replication_port,
16 | ){
17 | $splunk_app_name = 'puppet_indexer_cluster'
18 | # if no pass4symmkey defined under clustering, default to general
19 | # pass4symmkey
20 | if $clustering[pass4symmkey] == undef {
21 | $pass4symmkey = $splunk::pass4symmkey
22 | } else {
23 | $pass4symmkey = $clustering[pass4symmkey]
24 | }
25 | case $clustering[mode] {
26 | 'master': {
27 | $indexer_discovery = $clustering[indexer_discovery]
28 | $replication_factor = $clustering[replication_factor]
29 | $search_factor = $clustering[search_factor]
30 | # site is a reserved word in Puppet 4.x, switching to thissite
31 | $thissite = $clustering[thissite]
32 | $multisite = $clustering[multisite]
33 | $available_sites = $clustering[available_sites]
34 | $site_replication_factor = $clustering[site_replication_factor]
35 | $site_search_factor = $clustering[site_search_factor]
36 | $forwarder_site_failover = $clustering[forwarder_site_failover]
37 | file { [
38 | "${splunk_home}/etc/apps/${splunk_app_name}_slave_base",
39 | "${splunk_home}/etc/apps/${splunk_app_name}_searchhead_base",
40 | "${splunk_home}/etc/apps/${splunk_app_name}_forwarder_base", ]:
41 | ensure => absent,
42 | recurse => true,
43 | purge => true,
44 | force => true,
45 | }
46 | -> file { [
47 | "${splunk_home}/etc/apps/${splunk_app_name}_master_base",
48 | "${splunk_home}/etc/apps/${splunk_app_name}_master_base/${splunk_app_precedence_dir}",
49 | "${splunk_home}/etc/apps/${splunk_app_name}_master_base/metadata",
50 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base",
51 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/${splunk_app_precedence_dir}",
52 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/metadata",]:
53 | ensure => directory,
54 | owner => $splunk_os_user,
55 | group => $splunk_os_group,
56 | mode => $splunk_dir_mode,
57 | }
58 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/${splunk_app_precedence_dir}/server.conf":
59 | ensure => present,
60 | owner => $splunk_os_user,
61 | group => $splunk_os_group,
62 | mode => $splunk_file_mode,
63 | replace => $splunk_app_replace,
64 | content => template("splunk/${splunk_app_name}_pass4symmkey_base/local/server.conf"),
65 | }
66 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_master_base/${splunk_app_precedence_dir}/server.conf":
67 | ensure => present,
68 | owner => $splunk_os_user,
69 | group => $splunk_os_group,
70 | mode => $splunk_file_mode,
71 | replace => $splunk_app_replace,
72 | content => template("splunk/${splunk_app_name}_master_base/local/server.conf"),
73 | }
74 |
75 | }
76 | 'slave': {
77 | $cm = $clustering[cm]
78 | # site is a reserved word in Puppet 4.x, switching to thissite
79 | $thissite = $clustering[thissite]
80 | file { [
81 | "${splunk_home}/etc/apps/${splunk_app_name}_master_base",
82 | "${splunk_home}/etc/apps/${splunk_app_name}_searchhead_base",
83 | "${splunk_home}/etc/apps/${splunk_app_name}_forwarder_base", ]:
84 | ensure => absent,
85 | recurse => true,
86 | purge => true,
87 | force => true,
88 | }
89 | -> file { [
90 | "${splunk_home}/etc/apps/${splunk_app_name}_slave_base",
91 | "${splunk_home}/etc/apps/${splunk_app_name}_slave_base/${splunk_app_precedence_dir}",
92 | "${splunk_home}/etc/apps/${splunk_app_name}_slave_base/metadata",
93 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base",
94 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/${splunk_app_precedence_dir}",
95 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/metadata",]:
96 | ensure => directory,
97 | owner => $splunk_os_user,
98 | group => $splunk_os_group,
99 | mode => $splunk_dir_mode,
100 | }
101 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/${splunk_app_precedence_dir}/server.conf":
102 | ensure => present,
103 | owner => $splunk_os_user,
104 | group => $splunk_os_group,
105 | mode => $splunk_file_mode,
106 | replace => $splunk_app_replace,
107 | content => template("splunk/${splunk_app_name}_pass4symmkey_base/local/server.conf"),
108 | }
109 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_slave_base/${splunk_app_precedence_dir}/server.conf":
110 | ensure => present,
111 | owner => $splunk_os_user,
112 | group => $splunk_os_group,
113 | mode => $splunk_file_mode,
114 | replace => $splunk_app_replace,
115 | content => template("splunk/${splunk_app_name}_slave_base/local/server.conf"),
116 | }
117 |
118 | }
119 | 'searchhead': {
120 | $cm = $clustering[cm]
121 | # site is a reserved word in Puppet 4.x, switching to thissite
122 | $thissite = $clustering[thissite]
123 | file { [
124 | "${splunk_home}/etc/apps/${splunk_app_name}_master_base",
125 | "${splunk_home}/etc/apps/${splunk_app_name}_slave_base",
126 | "${splunk_home}/etc/apps/${splunk_app_name}_forwarder_base", ]:
127 | ensure => absent,
128 | recurse => true,
129 | purge => true,
130 | force => true,
131 | }
132 | -> file { [
133 | "${splunk_home}/etc/apps/${splunk_app_name}_searchhead_base",
134 | "${splunk_home}/etc/apps/${splunk_app_name}_searchhead_base/${splunk_app_precedence_dir}",
135 | "${splunk_home}/etc/apps/${splunk_app_name}_searchhead_base/metadata",
136 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base",
137 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/${splunk_app_precedence_dir}",
138 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/metadata",]:
139 | ensure => directory,
140 | owner => $splunk_os_user,
141 | group => $splunk_os_group,
142 | mode => $splunk_dir_mode,
143 | }
144 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/${splunk_app_precedence_dir}/server.conf":
145 | ensure => present,
146 | owner => $splunk_os_user,
147 | group => $splunk_os_group,
148 | mode => $splunk_file_mode,
149 | replace => $splunk_app_replace,
150 | content => template("splunk/${splunk_app_name}_pass4symmkey_base/local/server.conf"),
151 | }
152 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_searchhead_base/${splunk_app_precedence_dir}/server.conf":
153 | ensure => present,
154 | owner => $splunk_os_user,
155 | group => $splunk_os_group,
156 | mode => $splunk_file_mode,
157 | replace => $splunk_app_replace,
158 | content => template("splunk/${splunk_app_name}_searchhead_base/local/server.conf"),
159 | }
160 |
161 | }
162 | 'forwarder': {
163 | $cm = $clustering[cm]
164 | $thissite = $clustering[thissite]
165 | file { [
166 | "${splunk_home}/etc/apps/${splunk_app_name}_master_base",
167 | "${splunk_home}/etc/apps/${splunk_app_name}_slave_base",
168 | "${splunk_home}/etc/apps/${splunk_app_name}_searchhead_base", ]:
169 | ensure => absent,
170 | recurse => true,
171 | purge => true,
172 | force => true,
173 | }
174 | -> file { [
175 | "${splunk_home}/etc/apps/${splunk_app_name}_forwarder_base",
176 | "${splunk_home}/etc/apps/${splunk_app_name}_forwarder_base/${splunk_app_precedence_dir}", ]:
177 | ensure => directory,
178 | owner => $splunk_os_user,
179 | group => $splunk_os_group,
180 | mode => $splunk_dir_mode,
181 | }
182 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_forwarder_base/${splunk_app_precedence_dir}/server.conf":
183 | ensure => present,
184 | owner => $splunk_os_user,
185 | group => $splunk_os_group,
186 | mode => $splunk_file_mode,
187 | replace => $splunk_app_replace,
188 | content => template("splunk/${splunk_app_name}_forwarder_base/local/server.conf"),
189 | }
190 |
191 | }
192 | default: {
193 | # without clustering, remove all clustering config apps
194 | file { [
195 | "${splunk_home}/etc/apps/${splunk_app_name}_slave_base",
196 | "${splunk_home}/etc/apps/${splunk_app_name}_searchhead_base",
197 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base",
198 | "${splunk_home}/etc/apps/${splunk_app_name}_master_base", ]:
199 | ensure => absent,
200 | recurse => true,
201 | purge => true,
202 | force => true,
203 | }
204 | }
205 | }
206 | }
207 |
--------------------------------------------------------------------------------
/manifests/server/diskusage.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::server::diskusage (
7 | $minfreespace = $splunk::minfreespace,
8 | $inputport = $splunk::inputport,
9 | $splunk_home = $splunk::splunk_home,
10 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
11 | $splunk_app_replace = $splunk::splunk_app_replace,
12 | $splunk_os_user = $splunk::real_splunk_os_user,
13 | $splunk_os_group = $splunk::real_splunk_os_group,
14 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
15 | $splunk_file_mode = $splunk::real_splunk_file_mode
16 | ){
17 | $splunk_app_name = 'puppet_common_diskusage'
18 | if $minfreespace == undef {
19 | file {"${splunk_home}/etc/apps/${splunk_app_name}_base":
20 | ensure => absent,
21 | recurse => true,
22 | purge => true,
23 | force => true,
24 | }
25 | } else {
26 | file { ["${splunk_home}/etc/apps/${splunk_app_name}_base",
27 | "${splunk_home}/etc/apps/${splunk_app_name}_base/${splunk_app_precedence_dir}",
28 | "${splunk_home}/etc/apps/${splunk_app_name}_base/metadata",]:
29 | ensure => directory,
30 | owner => $splunk_os_user,
31 | group => $splunk_os_group,
32 | mode => $splunk_dir_mode,
33 | }
34 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_base/${splunk_app_precedence_dir}/server.conf":
35 | ensure => present,
36 | owner => $splunk_os_user,
37 | group => $splunk_os_group,
38 | mode => $splunk_file_mode,
39 | replace => $splunk_app_replace,
40 | content => template("splunk/${splunk_app_name}_base/local/server.conf"),
41 | }
42 |
43 | }
44 | }
45 |
46 |
--------------------------------------------------------------------------------
/manifests/server/forwarder.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::server::forwarder (
7 | $splunk_home = $splunk::splunk_home,
8 | $splunk_os_user = $splunk::real_splunk_os_user,
9 | $splunk_os_group = $splunk::real_splunk_os_group,
10 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
11 | $splunk_file_mode = $splunk::real_splunk_file_mode,
12 | $splunk_type = $splunk::type,
13 | $splunk_app_replace = $splunk::splunk_app_replace,
14 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
15 | $pipelines = $splunk::pipelines,
16 | ){
17 | $splunk_app_name = 'puppet_forwarder'
18 | if $splunk_type == 'uf' and $pipelines != undef {
19 | file { ["${splunk_home}/etc/apps/${splunk_app_name}_base",
20 | "${splunk_home}/etc/apps/${splunk_app_name}_base/${splunk_app_precedence_dir}",
21 | "${splunk_home}/etc/apps/${splunk_app_name}_base/metadata",]:
22 | ensure => directory,
23 | owner => $splunk_os_user,
24 | group => $splunk_os_group,
25 | mode => $splunk_dir_mode,
26 | }
27 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_base/${splunk_app_precedence_dir}/server.conf":
28 | ensure => present,
29 | owner => $splunk_os_user,
30 | group => $splunk_os_group,
31 | mode => $splunk_file_mode,
32 | replace => $splunk_app_replace,
33 | content => template("splunk/${splunk_app_name}_base/local/server.conf"),
34 | }
35 |
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/manifests/server/general.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::server::general (
7 | $pass4symmkey = $splunk::pass4symmkey,
8 | $splunk_os_user = $splunk::real_splunk_os_user,
9 | $splunk_os_group = $splunk::real_splunk_os_group,
10 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
11 | $splunk_file_mode = $splunk::real_splunk_file_mode,
12 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
13 | $splunk_app_replace = $splunk::splunk_app_replace,
14 | $splunk_home = $splunk::splunk_home
15 | ){
16 | $splunk_app_name = 'puppet_common_pass4symmkey_base'
17 | case $::osfamily {
18 | /^[Ww]indows$/: {
19 | # On Windows we cannot delete pass4SymmKey from [general], because there
20 | # is no Augeas provider on Windows
21 | }
22 | default: {
23 | # delete pass4SymmKey from [general] in etc/system/local/server.conf,
24 | # otherwise our pass4SymmKey in the app below will be overruled
25 | augeas { "${splunk_home}/etc/system/local/server.conf pass4symmkey":
26 | lens => 'Splunk.lns',
27 | incl => "${splunk_home}/etc/system/local/server.conf",
28 | changes => [
29 | 'rm target[. = "general"]/pass4SymmKey',
30 | ],
31 | }
32 | }
33 | }
34 | file { [
35 | "${splunk_home}/etc/apps/${splunk_app_name}",
36 | "${splunk_home}/etc/apps/${splunk_app_name}/${splunk_app_precedence_dir}",
37 | "${splunk_home}/etc/apps/${splunk_app_name}/metadata",]:
38 | ensure => directory,
39 | owner => $splunk_os_user,
40 | group => $splunk_os_group,
41 | mode => $splunk_dir_mode,
42 | }
43 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}/${splunk_app_precedence_dir}/server.conf":
44 | ensure => present,
45 | owner => $splunk_os_user,
46 | group => $splunk_os_group,
47 | mode => $splunk_file_mode,
48 | replace => $splunk_app_replace,
49 | content => template("splunk/${splunk_app_name}/local/server.conf"),
50 | }
51 | }
52 |
53 |
--------------------------------------------------------------------------------
/manifests/server/kvstore.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::server::kvstore (
7 | $kvstoreport = $splunk::kvstoreport,
8 | $splunk_os_user = $splunk::real_splunk_os_user,
9 | $splunk_os_group = $splunk::real_splunk_os_group,
10 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
11 | $splunk_file_mode = $splunk::real_splunk_file_mode,
12 | $splunk_home = $splunk::splunk_home,
13 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
14 | $splunk_app_replace = $splunk::splunk_app_replace
15 | ){
16 | $splunk_app_name = 'puppet_common_kvstore'
17 | if $kvstoreport == undef {
18 | file {"${splunk_home}/etc/apps/${splunk_app_name}_base":
19 | ensure => absent,
20 | recurse => true,
21 | purge => true,
22 | force => true,
23 | }
24 | -> file { ["${splunk_home}/etc/apps/${splunk_app_name}_disabled",
25 | "${splunk_home}/etc/apps/${splunk_app_name}_disabled/${splunk_app_precedence_dir}",
26 | "${splunk_home}/etc/apps/${splunk_app_name}_disabled/metadata",]:
27 | ensure => directory,
28 | owner => $splunk_os_user,
29 | group => $splunk_os_group,
30 | mode => $splunk_dir_mode,
31 | }
32 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_disabled/${splunk_app_precedence_dir}/server.conf":
33 | ensure => present,
34 | owner => $splunk_os_user,
35 | group => $splunk_os_group,
36 | mode => $splunk_file_mode,
37 | replace => $splunk_app_replace,
38 | # re-use the _base template, but created on the client as _disabled
39 | content => template("splunk/${splunk_app_name}_base/local/server.conf"),
40 | }
41 | } else {
42 | file {"${splunk_home}/etc/apps/${splunk_app_name}_disabled":
43 | ensure => absent,
44 | recurse => true,
45 | purge => true,
46 | force => true,
47 | }
48 | -> file { ["${splunk_home}/etc/apps/${splunk_app_name}_base",
49 | "${splunk_home}/etc/apps/${splunk_app_name}_base/${splunk_app_precedence_dir}",
50 | "${splunk_home}/etc/apps/${splunk_app_name}_base/metadata",]:
51 | ensure => directory,
52 | owner => $splunk_os_user,
53 | group => $splunk_os_group,
54 | mode => $splunk_dir_mode,
55 | }
56 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_base/${splunk_app_precedence_dir}/server.conf":
57 | ensure => present,
58 | owner => $splunk_os_user,
59 | group => $splunk_os_group,
60 | mode => $splunk_file_mode,
61 | replace => $splunk_app_replace,
62 | content => template("splunk/${splunk_app_name}_base/local/server.conf"),
63 | }
64 |
65 | }
66 | }
67 |
68 |
--------------------------------------------------------------------------------
/manifests/server/license.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::server::license (
7 | $lm = $splunk::lm,
8 | $pool_suggestion = $splunk::pool_suggestion,
9 | $splunk_os_user = $splunk::real_splunk_os_user,
10 | $splunk_os_group = $splunk::real_splunk_os_group,
11 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
12 | $splunk_file_mode = $splunk::real_splunk_file_mode,
13 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
14 | $splunk_app_replace = $splunk::splunk_app_replace,
15 | $splunk_home = $splunk::splunk_home
16 | ){
17 | $splunk_app_name = 'puppet_common_license_client_base'
18 | if $lm == undef {
19 | file {"${splunk_home}/etc/apps/${splunk_app_name}":
20 | ensure => absent,
21 | recurse => true,
22 | purge => true,
23 | force => true,
24 | }
25 | } else {
26 | file { ["${splunk_home}/etc/apps/${splunk_app_name}",
27 | "${splunk_home}/etc/apps/${splunk_app_name}/${splunk_app_precedence_dir}",
28 | "${splunk_home}/etc/apps/${splunk_app_name}/metadata",]:
29 | ensure => directory,
30 | owner => $splunk_os_user,
31 | group => $splunk_os_group,
32 | mode => $splunk_dir_mode,
33 | }
34 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}/${splunk_app_precedence_dir}/server.conf":
35 | ensure => present,
36 | owner => $splunk_os_user,
37 | group => $splunk_os_group,
38 | mode => $splunk_file_mode,
39 | replace => $splunk_app_replace,
40 | content => template("splunk/${splunk_app_name}/local/server.conf"),
41 | }
42 | }
43 | }
44 |
45 |
--------------------------------------------------------------------------------
/manifests/server/shclustering.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::server::shclustering (
7 | $splunk_home = $splunk::splunk_home,
8 | $splunk_os_user = $splunk::real_splunk_os_user,
9 | $splunk_os_group = $splunk::real_splunk_os_group,
10 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
11 | $splunk_file_mode = $splunk::real_splunk_file_mode,
12 | $shclustering = $splunk::shclustering,
13 | $splunk_app_replace = $splunk::splunk_app_replace,
14 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir
15 | ){
16 | $splunk_app_name = 'puppet_search_shcluster'
17 | if $shclustering[pass4symmkey] == undef {
18 | $pass4symmkey = $splunk::pass4symmkey
19 | } else {
20 | $pass4symmkey = $shclustering[pass4symmkey]
21 | }
22 | case $shclustering[mode] {
23 | 'searchhead': {
24 | case $::osfamily {
25 | /^[Ww]indows$/: {
26 | # On Windows there is no Augeas
27 | }
28 | default: {
29 | # remove previous shclustering config apps if shclustering is not set
30 | # create both base config and secret key for shclustering if searchhead deployer is set
31 | $replication_factor = $shclustering[replication_factor]
32 | $shd = $shclustering[shd]
33 | $label = $shclustering[label]
34 | file { [
35 | "${splunk_home}/etc/apps/${splunk_app_name}_base",
36 | "${splunk_home}/etc/apps/${splunk_app_name}_base/${splunk_app_precedence_dir}",
37 | "${splunk_home}/etc/apps/${splunk_app_name}_base/metadata",
38 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base",
39 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/${splunk_app_precedence_dir}",
40 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/metadata",]:
41 | ensure => directory,
42 | owner => $splunk_os_user,
43 | group => $splunk_os_group,
44 | mode => $splunk_dir_mode,
45 | }
46 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/${splunk_app_precedence_dir}/server.conf":
47 | ensure => present,
48 | owner => $splunk_os_user,
49 | group => $splunk_os_group,
50 | replace => $splunk_app_replace,
51 | content => template("splunk/${splunk_app_name}_pass4symmkey_base/local/server.conf"),
52 | }
53 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_base/${splunk_app_precedence_dir}/server.conf":
54 | ensure => present,
55 | owner => $splunk_os_user,
56 | group => $splunk_os_group,
57 | replace => $splunk_app_replace,
58 | content => template("splunk/${splunk_app_name}_base/local/server.conf"),
59 | }
60 | # unfortunately we need to edit etc/system/local/server.conf directly,
61 | # to prevent the SH Deployer from overwriting server specific config
62 | # directives like mgmt_uri
63 | -> augeas { "${splunk_home}/etc/system/local/server.conf/shclustering":
64 | lens => 'Splunk.lns',
65 | incl => "${splunk_home}/etc/system/local/server.conf",
66 | changes => [
67 | "set target[. = 'shclustering'] shclustering",
68 | "set target[. = 'shclustering']/mgmt_uri https://${::fqdn}:8089",
69 | ],
70 | }
71 | }
72 | }
73 | }
74 | 'deployer': {
75 | # just create a secret key for shclustering, to make the node a search head deployer
76 | file { [
77 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base",
78 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/${splunk_app_precedence_dir}",
79 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/metadata",]:
80 | ensure => directory,
81 | owner => $splunk_os_user,
82 | group => $splunk_os_group,
83 | mode => $splunk_dir_mode,
84 | }
85 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base/${splunk_app_precedence_dir}/server.conf":
86 | ensure => present,
87 | owner => $splunk_os_user,
88 | group => $splunk_os_group,
89 | mode => $splunk_file_mode,
90 | content => template("splunk/${splunk_app_name}_pass4symmkey_base/local/server.conf"),
91 | }
92 | }
93 | default: {
94 | file { [
95 | "${splunk_home}/etc/apps/${splunk_app_name}_base",
96 | "${splunk_home}/etc/apps/${splunk_app_name}_pass4symmkey_base", ]:
97 | ensure => absent,
98 | recurse => true,
99 | purge => true,
100 | force => true,
101 | }
102 | }
103 | }
104 | }
105 |
--------------------------------------------------------------------------------
/manifests/server/ssl.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::server::ssl (
7 | $splunk_os_user = $splunk::real_splunk_os_user,
8 | $splunk_os_group = $splunk::real_splunk_os_group,
9 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
10 | $splunk_file_mode = $splunk::real_splunk_file_mode,
11 | $ciphersuite = $splunk::ciphersuite,
12 | $sslversions = $splunk::sslversions,
13 | $ecdhcurvename = $splunk::ecdhcurvename,
14 | $requireclientcert = $splunk::requireclientcert,
15 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
16 | $splunk_app_replace = $splunk::splunk_app_replace,
17 | $splunk_home = $splunk::splunk_home,
18 | $sslpassword = $splunk::sslpassword,
19 | $sslrootcapath = $splunk::sslrootcapath,
20 | $sslverifyservercert = $splunk::sslverifyservercert
21 | ){
22 | $splunk_app_name = 'puppet_common_ssl_base'
23 | file { ["${splunk_home}/etc/apps/${splunk_app_name}",
24 | "${splunk_home}/etc/apps/${splunk_app_name}/${splunk_app_precedence_dir}",
25 | "${splunk_home}/etc/apps/${splunk_app_name}/metadata",]:
26 | ensure => directory,
27 | owner => $splunk_os_user,
28 | group => $splunk_os_group,
29 | mode => $splunk_dir_mode,
30 | }
31 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}/${splunk_app_precedence_dir}/server.conf":
32 | ensure => present,
33 | owner => $splunk_os_user,
34 | group => $splunk_os_group,
35 | mode => $splunk_file_mode,
36 | replace => $splunk_app_replace,
37 | content => template("splunk/${splunk_app_name}/local/server.conf"),
38 | }
39 | }
40 |
41 |
--------------------------------------------------------------------------------
/manifests/service.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::service (
7 | $type = $splunk::type,
8 | $splunk_home = $splunk::splunk_home,
9 | $service = $splunk::service
10 | ) {
11 | if $service[managed] == undef or $service[managed] == true {
12 | case $::osfamily {
13 | /^[Ww]indows$/: {
14 | case $type {
15 | 'uf': { $windows_service = 'SplunkForwarder' }
16 | default: { $windows_service = 'Splunkd' }
17 | }
18 | if $service[ensure] == undef {
19 | service { $windows_service:
20 | enable => $service[enable],
21 | }
22 | } else {
23 | service { $windows_service:
24 | ensure => $service[ensure],
25 | enable => $service[enable],
26 | }
27 | }
28 | }
29 | default: {
30 | if $service[ensure] == undef {
31 | service { 'splunk':
32 | enable => $service[enable],
33 | status => "${splunk_home}/bin/splunk status",
34 | start => "${splunk_home}/bin/splunk start",
35 | stop => "${splunk_home}/bin/splunk stop",
36 | }
37 | } else {
38 | service { 'splunk':
39 | ensure => $service[ensure],
40 | enable => $service[enable],
41 | status => "${splunk_home}/bin/splunk status",
42 | start => "${splunk_home}/bin/splunk start",
43 | stop => "${splunk_home}/bin/splunk stop",
44 | }
45 | }
46 | }
47 | }
48 | }
49 | }
50 |
51 |
--------------------------------------------------------------------------------
/manifests/splunk_launch.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::splunk_launch (
7 | $splunk_os_user = $splunk::real_splunk_os_user,
8 | $splunk_bindip = $splunk::splunk_bindip,
9 | $splunk_db = $splunk::splunk_db,
10 | $splunk_home = $splunk::splunk_home
11 | ){
12 | case $::osfamily {
13 | /^[Ww]indows$/: {
14 | notify {'Setting splunk_os_user and splunk_db not supported on Windows':}
15 | warning('Setting splunk_os_user and splunk_db not supported on Windows')
16 | # On Windows there is no Augeas
17 | }
18 | default: {
19 | if $splunk_os_user == undef {
20 | augeas { "${splunk_home}/etc/splunk-launch.conf splunk_os_user":
21 | lens => 'ShellVars.lns',
22 | incl => "${splunk_home}/etc/splunk-launch.conf",
23 | changes => [
24 | 'rm SPLUNK_OS_USER',
25 | ];
26 | }
27 | } else {
28 | augeas { "${splunk_home}/etc/splunk-launch.conf splunk_os_user":
29 | lens => 'ShellVars.lns',
30 | incl => "${splunk_home}/etc/splunk-launch.conf",
31 | changes => [
32 | "set SPLUNK_OS_USER ${splunk_os_user}",
33 | ];
34 | }
35 | }
36 | if $splunk_bindip == undef {
37 | augeas { "${splunk_home}/etc/splunk-launch.conf splunk_bindip":
38 | lens => 'ShellVars.lns',
39 | incl => "${splunk_home}/etc/splunk-launch.conf",
40 | changes => [
41 | 'rm SPLUNK_BINDIP',
42 | ];
43 | }
44 | } else {
45 | augeas { "${splunk_home}/etc/splunk-launch.conf splunk_bindip":
46 | lens => 'ShellVars.lns',
47 | incl => "${splunk_home}/etc/splunk-launch.conf",
48 | changes => [
49 | "set SPLUNK_BINDIP ${splunk_bindip}",
50 | ];
51 | }
52 | }
53 | if $splunk_db == undef {
54 | #For now, we skip removing SPLUNK_DB if unset, because people may have previously set this manually.
55 | #Perhaps we'll start removing SPLUNK_DB in a 4.x release
56 | #augeas { "${splunk_home}/etc/splunk-launch.conf splunk_db":
57 | # lens => 'ShellVars.lns',
58 | # incl => "${splunk_home}/etc/splunk-launch.conf",
59 | # changes => [
60 | # 'rm SPLUNK_DB',
61 | # ];
62 | #}
63 | } else {
64 | augeas { "${splunk_home}/etc/splunk-launch.conf splunk_db":
65 | lens => 'ShellVars.lns',
66 | incl => "${splunk_home}/etc/splunk-launch.conf",
67 | changes => [
68 | "set SPLUNK_DB ${splunk_db}",
69 | ];
70 | }
71 | }
72 | }
73 | }
74 | }
75 |
--------------------------------------------------------------------------------
/manifests/web.pp:
--------------------------------------------------------------------------------
1 | # vim: ts=2 sw=2 et
2 | #
3 | # Copyright (c) 2016-2018 Jorrit Folmer
4 | #
5 |
6 | class splunk::web (
7 | $ciphersuite = $splunk::ciphersuite,
8 | $sslversions = $splunk::sslversions,
9 | $httpport = $splunk::httpport,
10 | $ecdhcurvename = $splunk::ecdhcurvename,
11 | $privkeypath = $splunk::privkeypath,
12 | $servercert = $splunk::servercert,
13 | $reuse_puppet_certs_for_web = $splunk::reuse_puppet_certs_for_web,
14 | $splunk_os_user = $splunk::real_splunk_os_user,
15 | $splunk_os_group = $splunk::real_splunk_os_group,
16 | $splunk_dir_mode = $splunk::real_splunk_dir_mode,
17 | $splunk_file_mode = $splunk::real_splunk_file_mode,
18 | $splunk_app_precedence_dir = $splunk::splunk_app_precedence_dir,
19 | $splunk_app_replace = $splunk::splunk_app_replace,
20 | $splunk_home = $splunk::splunk_home
21 | ){
22 | $splunk_app_name = 'puppet_common_ssl_web'
23 | if $httpport == undef {
24 | file {"${splunk_home}/etc/apps/${splunk_app_name}_base":
25 | ensure => absent,
26 | recurse => true,
27 | purge => true,
28 | force => true,
29 | }
30 | -> file { ["${splunk_home}/etc/apps/${splunk_app_name}_disabled",
31 | "${splunk_home}/etc/apps/${splunk_app_name}_disabled/${splunk_app_precedence_dir}",
32 | "${splunk_home}/etc/apps/${splunk_app_name}_disabled/metadata",]:
33 | ensure => directory,
34 | owner => $splunk_os_user,
35 | group => $splunk_os_group,
36 | mode => $splunk_dir_mode,
37 | }
38 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_disabled/${splunk_app_precedence_dir}/web.conf":
39 | ensure => present,
40 | owner => $splunk_os_user,
41 | group => $splunk_os_group,
42 | mode => $splunk_file_mode,
43 | replace => $splunk_app_replace,
44 | content => template("splunk/${splunk_app_name}_base/local/web.conf"),
45 | }
46 | } else {
47 | case $::osfamily {
48 | /^[Ww]indows$/: {
49 | # On Windows, we have to run createssl ourselves because we run the msi with LAUNCHSPLUNK=0
50 | exec { 'splunk createssl':
51 | command => 'splunk createssl web-cert 2048',
52 | path => ["${splunk_home}/bin"],
53 | environment => "OPENSSL_CONF=${splunk_home}/openssl.cnf",
54 | creates => [
55 | "${splunk_home}/etc/auth/splunkweb/cert.pem",
56 | ],
57 | logoutput => true,
58 | }
59 | }
60 | default: {
61 | # On Linux this already taken care of by enable boot-start
62 | }
63 | }
64 | file {"${splunk_home}/etc/apps/${splunk_app_name}_disabled":
65 | ensure => absent,
66 | recurse => true,
67 | purge => true,
68 | force => true,
69 | }
70 | -> file { ["${splunk_home}/etc/apps/${splunk_app_name}_base",
71 | "${splunk_home}/etc/apps/${splunk_app_name}_base/${splunk_app_precedence_dir}",
72 | "${splunk_home}/etc/apps/${splunk_app_name}_base/metadata",]:
73 | ensure => directory,
74 | owner => $splunk_os_user,
75 | group => $splunk_os_group,
76 | mode => $splunk_dir_mode,
77 | }
78 | -> file { "${splunk_home}/etc/apps/${splunk_app_name}_base/${splunk_app_precedence_dir}/web.conf":
79 | ensure => present,
80 | owner => $splunk_os_user,
81 | group => $splunk_os_group,
82 | mode => $splunk_file_mode,
83 | replace => $splunk_app_replace,
84 | content => template("splunk/${splunk_app_name}_base/local/web.conf"),
85 | }
86 |
87 | }
88 | }
89 |
--------------------------------------------------------------------------------
/metadata.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "jorritfolmer-splunk",
3 | "version": "3.14.0",
4 | "author": "Jorrit Folmer",
5 | "summary": "Deploys Splunk instances on Windows and Linux in simple, distributed or (multisite) clustered topologies. Demoed by Splunk at .conf2017",
6 | "license": "MIT",
7 | "source": "https://github.com/jorritfolmer/puppet-splunk.git",
8 | "issues_url": "https://github.com/jorritfolmer/puppet-splunk/issues",
9 | "project_page": "https://github.com/jorritfolmer/puppet-splunk",
10 | "dependencies": [
11 | {"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0 < 5.0.0"}
12 | ],
13 | "operatingsystem_support": [
14 | {
15 | "operatingsystem":"RedHat",
16 | "operatingsystemrelease":[ "6", "7", "8" ]
17 | },
18 | {
19 | "operatingsystem":"CentOS",
20 | "operatingsystemrelease":[ "6", "7", "8" ]
21 | },
22 | {
23 | "operatingsystem":"Ubuntu",
24 | "operatingsystemrelease":[ "14.04", "16.04", "18.04", "20.04"]
25 | },
26 | {
27 | "operatingsystem":"Debian",
28 | "operatingsystemrelease":[ "8", "10" ]
29 | },
30 | {
31 | "operatingsystem":"Windows",
32 | "operatingsystemrelease":[ "2012 R2", "2016", "2019" ]
33 | }
34 | ],
35 | "requirements": [
36 | {
37 | "version_requirement": ">= 2.7.14 < 8.0.0",
38 | "name": "puppet"
39 | }
40 | ],
41 | "tags": ["splunk", "splunkuniversalforwarder"]
42 | }
43 |
44 |
--------------------------------------------------------------------------------
/puppet_enterprise_add_splunk_class.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jorritfolmer/puppet-splunk/6be25a2e8995adf5013edef1131dfd413d76c772/puppet_enterprise_add_splunk_class.png
--------------------------------------------------------------------------------
/spec/classes/init_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 |
3 | describe 'splunk' do
4 |
5 | context 'with defaults for all parameters' do
6 | it { should contain_class('splunk::installed') }
7 | it { should contain_package('splunk') }
8 | it { should_not contain_file('/opt/splunk/etc/.ui_login') }
9 | end
10 |
11 | context 'with admin hash ' do
12 | let(:params) {
13 | {
14 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
15 | }
16 | }
17 | it { should contain_class('splunk::installed') }
18 | it { should contain_package('splunk') }
19 | it { should contain_file('/opt/splunk/etc/.ui_login') }
20 | it { should contain_file('/opt/splunk/etc/passwd') }
21 | end
22 |
23 | context 'with admin hash only ' do
24 | let(:params) {
25 | {
26 | :admin => { 'hash' => 'zzzz', },
27 | }
28 | }
29 | it { should contain_class('splunk::installed') }
30 | it { should contain_package('splunk') }
31 | it { should contain_file('/opt/splunk/etc/.ui_login') }
32 | it { should contain_file('/opt/splunk/etc/passwd') }
33 | end
34 |
35 | context 'with service ensured running' do
36 | let(:params) {
37 | {
38 | :service => { 'ensure' => 'running'}
39 | }
40 | }
41 | it { should contain_class('splunk::installed') }
42 | it { should contain_package('splunk') }
43 | it { should_not contain_file('/opt/splunk/etc/.ui_login') }
44 | it { should contain_service('splunk').with(
45 | 'ensure' => 'running')
46 | }
47 | end
48 |
49 | context 'with service managed set to false' do
50 | let(:params) {
51 | {
52 | :service => { 'managed' => false}
53 | }
54 | }
55 | it { should contain_class('splunk::installed') }
56 | it { should contain_package('splunk') }
57 | it { should_not contain_file('/opt/splunk/etc/.ui_login') }
58 | # doesn't work on ruby 1.8.7
59 | # see https://travis-ci.org/jorritfolmer/puppet-splunk/builds/449263879
60 | #it { should_not contain_service('splunk') }
61 | end
62 |
63 | context 'with service enable true' do
64 | let(:params) {
65 | {
66 | :service => { 'enable' => true}
67 | }
68 | }
69 | it { should contain_class('splunk::installed') }
70 | it { should contain_package('splunk') }
71 | it { should_not contain_file('/opt/splunk/etc/.ui_login') }
72 | it { should contain_service('splunk').with(
73 | 'enable' => true)
74 | }
75 | end
76 |
77 | context 'with type=>uf' do
78 | let(:params) {
79 | {
80 | :type => 'uf',
81 | }
82 | }
83 | it do
84 | should contain_package('splunkforwarder')
85 | end
86 | end
87 |
88 | context 'with package_source' do
89 | let(:params) {
90 | {
91 | :package_source => 'https://download.splunk.com/products/splunk/releases/6.6.2/linux/splunk-6.6.2-4b804538c686-linux-2.6-x86_64.rpm'
92 | }
93 | }
94 | it { should contain_class('splunk::installed') }
95 | it { should contain_package('splunk') }
96 | end
97 |
98 | context 'with tcpout as string' do
99 | let(:params) {
100 | {
101 | :tcpout => 'splunk-idx.internal.corp.example:9997',
102 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
103 | }
104 | }
105 | it { should contain_class('splunk::installed') }
106 | it { should contain_package('splunk') }
107 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_outputs/local/outputs.conf').with_content(/server = splunk-idx.internal.corp.example:9997/) }
108 | end
109 |
110 | context 'with tcpout as string and use_ack' do
111 | let(:params) {
112 | {
113 | :tcpout => 'splunk-idx.internal.corp.example:9997',
114 | :use_ack => true,
115 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
116 | }
117 | }
118 | it { should contain_class('splunk::installed') }
119 | it { should contain_package('splunk') }
120 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_outputs/local/outputs.conf').with_content(/useACK = true/) }
121 | end
122 |
123 |
124 | context 'with tcpout as string and revert to default splunk cert instead of puppet cert reuse' do
125 | let(:params) {
126 | {
127 | :tcpout => 'splunk-idx.internal.corp.example:9997',
128 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
129 | :reuse_puppet_certs => false,
130 | :sslcertpath => 'server.pem',
131 | :sslrootcapath => 'cacert.pem',
132 | }
133 | }
134 | it { should contain_class('splunk::installed') }
135 | it { should contain_package('splunk') }
136 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_base/local/server.conf').with_content(/sslRootCAPath = \/opt\/splunk\/etc\/auth\/cacert.pem/) }
137 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_outputs/local/outputs.conf').with_content(/server = splunk-idx.internal.corp.example:9997/) }
138 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_outputs/local/outputs.conf').with_content(/sslCertPath = \/opt\/splunk\/etc\/auth\/server.pem/) }
139 | end
140 |
141 |
142 | context 'with reuse_puppet_certs_for_web' do
143 | let(:params) {
144 | {
145 | :httpport => 8000,
146 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
147 | :reuse_puppet_certs_for_web => true,
148 | }
149 | }
150 | it { should contain_class('splunk::installed') }
151 | it { should contain_package('splunk') }
152 | it { should contain_file('/opt/splunk/etc/auth/certs/webprivkey.pem') }
153 | it { should contain_file('/opt/splunk/etc/auth/certs/webcert.pem') }
154 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_web_base/local/web.conf').with_content(/privKeyPath = \/opt\/splunk\/etc\/auth\/certs\/webprivkey.pem/) }
155 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_web_base/local/web.conf').with_content(/serverCert = \/opt\/splunk\/etc\/auth\/certs\/webcert.pem/) }
156 | end
157 |
158 | context 'with tcpout as array' do
159 | let(:params) {
160 | {
161 | :tcpout => [ 'splunk-idx1.internal.corp.example:9997', 'splunk-idx2.internal.corp.example:9997',],
162 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
163 | }
164 | }
165 | it { should contain_class('splunk::installed') }
166 | it { should contain_package('splunk') }
167 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_outputs/local/outputs.conf').with_content(/server = splunk-idx1.internal.corp.example:9997, splunk-idx2.internal.corp.example:9997/) }
168 | end
169 |
170 | context 'with tcpout == indexer_discovery' do
171 | let(:params) {
172 | {
173 | :tcpout => 'indexer_discovery',
174 | :clustering => { 'pass4symmkey' => 'changeme', 'cm' => 'splunk-cm.internal.corp.example:8089' },
175 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
176 | }
177 | }
178 | it { should contain_class('splunk::installed') }
179 | it { should contain_package('splunk') }
180 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_outputs/local/outputs.conf').with_content(/indexerDiscovery = cluster/) }
181 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_outputs/local/outputs.conf').with_content(/master_uri = https:\/\/splunk-cm.internal.corp.example:8089/) }
182 | it { should_not contain_file('/opt/splunk/etc/apps/puppet_indexer_cluster_pass4symmkey_base/local/server.conf') }
183 | end
184 |
185 | context 'with indexer_discovery enabled on master' do
186 | let(:params) {
187 | {
188 | :clustering => { 'pass4symmkey' => 'changeme', 'mode' => 'master', 'indexer_discovery' => true, },
189 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
190 | }
191 | }
192 | it { should contain_class('splunk::installed') }
193 | it { should contain_package('splunk') }
194 | it { should contain_file('/opt/splunk/etc/apps/puppet_indexer_cluster_master_base/local/server.conf').with_content(/\[indexer_discovery\]/) }
195 | end
196 |
197 | context 'with universalforwarder and tcpout == indexer_discovery' do
198 | let(:params) {
199 | {
200 | :type => 'uf',
201 | :tcpout => 'indexer_discovery',
202 | :clustering => { 'pass4symmkey' => 'changeme', 'cm' => 'splunk-cm.internal.corp.example:8089' },
203 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
204 | }
205 | }
206 | it { should contain_class('splunk::installed') }
207 | it { should contain_package('splunkforwarder') }
208 | it { should contain_file('/opt/splunkforwarder/etc/apps/puppet_common_ssl_outputs/local/outputs.conf').with_content(/indexerDiscovery = cluster/) }
209 | it { should contain_file('/opt/splunkforwarder/etc/apps/puppet_common_ssl_outputs/local/outputs.conf').with_content(/master_uri = https:\/\/splunk-cm.internal.corp.example:8089/) }
210 | it { should_not contain_file('/opt/splunkforwarder/etc/apps/puppet_indexer_cluster_pass4symmkey_base/local/server.conf') }
211 | end
212 |
213 | context 'with universalforwarder, indexer_discovery and cluster site affinity' do
214 | let(:params) {
215 | {
216 | :type => 'uf',
217 | :tcpout => 'indexer_discovery',
218 | :clustering => { 'pass4symmkey' => 'changeme', 'mode' => 'forwarder', 'cm' => 'splunk-cm.internal.corp.example:8089', 'thissite' => 'site1'},
219 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
220 | }
221 | }
222 | it { should contain_class('splunk::installed') }
223 | it { should contain_package('splunkforwarder') }
224 | it { should contain_file('/opt/splunkforwarder/etc/apps/puppet_common_ssl_outputs/local/outputs.conf').with_content(/indexerDiscovery = cluster/) }
225 | it { should contain_file('/opt/splunkforwarder/etc/apps/puppet_common_ssl_outputs/local/outputs.conf').with_content(/master_uri = https:\/\/splunk-cm.internal.corp.example:8089/) }
226 | it { should contain_file('/opt/splunkforwarder/etc/apps/puppet_indexer_cluster_forwarder_base/local/server.conf').with_content(/site = site1/) }
227 | it { should_not contain_file('/opt/splunkforwarder/etc/apps/puppet_indexer_cluster_pass4symmkey_base/local/server.conf') }
228 | end
229 |
230 | context 'with universalforwarder and parallelIngestionPipelines=2' do
231 | let(:params) {
232 | {
233 | :type => 'uf',
234 | :pipelines => 2,
235 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
236 | }
237 | }
238 | it { should contain_class('splunk::installed') }
239 | it { should contain_package('splunkforwarder') }
240 | it { should contain_file('/opt/splunkforwarder/etc/apps/puppet_forwarder_base/local/server.conf').with_content(/parallelIngestionPipelines = 2/) }
241 | end
242 |
243 | context 'with universalforwarder, tcpout == indexer_discovery but without cm' do
244 | let(:params) {
245 | {
246 | :type => 'uf',
247 | :tcpout => 'indexer_discovery',
248 | :admin => { 'hash' => 'zzzz', },
249 | }
250 | }
251 | it { should compile.and_raise_error(/please set cluster master when using indexer_discovery/) }
252 | end
253 |
254 | context 'with searchpeers as array but without plaintext admin pass' do
255 | let(:params) {
256 | {
257 | :searchpeers => [ 'splunk-idx1.internal.corp.example:9997', 'splunk-idx2.internal.corp.example:9997',],
258 | :admin => { 'hash' => 'zzzz', },
259 | :dontruncmds => true,
260 | }
261 | }
262 | it { should compile.and_raise_error(/Plaintext admin password is not set but required for adding search peers/) }
263 | end
264 |
265 | context 'with searchpeers as string and plaintext admin pass and hash' do
266 | let(:params) {
267 | {
268 | :searchpeers => 'splunk-idx1.internal.corp.example:9997',
269 | :admin => { 'pass' => 'plaintext', 'hash' => 'zzzz', },
270 | :dontruncmds => true,
271 | }
272 | }
273 | it { should contain_class('splunk::installed') }
274 | it { should contain_package('splunk') }
275 | end
276 |
277 | context 'with searchpeers as string and plaintext admin pass without hash' do
278 | let(:params) {
279 | {
280 | :searchpeers => 'splunk-idx1.internal.corp.example:9997',
281 | :admin => { 'pass' => 'plaintext', },
282 | :dontruncmds => true,
283 | }
284 | }
285 | it { should contain_class('splunk::installed') }
286 | it { should contain_package('splunk') }
287 | end
288 |
289 | context 'with deploymentserver' do
290 | let(:params) {
291 | {
292 | :ds => 'splunk-ds.internal.corp.example:8089',
293 | :admin => { 'hash' => 'zzzz', },
294 | :dontruncmds => true,
295 | }
296 | }
297 | it { should contain_class('splunk::installed') }
298 | it { should contain_package('splunk') }
299 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_deploymentclient_base/local/deploymentclient.conf').with_content(/targetUri = splunk-ds.internal.corp.example:8089/) }
300 | end
301 |
302 | context 'with inputs' do
303 | let(:params) {
304 | {
305 | :inputport => 9997,
306 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
307 | :dontruncmds => true,
308 | }
309 | }
310 | it { should contain_class('splunk::installed') }
311 | it { should contain_package('splunk') }
312 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_inputs/local/inputs.conf').with_content(/\[splunktcp-ssl:9997\]/) }
313 | end
314 |
315 | context 'with inputs but with default splunk certs instead of puppet cert reuse' do
316 | let(:params) {
317 | {
318 | :inputport => 9997,
319 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
320 | :dontruncmds => true,
321 | :reuse_puppet_certs => false,
322 | :sslcertpath => 'server.pem',
323 | :sslrootcapath => 'cacert.pem',
324 | }
325 | }
326 | it { should contain_class('splunk::installed') }
327 | it { should contain_package('splunk') }
328 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_base/local/server.conf').with_content(/sslRootCAPath = \/opt\/splunk\/etc\/auth\/cacert.pem/) }
329 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_inputs/local/inputs.conf').with_content(/\[splunktcp-ssl:9997\]/) }
330 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_inputs/local/inputs.conf').with_content(/serverCert = \/opt\/splunk\/etc\/auth\/server.pem/) }
331 | end
332 |
333 | context 'with web' do
334 | let(:params) {
335 | {
336 | :httpport => 8000,
337 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
338 | :dontruncmds => true,
339 | }
340 | }
341 | it { should contain_class('splunk::installed') }
342 | it { should contain_package('splunk') }
343 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_web_base/local/web.conf').with_content(/httpport = 8000/) }
344 | end
345 |
346 | context 'without web' do
347 | let(:params) {
348 | {
349 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
350 | :dontruncmds => true,
351 | }
352 | }
353 | it { should contain_class('splunk::installed') }
354 | it { should contain_package('splunk') }
355 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_web_disabled/local/web.conf').with_content(/startwebserver = 0/) }
356 | end
357 |
358 | context 'with kvstore' do
359 | let(:params) {
360 | {
361 | :kvstoreport => 8191,
362 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
363 | :dontruncmds => true,
364 | }
365 | }
366 | it { should contain_class('splunk::installed') }
367 | it { should contain_package('splunk') }
368 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_kvstore_base/local/server.conf').with_content(/port = 8191/) }
369 | end
370 |
371 | context 'without kvstore' do
372 | let(:params) {
373 | {
374 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
375 | :dontruncmds => true,
376 | }
377 | }
378 | it { should contain_class('splunk::installed') }
379 | it { should contain_package('splunk') }
380 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_kvstore_disabled/local/server.conf').with_content(/disabled = true/) }
381 | end
382 |
383 | context 'with requireclientcert inputs ' do
384 | let(:params) {
385 | {
386 | :inputport => 9997,
387 | :requireclientcert => 'inputs',
388 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
389 | }
390 | }
391 | it { should contain_class('splunk::installed') }
392 | it { should contain_package('splunk') }
393 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_inputs/local/inputs.conf').with_content(/requireClientCert = true/) }
394 | end
395 |
396 | context 'with requireclientcert splunkd ' do
397 | let(:params) {
398 | {
399 | :requireclientcert => 'splunkd',
400 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
401 | }
402 | }
403 | it { should contain_class('splunk::installed') }
404 | it { should contain_package('splunk') }
405 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_base/local/server.conf').with_content(/requireClientCert = true/) }
406 | end
407 |
408 | context 'with requireclientcert splunkd and inputs' do
409 | let(:params) {
410 | {
411 | :inputport => 9997,
412 | :requireclientcert => ['splunkd','inputs'],
413 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
414 | }
415 | }
416 | it { should contain_class('splunk::installed') }
417 | it { should contain_package('splunk') }
418 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_base/local/server.conf').with_content(/requireClientCert = true/) }
419 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_inputs/local/inputs.conf').with_content(/requireClientCert = true/) }
420 | end
421 |
422 | context 'with saml auth' do
423 | let(:params) {
424 | {
425 | :auth => { 'authtype' => 'SAML', 'saml_idptype' => 'ADFS', 'saml_idpurl' => 'https://sso.internal.corp.example/adfs/ls', },
426 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
427 | :dontruncmds => true,
428 | }
429 | }
430 | it { should contain_class('splunk::installed') }
431 | it { should contain_package('splunk') }
432 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_auth_saml_base/local/authentication.conf').with_content(/idpSLOUrl = https:\/\/sso.internal.corp.example\/adfs\/ls\?wa=wsignout1.0/) }
433 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_auth_saml_base/local/authentication.conf').with_content(/idpSSOUrl = https:\/\/sso.internal.corp.example\/adfs\/ls/) }
434 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_auth_saml_base/local/authentication.conf').with_content(/signatureAlgorithm = RSA-SHA256/) }
435 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_auth_saml_base/local/authentication.conf').with_content(/signAuthnRequest = true/) }
436 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_auth_saml_base/local/authentication.conf').with_content(/signedAssertion = true/) }
437 | end
438 |
439 | context 'with ldap auth' do
440 | let(:params) {
441 | {
442 | :auth => { 'authtype' => 'LDAP', 'ldap_host' => 'dc01.internal.corp.example', 'ldap_binddn' => 'CN=sa_splunk,CN=Service Accounts,DC=internal,DC=corp,DC=tld', 'ldap_binddnpassword' => 'changeme'},
443 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
444 | :dontruncmds => true,
445 | }
446 | }
447 | it { should contain_class('splunk::installed') }
448 | it { should contain_package('splunk') }
449 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_auth_ldap_base/local/authentication.conf').with_content(/bindDN = CN=sa_splunk,CN=Service Accounts,DC=internal,DC=corp,DC=tld/) }
450 | it { should_not contain_file('/opt/splunk/etc/apps/puppet_common_auth_ldap_base/local/authentication.conf').with_content(/port = /) }
451 | end
452 |
453 | context 'with ldap auth on different port' do
454 | let(:params) {
455 | {
456 | :auth => { 'authtype' => 'LDAP', 'ldap_host' => 'dc01.internal.corp.example', 'ldap_binddn' => 'CN=sa_splunk,CN=Service Accounts,DC=internal,DC=corp,DC=tld', 'ldap_binddnpassword' => 'changeme', 'ldap_port' => 12345},
457 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
458 | :dontruncmds => true,
459 | }
460 | }
461 | it { should contain_class('splunk::installed') }
462 | it { should contain_package('splunk') }
463 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_auth_ldap_base/local/authentication.conf').with_content(/bindDN = CN=sa_splunk,CN=Service Accounts,DC=internal,DC=corp,DC=tld/) }
464 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_auth_ldap_base/local/authentication.conf').with_content(/port = 12345/) }
465 | end
466 |
467 | context 'with ldap auth and nestedgroups enabled' do
468 | let(:params) {
469 | {
470 | :auth => { 'authtype' => 'LDAP', 'ldap_host' => 'dc01.internal.corp.example', 'ldap_binddn' => 'CN=sa_splunk,CN=Service Accounts,DC=internal,DC=corp,DC=tld', 'ldap_binddnpassword' => 'changeme', 'ldap_nestedgroups' => 1},
471 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
472 | :dontruncmds => true,
473 | }
474 | }
475 | it { should contain_class('splunk::installed') }
476 | it { should contain_package('splunk') }
477 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_auth_ldap_base/local/authentication.conf').with_content(/nestedGroups = 1/) }
478 | end
479 |
480 | context 'with license server' do
481 | let(:params) {
482 | {
483 | :lm => 'lm.internal.corp.example:8089',
484 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
485 | :dontruncmds => true,
486 | }
487 | }
488 | it { should contain_class('splunk::installed') }
489 | it { should contain_package('splunk') }
490 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_license_client_base/local/server.conf').with_content(/master_uri = https:\/\/lm.internal.corp.example:8089/) }
491 | end
492 |
493 | context 'with license server and pool suggestion' do
494 | let(:params) {
495 | {
496 | :lm => 'lm.internal.corp.example:8089',
497 | :pool_suggestion => 'prodpool',
498 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
499 | :dontruncmds => true,
500 | }
501 | }
502 | it { should contain_class('splunk::installed') }
503 | it { should contain_package('splunk') }
504 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_license_client_base/local/server.conf').with_content(/master_uri = https:\/\/lm.internal.corp.example:8089\npool_suggestion = prodpool/) }
505 | end
506 |
507 | context 'with splunk secret' do
508 | let(:params) {
509 | {
510 | :secret => 'somebase64string',
511 | :dontruncmds => true,
512 | }
513 | }
514 | it { should contain_class('splunk::installed') }
515 | it { should contain_package('splunk') }
516 | it { should contain_file('/opt/splunk/etc/auth/splunk.secret').with_content(/somebase64string/) }
517 | end
518 |
519 | context 'with splunk secret for uf' do
520 | let(:params) {
521 | {
522 | :secret => 'somebase64string',
523 | :type => 'uf',
524 | :dontruncmds => true,
525 | }
526 | }
527 | it { should contain_class('splunk::installed') }
528 | it { should contain_package('splunkforwarder') }
529 | it { should contain_file('/opt/splunkforwarder/etc/auth/splunk.secret').with_content(/somebase64string/) }
530 | end
531 |
532 | context 'with default strong ssl' do
533 | let(:params) {
534 | {
535 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
536 | :dontruncmds => true,
537 | }
538 | }
539 | it { should contain_class('splunk::installed') }
540 | it { should contain_package('splunk') }
541 | # the cipherSuite must be properly escaped, e.g. the + ! characters
542 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_base/local/server.conf').with_content(/cipherSuite = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH\+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES256-GCM-SHA384:\!aNULL:\!eNULL:\!EXPORT:\!DES:\!RC4:\!3DES:\!MD5:\!PSK/) }
543 | end
544 |
545 | context 'with default splunk certs instead of puppet cert reuse' do
546 | let(:params) {
547 | {
548 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
549 | :dontruncmds => true,
550 | :reuse_puppet_certs => false,
551 | :sslcertpath => 'server.pam',
552 | :sslrootcapath => 'cacert.pem',
553 | }
554 | }
555 | it { should contain_class('splunk::installed') }
556 | it { should contain_package('splunk') }
557 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_base/local/server.conf').with_content(/sslRootCAPath = \/opt\/splunk\/etc\/auth\/cacert.pem/) }
558 | end
559 |
560 | context 'with nonstandard mgmthostport' do
561 | let(:params) {
562 | {
563 | :dontruncmds => true,
564 | :mgmthostport => '127.0.0.1:9991',
565 | }
566 | }
567 | it { should contain_class('splunk::installed') }
568 | it { should contain_package('splunk') }
569 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_mgmtport_base/local/web.conf').with_content(/\[settings\]\nmgmtHostPort = 127.0.0.1:9991/) }
570 | end
571 |
572 | context 'with mgmtport disable' do
573 | let(:params) {
574 | {
575 | :dontruncmds => true,
576 | :mgmthostport => 'disable',
577 | }
578 | }
579 | it { should contain_class('splunk::installed') }
580 | it { should contain_package('splunk') }
581 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_mgmtport_disabled/local/server.conf').with_content(/\[httpServer\]\ndisableDefaultPort = true/) }
582 | end
583 |
584 | context 'with cluster master role' do
585 | let(:params) {
586 | {
587 | :clustering => { 'mode' => 'master', 'pass4symmkey' => 'changeme', 'replication_factor' => 2, 'search_factor' => 2, },
588 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
589 | :dontruncmds => true,
590 | }
591 | }
592 | it { should contain_class('splunk::installed') }
593 | it { should contain_package('splunk') }
594 | it { should contain_file('/opt/splunk/etc/apps/puppet_indexer_cluster_master_base/local/server.conf').with_content(/mode = master/) }
595 | it { should contain_file('/opt/splunk/etc/apps/puppet_indexer_cluster_pass4symmkey_base/local/server.conf').with_content(/pass4SymmKey = changeme/) }
596 | end
597 |
598 | context 'with cluster slave role' do
599 | let(:params) {
600 | {
601 | :clustering => { 'mode' => 'slave', 'pass4symmkey' => 'changeme', 'cm' => 'splunk-cm.internal.corp.example:8089' },
602 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
603 | :dontruncmds => true,
604 | }
605 | }
606 | it { should contain_class('splunk::installed') }
607 | it { should contain_package('splunk') }
608 | it { should contain_file('/opt/splunk/etc/apps/puppet_indexer_cluster_slave_base/local/server.conf').with_content(/master_uri = https:\/\/splunk-cm.internal.corp.example:8089/) }
609 | it { should contain_file('/opt/splunk/etc/apps/puppet_indexer_cluster_pass4symmkey_base/local/server.conf').with_content(/pass4SymmKey = changeme/) }
610 | end
611 |
612 | context 'with cluster slave role and custom replication_port' do
613 | let(:params) {
614 | {
615 | :clustering => { 'mode' => 'slave', 'pass4symmkey' => 'changeme', 'cm' => 'splunk-cm.internal.corp.example:8089' },
616 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
617 | :dontruncmds => true,
618 | :replication_port => 12345,
619 | }
620 | }
621 | it { should contain_class('splunk::installed') }
622 | it { should contain_package('splunk') }
623 | it { should contain_file('/opt/splunk/etc/apps/puppet_indexer_cluster_slave_base/local/server.conf').with_content(/master_uri = https:\/\/splunk-cm.internal.corp.example:8089/) }
624 | it { should contain_file('/opt/splunk/etc/apps/puppet_indexer_cluster_pass4symmkey_base/local/server.conf').with_content(/pass4SymmKey = changeme/) }
625 | it { should contain_file('/opt/splunk/etc/apps/puppet_indexer_cluster_slave_base/local/server.conf').with_content(/\[replication_port:\/\/12345\]\ndisabled = false\n/) }
626 | end
627 |
628 | context 'with cluster searchhead role' do
629 | let(:params) {
630 | {
631 | :clustering => { 'mode' => 'searchhead', 'pass4symmkey' => 'changeme', 'cm' => 'splunk-cm.internal.corp.example:8089' },
632 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
633 | :dontruncmds => true,
634 | }
635 | }
636 | it { should contain_class('splunk::installed') }
637 | it { should contain_package('splunk') }
638 | it { should contain_file('/opt/splunk/etc/apps/puppet_indexer_cluster_searchhead_base/local/server.conf').with_content(/master_uri = https:\/\/splunk-cm.internal.corp.example:8089/) }
639 | it { should contain_file('/opt/splunk/etc/apps/puppet_indexer_cluster_pass4symmkey_base/local/server.conf').with_content(/pass4SymmKey = changeme/) }
640 | end
641 |
642 | context 'with search head clustering' do
643 | let(:params) {
644 | {
645 | :shclustering => { 'mode' => 'searchhead', 'shd' => 'splunk-shd.internal.corp.example:8089', 'label' => 'SHC' },
646 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
647 | :dontruncmds => true,
648 | }
649 | }
650 | it { should contain_class('splunk::installed') }
651 | it { should contain_package('splunk') }
652 | it { should contain_file('/opt/splunk/etc/apps/puppet_search_shcluster_base/default/server.conf').with_content(/conf_deploy_fetch_url = https:\/\/splunk-shd.internal.corp.example:8089/) }
653 | it { should contain_file('/opt/splunk/etc/apps/puppet_search_shcluster_base/default/server.conf').with_content(/\[replication_port:/) }
654 | it { should contain_file('/opt/splunk/etc/apps/puppet_search_shcluster_base/default/server.conf').with_content(/shcluster_label = SHC/) }
655 | it { should contain_file('/opt/splunk/etc/apps/puppet_search_shcluster_pass4symmkey_base/default/server.conf').with_content(/pass4SymmKey = /) }
656 | end
657 |
658 | context 'with search head deployer role' do
659 | let(:params) {
660 | {
661 | :shclustering => { 'mode' => 'deployer' },
662 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
663 | :dontruncmds => true,
664 | }
665 | }
666 | it { should contain_class('splunk::installed') }
667 | it { should contain_package('splunk') }
668 | it { should contain_file('/opt/splunk/etc/apps/puppet_search_shcluster_pass4symmkey_base/local/server.conf').with_content(/pass4SymmKey = /) }
669 | end
670 |
671 | context 'with search head deployer role and pass4symmkey' do
672 | let(:params) {
673 | {
674 | :shclustering => { 'mode' => 'deployer', 'pass4symmkey' => 'SHCsecret'},
675 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
676 | :dontruncmds => true,
677 | }
678 | }
679 | it { should contain_class('splunk::installed') }
680 | it { should contain_package('splunk') }
681 | it { should contain_file('/opt/splunk/etc/apps/puppet_search_shcluster_pass4symmkey_base/local/server.conf').with_content(/pass4SymmKey = SHCsecret/) }
682 | end
683 |
684 | context 'with multisite indexer clustering' do
685 | let(:params) {
686 | {
687 | :clustering => { 'mode' => 'master', 'thissite' => 'site1', 'available_sites' => 'site1,site2', 'site_replication_factor' => 'origin:1, total:2', 'site_search_factor' => 'origin:1, total:2'},
688 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
689 | :dontruncmds => true,
690 | }
691 | }
692 | it { should contain_class('splunk::installed') }
693 | it { should contain_package('splunk') }
694 | it { should contain_file('/opt/splunk/etc/apps/puppet_indexer_cluster_master_base/local/server.conf').with_content(/multisite = true/) }
695 | it { should contain_file('/opt/splunk/etc/apps/puppet_indexer_cluster_master_base/local/server.conf').with_content(/available_sites = site1,site2/) }
696 | it { should contain_file('/opt/splunk/etc/apps/puppet_indexer_cluster_master_base/local/server.conf').with_content(/\[general\]\nsite = site1/) }
697 | end
698 |
699 | context 'with custom repositorylocation' do
700 | let(:params) {
701 | {
702 | :ds => 'splunk-ds.internal.corp.example:8089',
703 | :ds_intermediate => true,
704 | :repositorylocation => 'master-apps',
705 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
706 | :dontruncmds => true,
707 | }
708 | }
709 | it { should contain_class('splunk::installed') }
710 | it { should contain_package('splunk') }
711 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_deploymentclient_base/local/deploymentclient.conf').with_content(/repositoryLocation = \/opt\/splunk\/etc\/master-apps/) }
712 | end
713 |
714 | context 'with ds_intermediate set' do
715 | let(:params) {
716 | {
717 | :ds => 'splunk-ds.internal.corp.example:8089',
718 | :ds_intermediate => true,
719 | :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', },
720 | :dontruncmds => true,
721 | }
722 | }
723 | it { should contain_class('splunk::installed') }
724 | it { should contain_package('splunk') }
725 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_deploymentclient_base/local/deploymentclient.conf').with_content(/repositoryLocation = \/opt\/splunk\/etc\/deployment-apps/) }
726 | end
727 |
728 | context 'with maxkbps set' do
729 | let(:params) {
730 | {
731 | :type => 'uf',
732 | :maxkbps => 5000,
733 | }
734 | }
735 | it { should contain_class('splunk::installed') }
736 | it { should contain_package('splunkforwarder') }
737 | it { should contain_file('/opt/splunkforwarder/etc/apps/puppet_common_thruput_base/local/limits.conf').with_content(/\[thruput\]\nmaxKBps = 5000/) }
738 | end
739 |
740 | context 'with sslpassword set' do
741 | let(:params) {
742 | {
743 | :inputport => 9997,
744 | :reuse_puppet_certs => false,
745 | :sslcertpath => 'server.pem',
746 | :sslrootcapath => 'cacert.pem',
747 | :sslpassword => 'password',
748 | }
749 | }
750 | it { should contain_class('splunk::installed') }
751 | it { should contain_package('splunk') }
752 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_inputs/local/inputs.conf').with_content(/sslPassword = password/) }
753 | it { should contain_file('/opt/splunk/etc/apps/puppet_common_ssl_base/local/server.conf').with_content(/sslPassword = password/) }
754 | end
755 |
756 | context 'with sslverifyservercert set' do
757 | let(:params) {
758 | {
759 | :type => 'uf',
760 | :tcpout => 'server:9997',
761 | :sslcertpath => 'server.pem',
762 | :sslrootcapath => 'cacert.pem',
763 | :sslpassword => 'password',
764 | :sslverifyservercert => ['splunkd', 'outputs'],
765 | }
766 | }
767 | it { should contain_class('splunk::installed') }
768 | it { should contain_package('splunkforwarder') }
769 | it { should contain_file('/opt/splunkforwarder/etc/apps/puppet_common_ssl_outputs/local/outputs.conf').with_content(/sslVerifyServerCert = true/) }
770 | it { should contain_file('/opt/splunkforwarder/etc/apps/puppet_common_ssl_base/local/server.conf').with_content(/sslVerifyServerCert = true/) }
771 | end
772 |
773 | end
774 |
--------------------------------------------------------------------------------
/spec/fixtures/modules/splunk/manifests:
--------------------------------------------------------------------------------
1 | ../../../../manifests
--------------------------------------------------------------------------------
/spec/fixtures/modules/splunk/templates:
--------------------------------------------------------------------------------
1 | ../../../../templates
--------------------------------------------------------------------------------
/spec/spec_helper.rb:
--------------------------------------------------------------------------------
1 | require 'rspec-puppet/spec_helper'
2 |
3 | fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures'))
4 |
5 | RSpec.configure do |c|
6 | c.module_path = File.join(fixture_path, 'modules')
7 | c.manifest_dir = File.join(fixture_path, 'manifests')
8 | c.environmentpath = File.join(Dir.pwd, 'spec')
9 | end
10 |
--------------------------------------------------------------------------------
/templates/log/log-local.cfg:
--------------------------------------------------------------------------------
1 | # set maxBackupIndex to <%= @maxbackupindex %> instead of 5
2 | appender.A1.maxBackupIndex=<%= @maxbackupindex %>
3 | appender.license_usage.maxBackupIndex=<%= @maxbackupindex %>
4 | appender.license_usage_summary.maxBackupIndex=<%= @maxbackupindex %>
5 | appender.metrics.maxBackupIndex=<%= @maxbackupindex %>
6 | appender.audittrail.maxBackupIndex=<%= @maxbackupindex %>
7 | appender.accesslog.maxBackupIndex=<%= @maxbackupindex %>
8 | appender.uiaccess.maxBackupIndex=<%= @maxbackupindex %>
9 | appender.scheduler.maxBackupIndex=<%= @maxbackupindex %>
10 | appender.remotesearches.maxBackupIndex=<%= @maxbackupindex %>
11 | appender.idata_ResourceUsage.maxBackupIndex=<%= @maxbackupindex %>
12 | appender.conf.maxBackupIndex=<%= @maxbackupindex %>
13 | appender.idata_DiskObjects.maxBackupIndex=<%= @maxbackupindex %>
14 | appender.idata_KVStore.maxBackupIndex=<%= @maxbackupindex %>
15 | appender.kvstore_appender.maxBackupIndex=<%= @maxbackupindex %>
16 | appender.idata_HttpEventCollector.maxBackupIndex=<%= @maxbackupindex %>
17 | # set maxFileSize to <%= @maxfilesize %> instead of 25000000 (25MB)
18 | appender.A1.maxFileSize=<%= @maxfilesize %>
19 | appender.license_usage.maxFileSize=<%= @maxfilesize %>
20 | appender.metrics.maxFileSize=<%= @maxfilesize %>
21 | appender.audittrail.maxFileSize=<%= @maxfilesize %>
22 | appender.accesslog.maxFileSize=<%= @maxfilesize %>
23 | appender.uiaccess.maxFileSize=<%= @maxfilesize %>
24 | appender.scheduler.maxFileSize=<%= @maxfilesize %>
25 | appender.remotesearches.maxFileSize=<%= @maxfilesize %>
26 | appender.idata_ResourceUsage.maxFileSize=<%= @maxfilesize %>
27 | appender.conf.maxFileSize=<%= @maxfilesize %>
28 | appender.idata_DiskObjects.maxFileSize=<%= @maxfilesize %>
29 | appender.idata_KVStore.maxFileSize=<%= @maxfilesize %>
30 | appender.kvstore_appender.maxFileSize=<%= @maxfilesize %>
31 | appender.idata_HttpEventCollector.maxFileSize=<%= @maxfilesize %>
32 |
--------------------------------------------------------------------------------
/templates/puppet_common_auth_ldap_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_common_auth_ldap_base/local/authentication.conf:
--------------------------------------------------------------------------------
1 | # Managed by Puppet
2 |
3 | [authentication]
4 | authType = LDAP
5 | authSettings = ldap_settings
6 |
7 | [ldap_settings]
8 | <% if not @auth['ldap_anonymousreferrals'].nil? -%>
9 | anonymous_referrals = <%= @auth['ldap_anonymousreferrals'] %>
10 | <% end -%>
11 | bindDN = <%= @auth['ldap_binddn'] %>
12 | bindDNpassword = <%= @auth['ldap_binddnpassword'] %>
13 | groupBaseDN = <%= @auth['ldap_groupbasedn'] %>
14 | <% if @auth['ldap_groupbasefilter'].nil? -%>
15 | groupBaseFilter = <%= @auth_defaults['ldap_groupbasefilter'] %>
16 | <% else -%>
17 | groupBaseFilter = <%= @auth['ldap_groupbasefilter'] %>
18 | <% end -%>
19 | <% if @auth['ldap_groupmemberattribute'].nil? -%>
20 | groupMemberAttribute = <%= @auth_defaults['ldap_groupmemberattribute'] %>
21 | <% else -%>
22 | groupMemberAttribute = <%= @auth['ldap_groupmemberattribute'] %>
23 | <% end -%>
24 | <% if @auth['ldap_groupmemberattribute'].nil? -%>
25 | groupNameAttribute = <%= @auth_defaults['ldap_groupnameattribute'] %>
26 | <% else -%>
27 | groupNameAttribute = <%= @auth['ldap_groupnameattribute'] %>
28 | <% end -%>
29 | host = <%= @auth['ldap_host'] %>
30 | <% if not @auth['ldap_port'].nil? -%>
31 | port = <%= @auth['ldap_port'] %>
32 | <% end -%>
33 | <% if not @auth['ldap_nestedgroups'].nil? -%>
34 | nestedGroups = <%= @auth['ldap_nestedgroups'] %>
35 | <% end -%>
36 | <% if @auth['ldap_realnameattribute'].nil? -%>
37 | realNameAttribute = <%= @auth_defaults['ldap_realnameattribute'] %>
38 | <% else -%>
39 | realNameAttribute = <%= @auth['ldap_realnameattribute'] %>
40 | <% end -%>
41 | SSLEnabled = <%= @auth['ldap_sslenabled'] %>
42 | <% if @auth['ldap_userbasefilter'].nil? -%>
43 | userBaseFilter = <%= @auth_defaults['ldap_userbasefilter'] %>
44 | <% else -%>
45 | userBaseFilter = <%= @auth['ldap_userbasefilter'] %>
46 | <% end -%>
47 | userBaseDN = <%= @auth['ldap_userbasedn'] %>
48 | <% if @auth['ldap_usernameattribute'].nil? -%>
49 | userNameAttribute = <%= @auth_defaults['ldap_usernameattribute'] %>
50 | <% else -%>
51 | userNameAttribute = <%= @auth['ldap_usernameattribute'] %>
52 | <% end -%>
53 |
54 | [roleMap_ldap_settings]
55 | <% @rolemap.each_pair do |splunkrole, externalrole| -%>
56 | <%= "#{splunkrole} = #{externalrole}" %>
57 | <% end %>
58 |
--------------------------------------------------------------------------------
/templates/puppet_common_auth_ldap_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_common_auth_saml_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_common_auth_saml_base/local/authentication.conf:
--------------------------------------------------------------------------------
1 | # Managed by Puppet
2 |
3 | [authentication]
4 | authType = SAML
5 | authSettings = saml_settings
6 |
7 | [saml_settings]
8 | <% if @auth['saml_entityid'].nil? -%>
9 | entityId = <%= @fqdn %>
10 | <% else -%>
11 | entityId = <%= @auth['saml_entityid'] %>
12 | <% end -%>
13 | <% if not @auth['saml_fqdn'].nil? -%>
14 | fqdn = <%= @auth['saml_fqdn'] %>
15 | <% end -%>
16 | idpCertPath = <%= @splunk_home %>/etc/auth/idpCerts
17 | idpSSOUrl = <%= @auth['saml_idpurl'] %>
18 | idpSLOUrl = <%= @auth['saml_idpurl'] %>?wa=wsignout1.0
19 | <% if @auth['saml_signaturealgorithm'].nil? -%>
20 | signatureAlgorithm = <%= @auth_defaults['saml_signaturealgorithm'] %>
21 | <% else -%>
22 | signatureAlgorithm = <%= @auth['saml_signaturealgorithm'] %>
23 | <% end -%>
24 | <% if @auth['saml_signauthnrequest'].nil? -%>
25 | signAuthnRequest = <%= @auth_defaults['saml_signauthnrequest'] %>
26 | <% else -%>
27 | signAuthnRequest = <%= @auth['saml_signauthnrequest'] %>
28 | <% end -%>
29 | <% if @auth['saml_signedassertion'].nil? -%>
30 | signedAssertion = <%= @auth_defaults['saml_signedassertion'] %>
31 | <% else -%>
32 | signedAssertion = <%= @auth_['saml_signedassertion'] %>
33 | <% end -%>
34 |
35 | # For Splunk 6.5+
36 | [roleMap_saml_settings]
37 | <%- @rolemap.each_pair do |splunkrole, externalrole| -%>
38 | <%= "#{splunkrole} = #{externalrole}" %>
39 | <%- end -%>
40 |
41 | # For Splunk 6.4+
42 | [roleMap_SAML]
43 | <%- @rolemap.each_pair do |splunkrole, externalrole| -%>
44 | <%= "#{splunkrole} = #{externalrole}" %>
45 | <%- end -%>
46 |
47 | [authenticationResponseAttrMap_SAML]
48 | role = http://schemas.microsoft.com/ws/2008/06/identity/claims/role
49 | realName = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
50 | mail = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
51 |
--------------------------------------------------------------------------------
/templates/puppet_common_auth_saml_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_common_deploymentclient_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_common_deploymentclient_base/local/deploymentclient.conf:
--------------------------------------------------------------------------------
1 | # Managed by Puppet
2 |
3 | [target-broker:deploymentServer]
4 | targetUri = <%= @ds %>
5 |
6 | [deployment-client]
7 | disabled = false
8 | phoneHomeIntervalInSecs = <%= @phonehomeintervalinsec %>
9 | <% if @ds_intermediate != nil and @repositorylocation == nil %>
10 | repositoryLocation = <%= @splunk_home %>/etc/deployment-apps
11 | serverRepositoryLocationPolicy = rejectAlways
12 | reloadDSOnAppInstall = true
13 | <% elsif @repositorylocation != nil %>
14 | repositoryLocation = <%= @splunk_home %>/etc/<%= @repositorylocation %>
15 | serverRepositoryLocationPolicy = rejectAlways
16 | <% end %>
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/templates/puppet_common_deploymentclient_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_common_diskusage_base/local/server.conf:
--------------------------------------------------------------------------------
1 | # Managed by Puppet
2 |
3 | [diskUsage]
4 | minFreeSpace = <%= @minfreespace %>
5 |
--------------------------------------------------------------------------------
/templates/puppet_common_diskusage_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_common_kvstore_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_common_kvstore_base/local/server.conf:
--------------------------------------------------------------------------------
1 | # Managed by Puppet
2 |
3 | [kvstore]
4 | <% if @kvstoreport != nil %>
5 | disabled = false
6 | port = <%= @kvstoreport %>
7 | <% else %>
8 | disabled = true
9 | <% end %>
10 |
--------------------------------------------------------------------------------
/templates/puppet_common_kvstore_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_common_license_client_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_common_license_client_base/local/server.conf:
--------------------------------------------------------------------------------
1 | [license]
2 | master_uri = https://<%= @lm %>
3 | <% if not @pool_suggestion.nil? -%>
4 | pool_suggestion = <%= @pool_suggestion %>
5 | <% end -%>
6 |
--------------------------------------------------------------------------------
/templates/puppet_common_license_client_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_common_mgmtport_base/local/web.conf:
--------------------------------------------------------------------------------
1 | [settings]
2 | mgmtHostPort = <%= @mgmthostport %>
3 |
--------------------------------------------------------------------------------
/templates/puppet_common_mgmtport_disabled/local/server.conf:
--------------------------------------------------------------------------------
1 | [httpServer]
2 | disableDefaultPort = true
3 |
--------------------------------------------------------------------------------
/templates/puppet_common_pass4symmkey_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_common_pass4symmkey_base/local/server.conf:
--------------------------------------------------------------------------------
1 | [general]
2 | pass4SymmKey = <%= @pass4symmkey %>
3 |
--------------------------------------------------------------------------------
/templates/puppet_common_pass4symmkey_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_common_ssl_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_common_ssl_base/local/server.conf:
--------------------------------------------------------------------------------
1 | [sslConfig]
2 | cipherSuite = <%= @ciphersuite %>
3 | <%- if @osfamily =~ /[Ww]indows/ -%>
4 | # For some reason both SplunkUF and Splunk crash with a dhparam.pem file on Windows
5 | # dhFile = <%= @splunk_home %>/etc/auth/certs/dhparam.pem
6 | <%- else -%>
7 | dhFile = <%= @splunk_home %>/etc/auth/certs/dhparam.pem
8 | <%- end -%>
9 | sslRootCAPath = <%= @splunk_home %>/etc/auth/<%= @sslrootcapath %>
10 | sslVersions = <%= @sslversions %>
11 | enableSplunkdSSL = true
12 | <%- if @ecdhcurvename != nil -%>
13 | ecdhCurveName = <%= @ecdhcurvename %>
14 | <%- end -%>
15 | <%- if @sslpassword != nil -%>
16 | sslPassword = <%= @sslpassword %>
17 | <%- end -%>
18 | <%- if @requireclientcert != nil -%>
19 | <%- if @requireclientcert.include? 'splunkd' -%>
20 | requireClientCert = true
21 | <%- end -%>
22 | <%- end -%>
23 | <%- if @sslverifyservercert != nil -%>
24 | <%- if @sslverifyservercert.include? 'splunkd' -%>
25 | sslVerifyServerCert = true
26 | <%- end -%>
27 | <%- end -%>
28 |
--------------------------------------------------------------------------------
/templates/puppet_common_ssl_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_common_ssl_inputs/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_common_ssl_inputs/local/inputs.conf:
--------------------------------------------------------------------------------
1 | # Managed by Puppet
2 |
3 | [default]
4 | host = <%= @fqdn %>
5 |
6 | [splunktcp-ssl:<%= @inputport %>]
7 | connection_host = ip
8 | disabled = 0
9 |
10 | [SSL]
11 | cipherSuite = <%= @ciphersuite %>
12 | <%- if @osfamily =~ /[Ww]indows/ -%>
13 | # For some reason both SplunkUF and Splunk crash with a dhparam.pem file on Windows
14 | # # dhFile = <%= @splunk_home %>/etc/auth/certs/dhparam.pem
15 | <%- else -%>
16 | dhFile = <%= @splunk_home %>/etc/auth/certs/dhparam.pem
17 | <%- end -%>
18 | ecdhCurveName = <%= @ecdhcurvename %>
19 | # Deprecated since 6.4.x:
20 | # rootCA = <%= @splunk_home %>/etc/auth/certs/ca.crt
21 | # moved to server.conf/[sslConfig]/
22 | serverCert = <%= @splunk_home %>/etc/auth/<%= @sslcertpath %>
23 | sslVersions = <%= @sslversions %>
24 | <%- if @sslpassword != nil -%>
25 | sslPassword = <%= @sslpassword %>
26 | <%- end -%>
27 | <%- if @requireclientcert != nil -%>
28 | <%- if @requireclientcert.include? 'inputs' -%>
29 | requireClientCert = true
30 | <%- end -%>
31 | <%- end -%>
32 |
--------------------------------------------------------------------------------
/templates/puppet_common_ssl_inputs/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_common_ssl_outputs/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_common_ssl_outputs/local/outputs.conf:
--------------------------------------------------------------------------------
1 | [tcpout]
2 | defaultGroup = cluster
3 |
4 | [tcpout:cluster]
5 | <%- if @tcpout == 'indexer_discovery' -%>
6 | indexerDiscovery = cluster
7 | <%- else -%>
8 | <%- if @tcpout.kind_of?(Array) -%>
9 | server = <%= @tcpout.flatten.join(', ') %>
10 | <%- else -%>
11 | server = <%= @tcpout %>
12 | <%- end -%>
13 | <%- end -%>
14 | sslCertPath = <%= @splunk_home %>/etc/auth/<%= @sslcertpath %>
15 | sslRootCAPath = <%= @splunk_home %>/etc/auth/<%= @sslrootcapath %>
16 | <%- if @sslpassword != nil -%>
17 | sslPassword = <%= @sslpassword %>
18 | <%- end -%>
19 | <%- if @sslverifyservercert != nil -%>
20 | <%- if @sslverifyservercert.include? 'outputs' -%>
21 | sslVerifyServerCert = true
22 | <%- end -%>
23 | <%- end -%>
24 | useACK = <%= @use_ack %>
25 |
26 | <%- if @tcpout == 'indexer_discovery' -%>
27 | [indexer_discovery:cluster]
28 | <%- if @pass4symmkey != nil -%>
29 | pass4SymmKey = <%= @pass4symmkey %>
30 | <%- end -%>
31 | master_uri = https://<%= @cm %>
32 | <%- end -%>
33 |
--------------------------------------------------------------------------------
/templates/puppet_common_ssl_outputs/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_common_ssl_web_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_common_ssl_web_base/local/web.conf:
--------------------------------------------------------------------------------
1 | # Managed by Puppet
2 |
3 | [settings]
4 | <%- if @httpport != nil -%>
5 | startwebserver = 1
6 | httpport = <%= @httpport %>
7 | enableSplunkWebSSL = true
8 | sslVersions = <%= @sslversions %>
9 | cipherSuite = <%= @ciphersuite %>
10 | <%- if @ecdhcurvename != nil -%>
11 | ecdhCurveName = <%= @ecdhcurvename %>
12 | <%- end -%>
13 | <%- else -%>
14 | startwebserver = 0
15 | <%- end -%>
16 | <%- if @reuse_puppet_certs_for_web != nil -%>
17 | privKeyPath = <%= @splunk_home %>/etc/auth/<%= @privkeypath %>
18 | serverCert = <%= @splunk_home %>/etc/auth/<%= @servercert %>
19 | <%- end %>
20 |
--------------------------------------------------------------------------------
/templates/puppet_common_ssl_web_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_common_thruput_base/local/app.conf:
--------------------------------------------------------------------------------
1 | #
2 |
--------------------------------------------------------------------------------
/templates/puppet_common_thruput_base/local/limits.conf:
--------------------------------------------------------------------------------
1 | # Managed by Puppet
2 |
3 | <% if @maxkbps != nil -%>
4 | [thruput]
5 | maxKBps = <%= @maxkbps %>
6 | <% end %>
7 |
--------------------------------------------------------------------------------
/templates/puppet_common_thruput_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_forwarder_base/local/server.conf:
--------------------------------------------------------------------------------
1 | [general]
2 | <% if @pipelines != nil -%>
3 | parallelIngestionPipelines = <%= @pipelines %>
4 | <% end -%>
5 |
--------------------------------------------------------------------------------
/templates/puppet_forwarder_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_cluster_forwarder_base/local/server.conf:
--------------------------------------------------------------------------------
1 | <%- if @thissite != nil -%>
2 | [general]
3 | site = <%= @thissite %>
4 |
5 | <%- end -%>
6 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_cluster_master_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_cluster_master_base/local/server.conf:
--------------------------------------------------------------------------------
1 | <%- if @thissite != nil -%>
2 | [general]
3 | site = <%= @thissite %>
4 | <%- end -%>
5 |
6 | [clustering]
7 | <%- if @thissite != nil -%>
8 | multisite = true
9 | available_sites = <%= @available_sites %>
10 | site_replication_factor = <%= @site_replication_factor %>
11 | site_search_factor = <%= @site_search_factor %>
12 | <%- unless @forwarder_site_failover.nil? -%>
13 | forwarder_site_failover = <%= @forwarder_site_failover %>
14 | <%- end -%>
15 | <%- end -%>
16 | mode = master
17 | replication_factor = <%= @replication_factor %>
18 | search_factor = <%= @search_factor %>
19 |
20 | <%- if @indexer_discovery != nil -%>
21 | [indexer_discovery]
22 | pass4SymmKey = <%= @pass4symmkey %>
23 | <%- end -%>
24 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_cluster_master_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_cluster_pass4symmkey_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_cluster_pass4symmkey_base/local/server.conf:
--------------------------------------------------------------------------------
1 | [clustering]
2 | pass4SymmKey = <%= @pass4symmkey %>
3 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_cluster_pass4symmkey_base/metadata/meta.local:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_cluster_searchhead_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_cluster_searchhead_base/local/server.conf:
--------------------------------------------------------------------------------
1 | <% if @thissite != nil -%>
2 | [general]
3 | site = <%= @thissite %>
4 | <% end -%>
5 |
6 | [clustering]
7 | <% if @thissite != nil -%>
8 | multisite = true
9 | <% end -%>
10 | mode = searchhead
11 | master_uri = https://<%= @cm %>
12 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_cluster_searchhead_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_cluster_slave_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_cluster_slave_base/local/server.conf:
--------------------------------------------------------------------------------
1 | [general]
2 | <%- if @thissite != nil -%>
3 | site = <%= @thissite %>
4 | <%- end -%>
5 | <%- if @pipelines != nil -%>
6 | parallelIngestionPipelines = <%= @pipelines %>
7 | <%- end -%>
8 |
9 | [clustering]
10 | mode = slave
11 | master_uri = https://<%= @cm %>
12 |
13 | [replication_port://<%= @replication_port %>]
14 | disabled = false
15 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_cluster_slave_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_indexes_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_indexes_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_inputs/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_inputs/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_volumes_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_indexer_volumes_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_search_shcluster_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_search_shcluster_base/local/server.conf:
--------------------------------------------------------------------------------
1 | [replication_port://34567]
2 |
3 | [shclustering]
4 | disabled = 0
5 | # mgmt_uri is defined in etc/system/local/server.conf to prevent
6 | # the SH Deployer from overwriting it
7 | <% if @shd != nil -%>
8 | conf_deploy_fetch_url = https://<%= @shd %>
9 | <% end -%>
10 | <% if @label != nil -%>
11 | shcluster_label = <%= @label %>
12 | <% end -%>
13 | <% if @replication_factor != nil -%>
14 | replication_factor = <%= @replication_factor %>
15 | <% end -%>
16 |
--------------------------------------------------------------------------------
/templates/puppet_search_shcluster_base/metadata/local.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/templates/puppet_search_shcluster_pass4symmkey_base/local/app.conf:
--------------------------------------------------------------------------------
1 | [install]
2 | state = enabled
3 |
4 | [package]
5 | check_for_updates = false
6 |
7 | [ui]
8 | is_visible = false
9 | is_manageable = false
10 |
--------------------------------------------------------------------------------
/templates/puppet_search_shcluster_pass4symmkey_base/local/server.conf:
--------------------------------------------------------------------------------
1 | [shclustering]
2 | pass4SymmKey = <%= @pass4symmkey %>
3 |
--------------------------------------------------------------------------------
/templates/puppet_search_shcluster_pass4symmkey_base/metadata/meta.local:
--------------------------------------------------------------------------------
1 | []
2 | access = read : [ * ], write : [ admin ]
3 | export = system
4 |
--------------------------------------------------------------------------------
/tests/init.pp:
--------------------------------------------------------------------------------
1 | # The baseline for module testing used by Puppet Labs is that each manifest
2 | # should have a corresponding test manifest that declares that class or defined
3 | # type.
4 | #
5 | # Tests are then run by using puppet apply --noop (to check for compilation
6 | # errors and view a log of events) or by fully applying the test in a virtual
7 | # environment (to compare the resulting system state to the desired state).
8 | #
9 | # Learn more about module testing here:
10 | # http://docs.puppetlabs.com/guides/tests_smoke.html
11 | #
12 | include test
13 |
--------------------------------------------------------------------------------