├── .gitignore ├── README.md ├── README ├── spec │ ├── app.spec │ ├── distsearch_conf.spec │ ├── inputs_conf.spec │ ├── outputs_conf.spec │ ├── server_conf.spec │ ├── splunk_configuration.spec │ ├── splunk_installation.spec │ ├── splunk_packages.spec │ ├── splunk_repository.spec │ └── web_conf.spec └── templates │ └── group_vars │ ├── all │ ├── README │ ├── splunk_configuration │ ├── splunk_installation │ ├── splunk_packages │ └── splunk_repository │ ├── cluster │ ├── README │ └── splunk_configuration │ ├── deployer │ ├── README │ ├── Splunk_TA_nix │ ├── Splunk_TA_windows │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── deploymentserver │ ├── README │ ├── Splunk_TA_nix │ ├── Splunk_TA_windows │ ├── apps │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── dmc │ ├── README │ ├── distsearch.conf │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── heavyforwarder │ ├── README │ ├── Splunk_TA_nix │ ├── Splunk_TA_windows │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── indexer │ ├── inputs.conf │ ├── server.conf │ └── web.conf │ ├── licensemaster │ ├── README │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── masternode │ ├── README │ ├── Splunk_TA_nix │ ├── Splunk_TA_windows │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── peernode │ ├── README │ ├── inputs.conf │ ├── server.conf │ └── web.conf │ ├── searchhead │ ├── README │ ├── apps │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── searchpeer │ ├── README │ ├── inputs.conf │ ├── server.conf │ └── web.conf │ ├── shcluster │ ├── README │ └── splunk_configuration │ ├── shcmember │ ├── README │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── site0 │ ├── README │ └── splunk_configuration │ ├── site1 │ ├── README │ └── splunk_configuration │ └── site2 │ ├── README │ └── splunk_configuration ├── add_app.yml ├── configure_deployer.yml ├── configure_deploymentserver.yml ├── configure_dmc.yml ├── configure_heavyforwarder.yml ├── configure_licensemaster.yml ├── configure_masternode.yml ├── configure_peernode.yml ├── configure_repository.yml ├── configure_searchhead.yml ├── configure_searchpeer.yml ├── configure_shcmember.yml ├── download_splunk.yml ├── filter_plugins ├── app_default.py ├── app_role_list.py ├── create_distsearch_serverlist.py ├── create_distsearch_servers.py └── create_shcluster_mgmt_uri_servers.py ├── group_vars ├── all │ └── README ├── cluster │ └── README ├── deployer │ └── README ├── deploymentserver │ └── README ├── dmc │ └── README ├── heavyforwarder │ └── README ├── licensemaster │ └── README ├── masternode │ └── README ├── peernode │ └── README ├── searchhead │ └── README ├── searchpeer │ └── README ├── shcluster │ └── README ├── shcmember │ └── README ├── site0 │ └── README ├── site1 │ └── README └── site2 │ └── README ├── hosts.template ├── hosts_production.template ├── install_shcmember.yml ├── install_splunk.yml ├── roles ├── apps │ ├── Splunk_TA_nix │ │ ├── files │ │ │ ├── apps │ │ │ │ └── local │ │ │ │ │ └── inputs.conf.template │ │ │ ├── deployment-apps │ │ │ │ └── local │ │ │ │ │ └── inputs.conf.template │ │ │ └── shcluster │ │ │ │ └── apps │ │ │ │ └── local │ │ │ │ └── inputs.conf.template │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── configure_local.yml │ │ │ ├── copy_app.yml │ │ │ ├── git_checkout.yml │ │ │ ├── main.yml │ │ │ └── remove_app.yml │ │ └── vars │ │ │ └── main.yml │ ├── Splunk_TA_windows │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── configure_local.yml │ │ │ ├── copy_app.yml │ │ │ ├── git_checkout.yml │ │ │ ├── main.yml │ │ │ └── remove_app.yml │ │ └── vars │ │ │ └── main.yml │ ├── app.template │ │ ├── files │ │ │ ├── README │ │ │ ├── apps │ │ │ │ ├── local │ │ │ │ │ └── README │ │ │ │ └── metadata │ │ │ │ │ └── README │ │ │ ├── deployment-apps │ │ │ │ ├── local │ │ │ │ │ └── README │ │ │ │ └── metadata │ │ │ │ │ └── README │ │ │ ├── master-apps │ │ │ │ ├── local │ │ │ │ │ └── README │ │ │ │ └── metadata │ │ │ │ │ └── README │ │ │ └── shcluster │ │ │ │ └── apps │ │ │ │ ├── local │ │ │ │ └── README │ │ │ │ └── metadata │ │ │ │ └── README │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── configure_local.yml │ │ │ ├── copy_app.yml │ │ │ ├── git_checkout.yml │ │ │ ├── main.yml │ │ │ └── remove_app.yml │ │ └── vars │ │ │ ├── main.yml │ │ │ └── main.yml.j2 │ └── splunk_app_db_connect │ │ ├── handlers │ │ └── main.yml │ │ ├── tasks │ │ ├── configure_local.yml │ │ ├── copy_app.yml │ │ ├── git_checkout.yml │ │ ├── main.yml │ │ └── remove_app.yml │ │ └── vars │ │ └── main.yml ├── checks │ ├── tasks │ │ ├── check_splunk_version.yml │ │ └── main.yml │ └── templates │ │ └── etc │ │ └── auth │ │ └── splunk.secret.j2 ├── common │ ├── handlers │ │ └── splunkd.yml │ └── templates │ │ └── deploy_apps.yml.j2 ├── conf │ ├── distsearch │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── distributedSearch │ │ │ ├── disabled.yml │ │ │ └── server.yml │ │ │ ├── main.yml │ │ │ └── touch.yml │ ├── inputs │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── SSL │ │ │ ├── password.yml │ │ │ ├── rootCA.yml │ │ │ └── serverCert.yml │ │ │ ├── main.yml │ │ │ ├── splunktcp-ssl │ │ │ └── port.yml │ │ │ └── splunktcp │ │ │ └── port.yml │ ├── outputs │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── indexer_discovery │ │ │ ├── master_uri.yml │ │ │ └── pass4SymmKey.yml │ │ │ ├── main.yml │ │ │ ├── tcpout │ │ │ └── defaultGroup.yml │ │ │ ├── tcpout_target_group │ │ │ ├── forceTimebasedAutoLB.yml │ │ │ ├── indexerDiscovery.yml │ │ │ ├── server.yml │ │ │ ├── sslCertPath.yml │ │ │ ├── sslPassword.yml │ │ │ ├── sslRootCAPath.yml │ │ │ ├── sslVerifyServerCert.yml │ │ │ └── useAck.yml │ │ │ └── touch.yml │ ├── server │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── clustering │ │ │ ├── available_sites.yml │ │ │ ├── cluster_label.yml │ │ │ ├── master_uri.yml │ │ │ ├── mode.yml │ │ │ ├── multisite.yml │ │ │ ├── pass4SymmKey.yml │ │ │ ├── replication_factor.yml │ │ │ ├── search_factor.yml │ │ │ └── site_replication_factor.yml │ │ │ ├── diskUsage │ │ │ └── minFreeSpace.yml │ │ │ ├── general │ │ │ ├── parallelIngestionPipelines.yml │ │ │ ├── pass4SymmKey.yml │ │ │ ├── site.yml │ │ │ └── trustedIP.yml │ │ │ ├── license │ │ │ └── master_uri.yml │ │ │ ├── main.yml │ │ │ ├── replication_port-ssl │ │ │ ├── password.yml │ │ │ ├── port.yml │ │ │ ├── rootCA.yml │ │ │ └── serverCert.yml │ │ │ ├── replication_port │ │ │ └── port.yml │ │ │ ├── shclustering │ │ │ ├── conf_deploy_fetch_url.yml │ │ │ ├── election.yml │ │ │ ├── id.yml │ │ │ ├── mgmt_uri.yml │ │ │ ├── pass4SymmKey.yml │ │ │ ├── replication_factor.yml │ │ │ └── shcluster_label.yml │ │ │ ├── sslConfig │ │ │ └── sslKeysfilePassword.yml │ │ │ └── touch.yml │ └── web │ │ ├── handlers │ │ └── main.yml │ │ └── tasks │ │ ├── main.yml │ │ ├── settings │ │ ├── caCertPath.yml │ │ ├── enableSplunkWebSSL.yml │ │ ├── httpport.yml │ │ ├── privKeyPath.yml │ │ ├── startwebserver.yml │ │ └── updateCheckerBaseURL.yml │ │ └── touch.yml ├── group │ ├── licensemaster │ │ └── tasks │ │ │ ├── copy_enterprise_license_keys.yml │ │ │ └── main.yml │ ├── searchhead │ │ └── tasks │ │ │ ├── distribute_distsearch_trustedkey.yml │ │ │ └── main.yml │ └── shcmember │ │ └── tasks │ │ ├── bootstrap.yml │ │ ├── init.yml │ │ └── main.yml └── install │ ├── tasks │ ├── add_authorized_key.yml │ ├── change_default_password.yml │ ├── enable_boot_start_splunk.yml │ ├── fetch_distserverkeys.yml │ ├── firewalld_open_splunkports.yml │ ├── install_splunk.yml │ ├── main.yml │ ├── set_splunk_secret.yml │ └── splunk_ftb.yml │ └── templates │ └── etc │ └── auth │ └── splunk.secret.j2 └── test.yml /.gitignore: -------------------------------------------------------------------------------- 1 | !group_vars/ 2 | group_vars/* 3 | !group_vars/*/ 4 | group_vars/*/* 5 | !group_vars/*/README 6 | *.pyc 7 | deploy_apps.yml 8 | !hosts* 9 | hosts* 10 | .vscode* -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ansible Playbook for Splunk 2 | - **Authors**: Mika Borner , Thomas Fischer 3 | - **Description**: Ansible Playbook for Splunk 4 | - **Version**: 1.0 5 | 6 | - **updated to Ansible 2.7**: Alex Klippert 7 | 8 | # Instructions 9 | 10 | * See https://github.com/my2ndhead/ansible_playbook_splunk/wiki 11 | 12 | 13 | ## License 14 | - **This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.** [1] 15 | - **Commercial Use, Excerpt from CC BY-NC-SA 4.0:** 16 | - "A commercial use is one primarily intended for commercial advantage or monetary compensation." 17 | - **In case of Ansible Playbook for Splunk this translates to:** 18 | - You may use Ansible Playbook for Splunk in commercial environments for setting up Splunk environments 19 | - You may use Ansible Playbook for Splunk as part of your consulting or integration work, if you're considered to be working on behalf of your customer. The customer will be the licensee of Ansible Splunk Playbook and must comply according to the license terms 20 | - You are not allowed to sell Ansible Playbook for Splunk as a standalone product or within an application bundle 21 | - If you want to use Ansible Playbook for Splunk outside of these license terms, please contact us and we will find a solution 22 | 23 | ## References 24 | [1] http://creativecommons.org/licenses/by-nc-sa/4.0/ 25 | -------------------------------------------------------------------------------- /README/spec/app.spec: -------------------------------------------------------------------------------- 1 | ############################################ 2 | # 3 | # Possible values for apps 4 | # 5 | ############################################ 6 | 7 | 8 | * Application Name (Path name) 9 | 10 | [apps|deployment_apps|master_apps|shcluster_apps]: 11 | * Installation destination 12 | * Note: Underscore instead of dash/slash needed due to YAML Syntax 13 | 14 | install: 15 | * Should the app be installed. 16 | * Used to uninstall app 17 | 18 | clean_install: 19 | * Should the app directory be purged before (re-)installation 20 | 21 | bundle: 22 | * The file that contains the app (tar.gz/spl) 23 | * File must reside unter splunk_repository.repository_root// 24 | 25 | git_repo: 26 | * The path to the git repository 27 | 28 | git_version: 29 | * The git branch or tag 30 | * Defaults to "HEAD" if unset 31 | 32 | 33 | ... 34 | -------------------------------------------------------------------------------- /README/spec/distsearch_conf.spec: -------------------------------------------------------------------------------- 1 | ############################################ 2 | # 3 | # Possible values for conf/distsearch role 4 | # 5 | # Follows Splunk distsearch.conf.spec closely 6 | # 7 | ############################################ 8 | 9 | splunk_distsearch_conf: 10 | distributedSearch: 11 | disabled: [True | False] 12 | * Defaults to false 13 | server: 14 | - "{{ groups[''] }}" 15 | - "{{ groups[''] }}" 16 | - ... 17 | - "{{ groups[''] }}" 18 | * List of inventory groups used for distributed search 19 | -------------------------------------------------------------------------------- /README/spec/inputs_conf.spec: -------------------------------------------------------------------------------- 1 | ############################################ 2 | # 3 | # Possible values for conf/inputs role 4 | # 5 | # Follows Splunk inputs.conf.spec closely 6 | # 7 | ############################################ 8 | 9 | splunk_inputs_conf: 10 | splunktcp: 11 | port: 12 | 13 | splunktcp_ssl: 14 | port: 15 | 16 | SSL: 17 | rootCA: 18 | * Certificate authority list 19 | * Autogenerated file under $SPLUNK_HOME/etc/auth/cacert.pem 20 | 21 | serverCert: 22 | * Full path to the server certificate. 23 | * Autogenerated file under $SPLUNK_HOME/etc/auth/server.pem 24 | 25 | password: 26 | * Encrypted password 27 | -------------------------------------------------------------------------------- /README/spec/outputs_conf.spec: -------------------------------------------------------------------------------- 1 | ############################################ 2 | # 3 | # Possible values for conf/outputs role 4 | # 5 | # Follows Splunk outputs.conf.spec closely 6 | # 7 | ############################################ 8 | 9 | splunk_outputs_conf: 10 | tcpout: 11 | defaultGroup: , , ... 12 | * The default group 13 | target_group: 14 | [target_group1:] 15 | * List of target groups 16 | 17 | useACK: [true|false] 18 | * Defaults to false 19 | server: 20 | - [":"] 21 | - [":"] 22 | - ... 23 | * List of servers to connect to 24 | 25 | sslPassword: 26 | * Encrypted sslPassword 27 | * No default value 28 | 29 | sslCertPath: 30 | * There is no default value. 31 | * Autogenerated file under $SPLUNK_HOME/etc/auth/server.pem 32 | 33 | sslRootCAPath: 34 | * There is no default value. 35 | * Autogenerated file under $SPLUNK_HOME/etc/auth/ca.pem 36 | 37 | sslVerifyServerCert: [true|false] 38 | * Defaults to false. 39 | 40 | indexerDiscovery: 41 | * Instructs the forwarder to fetch the list of indexers from the master node specified in the corresponding [indexer_discovery:] stanza. 42 | 43 | forceTimebasedAutoLB: [true|false] 44 | * Will force existing streams to switch to newly elected indexer every AutoLB cycle. 45 | * Defaults to false 46 | 47 | [target_groupN:] 48 | ... 49 | 50 | indexer_discovery: 51 | * Indexer discovery settings 52 | 53 | [indexerDiscovery_target1:] 54 | * indexerDiscpvery_target list. Use name from tcpout stanza. 55 | 56 | pass4SymmKey: 57 | * Encrypted Password 58 | 59 | master_uri: "" 60 | * Cluster Master URI 61 | * No default value 62 | -------------------------------------------------------------------------------- /README/spec/server_conf.spec: -------------------------------------------------------------------------------- 1 | ############################################ 2 | # 3 | # Possible values for conf/server role 4 | # 5 | # Follows Splunk server.conf.spec closely 6 | # 7 | ############################################ 8 | 9 | splunk_server_conf: 10 | general: 11 | 12 | parallelIngestionPipelines: 13 | * Data being loaded into splunk, whether for indexing or forwarding, progresses through a series of steps arranged into "pipelines". 14 | By setting this to more than one, more processor threads can be set up to perform this work. 15 | * Defaults to 1 16 | 17 | pass4SymmKey: 18 | * Encrypted password 19 | 20 | site: [dynamic|] 21 | * The site where the system is located. Dynamic will use site attribute from inventory 22 | 23 | trustedIP: 24 | * Trusted IP for SSO 25 | 26 | diskUsage: 27 | minFreeSpace: 28 | * Specified in megabytes. 29 | * The default setting is 5000 (approx 5GB) 30 | 31 | sslConfig: 32 | sslKeysfilePassword: 33 | * Encrypted password 34 | 35 | license: 36 | master_uri: [dynamic|] 37 | * Dynamic will use inventory to detect 38 | 39 | clustering: 40 | mode: [master|slave|searchhead|disabled] 41 | * Defaults to disabled 42 | 43 | master_uri: [ | clustermaster:stanzaName1, clustermaster:stanzaName2] 44 | * URI of the cluster master that this slave or searchhead should connect to. 45 | 46 | pass4SymmKey: 47 | * Encrypted password 48 | 49 | multisite: [true|false] 50 | * Defaults to false 51 | 52 | replication_factor: 53 | * Defaults to 3 54 | 55 | site_replication_factor: 56 | * Defaults to origin:2,total:3 57 | * Note: no spaces allowed between comma separated values 58 | 59 | search_factor: 60 | * Defaults to 2 61 | 62 | available_sites: 63 | - [site1] 64 | - [site2] 65 | * List of available sites 66 | * Defaults to an empty string. So if multisite is turned on this needs to be explicitly set 67 | 68 | replication_port: 69 | port: 70 | * Replication port 71 | 72 | replication_port_ssl: 73 | port: 74 | 75 | rootCA: 76 | * Certificate authority list 77 | * Autogenerated file under $SPLUNK_HOME/etc/auth/cacert.pem 78 | 79 | serverCert: 80 | * Full path to the server certificate. 81 | * Autogenerated file under $SPLUNK_HOME/etc/auth/server.pem 82 | 83 | password: 84 | * Encrypted password 85 | 86 | shclustering: 87 | mgmt_uri: [mgmt-URI | dynamic] 88 | * The management uri is used to identify the cluster members own address to 89 | itself. 90 | * Use dynamic to set own adress automatically 91 | 92 | id: 93 | * Unique identifier for this cluster as a whole, shared across all cluster 94 | members. 95 | * Create one, e.g. using python: $ python -c "import uuid; print str(uuid.uuid4()).upper()" 96 | 97 | conf_deploy_fetch_url: [ | dynamic ] 98 | * Specifies the location of the deployer from which members fetch the 99 | configuration bundle. 100 | * This value must be set to a or dynamic in order for the configuration bundle to 101 | be fetched. 102 | * Set to dynamic to automatically set value 103 | * Defaults to empty. 104 | 105 | election: [True | False] 106 | * This is used to classify a cluster as static or dynamic (RAFT based). 107 | * election = false means static captain, which is used for DR situation. 108 | * election = true means dynamic captain election enabled through RAFT protocol 109 | 110 | pass4SymmKey: 111 | * Secret shared among the members in the search head cluster to prevent any 112 | arbitrary instance from connecting to the cluster. 113 | * All members must use the same value. 114 | * If set in the [shclustering] stanza, it takes precedence over any setting 115 | in the [general] stanza. 116 | 117 | replication_factor: 118 | * Determines how many copies of search artifacts are created in the cluster. 119 | * This must be set to the same value on all members. 120 | * Defaults to 3. 121 | 122 | shcluster_label = 123 | * This specifies the label of the search head cluster 124 | -------------------------------------------------------------------------------- /README/spec/splunk_configuration.spec: -------------------------------------------------------------------------------- 1 | ######################################################### 2 | # 3 | # Possible values for all/splunk_configuration group_vars 4 | # 5 | ######################################################### 6 | 7 | splunk_conf_path: 8 | * Path, where to write configuration items. Typically /opt/splunk/etc/system/local 9 | -------------------------------------------------------------------------------- /README/spec/splunk_installation.spec: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # 3 | # Possible values for all/splunk_installation group_vars 4 | # 5 | ######################################################## 6 | 7 | splunk_installation: 8 | splunk_home_path: 9 | * Mandatory 10 | * Typically /opt/splunk 11 | 12 | version: 13 | * Optional / Not used yet 14 | * Version number to be installed 15 | 16 | ssh_public_key: 17 | * Optional 18 | * The SSH public key Ansible uses to connect to Splunk hosts 19 | 20 | package_format: [rpm|tgz] 21 | * Mandatory 22 | * The package format used to install Splunk 23 | 24 | package_file: 25 | * Mandatory 26 | * The file name of the Splunk package. Files has to exist in /packages 27 | 28 | remote_package_temp_path: 29 | * Mandatory 30 | * The path where Ansible copies the Splunk package to 31 | * Typcially /tmp 32 | 33 | delete_package_after_install: 34 | * Mandatory 35 | * Should the remote Splunk Packages be deleted after installation 36 | 37 | remote_app_temp_path: 38 | * Mandatory 39 | * The path where Ansible copies the apps to 40 | * Typically /tmp 41 | 42 | admin_password: 43 | * Mandatory 44 | * The Splunk admin password in cleartext 45 | * Use Ansible Vault to keep this protected 46 | 47 | splunk_secret: 48 | * Mandatory 49 | * The splunk.secret in cleartext 50 | * Use Ansible Vault to keep this protected 51 | 52 | firewalld_open_port: 53 | port: "/tcp" 54 | port: "/tcp" 55 | ... 56 | port: "/tcp" 57 | * Optional 58 | * List of ports to open, if firewalld is used. 59 | -------------------------------------------------------------------------------- /README/spec/splunk_packages.spec: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # 3 | # Possible values for all/splunk_packages group_vars 4 | # 5 | ######################################################## 6 | 7 | splunk_packages: 8 | linux_64_rpm: 9 | * 64-bit Linux RPM Packages 10 | * Optional 11 | package: 12 | version: 13 | * Version Number 14 | url: 15 | * Package Source URL 16 | package: 17 | ... 18 | * List of packages 19 | 20 | linux_64_tgz: 21 | * 64-bit Linux TGZ Packages 22 | * Optional 23 | package: 24 | version: 25 | * Version Number 26 | url: 27 | * Package Source URL 28 | package: 29 | ... 30 | * List of packages 31 | -------------------------------------------------------------------------------- /README/spec/splunk_repository.spec: -------------------------------------------------------------------------------- 1 | ###################################################### 2 | # 3 | # Possible values for all/splunk_repository group_vars 4 | # 5 | ###################################################### 6 | 7 | splunk_repository: 8 | repository_root: 9 | * The path to the repository 10 | 11 | repository_owner: 12 | * The Unix owner of the repository 13 | 14 | repository_group: 15 | * The Unix group of the repository 16 | -------------------------------------------------------------------------------- /README/spec/web_conf.spec: -------------------------------------------------------------------------------- 1 | ############################################ 2 | # 3 | # Possible values for conf/web role 4 | # 5 | # Follows Splunk web.conf.spec closely 6 | # 7 | ############################################ 8 | 9 | splunk_web_conf: 10 | settings: 11 | enableSplunkWebSSL: [True | False] 12 | * Defaults to True 13 | 14 | httpport: 15 | * Defaults to 8000 16 | 17 | startwebserver: [True | False] 18 | * Defaults to True 19 | 20 | privKeyPath: 21 | * Relative paths are interpreted as relative to $SPLUNK_HOME 22 | * Defaults to etc/auth/splunkweb/privkey.pem 23 | 24 | caCertPath: 25 | * Relative paths are interpreted as relative to $SPLUNK_HOME 26 | * Default to etc/auth/splunkweb/cert.pem 27 | 28 | updateCheckerBaseURL: [http://quickdraw.Splunk.com/js/|0] 29 | * Defaults to http://quickdraw.Splunk.com/js/ 30 | -------------------------------------------------------------------------------- /README/templates/group_vars/all/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to all groups 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/all/splunk_configuration: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # General Conf Variables 5 | ##################################################################################################################### 6 | splunk_conf_path: /opt/splunk/etc/system/local 7 | -------------------------------------------------------------------------------- /README/templates/group_vars/all/splunk_installation: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Installation Variables 4 | ##################################################################################################################### 5 | splunk_installation: 6 | splunk_home_path: /opt/splunk 7 | splunk_user: splunk 8 | version: 6.3.2 9 | ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnC6DzjkQjCXTMRqEWELAeehSldjqAemn3NflE6NKQ/wp7ekO6krRxALTBp3sD4wllCw7IRFkVPDpII29PszGxc/JL53yV2RgYRhzSxdDG5FuTKhS5FKRuQuoPPj3Y8qm1ZBxk+9W3Z/BWP593lkgLQ1v4ykO68p53+QCLy4Up1+Noyw3sRwpgx12OzDcIvjzZ2s8DjmApwXg23YB/TVS7OWG1A4AVVUa4cKq7CXnbY/uVluUnI7jUeOW1bsLnrgCuSbInxEyGmG/tcEm/2PAp22arTjpOEBvUNjdIwy6/Dhx4679pKh+KATjHpkM+iNWmy/zkl28Iv798pt8k+Zf7 root@linuxmint" 10 | 11 | package_format: rpm 12 | # package_format: [rpm|tgz] 13 | 14 | package_file: splunk-6.3.2-aaff59bb082c-linux-2.6-x86_64.rpm 15 | # package_file: splunk-6.3.2-aaff59bb082c-Linux-x86_64.tgz 16 | remote_package_temp_path: /tmp 17 | delete_package_after_install: false 18 | 19 | remote_app_temp_path: /tmp 20 | 21 | admin_password: verysecret 22 | 23 | splunk_secret: 9uaY9Z02G69pWDMd6lUQGRISmgoRllMloZTsUf3EN/aV4Tp2F5EZynoNYEyEakTrrFhnUrti/f23DdziWTGU6WGJkPnJ07uxYDByH0dLKMjWjpPGxeOZ5WHt3D3dF5qyryO27KBWJ3ZWBMfUow85cX/0RHRIQv3C28q8R7m17YUVhsv6b8CVfG/kWIVqTdpcR.jElzKYv75X2GdRgvLyBDWLC7KplnOgmaiZ0bfpaNlEV.Yp4acowkHqH4USRb 24 | 25 | firewalld_open_port: 26 | - "8000/tcp" 27 | - "8089/tcp" 28 | - "9997/tcp" 29 | - "9888/tcp" 30 | -------------------------------------------------------------------------------- /README/templates/group_vars/all/splunk_packages: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Splunk Package Variables 4 | ##################################################################################################################### 5 | 6 | splunk_packages: 7 | linux_64_rpm: 8 | package: 9 | version: 6.3.3 10 | url: "http://download.splunk.com/products/splunk/releases/6.3.3/splunk/linux/splunk-6.3.3-f44afce176d0-linux-2.6-x86_64.rpm" 11 | 12 | linux_64_tgz: 13 | package: 14 | version: "6.3.3" 15 | url: "http://download.splunk.com/products/splunk/releases/6.3.2/splunk/linux/splunk-6.3.3-f44afce176d0-Linux-x86_64.tgz" 16 | -------------------------------------------------------------------------------- /README/templates/group_vars/all/splunk_repository: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Repository Variables 4 | ##################################################################################################################### 5 | splunk_repository: 6 | repository_root: /var/lib/splunk_repository 7 | repository_owner: root 8 | repository_group: root 9 | -------------------------------------------------------------------------------- /README/templates/group_vars/cluster/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the cluster group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/cluster/splunk_configuration: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # General Conf Variables for splunk_cluster_production 4 | ##################################################################################################################### 5 | 6 | splunk_cluster_label: production 7 | -------------------------------------------------------------------------------- /README/templates/group_vars/deployer/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the deployer group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/deployer/Splunk_TA_nix: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk App Splunk_TA_nix 4 | ##################################################################################################################### 5 | 6 | Splunk_TA_nix: 7 | shcluster_apps: 8 | install: true 9 | clean_install: true 10 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/deployer/Splunk_TA_windows: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk App Splunk_TA_windows 4 | ##################################################################################################################### 5 | 6 | Splunk_TA_windows: 7 | shcluster_apps: 8 | install: true 9 | clean_install: true 10 | bundle: "splunk-add-on-for-microsoft-windows_480.tgz" 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/deployer/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 16 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 17 | indexer_discovery: 18 | production: 19 | pass4SymmKey: changeme 20 | master_uri: dynamic 21 | -------------------------------------------------------------------------------- /README/templates/group_vars/deployer/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | ##################################################################################################################### 6 | 7 | splunk_server_conf: 8 | license: 9 | master_uri: dynamic 10 | sslConfig: 11 | sslKeysfilePassword: $1$nhb+jVVyTmE 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/deployer/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: 1 10 | updateCheckerBaseURL: 0 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/deploymentserver/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the deploymentserver group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/deploymentserver/Splunk_TA_nix: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk App Splunk_TA_nix 4 | ##################################################################################################################### 5 | 6 | Splunk_TA_nix: 7 | deployment_apps: 8 | install: true 9 | clean_install: true 10 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 11 | apps: 12 | install: true 13 | clean_install: true 14 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 15 | -------------------------------------------------------------------------------- /README/templates/group_vars/deploymentserver/Splunk_TA_windows: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk App Splunk_TA_windows 4 | ##################################################################################################################### 5 | 6 | Splunk_TA_windows: 7 | deployment_apps: 8 | install: true 9 | clean_install: true 10 | bundle: "splunk-add-on-for-microsoft-windows_480.tgz" 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/deploymentserver/apps: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk Apps 4 | ##################################################################################################################### 5 | 6 | splunk_apps: 7 | Splunk_TA_windows: 8 | deployment_apps: 9 | install: true 10 | clean_install: true 11 | bundle: "splunk-add-on-for-microsoft-windows_480.tgz" 12 | 13 | Splunk_TA_nix: 14 | deployment_apps: 15 | install: true 16 | clean_install: true 17 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 18 | apps: 19 | install: true 20 | clean_install: true 21 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 22 | -------------------------------------------------------------------------------- /README/templates/group_vars/deploymentserver/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 16 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 17 | indexer_discovery: 18 | production: 19 | pass4SymmKey: changeme 20 | master_uri: dynamic 21 | -------------------------------------------------------------------------------- /README/templates/group_vars/deploymentserver/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | ##################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | site: site0 10 | license: 11 | master_uri: dynamic 12 | sslConfig: 13 | sslKeysfilePassword: $1$nhb+jVVyTmE 14 | -------------------------------------------------------------------------------- /README/templates/group_vars/deploymentserver/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: 1 10 | updateCheckerBaseURL: 0 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/dmc/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the dmc group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/dmc/distsearch.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk distsearch.conf 5 | #################################################################################################################### 6 | 7 | splunk_distsearch_conf: 8 | distributedSearch: 9 | servers: 10 | - "{{ groups['searchpeer'] }}" 11 | - "{{ groups['peernode'] }}" 12 | - "{{ groups['licensemaster'] }}" 13 | - "{{ groups['masternode'] }}" 14 | - "{{ groups['deploymentserver'] }}" 15 | - "{{ groups['deployer'] }}" 16 | - "{{ groups['shcmember'] }}" 17 | - "{{ groups['heavyforwarder'] }}" 18 | 19 | -------------------------------------------------------------------------------- /README/templates/group_vars/dmc/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 16 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 17 | sslVerifyServerCert: true 18 | indexer_discovery: 19 | production: 20 | pass4SymmKey: changeme 21 | master_uri: dynamic 22 | -------------------------------------------------------------------------------- /README/templates/group_vars/dmc/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | pass4SymmKey: $1$yVqq0RA0BTML 10 | site: dynamic 11 | sslConfig: 12 | sslKeysfilePassword: $1$nhb+jVVyTmEL 13 | license: 14 | master_uri: dynamic 15 | -------------------------------------------------------------------------------- /README/templates/group_vars/dmc/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: True 10 | updateCheckerBaseURL: 0 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/heavyforwarder/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the heavyforwarder group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/heavyforwarder/Splunk_TA_nix: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk App Splunk_TA_nix 5 | ##################################################################################################################### 6 | 7 | Splunk_TA_nix: 8 | apps: 9 | install: true 10 | clean_install: true 11 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/heavyforwarder/Splunk_TA_windows: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk App Splunk_TA_windows 5 | ##################################################################################################################### 6 | 7 | Splunk_TA_windows: 8 | apps: 9 | install: true 10 | clean_install: true 11 | bundle: "splunk-add-on-for-microsoft-windows_480.tgz" 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/heavyforwarder/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | forceTimebasedAutoLB: true 13 | useACK: true 14 | indexerDiscovery: production 15 | sslPassword: password 16 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 17 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 18 | indexer_discovery: 19 | production: 20 | pass4SymmKey: changeme 21 | master_uri: dynamic 22 | -------------------------------------------------------------------------------- /README/templates/group_vars/heavyforwarder/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | site: site0 10 | parallelIngestionPipelines: 2 11 | license: 12 | master_uri: dynamic 13 | sslConfig: 14 | sslKeysfilePassword: $1$nhb+jVVyTmE 15 | -------------------------------------------------------------------------------- /README/templates/group_vars/heavyforwarder/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: 1 10 | updateCheckerBaseURL: 0 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/indexer/inputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk inputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_inputs_conf: 8 | splunktcp_ssl: 9 | port: 9997 10 | SSL: 11 | rootCA: $SPLUNK_HOME/etc/auth/cacert.pem 12 | serverCert: $SPLUNK_HOME/etc/auth/server.pem 13 | password: $1$2lO4zAA+GjIL 14 | -------------------------------------------------------------------------------- /README/templates/group_vars/indexer/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | pass4Symmkey: $1$yVqq0RA0BTML 10 | site: dynamic 11 | sslConfig: 12 | sslKeysfilePassword: $1$nhb+jVVyTmEL 13 | license: 14 | master_uri: dynamic 15 | clustering: 16 | mode: slave 17 | master_uri: dynamic 18 | pass4SymmKey: SecretKey 19 | replication_port_ssl: 20 | port: 9888 21 | rootCA: $SPLUNK_HOME/etc/auth/cacert.pem 22 | serverCert: $SPLUNK_HOME/etc/auth/server.pem 23 | password: $1$2lO4zAA+GjI 24 | diskUsage: 25 | minFreeSpace: 2000 26 | 27 | -------------------------------------------------------------------------------- /README/templates/group_vars/indexer/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: true 10 | startwebserver: 0 11 | updateCheckerBaseURL: 0 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/licensemaster/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the licensemaster group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/licensemaster/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 16 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 17 | indexer_discovery: 18 | production: 19 | pass4SymmKey: changeme 20 | master_uri: dynamic 21 | -------------------------------------------------------------------------------- /README/templates/group_vars/licensemaster/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | site: site0 10 | license: 11 | master_uri: self 12 | sslConfig: 13 | sslKeysfilePassword: $1$nhb+jVVyTmE 14 | -------------------------------------------------------------------------------- /README/templates/group_vars/licensemaster/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: 1 10 | updateCheckerBaseURL: 0 11 | 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/masternode/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the masternode group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/masternode/Splunk_TA_nix: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk App Splunk_TA_nix 4 | ##################################################################################################################### 5 | 6 | Splunk_TA_nix: 7 | master_apps: 8 | install: true 9 | clean_install: true 10 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/masternode/Splunk_TA_windows: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk App Splunk_TA_windows 4 | ##################################################################################################################### 5 | 6 | Splunk_TA_windows: 7 | master_apps: 8 | install: true 9 | clean_install: true 10 | bundle: "splunk-add-on-for-microsoft-windows_480.tgz" 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/masternode/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 16 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 17 | indexer_discovery: 18 | production: 19 | pass4SymmKey: changeme 20 | master_uri: dynamic 21 | 22 | -------------------------------------------------------------------------------- /README/templates/group_vars/masternode/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | site: site1 10 | license: 11 | master_uri: dynamic 12 | clustering: 13 | mode: master 14 | pass4SymmKey: changeme 15 | multisite: true 16 | replication_factor: 2 17 | site_replication_factor: "origin:1, total:2" 18 | search_factor: 2 19 | available_sites: "site1, site2" 20 | sslConfig: 21 | sslKeysfilePassword: $1$nhb+jVVyTmE 22 | -------------------------------------------------------------------------------- /README/templates/group_vars/masternode/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: 1 10 | updateCheckerBaseURL: 0 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/peernode/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the peernode group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/peernode/inputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk inputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_inputs_conf: 8 | splunktcp_ssl: 9 | port: 9997 10 | SSL: 11 | rootCA: $SPLUNK_HOME/etc/auth/cacert.pem 12 | serverCert: $SPLUNK_HOME/etc/auth/server.pem 13 | password: $1$2lO4zAA+GjIL 14 | -------------------------------------------------------------------------------- /README/templates/group_vars/peernode/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | pass4SymmKey: $1$yVqq0RA0BTML 10 | site: dynamic 11 | sslConfig: 12 | sslKeysfilePassword: $1$nhb+jVVyTmEL 13 | license: 14 | master_uri: dynamic 15 | clustering: 16 | mode: slave 17 | master_uri: dynamic 18 | pass4SymmKey: SecretKey 19 | replication_port_ssl: 20 | port: 9888 21 | rootCA: $SPLUNK_HOME/etc/auth/cacert.pem 22 | serverCert: $SPLUNK_HOME/etc/auth/server.pem 23 | password: $1$2lO4zAA+GjI 24 | -------------------------------------------------------------------------------- /README/templates/group_vars/peernode/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: true 10 | startwebserver: 0 11 | updateCheckerBaseURL: 0 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchhead/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the searchhead group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchhead/apps: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk Apps 5 | ##################################################################################################################### 6 | 7 | splunk_apps: 8 | Splunk_TA_windows: 9 | apps: 10 | install: true 11 | clean_install: true 12 | bundle: "splunk-add-on-for-microsoft-windows_480.tgz" 13 | 14 | Splunk_TA_nix: 15 | apps: 16 | install: true 17 | clean_install: true 18 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 19 | 20 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchhead/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 16 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 17 | sslVerifyServerCert: true 18 | indexer_discovery: 19 | production: 20 | pass4SymmKey: SecretKey 21 | master_uri: dynamic 22 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchhead/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | pass4SymmKey: $1$yVqq0RA0BTML 10 | site: dynamic 11 | sslConfig: 12 | sslKeysfilePassword: $1$nhb+jVVyTmEL 13 | license: 14 | master_uri: dynamic 15 | clustering: 16 | mode: searchhead 17 | master_uri: dynamic 18 | pass4SymmKey: changeme 19 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchhead/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: True 10 | updateCheckerBaseURL: 0 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchpeer/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the searchpeer group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchpeer/inputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk inputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_inputs_conf: 8 | splunktcp_ssl: 9 | port: 9997 10 | SSL: 11 | rootCA: $SPLUNK_HOME/etc/auth/cacert.pem 12 | serverCert: $SPLUNK_HOME/etc/auth/server.pem 13 | password: $1$2lO4zAA+GjIL 14 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchpeer/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | pass4SymmKey: $1$yVqq0RA0BTML 10 | site: dynamic 11 | sslConfig: 12 | sslKeysfilePassword: $1$nhb+jVVyTmEL 13 | license: 14 | master_uri: dynamic 15 | clustering: 16 | mode: slave 17 | master_uri: dynamic 18 | pass4SymmKey: SecretKey 19 | replication_port_ssl: 20 | port: 9888 21 | rootCA: $SPLUNK_HOME/etc/auth/cacert.pem 22 | serverCert: $SPLUNK_HOME/etc/auth/server.pem 23 | password: $1$2lO4zAA+GjI 24 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchpeer/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: true 10 | startwebserver: 0 11 | updateCheckerBaseURL: 0 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/shcluster/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the shcluster group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/shcluster/splunk_configuration: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # General Conf Variables for splunk_shcluster_production 4 | ##################################################################################################################### 5 | 6 | splunk_shcluster_label: production 7 | -------------------------------------------------------------------------------- /README/templates/group_vars/shcmember/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the shcmember group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/shcmember/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 16 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 17 | indexer_discovery: 18 | production: 19 | pass4SymmKey: changeme 20 | master_uri: dynamic 21 | -------------------------------------------------------------------------------- /README/templates/group_vars/shcmember/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | license: 9 | master_uri: dynamic 10 | clustering: 11 | mode: searchhead 12 | master_uri: dynamic 13 | shclustering: 14 | shcluster_label: production 15 | mgmt_uri: dynamic 16 | conf_deploy_fetch_url: dynamic 17 | id: 6D1F6C76-3370-40BA-98F3-2C16AEEF24F1 18 | replication_port_ssl: 19 | port: 9888 20 | rootCA: $SPLUNK_HOME/etc/auth/cacert.pem 21 | serverCert: $SPLUNK_HOME/etc/auth/server.pem 22 | password: $1$2lO4zAA+GjI 23 | -------------------------------------------------------------------------------- /README/templates/group_vars/shcmember/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: 1 10 | updateCheckerBaseURL: 0 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/site0/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the site0 group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/site0/splunk_configuration: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # General Conf Variables 4 | ##################################################################################################################### 5 | 6 | splunk_site: site0 7 | -------------------------------------------------------------------------------- /README/templates/group_vars/site1/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the site1 group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/site1/splunk_configuration: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # General Conf Variables 4 | ##################################################################################################################### 5 | 6 | splunk_site: site1 7 | -------------------------------------------------------------------------------- /README/templates/group_vars/site2/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the site2 group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/site2/splunk_configuration: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # General Conf Variables 4 | ##################################################################################################################### 5 | 6 | splunk_site: site2 7 | -------------------------------------------------------------------------------- /add_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: repository 3 | 4 | vars_prompt: 5 | - name: "app_name" 6 | prompt: "\n1) Repository directory name or git repo name (mandatory)\n --> Repository location is defined in 'group_vars/all/splunk_repository'\n (Example: TA-my-app or Splunk_TA-xxx)\n Your answer" 7 | private: no 8 | 9 | - name: "filename" 10 | prompt: "\n3) Repository full filename (optional)\n (Example: splunk-addon-xxx-v1.2.tgz) Leave empty if you want to use git\n Your answer" 11 | private: no 12 | 13 | pre_tasks: 14 | - include_vars: group_vars/all/splunk_repository 15 | 16 | tasks: 17 | - name: Building full file path if defined 18 | stat: path={{splunk_repository.repository_root}}/apps/{{ app_name }}/{{ filename }} 19 | register: fqfilename 20 | when: filename is defined 21 | 22 | - name: Display filename properties (filled when app is not git) 23 | debug: 24 | var: fqfilename.stat.path, fqfilename.stat.size 25 | when: fqfilename is defined 26 | 27 | - name: Check user input 28 | fail: msg="A required value is empty or wrong ==> '{{ item }}' <===. Please restart and ensure all mandatory fields are set!" 29 | with_items: [ app_name, filename ] 30 | when: "(item == 'filename' and {{ item }} !='' and (fqfilename.stat.exists != true or fqfilename.stat.isreg != true or fqfilename.stat.size < 100)) 31 | or (item is not defined and item != 'filename') 32 | or (item is defined and {{ item }} == '' and item != 'filename')" 33 | 34 | - name: Convert to ansible friendly name 35 | set_fact: 36 | app_variable: "{{ app_name | regex_replace('-', '_')}}" 37 | 38 | - name: Copy template app template 39 | command: cp -RfT roles/apps/app.template roles/apps/{{ app_name }} 40 | 41 | - name: Set app variables 42 | template: src=roles/apps/{{ app_name }}/vars/main.yml.j2 43 | dest=roles/apps/{{ app_name }}/vars/main.yml 44 | mode=0640 45 | 46 | - name: Remove template file 47 | file: path=roles/apps/{{ app_name }}/vars/main.yml.j2 48 | state=absent 49 | 50 | - name: Find app roles 51 | command: "ls roles/apps" 52 | register: app_roles 53 | 54 | - name: Create deploy_apps.yml 55 | template: src=roles/common/templates/deploy_apps.yml.j2 56 | dest=./deploy_apps.yml 57 | mode=0640 58 | 59 | -------------------------------------------------------------------------------- /configure_deployer.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk deployer 2 | hosts: deployer 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/outputs 8 | - conf/server 9 | -------------------------------------------------------------------------------- /configure_deploymentserver.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk deploymentserver 2 | hosts: deploymentserver 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/outputs 8 | - conf/server 9 | -------------------------------------------------------------------------------- /configure_dmc.yml: -------------------------------------------------------------------------------- 1 | - name: "Configure Distributed Managemnt Console (dmc)" 2 | hosts: dmc 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/outputs 8 | - conf/server 9 | - conf/distsearch 10 | - group/searchhead 11 | -------------------------------------------------------------------------------- /configure_heavyforwarder.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk heavyforwarder 2 | hosts: heavyforwarder 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/inputs 8 | - conf/outputs 9 | - conf/server -------------------------------------------------------------------------------- /configure_licensemaster.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk licensemaster 2 | hosts: licensemaster 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/outputs 8 | - conf/server 9 | - group/licensemaster 10 | -------------------------------------------------------------------------------- /configure_masternode.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk masternode 2 | hosts: masternode 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/outputs 8 | - conf/server 9 | -------------------------------------------------------------------------------- /configure_peernode.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk peernodes 2 | hosts: peernode 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/inputs 8 | - conf/server 9 | -------------------------------------------------------------------------------- /configure_repository.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: repository 3 | user: root 4 | tasks: 5 | - name: Create repository root directory 6 | file: path="{{ splunk_repository.repository_root }}" 7 | state=directory 8 | 9 | - name: Create repository apps directory 10 | file: path="{{ splunk_repository.repository_root }}/apps" 11 | state=directory 12 | 13 | - name: Create repository packages directory 14 | file: path="{{ splunk_repository.repository_root }}/packages" 15 | state=directory 16 | 17 | - name: Create distServerKeys directory 18 | file: path="{{ splunk_repository.repository_root }}/distServerKeys" 19 | state=directory 20 | 21 | - name: Create licenses directory 22 | file: path="{{ splunk_repository.repository_root }}/licenses" 23 | state=directory 24 | 25 | - name: Create licenses/enterprise directory 26 | file: path="{{ splunk_repository.repository_root }}/licenses/enterprise" 27 | state=directory 28 | 29 | - name: Set repository owner/group 30 | file: path={{ splunk_repository.repository_root }} 31 | recurse=yes 32 | owner={{ splunk_repository.repository_owner }} 33 | group={{ splunk_repository.repository_group }} 34 | 35 | - name: Set repository directory mode 36 | file: path={{ splunk_repository.repository_root }} 37 | mode=750 38 | 39 | - name: Find app roles 40 | command: "ls roles/apps" 41 | register: app_roles 42 | 43 | - name: Create deploy_apps.yml 44 | template: src=roles/common/templates/deploy_apps.yml.j2 45 | dest=./deploy_apps.yml 46 | mode=0640 47 | -------------------------------------------------------------------------------- /configure_searchhead.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk searchheads 2 | hosts: searchhead 3 | user: splunk 4 | 5 | roles: 6 | - group/searchhead 7 | - conf/web 8 | - conf/outputs 9 | - conf/server 10 | -------------------------------------------------------------------------------- /configure_searchpeer.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk indexers 2 | hosts: searchpeer 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/inputs 8 | - conf/server 9 | -------------------------------------------------------------------------------- /configure_shcmember.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk shcmember 2 | hosts: shcmember 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/outputs 8 | - conf/server 9 | -------------------------------------------------------------------------------- /download_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: repository 3 | tasks: 4 | - name: Download Splunk rpm packages 5 | get_url: url="{{ item.value.url }}" 6 | dest={{ splunk_repository.repository_root }}/packages 7 | owner={{ splunk_repository.repository_owner }} 8 | group={{ splunk_repository.repository_group }} 9 | mode=644 10 | with_dict: "{{ splunk_packages.linux_64_rpm }}" 11 | when: splunk_installation.package_format == "rpm" and 12 | splunk_packages.linux_64_rpm is defined 13 | 14 | 15 | - name: Download Splunk tgz packages 16 | get_url: url="{{ item.value.url }}" 17 | dest={{ splunk_repository.repository_root }}/packages 18 | owner={{ splunk_repository.repository_owner }} 19 | group={{ splunk_repository.repository_group }} 20 | mode=644 21 | with_dict: "{{ splunk_packages.linux_64_tgz }}" 22 | when: splunk_installation.package_format == "tgz" and 23 | splunk_packages.linux_64_tgz is defined 24 | 25 | 26 | -------------------------------------------------------------------------------- /filter_plugins/app_default.py: -------------------------------------------------------------------------------- 1 | def app_default (app): 2 | 3 | empty_dict = {} 4 | 5 | if type(app) is dict: 6 | return app 7 | else: 8 | return empty_dict 9 | 10 | class FilterModule(object): 11 | def filters(self): 12 | return {'app_default': app_default} 13 | -------------------------------------------------------------------------------- /filter_plugins/app_role_list.py: -------------------------------------------------------------------------------- 1 | def app_role_list (app): 2 | 3 | aignore = [ 'app.template','files','tasks','vars' ] 4 | for lsapp in aignore: 5 | if lsapp in app: app.remove(lsapp) 6 | 7 | rolepath = 'apps/' 8 | 9 | app=[rolepath + role for role in app] 10 | 11 | return app 12 | 13 | class FilterModule(object): 14 | def filters(self): 15 | return {'app_role_list': app_role_list} 16 | -------------------------------------------------------------------------------- /filter_plugins/create_distsearch_serverlist.py: -------------------------------------------------------------------------------- 1 | def create_distsearch_serverlist (serverlist): 2 | 3 | servers_normalized = [] 4 | 5 | for item in serverlist: 6 | if type(item) is unicode: 7 | item=str(item) 8 | if type(item) is str: 9 | item=[item] 10 | for sublist in item: 11 | servers_normalized.append(sublist) 12 | 13 | servers = [] 14 | [servers.append(item) for item in servers_normalized if item not in servers] 15 | 16 | return servers 17 | 18 | class FilterModule(object): 19 | def filters(self): 20 | return {'create_distsearch_serverlist': create_distsearch_serverlist} 21 | -------------------------------------------------------------------------------- /filter_plugins/create_distsearch_servers.py: -------------------------------------------------------------------------------- 1 | def create_distsearch_servers (serverlist): 2 | 3 | servers_normalized = [] 4 | 5 | for item in serverlist: 6 | if type(item) is unicode: 7 | item=str(item) 8 | if type(item) is str: 9 | item=[item] 10 | for sublist in item: 11 | servers_normalized.append(sublist) 12 | 13 | servers = [] 14 | [servers.append(item) for item in servers_normalized if item not in servers] 15 | 16 | 17 | servers = [server+":8089" for server in servers ] 18 | servers = ', '.join(servers) 19 | return servers 20 | 21 | class FilterModule(object): 22 | def filters(self): 23 | return {'create_distsearch_servers': create_distsearch_servers} 24 | -------------------------------------------------------------------------------- /filter_plugins/create_shcluster_mgmt_uri_servers.py: -------------------------------------------------------------------------------- 1 | def create_shcluster_mgmt_uri_servers (serverlist): 2 | 3 | servers_normalized = [] 4 | 5 | for item in serverlist: 6 | if type(item) is unicode: 7 | item=str(item) 8 | if type(item) is str: 9 | item=[item] 10 | for sublist in item: 11 | servers_normalized.append(sublist) 12 | 13 | servers = [] 14 | [servers.append(item) for item in servers_normalized if item not in servers] 15 | 16 | 17 | servers = ["https://"+server+":8089" for server in servers ] 18 | servers = ','.join(servers) 19 | return servers 20 | 21 | class FilterModule(object): 22 | def filters(self): 23 | return {'create_shcluster_mgmt_uri_servers': create_shcluster_mgmt_uri_servers} 24 | -------------------------------------------------------------------------------- /group_vars/all/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to all groups 2 | -------------------------------------------------------------------------------- /group_vars/cluster/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the cluster group 2 | -------------------------------------------------------------------------------- /group_vars/deployer/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the deployer group 2 | -------------------------------------------------------------------------------- /group_vars/deploymentserver/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the deploymentserver group 2 | -------------------------------------------------------------------------------- /group_vars/dmc/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the dmc group 2 | -------------------------------------------------------------------------------- /group_vars/heavyforwarder/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the heavyforwarder group 2 | -------------------------------------------------------------------------------- /group_vars/licensemaster/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the licensemaster group 2 | -------------------------------------------------------------------------------- /group_vars/masternode/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the masternode group 2 | -------------------------------------------------------------------------------- /group_vars/peernode/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the peernode group 2 | -------------------------------------------------------------------------------- /group_vars/searchhead/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the searchhead group 2 | -------------------------------------------------------------------------------- /group_vars/searchpeer/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the searchpeer group 2 | -------------------------------------------------------------------------------- /group_vars/shcluster/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the shcluster group 2 | -------------------------------------------------------------------------------- /group_vars/shcmember/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the shcmember group 2 | -------------------------------------------------------------------------------- /group_vars/site0/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the site0 group 2 | -------------------------------------------------------------------------------- /group_vars/site1/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the site1 group 2 | -------------------------------------------------------------------------------- /group_vars/site2/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the site2 group 2 | -------------------------------------------------------------------------------- /hosts.template: -------------------------------------------------------------------------------- 1 | [repository] 2 | localhost ansible_connection=local 3 | 4 | [shcmember] 5 | 6 | [searchhead] 7 | 8 | [searchpeer] 9 | 10 | [peernode] 11 | 12 | [licensemaster] 13 | 14 | [deployer] 15 | 16 | [masternode] 17 | 18 | [deploymentserver] 19 | 20 | [dmc] 21 | 22 | [site0] 23 | 24 | [site1] 25 | 26 | [site2] 27 | 28 | [shcluster] 29 | 30 | [cluster] 31 | 32 | [heavyforwarder] 33 | 34 | -------------------------------------------------------------------------------- /hosts_production.template: -------------------------------------------------------------------------------- 1 | [repository] 2 | localhost ansible_connection=local 3 | 4 | [shcmember] 5 | searchhead1.private.domain 6 | searchhead2.private.domain 7 | searchhead3.private.domain 8 | 9 | [searchhead] 10 | searchhead.private.domain 11 | 12 | [searchpeer] 13 | 14 | [peernode] 15 | indexer1.private.domain 16 | indexer2.private.domain 17 | 18 | [licensemaster] 19 | licensemaster.private.domain 20 | 21 | [deployer] 22 | deployer.private.domain 23 | 24 | [masternode] 25 | masternode.private.domain 26 | 27 | [deploymentserver] 28 | deploymentserver.private.domain 29 | 30 | [dmc] 31 | dmc.private.domain 32 | 33 | [site0] 34 | masternode.private.domain 35 | dmc.private.domain 36 | 37 | [site1] 38 | searchhead1.private.domain 39 | searchhead2.private.domain 40 | indexer1.private.domain 41 | 42 | [site2] 43 | searchhead3.private.domain 44 | indexer2.private.domain 45 | 46 | [shcluster] 47 | deployer.private.domain 48 | searchhead1.private.domain 49 | searchhead2.private.domain 50 | searchhead3.private.domain 51 | 52 | [cluster] 53 | masternode.private.domain 54 | indexer1.private.domain 55 | indexer2.private.domain 56 | 57 | [heavyforwarder] 58 | heavyforwarder1.private.domain 59 | -------------------------------------------------------------------------------- /install_shcmember.yml: -------------------------------------------------------------------------------- 1 | - name: Install splunk shcmember 2 | hosts: shcmember 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/outputs 8 | - conf/server 9 | - group/searchhead 10 | - group/shcmember 11 | 12 | post_tasks: 13 | - name: Run splunk restart 14 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk restart" 15 | 16 | -------------------------------------------------------------------------------- /install_splunk.yml: -------------------------------------------------------------------------------- 1 | - name: Install Splunk on all hosts 2 | hosts: "*:!repository" 3 | remote_user: "{{splunk_installation.splunk_user}}" 4 | 5 | 6 | roles: 7 | - install 8 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/files/apps/local/inputs.conf.template: -------------------------------------------------------------------------------- 1 | [monitor:///var/log] 2 | disabled = 0 3 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/files/deployment-apps/local/inputs.conf.template: -------------------------------------------------------------------------------- 1 | [monitor:///var/log] 2 | disabled = 0 3 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/files/shcluster/apps/local/inputs.conf.template: -------------------------------------------------------------------------------- 1 | [monitor:///var/log] 2 | disabled = 0 3 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/tasks/configure_local.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure app files (local/*.conf) 4 | copy: src="{{ item }}" 5 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/{{ app_name }}/local/" 6 | when: vars['app_variable'].apps is defined 7 | with_fileglob: apps/local/*.conf 8 | 9 | - name: Configure deployment-app files (local/*.conf) 10 | copy: src="{{ item }}" 11 | dest="{{ splunk_installation.splunk_home_path }}/etc/deployment-apps/{{ app_name }}/local/" 12 | when: vars['app_variable'].deployment_apps is defined 13 | with_fileglob: deployment-apps/local/*.conf 14 | 15 | - name: Configure shcluster/apps files (local/*.conf) 16 | copy: src="{{ item }}" 17 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/{{ app_name }}/local/" 18 | when: vars['app_variable'].shcluster_apps is defined 19 | with_fileglob: shcluster/apps/local/*.conf 20 | 21 | - name: Configure master-apps files (local/*.conf) 22 | copy: src="{{ item }}" 23 | dest="{{ splunk_installation.splunk_home_path }}/etc/master-apps/{{ app_name }}/local/" 24 | when: vars['app_variable'].master_apps is defined 25 | with_fileglob: master-apps/local/*.conf 26 | 27 | - name: Configure app permission file (metadata/local.meta) 28 | copy: src="{{ item }}" 29 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/{{ app_name }}/metadata/" 30 | when: vars['app_variable'].apps is defined 31 | with_fileglob: apps/metadata/local.meta 32 | 33 | - name: Configure deployment-app permission file (metadata/local.meta) 34 | copy: src="{{ item }}" 35 | dest="{{ splunk_installation.splunk_home_path }}/etc/deployment-apps/{{ app_name }}/metadata/" 36 | when: vars['app_variable'].deployment_apps is defined 37 | with_fileglob: deployment-apps/metadata/local.meta 38 | 39 | - name: Configure shcluster/apps permission file (metadata/local.meta) 40 | copy: src="{{ item }}" 41 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/{{ app_name }}/metadata/" 42 | when: vars['app_variable'].shcluster_apps is defined" 43 | with_fileglob: shcluster/apps/metadata/local.meta 44 | 45 | - name: Configure master-apps permission file (metadata/local.meta) 46 | copy: src="{{ item }}" 47 | dest="{{ splunk_installation.splunk_home_path }}/etc/master-apps/{{ app_name }}/metadata/" 48 | when: vars['app_variable'].master_apps is defined" 49 | with_fileglob: master-apps/metadata/local.meta 50 | 51 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/tasks/copy_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Copy app to remote host 4 | copy: src="{{ splunk_repository.repository_root }}/apps/{{ app_name }}/{{ item.value.bundle }}" 5 | dest="/{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 6 | when: "item.value.install == true and 7 | item.value.bundle is defined" 8 | with_dict: "{{ vars['app_variable'] }} | app_default" 9 | 10 | - name: Clean existing app directory 11 | file: path="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 12 | state=absent 13 | when: "item.value.clean_install is defined and 14 | item.value.clean_install == true and 15 | item.value.bundle is defined" 16 | with_dict: "{{ vars['app_variable'] }} | app_default" 17 | 18 | - name: Unarchive app 19 | unarchive: src="{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 20 | dest="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}" 21 | copy=no 22 | when: "item.value.install == true and 23 | item.value.bundle is defined" 24 | with_dict: "{{ vars['app_variable'] }} | app_default" 25 | notify: 26 | - splunk reload deploy-server 27 | - splunk apply cluster-bundle 28 | - splunk apply shcluster-bundle 29 | 30 | - name: Remove temporary file 31 | file: path="{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 32 | state=absent 33 | when: "item.value.install == true and 34 | item.value.bundle is defined" 35 | with_dict: "{{ vars['app_variable'] }} | app_default" 36 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/tasks/git_checkout.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Clean existing app directory 3 | file: path="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 4 | state=absent 5 | when: "item.value.clean_install is defined and 6 | item.value.clean_install == true and 7 | item.value.git_repo is defined" 8 | with_dict: "{{ vars['app_variable'] }} | app_default" 9 | 10 | - name: Clone repository 11 | git: 12 | repo={{ item.value.git_repo }} 13 | dest="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 14 | version={{ item.value.git_version | default('HEAD') }} 15 | clone=yes 16 | update=no 17 | force=no 18 | when: "item.value.install == true and 19 | item.value.git_repo is defined" 20 | with_dict: "{{ vars['app_variable'] }} | app_default" 21 | notify: 22 | - splunk reload deploy-server 23 | - splunk apply cluster-bundle 24 | - splunk apply shcluster-bundle 25 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | - include: copy_app.yml 4 | - include: git_checkout.yml 5 | - include: configure_local.yml 6 | - include: remove_app.yml 7 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/tasks/remove_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Remove app 4 | file: path="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 5 | state=absent 6 | when: "{{ item.value.install }} is defined and 7 | {{ item.value.install }} == false" 8 | with_dict: "{{ vars['app_variable'] }} | app_default" 9 | notify: 10 | - splunk reload deploy-server 11 | - splunk apply cluster-bundle 12 | - splunk apply shcluster-bundle 13 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | app_name: Splunk_TA_nix 3 | app_variable: Splunk_TA_nix 4 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_windows/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_windows/tasks/configure_local.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure app files (local/*.conf) 4 | copy: src="{{ item }}" 5 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/{{ app_name }}/local/" 6 | when: vars['app_variable'].apps is defined 7 | with_fileglob: apps/local/*.conf 8 | 9 | - name: Configure deployment-app files (local/*.conf) 10 | copy: src="{{ item }}" 11 | dest="{{ splunk_installation.splunk_home_path }}/etc/deployment-apps/{{ app_name }}/local/" 12 | when: vars['app_variable'].deployment_apps is defined 13 | with_fileglob: deployment-apps/local/*.conf 14 | 15 | - name: Configure shcluster/apps files (local/*.conf) 16 | copy: src="{{ item }}" 17 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/{{ app_name }}/local/" 18 | when: vars['app_variable'].shcluster_apps is defined 19 | with_fileglob: shcluster/apps/local/*.conf 20 | 21 | - name: Configure master-apps files (local/*.conf) 22 | copy: src="{{ item }}" 23 | dest="{{ splunk_installation.splunk_home_path }}/etc/master-apps/{{ app_name }}/local/" 24 | when: vars['app_variable'].master_apps is defined 25 | with_fileglob: master-apps/local/*.conf 26 | 27 | - name: Configure app permission file (metadata/local.meta) 28 | copy: src="{{ item }}" 29 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/{{ app_name }}/metadata/" 30 | when: vars['app_variable'].apps is defined 31 | with_fileglob: apps/metadata/local.meta 32 | 33 | - name: Configure deployment-app permission file (metadata/local.meta) 34 | copy: src="{{ item }}" 35 | dest="{{ splunk_installation.splunk_home_path }}/etc/deployment-apps/{{ app_name }}/metadata/" 36 | when: vars['app_variable'].deployment_apps is defined 37 | with_fileglob: deployment-apps/metadata/local.meta 38 | 39 | - name: Configure shcluster/apps permission file (metadata/local.meta) 40 | copy: src="{{ item }}" 41 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/{{ app_name }}/metadata/" 42 | when: vars['app_variable'].shcluster_apps is defined" 43 | with_fileglob: shcluster/apps/metadata/local.meta 44 | 45 | - name: Configure master-apps permission file (metadata/local.meta) 46 | copy: src="{{ item }}" 47 | dest="{{ splunk_installation.splunk_home_path }}/etc/master-apps/{{ app_name }}/metadata/" 48 | when: vars['app_variable'].master_apps is defined" 49 | with_fileglob: master-apps/metadata/local.meta 50 | 51 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_windows/tasks/copy_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Copy app to remote host 4 | copy: src="{{ splunk_repository.repository_root }}/apps/{{ app_name }}/{{ item.value.bundle }}" 5 | dest="/{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 6 | when: "item.value.install == true and 7 | item.value.bundle is defined" 8 | with_dict: "{{ vars['app_variable'] }} | app_default" 9 | 10 | - name: Clean existing app directory 11 | file: path="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 12 | state=absent 13 | when: "item.value.clean_install is defined and 14 | item.value.clean_install == true and 15 | item.value.bundle is defined" 16 | with_dict: "{{ vars['app_variable'] }} | app_default" 17 | 18 | - name: Unarchive app 19 | unarchive: src="{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 20 | dest="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}" 21 | copy=no 22 | when: "item.value.install == true and 23 | item.value.bundle is defined" 24 | with_dict: "{{ vars['app_variable'] }} | app_default" 25 | notify: 26 | - splunk reload deploy-server 27 | - splunk apply cluster-bundle 28 | - splunk apply shcluster-bundle 29 | 30 | - name: Remove temporary file 31 | file: path="{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 32 | state=absent 33 | when: "item.value.install == true and 34 | item.value.bundle is defined" 35 | with_dict: "{{ vars['app_variable'] }} | app_default" 36 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_windows/tasks/git_checkout.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Clean existing app directory 3 | file: path="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 4 | state=absent 5 | when: "item.value.clean_install is defined and 6 | item.value.clean_install == true and 7 | item.value.git_repo is defined" 8 | with_dict: "{{ vars['app_variable'] }} | app_default" 9 | 10 | - name: Clone repository 11 | git: 12 | repo={{ item.value.git_repo }} 13 | dest="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 14 | version={{ item.value.git_version | default('HEAD') }} 15 | clone=yes 16 | update=no 17 | force=no 18 | when: "item.value.install == true and 19 | item.value.git_repo is defined" 20 | with_dict: "{{ vars['app_variable'] }} | app_default" 21 | notify: 22 | - splunk reload deploy-server 23 | - splunk apply cluster-bundle 24 | - splunk apply shcluster-bundle 25 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_windows/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | - include: copy_app.yml 4 | - include: git_checkout.yml 5 | - include: configure_local.yml 6 | - include: remove_app.yml 7 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_windows/tasks/remove_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Remove app 4 | file: path="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 5 | state=absent 6 | when: "{{ item.value.install }} is defined and 7 | {{ item.value.install }} == false" 8 | with_dict: "{{ vars['app_variable'] }} | app_default" 9 | notify: 10 | - splunk reload deploy-server 11 | - splunk apply cluster-bundle 12 | - splunk apply shcluster-bundle 13 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_windows/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | app_name: Splunk_TA_windows 3 | app_variable: Splunk_TA_windows 4 | -------------------------------------------------------------------------------- /roles/apps/app.template/files/README: -------------------------------------------------------------------------------- 1 | Placeholder 2 | -------------------------------------------------------------------------------- /roles/apps/app.template/files/apps/local/README: -------------------------------------------------------------------------------- 1 | Placeholder 2 | -------------------------------------------------------------------------------- /roles/apps/app.template/files/apps/metadata/README: -------------------------------------------------------------------------------- 1 | Placeholder 2 | -------------------------------------------------------------------------------- /roles/apps/app.template/files/deployment-apps/local/README: -------------------------------------------------------------------------------- 1 | Placeholder 2 | -------------------------------------------------------------------------------- /roles/apps/app.template/files/deployment-apps/metadata/README: -------------------------------------------------------------------------------- 1 | Placeholder 2 | -------------------------------------------------------------------------------- /roles/apps/app.template/files/master-apps/local/README: -------------------------------------------------------------------------------- 1 | Placeholder 2 | -------------------------------------------------------------------------------- /roles/apps/app.template/files/master-apps/metadata/README: -------------------------------------------------------------------------------- 1 | Placeholder 2 | -------------------------------------------------------------------------------- /roles/apps/app.template/files/shcluster/apps/local/README: -------------------------------------------------------------------------------- 1 | Placeholder 2 | -------------------------------------------------------------------------------- /roles/apps/app.template/files/shcluster/apps/metadata/README: -------------------------------------------------------------------------------- 1 | Placeholder 2 | -------------------------------------------------------------------------------- /roles/apps/app.template/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/apps/app.template/tasks/configure_local.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure app files (local/*.conf) 4 | copy: src="{{ item }}" 5 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/{{ app_name }}/local/" 6 | when: vars['app_variable'].apps is defined 7 | with_fileglob: apps/local/*.conf 8 | 9 | - name: Configure deployment-app files (local/*.conf) 10 | copy: src="{{ item }}" 11 | dest="{{ splunk_installation.splunk_home_path }}/etc/deployment-apps/{{ app_name }}/local/" 12 | when: vars['app_variable'].deployment_apps is defined 13 | with_fileglob: deployment-apps/local/*.conf 14 | 15 | - name: Configure shcluster/apps files (local/*.conf) 16 | copy: src="{{ item }}" 17 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/{{ app_name }}/local/" 18 | when: vars['app_variable'].shcluster_apps is defined 19 | with_fileglob: shcluster/apps/local/*.conf 20 | 21 | - name: Configure master-apps files (local/*.conf) 22 | copy: src="{{ item }}" 23 | dest="{{ splunk_installation.splunk_home_path }}/etc/master-apps/{{ app_name }}/local/" 24 | when: vars['app_variable'].master_apps is defined 25 | with_fileglob: master-apps/local/*.conf 26 | 27 | - name: Configure app permission file (metadata/local.meta) 28 | copy: src="{{ item }}" 29 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/{{ app_name }}/metadata/" 30 | when: vars['app_variable'].apps is defined 31 | with_fileglob: apps/metadata/local.meta 32 | 33 | - name: Configure deployment-app permission file (metadata/local.meta) 34 | copy: src="{{ item }}" 35 | dest="{{ splunk_installation.splunk_home_path }}/etc/deployment-apps/{{ app_name }}/metadata/" 36 | when: vars['app_variable'].deployment_apps is defined 37 | with_fileglob: deployment-apps/metadata/local.meta 38 | 39 | - name: Configure shcluster/apps permission file (metadata/local.meta) 40 | copy: src="{{ item }}" 41 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/{{ app_name }}/metadata/" 42 | when: vars['app_variable'].shcluster_apps is defined" 43 | with_fileglob: shcluster/apps/metadata/local.meta 44 | 45 | - name: Configure master-apps permission file (metadata/local.meta) 46 | copy: src="{{ item }}" 47 | dest="{{ splunk_installation.splunk_home_path }}/etc/master-apps/{{ app_name }}/metadata/" 48 | when: vars['app_variable'].master_apps is defined" 49 | with_fileglob: master-apps/metadata/local.meta 50 | 51 | -------------------------------------------------------------------------------- /roles/apps/app.template/tasks/copy_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Copy app to remote host 4 | copy: src="{{ splunk_repository.repository_root }}/apps/{{ app_name }}/{{ item.value.bundle }}" 5 | dest="/{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 6 | when: "item.value.install == true and 7 | item.value.bundle is defined" 8 | with_dict: "{{ vars['app_variable'] }} | app_default" 9 | 10 | - name: Clean existing app directory 11 | file: path="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 12 | state=absent 13 | when: "item.value.clean_install is defined and 14 | item.value.clean_install == true and 15 | item.value.bundle is defined" 16 | with_dict: "{{ vars['app_variable'] }} | app_default" 17 | 18 | - name: Unarchive app 19 | unarchive: src="{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 20 | dest="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}" 21 | copy=no 22 | when: "item.value.install == true and 23 | item.value.bundle is defined" 24 | with_dict: "{{ vars['app_variable'] }} | app_default" 25 | notify: 26 | - splunk reload deploy-server 27 | - splunk apply cluster-bundle 28 | - splunk apply shcluster-bundle 29 | 30 | - name: Remove temporary file 31 | file: path="{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 32 | state=absent 33 | when: "item.value.install == true and 34 | item.value.bundle is defined" 35 | with_dict: "{{ vars['app_variable'] }} | app_default" 36 | -------------------------------------------------------------------------------- /roles/apps/app.template/tasks/git_checkout.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Clean existing app directory 3 | file: path="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 4 | state=absent 5 | when: "item.value.clean_install is defined and 6 | item.value.clean_install == true and 7 | item.value.git_repo is defined" 8 | with_dict: "{{ vars['app_variable'] }} | app_default" 9 | 10 | - name: Clone repository 11 | git: 12 | repo={{ item.value.git_repo }} 13 | dest="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 14 | version={{ item.value.git_version | default('HEAD') }} 15 | clone=yes 16 | update=no 17 | force=no 18 | when: "item.value.install == true and 19 | item.value.git_repo is defined" 20 | with_dict: "{{ vars['app_variable'] }} | app_default" 21 | notify: 22 | - splunk reload deploy-server 23 | - splunk apply cluster-bundle 24 | - splunk apply shcluster-bundle 25 | -------------------------------------------------------------------------------- /roles/apps/app.template/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | - include: copy_app.yml 4 | - include: git_checkout.yml 5 | - include: configure_local.yml 6 | - include: remove_app.yml 7 | -------------------------------------------------------------------------------- /roles/apps/app.template/tasks/remove_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Remove app 4 | file: path="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 5 | state=absent 6 | when: "{{ item.value.install }} is defined and 7 | {{ item.value.install }} == false" 8 | with_dict: "{{ vars['app_variable'] }} | app_default" 9 | notify: 10 | - splunk reload deploy-server 11 | - splunk apply cluster-bundle 12 | - splunk apply shcluster-bundle 13 | -------------------------------------------------------------------------------- /roles/apps/app.template/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Change to app name 3 | app_name: app.template 4 | # Change to app variable name. Must not contain dashes (-). Must be the same variable as defined in group_vars for app. This is due to variable name restrictions. 5 | app_variable: app.template 6 | -------------------------------------------------------------------------------- /roles/apps/app.template/vars/main.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | app_name: {{ app_name }} 3 | app_variable: {{ app_variable }} 4 | -------------------------------------------------------------------------------- /roles/apps/splunk_app_db_connect/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/apps/splunk_app_db_connect/tasks/configure_local.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure app files (local/*.conf) 4 | copy: src="{{ item }}" 5 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/{{ app_name }}/local/" 6 | when: vars['app_variable'].apps is defined 7 | with_fileglob: apps/local/*.conf 8 | 9 | - name: Configure deployment-app files (local/*.conf) 10 | copy: src="{{ item }}" 11 | dest="{{ splunk_installation.splunk_home_path }}/etc/deployment-apps/{{ app_name }}/local/" 12 | when: vars['app_variable'].deployment_apps is defined 13 | with_fileglob: deployment-apps/local/*.conf 14 | 15 | - name: Configure shcluster/apps files (local/*.conf) 16 | copy: src="{{ item }}" 17 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/{{ app_name }}/local/" 18 | when: vars['app_variable'].shcluster_apps is defined 19 | with_fileglob: shcluster/apps/local/*.conf 20 | 21 | - name: Configure master-apps files (local/*.conf) 22 | copy: src="{{ item }}" 23 | dest="{{ splunk_installation.splunk_home_path }}/etc/master-apps/{{ app_name }}/local/" 24 | when: vars['app_variable'].master_apps is defined 25 | with_fileglob: master-apps/local/*.conf 26 | 27 | - name: Configure app permission file (metadata/local.meta) 28 | copy: src="{{ item }}" 29 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/{{ app_name }}/metadata/" 30 | when: vars['app_variable'].apps is defined 31 | with_fileglob: apps/metadata/local.meta 32 | 33 | - name: Configure deployment-app permission file (metadata/local.meta) 34 | copy: src="{{ item }}" 35 | dest="{{ splunk_installation.splunk_home_path }}/etc/deployment-apps/{{ app_name }}/metadata/" 36 | when: vars['app_variable'].deployment_apps is defined 37 | with_fileglob: deployment-apps/metadata/local.meta 38 | 39 | - name: Configure shcluster/apps permission file (metadata/local.meta) 40 | copy: src="{{ item }}" 41 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/{{ app_name }}/metadata/" 42 | when: vars['app_variable'].shcluster_apps is defined" 43 | with_fileglob: shcluster/apps/metadata/local.meta 44 | 45 | - name: Configure master-apps permission file (metadata/local.meta) 46 | copy: src="{{ item }}" 47 | dest="{{ splunk_installation.splunk_home_path }}/etc/master-apps/{{ app_name }}/metadata/" 48 | when: vars['app_variable'].master_apps is defined" 49 | with_fileglob: master-apps/metadata/local.meta 50 | 51 | -------------------------------------------------------------------------------- /roles/apps/splunk_app_db_connect/tasks/copy_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Copy app to remote host 4 | copy: src="{{ splunk_repository.repository_root }}/apps/{{ app_name }}/{{ item.value.bundle }}" 5 | dest="/{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 6 | when: "item.value.install == true and 7 | item.value.bundle is defined" 8 | with_dict: "{{ vars['app_variable'] }} | app_default" 9 | 10 | - name: Clean existing app directory 11 | file: path="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 12 | state=absent 13 | when: "item.value.clean_install is defined and 14 | item.value.clean_install == true and 15 | item.value.bundle is defined" 16 | with_dict: "{{ vars['app_variable'] }} | app_default" 17 | 18 | - name: Unarchive app 19 | unarchive: src="{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 20 | dest="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}" 21 | copy=no 22 | when: "item.value.install == true and 23 | item.value.bundle is defined" 24 | with_dict: "{{ vars['app_variable'] }} | app_default" 25 | notify: 26 | - splunk reload deploy-server 27 | - splunk apply cluster-bundle 28 | - splunk apply shcluster-bundle 29 | 30 | - name: Remove temporary file 31 | file: path="{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 32 | state=absent 33 | when: "item.value.install == true and 34 | item.value.bundle is defined" 35 | with_dict: "{{ vars['app_variable'] }} | app_default" 36 | -------------------------------------------------------------------------------- /roles/apps/splunk_app_db_connect/tasks/git_checkout.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Clean existing app directory 3 | file: path="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 4 | state=absent 5 | when: "item.value.clean_install is defined and 6 | item.value.clean_install == true and 7 | item.value.git_repo is defined" 8 | with_dict: "{{ vars['app_variable'] }} | app_default" 9 | 10 | - name: Clone repository 11 | git: 12 | repo={{ item.value.git_repo }} 13 | dest="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 14 | version={{ item.value.git_version | default('HEAD') }} 15 | clone=yes 16 | update=no 17 | force=no 18 | when: "item.value.install == true and 19 | item.value.git_repo is defined" 20 | with_dict: "{{ vars['app_variable'] }} | app_default" 21 | notify: 22 | - splunk reload deploy-server 23 | - splunk apply cluster-bundle 24 | - splunk apply shcluster-bundle 25 | -------------------------------------------------------------------------------- /roles/apps/splunk_app_db_connect/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | - include: copy_app.yml 4 | - include: git_checkout.yml 5 | - include: configure_local.yml 6 | - include: remove_app.yml 7 | -------------------------------------------------------------------------------- /roles/apps/splunk_app_db_connect/tasks/remove_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Remove app 4 | file: path="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 5 | state=absent 6 | when: "{{ item.value.install }} is defined and 7 | {{ item.value.install }} == false" 8 | with_dict: "{{ vars['app_variable'] }} | app_default" 9 | notify: 10 | - splunk reload deploy-server 11 | - splunk apply cluster-bundle 12 | - splunk apply shcluster-bundle 13 | -------------------------------------------------------------------------------- /roles/apps/splunk_app_db_connect/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | app_name: splunk_app_db_connect 3 | app_variable: splunk_app_db_connect 4 | -------------------------------------------------------------------------------- /roles/checks/tasks/check_splunk_version.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Check for Splunk version 6.X 4 | find: 5 | paths: "{{ splunk_installation.splunk_home_path }}/" 6 | patterns: "splunk-6.*manifest" 7 | register: splunkv6 8 | 9 | - name: Check for Splunk version 7.X 10 | find: 11 | paths: "{{ splunk_installation.splunk_home_path }}/" 12 | patterns: "splunk-7.*manifest" 13 | register: splunkv7 -------------------------------------------------------------------------------- /roles/checks/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include check_splunk_version.yml -------------------------------------------------------------------------------- /roles/checks/templates/etc/auth/splunk.secret.j2: -------------------------------------------------------------------------------- 1 | {{ splunk_installation.splunk_secret }} 2 | -------------------------------------------------------------------------------- /roles/common/handlers/splunkd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: splunk start 3 | shell: "{{ splunk_installation.splunk_home_path }}/bin/splunk start" 4 | when: 5 | - splunk_start is defined 6 | - splunk_start 7 | 8 | - name: splunk stop 9 | shell: "{{ splunk_installation.splunk_home_path }}/bin/splunk stop" 10 | when: 11 | - splunk_stop is defined 12 | - splunk_stop 13 | 14 | - name: splunk restart 15 | shell: "{{ splunk_installation.splunk_home_path }}/bin/splunk restart" 16 | when: 17 | - splunk_restart is defined 18 | - splunk_restart 19 | 20 | - name: splunk reload deploy-server 21 | shell: "{{ splunk_installation.splunk_home_path }}/bin/splunk reload deploy-server -auth {{ splunk_user }}:{{ splunk_password }}" 22 | when: 23 | - splunk_reload_deploy_server is defined 24 | - splunk_reload_deploy_server 25 | - inventory_hostname in groups['deploymentserver'] 26 | 27 | - name: splunk apply cluster-bundle 28 | shell: "{{ splunk_installation.splunk_home_path }}/bin/splunk apply cluster-bundle --answer-yes -auth {{ splunk_user }}:{{ splunk_password }}" 29 | when: 30 | - splunk_apply_cluster_bundle is defined 31 | - splunk_apply_cluster_bundle 32 | - inventory_hostname in groups['masternode'] 33 | 34 | - name: splunk apply shcluster-bundle 35 | shell: "{{ splunk_installation.splunk_home_path }}/bin/splunk apply shcluster-bundle -target https://{{ groups['shcmember'][0] }}:8089 --answer-yes -auth {{ splunk_user }}:{{ splunk_password }}" 36 | when: 37 | - splunk_apply_shcluster_bundle is defined 38 | - splunk_apply_shcluster_bundle 39 | - inventory_hostname in groups['deployer'] 40 | -------------------------------------------------------------------------------- /roles/common/templates/deploy_apps.yml.j2: -------------------------------------------------------------------------------- 1 | - name: Deploy Apps 2 | hosts: "*:!repository" 3 | user: splunk 4 | 5 | vars_prompt: 6 | - name: "splunk_user" 7 | prompt: "Splunk Admin User" 8 | private: no 9 | - name: "splunk_password" 10 | prompt: "Splunk Password" 11 | private: yes 12 | 13 | roles: 14 | {{ app_roles.stdout_lines | app_role_list | to_nice_yaml | indent(4, true) }} 15 | -------------------------------------------------------------------------------- /roles/conf/distsearch/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/distributedSearch/disabled.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk distsearch.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [distributedSearch] 8 | ##################################################################################################################### 9 | 10 | # disabled 11 | 12 | - name: "Configure distsearch.conf [distributedSearch] - disabled state=present" 13 | ini_file: dest="{{ splunk_conf_path }}/distsearch.conf" 14 | section=distributedSearch 15 | option=disabled 16 | value={{ splunk_distsearch_conf.distributedSearch.disabled }} 17 | state=present 18 | when: 19 | - splunk_distsearch_conf.distributedSearch is defined 20 | - splunk_distsearch_conf.distributedSearch.disabled is defined 21 | - splunk_distsearch_conf.distributedSearch.disabled == true 22 | notify: splunk restart 23 | 24 | - name: "Configure distsearch.conf [distributedSearch] - disabled state=absent (default)" 25 | ini_file: dest="{{ splunk_conf_path }}/distsearch.conf" 26 | section=distributedSearch 27 | option=disabled 28 | state=absent 29 | when: splunk_distsearch_conf.distributedSearch is undefined or 30 | splunk_distsearch_conf.distributedSearch.disabled is undefined or 31 | splunk_distsearch_conf.distributedSearch.disabled == false 32 | notify: splunk restart 33 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/distributedSearch/server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk distsearch.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [distributedSearch] 8 | ##################################################################################################################### 9 | 10 | # server 11 | 12 | - name: "Configure distsearch.conf [distributedSearch] - server state=present" 13 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 14 | section=distributedSearch 15 | option=servers 16 | value="{{ splunk_distsearch_conf.distributedSearch.servers | create_distsearch_servers }}" 17 | state=present 18 | when: splunk_distsearch_conf.distributedSearch.servers is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure distsearch.conf [distributedSearch] - server state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 23 | section=distributedSearch 24 | option=server 25 | state=absent 26 | when: splunk_distsearch_conf.distributedSearch.servers is undefined 27 | notify: splunk restart 28 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: touch.yml 3 | - include: distributedSearch/disabled.yml 4 | - include: distributedSearch/server.yml 5 | 6 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/touch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk distsearch.conf 4 | ##################################################################################################################### 5 | 6 | # touch 7 | 8 | - name: "Touch distsearch.conf" 9 | file: path={{ splunk_conf_path }}/distsearch.conf 10 | owner=splunk 11 | group=splunk 12 | mode=600 13 | state=touch 14 | changed_when: false 15 | 16 | -------------------------------------------------------------------------------- /roles/conf/inputs/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/conf/inputs/tasks/SSL/password.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk inputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [SSL] 8 | ##################################################################################################################### 9 | 10 | # password 11 | 12 | - name: "Configure inputs.conf [SSL] - set password" 13 | ini_file: dest="{{ splunk_conf_path }}/inputs.conf" 14 | section=SSL 15 | option=password 16 | value={{ splunk_inputs_conf.SSL.password }} 17 | state=present 18 | when: 19 | - splunk_inputs_conf.SSL is defined 20 | - splunk_inputs_conf.SSL.password is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure inputs.conf [SSL] - unset password (default)" 24 | ini_file: dest="{{ splunk_conf_path }}/inputs.conf" 25 | section=SSL 26 | option=password 27 | state=absent 28 | when: splunk_inputs_conf.SSL is undefined or 29 | splunk_inputs_conf.SSL.password is undefined 30 | notify: splunk restart 31 | -------------------------------------------------------------------------------- /roles/conf/inputs/tasks/SSL/rootCA.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk inputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [SSL] 8 | ##################################################################################################################### 9 | 10 | # rootCA 11 | 12 | - name: "Configure inputs.conf: Set rootCA" 13 | ini_file: dest="{{ splunk_conf_path }}/inputs.conf" 14 | section=SSL 15 | option=rootCA 16 | value={{ splunk_inputs_conf.SSL.rootCA }} 17 | state=present 18 | when: 19 | - splunk_inputs_conf.SSL is defined 20 | - splunk_inputs_conf.SSL.rootCA is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure inputs.conf: Unset rootCA (default)" 24 | ini_file: dest="{{ splunk_conf_path }}/inputs.conf" 25 | section=SSL 26 | option=rootCA 27 | state=absent 28 | when: splunk_inputs_conf.SSL is undefined or 29 | splunk_inputs_conf.SSL.rootCA is undefined 30 | notify: splunk restart 31 | -------------------------------------------------------------------------------- /roles/conf/inputs/tasks/SSL/serverCert.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk inputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [SSL] 8 | ##################################################################################################################### 9 | 10 | # serverCert 11 | 12 | - name: "Configure inputs.conf: Set serverCert" 13 | ini_file: dest="{{ splunk_conf_path }}/inputs.conf" 14 | section=SSL 15 | option=serverCert 16 | value={{ splunk_inputs_conf.SSL.serverCert }} 17 | state=present 18 | when: 19 | - splunk_inputs_conf.SSL is defined 20 | - splunk_inputs_conf.SSL.serverCert is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure inputs.conf: Unset serverCert (default)" 24 | ini_file: dest="{{ splunk_conf_path }}/inputs.conf" 25 | section=SSL 26 | option=serverCert 27 | state=absent 28 | when: splunk_inputs_conf.SSL is undefined or 29 | splunk_inputs_conf.SSL.serverCert is undefined 30 | notify: splunk restart 31 | -------------------------------------------------------------------------------- /roles/conf/inputs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: splunktcp/port.yml 3 | - include: splunktcp-ssl/port.yml 4 | - include: SSL/password.yml 5 | - include: SSL/rootCA.yml 6 | - include: SSL/serverCert.yml 7 | -------------------------------------------------------------------------------- /roles/conf/inputs/tasks/splunktcp-ssl/port.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk inputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [splunktcp-ssl:] 8 | ##################################################################################################################### 9 | 10 | - name: "Configure inputs.conf [splunktcp-ssl:] - splunktcp-ssl state=present" 11 | lineinfile: dest="{{ splunk_conf_path }}/inputs.conf" 12 | line="[splunktcp-ssl://{{ splunk_inputs_conf.splunktcp_ssl.port }}]" 13 | state=present 14 | when: 15 | - splunk_inputs_conf.splunktcp_ssl is defined 16 | - splunk_inputs_conf.splunktcp_ssl.port is defined 17 | notify: splunk restart 18 | 19 | - name: "Configure inputs.conf [splunktcp-ssl:] - splunktcp-ssl state=absent (default)" 20 | replace: dest="{{ splunk_conf_path }}/inputs.conf" 21 | regexp='\[splunktcp-ssl:\d+\]\n' 22 | replace='' 23 | when: splunk_inputs_conf.splunktcp_ssl is undefined or 24 | splunk_inputs_conf.splunktcp_ssl.port is undefined 25 | notify: splunk restart 26 | -------------------------------------------------------------------------------- /roles/conf/inputs/tasks/splunktcp/port.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk inputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [splunktcp:] 8 | ##################################################################################################################### 9 | 10 | - name: "Configure inputs.conf [splunktcp:] - splunktcp state=present" 11 | lineinfile: dest="{{ splunk_conf_path }}/inputs.conf" 12 | line="[splunktcp://{{ splunk_inputs_conf.splunktcp.port }}]" 13 | state=present 14 | when: 15 | - splunk_inputs_conf.splunktcp is defined 16 | - splunk_inputs_conf.splunktcp.port is defined 17 | notify: splunk restart 18 | 19 | - name: "Configure inputs.conf [splunktcp:] - splunktcp state=absent (default)" 20 | replace: dest="{{ splunk_conf_path }}/inputs.conf" 21 | regexp='\[splunktcp:\d+\]\n' 22 | replace='' 23 | when: splunk_inputs_conf.splunktcp is undefined or 24 | splunk_inputs_conf.splunktcp.port is undefined 25 | notify: splunk restart 26 | -------------------------------------------------------------------------------- /roles/conf/outputs/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/indexer_discovery/master_uri.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [indexer_discovery] 8 | ##################################################################################################################### 9 | 10 | # master_uri 11 | 12 | - name: "Configure outputs.conf [indexer_discovery] - master_uri state=present (dynamic)" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=indexer_discovery:{{ item.key }} 15 | option=master_uri 16 | value="https://{{ groups['masternode'][0] }}:8089" 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.indexer_discovery }}" 19 | when: 20 | - splunk_outputs_conf.indexer_discovery is defined 21 | - splunk_outputs_conf.indexer_discovery.{{ item.key }}.master_uri is defined 22 | - splunk_outputs_conf.indexer_discovery.{{ item.key }}.master_uri == 'dynamic' 23 | notify: splunk restart 24 | ignore_errors: True 25 | 26 | - name: "Configure outputs.conf [indexer_discovery] - master_uri state=present (static)" 27 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 28 | section=indexer_discovery:{{ item.key }} 29 | option=master_uri 30 | value={{ item.value.master_uri }} 31 | state=present 32 | with_dict: "{{ splunk_outputs_conf.indexer_discovery }}" 33 | when: 34 | - splunk_outputs_conf.indexer_discovery is defined 35 | - splunk_outputs_conf.indexer_discovery.{{ item.key }}.master_uri is defined 36 | - splunk_outputs_conf.indexer_discovery.{{ item.key }}.master_uri != "dynamic" 37 | notify: splunk restart 38 | 39 | - name: "Configure outputs.conf [indexer_discovery] - master_uri state=absent (default)" 40 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 41 | section=indexer_discovery:{{ item.key }} 42 | option=master_uri 43 | state=absent 44 | with_dict: "{{ splunk_outputs_conf.indexer_discovery }}" 45 | when: splunk_outputs_conf.indexer_discovery is undefined or 46 | splunk_outputs_conf.indexer_discovery.{{ item.key }}.master_uri is undefined 47 | notify: splunk restart 48 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/indexer_discovery/pass4SymmKey.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [indexer_discovery] 8 | ##################################################################################################################### 9 | 10 | # pass4SymmKey 11 | 12 | - name: "Configure outputs.conf [indexer_discovery] - pass4SymmKey state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=indexer_discovery:{{ item.key }} 15 | option=pass4SymmKey 16 | value={{ item.value.pass4SymmKey }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.indexer_discovery }}" 19 | when: 20 | - splunk_outputs_conf.indexer_discovery is defined 21 | - splunk_outputs_conf.indexer_discovery.{{ item.key }}.pass4SymmKey is defined 22 | notify: splunk restart 23 | 24 | - name: "Configure outputs.conf [indexer_discovery] - pass4SymmKey state=absent (default)" 25 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 26 | section=indexer_discovery:{{ item.key }} 27 | option=pass4SymmKey 28 | state=absent 29 | with_dict: "{{ splunk_outputs_conf.indexer_discovery }}" 30 | when: splunk_outputs_conf.indexer_discovery is undefined or 31 | splunk_outputs_conf.indexer_discovery.{{ item.key }}.pass4SymmKey is undefined 32 | notify: splunk restart 33 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../checks/tasks/check_splunk_version.yml 3 | - include: touch.yml 4 | - include: tcpout/defaultGroup.yml 5 | - include: tcpout_target_group/forceTimebasedAutoLB.yml #7.1 -> not neccessary 6 | when: splunkv7.matched is not defined 7 | - include: tcpout_target_group/indexerDiscovery.yml 8 | when: splunk_outputs_conf.indexer_discovery.{{ item.key }}.master_uri is defined 9 | - include: tcpout_target_group/server.yml 10 | - include: tcpout_target_group/sslCertPath.yml 11 | - include: tcpout_target_group/sslPassword.yml 12 | - include: tcpout_target_group/sslRootCAPath.yml 13 | - include: tcpout_target_group/sslVerifyServerCert.yml 14 | - include: tcpout_target_group/useAck.yml 15 | - include: indexer_discovery/pass4SymmKey.yml 16 | - include: indexer_discovery/master_uri.yml -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout/defaultGroup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout] 8 | ##################################################################################################################### 9 | 10 | # defaultGroup 11 | 12 | - name: "Configure outputs.conf [tcpout] - defaultGroup state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout 15 | option=defaultGroup 16 | value={{ splunk_outputs_conf.tcpout.defaultGroup }} 17 | state=present 18 | when: 19 | - splunk_outputs_conf.tcpout is defined 20 | - splunk_outputs_conf.tcpout.defaultGroup is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure outputs.conf [tcpout] - defaultGroup state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 25 | section=tcpout 26 | option=defaultGroup 27 | state=absent 28 | when: splunk_outputs_conf.tcpout is undefined or 29 | splunk_outputs_conf.tcpout.defaultGroup is undefined 30 | notify: splunk restart 31 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout_target_group/forceTimebasedAutoLB.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout:] 8 | ##################################################################################################################### 9 | 10 | # forceTimebasedAutoLB 11 | 12 | - name: "Configure outputs.conf [tcpout:] - forceTimebasedAutoLB state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout:{{ item.key }} 15 | option=forceTimebasedAutoLB 16 | value={{ item.value.forceTimebasedAutoLB }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 19 | when: 20 | - splunk_outputs_conf.tcpout is defined 21 | - splunk_outputs_conf.tcpout.target_group is defined 22 | - splunk_outputs_conf.tcpout.target_group.{{ item.key }}.forceTimebasedAutoLB is defined and 23 | - splunk_outputs_conf.tcpout.target_group.{{ item.key }}.forceTimebasedAutoLB == true 24 | notify: splunk restart 25 | 26 | - name: "Configure outputs.conf [tcpout:] - forceTimebasedAutoLB (default) state=absent" 27 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 28 | section=tcpout:{{ item.key }} 29 | option=forceTimebasedAutoLB 30 | state=absent 31 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 32 | when: splunk_outputs_conf.tcpout is undefined or 33 | splunk_outputs_conf.tcpout.target_group is undefined or 34 | splunk_outputs_conf.tcpout.target_group.{{ item.key }}.forceTimebasedAutoLB is undefined 35 | notify: splunk restart 36 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout_target_group/indexerDiscovery.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout:] 8 | ##################################################################################################################### 9 | 10 | # tcpout:target_group 11 | 12 | - name: "Configure outputs.conf [tcpout:] - tcpout:target_group state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout:{{ item.key }} 15 | option=indexerDiscovery 16 | value={{ item.value.indexerDiscovery }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 19 | when: 20 | - splunk_outputs_conf.tcpout is defined 21 | - splunk_outputs_conf.tcpout.target_group is defined 22 | - splunk_outputs_conf.tcpout.target_group.{{ item.key }}.indexerDiscovery is defined 23 | notify: splunk restart 24 | 25 | - name: "Configure outputs.conf [tcpout:] - tcpout:target_group state=absent (default)" 26 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 27 | section=tcpout:{{ item.key }} 28 | option=indexerDiscovery 29 | state=absent 30 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 31 | when: splunk_outputs_conf.tcpout is undefined or 32 | splunk_outputs_conf.tcpout.target_group is undefined or 33 | splunk_outputs_conf.tcpout.target_group.{{ item.key }}.indexerDiscovery is undefined 34 | notify: splunk restart 35 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout_target_group/server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout:] 8 | ##################################################################################################################### 9 | 10 | # tcpout:target_group server 11 | 12 | - name: "Configure outputs.conf [tcpout:] - server state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout:{{ item.key }} 15 | option=server 16 | value="{{ item.value.server | join(",") }}" 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 19 | when: 20 | - splunk_outputs_conf.tcpout is defined 21 | - splunk_outputs_conf.tcpout.target_group is defined 22 | - splunk_outputs_conf.tcpout.target_group.{{ item.key }}.server is defined 23 | notify: splunk restart 24 | 25 | - name: "Configure outputs.conf [tcpout:] - server state=absent (default)" 26 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 27 | section=tcpout:{{ item.key }} 28 | option=server 29 | state=absent 30 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 31 | when: splunk_outputs_conf.tcpout is undefined or 32 | splunk_outputs_conf.tcpout.target_group is undefined or 33 | splunk_outputs_conf.tcpout.target_group.{{ item.key }}.server is undefined 34 | notify: splunk restart 35 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout_target_group/sslCertPath.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout:] 8 | ##################################################################################################################### 9 | 10 | # sslCertPath 11 | 12 | - name: "Configure outputs.conf [tcpout:] - sslCertPath state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout:{{ item.key }} 15 | option=sslCertPath 16 | value={{ item.value.sslCertPath }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 19 | when: 20 | - splunk_outputs_conf.tcpout is defined 21 | - splunk_outputs_conf.tcpout.target_group is defined 22 | - splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslCertPath is defined 23 | notify: splunk restart 24 | 25 | - name: "Configure outputs.conf [tcpout:] - sslCertPath state=absent (default)" 26 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 27 | section=tcpout:{{ item.key }} 28 | option=sslCertPath 29 | state=absent 30 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 31 | when: splunk_outputs_conf.tcpout is undefined or 32 | splunk_outputs_conf.tcpout.target_group is undefined or 33 | splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslCertPath is undefined 34 | notify: splunk restart 35 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout_target_group/sslPassword.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout:] 8 | ##################################################################################################################### 9 | 10 | # sslPassword 11 | 12 | - name: "Configure outputs.conf [tcpout:] - sslPassword state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout:{{ item.key }} 15 | option=sslPassword 16 | value={{ item.value.sslPassword }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 19 | when: 20 | - splunk_outputs_conf.tcpout is defined 21 | - splunk_outputs_conf.tcpout.target_group is defined 22 | - splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslPassword is defined 23 | notify: splunk restart 24 | 25 | - name: "Configure outputs.conf [tcpout:] - sslPassword state=absent (default)" 26 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 27 | section=tcpout:{{ item.key }} 28 | option=sslPassword 29 | state=absent 30 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 31 | when: splunk_outputs_conf.tcpout is undefined or 32 | splunk_outputs_conf.tcpout.target_group is undefined or 33 | splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslPassword is undefined 34 | notify: splunk restart 35 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout_target_group/sslRootCAPath.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout:] 8 | ##################################################################################################################### 9 | 10 | # sslRootCAPath 11 | 12 | - name: "Configure outputs.conf [tcpout:] - sslRootCAPath state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout:{{ item.key }} 15 | option=sslRootCAPath 16 | value={{ item.value.sslRootCAPath }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 19 | when: 20 | - splunk_outputs_conf.tcpout is defined 21 | - splunk_outputs_conf.tcpout.target_group is defined 22 | - splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslRootCAPath is defined 23 | notify: splunk restart 24 | 25 | - name: "Configure outputs.conf [tcpout:] - sslRootCAPath state=absent (default)" 26 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 27 | section=tcpout:{{ item.key }} 28 | option=sslRootCAPath 29 | state=absent 30 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 31 | when: splunk_outputs_conf.tcpout is undefined or 32 | splunk_outputs_conf.tcpout.target_group is undefined or 33 | splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslRootCAPath is undefined 34 | notify: splunk restart 35 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout_target_group/sslVerifyServerCert.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout:] 8 | ##################################################################################################################### 9 | 10 | # sslVerifyServerCert 11 | 12 | - name: "Configure outputs.conf [tcpout:] - sslVerifyServerCert state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout:{{ item.key }} 15 | option=sslVerifyServerCert 16 | value={{ item.value.sslVerifyServerCert }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 19 | when: 20 | - splunk_outputs_conf.tcpout is defined 21 | - splunk_outputs_conf.tcpout.target_group is defined 22 | - splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslVerifyServerCert is defined and 23 | splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslVerifyServerCert == true 24 | notify: splunk restart 25 | 26 | - name: "Configure outputs.conf [tcpout:] - sslVerifyServerCert state=absent (default)" 27 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 28 | section=tcpout:{{ item.key }} 29 | option=sslVerifyServerCert 30 | state=absent 31 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 32 | when: splunk_outputs_conf.tcpout is undefined or 33 | splunk_outputs_conf.tcpout.target_group is undefined or 34 | splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslVerifyServerCert is undefined or 35 | splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslVerifyServerCert != true 36 | notify: splunk restart 37 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout_target_group/useAck.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout:] 8 | ##################################################################################################################### 9 | 10 | # useAck 11 | 12 | - name: "Configure outputs.conf [tcpout:] - useACK state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout:{{ item.key }} 15 | option=useACK 16 | value={{ item.value.useACK }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 19 | when: 20 | - splunk_outputs_conf.tcpout is defined 21 | - splunk_outputs_conf.tcpout.target_group is defined 22 | - splunk_outputs_conf.tcpout.target_group.{{ item.key }}.useACK is defined 23 | - splunk_outputs_conf.tcpout.target_group.{{ item.key }}.useACK == true 24 | notify: splunk restart 25 | 26 | - name: "Configure outputs.conf [tcpout:] - useACK (default) state=absent" 27 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 28 | section=tcpout:{{ item.key }} 29 | option=useACK 30 | state=absent 31 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 32 | when: splunk_outputs_conf.tcpout is undefined or 33 | splunk_outputs_conf.tcpout.target_group is undefined or 34 | splunk_outputs_conf.tcpout.target_group.{{ item.key }}.useACK is undefined 35 | notify: splunk restart 36 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/touch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | # touch 7 | 8 | - name: "Touch outputs.conf" 9 | file: path={{ splunk_conf_path }}/outputs.conf 10 | owner=splunk 11 | group=splunk 12 | mode=600 13 | state=touch 14 | changed_when: false 15 | -------------------------------------------------------------------------------- /roles/conf/server/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/available_sites.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # available_sites 11 | 12 | - name: "Configure server.conf [clustering] - available_sites state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=available_sites 16 | value="{{ splunk_server_conf.clustering.available_sites }}" 17 | state=present 18 | when: 19 | - splunk_server_conf.clustering is defined 20 | - splunk_server_conf.clustering.available_sites is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [clustering] - available_sites state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section=clustering 26 | option=available_sites 27 | state=absent 28 | when: splunk_server_conf.clustering is undefined or 29 | splunk_server_conf.clustering.available_sites is undefined 30 | notify: splunk restart 31 | 32 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/cluster_label.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # cluster_label 11 | 12 | - name: "Configure server.conf [clustering] - cluster_label state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=cluster_label 16 | value={{ splunk_server_conf.clustering.cluster_label }} 17 | state=present 18 | when: 19 | - splunk_server_conf.clustering is defined 20 | - splunk_server_conf.clustering.cluster_label is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [clustering] - cluster_label state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section=clustering 26 | option=cluster_label 27 | state=absent 28 | when: splunk_server_conf.clustering is undefined or 29 | splunk_server_conf.clustering.cluster_label is undefined 30 | notify: splunk restart 31 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/master_uri.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # master_uri 11 | 12 | - name: "Configure server.conf [clustering] - master_uri state=present (dynamic)" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=master_uri 16 | value="https://{{ groups['masternode'][0] }}:8089" 17 | state=present 18 | when: 19 | - splunk_server_conf.clustering is defined 20 | - splunk_server_conf.clustering.master_uri is defined 21 | - splunk_server_conf.clustering.master_uri == "dynamic" 22 | notify: splunk restart 23 | 24 | - name: "Configure server.conf [clustering] - master_uri state=present (static)" 25 | ini_file: dest={{ splunk_conf_path }}/server.conf 26 | section=clustering 27 | option=master_uri 28 | value={{ splunk_server_conf.clustering.master_uri }} 29 | state=present 30 | when: 31 | - splunk_server_conf.clustering is defined 32 | - splunk_server_conf.clustering.master_uri is defined 33 | - splunk_server_conf.clustering.master_uri != "dynamic" 34 | notify: splunk restart 35 | 36 | - name: "Configure server.conf [clustering] - master_uri state=absent (default)" 37 | ini_file: dest={{ splunk_conf_path }}/server.conf 38 | section=clustering 39 | option=master_uri 40 | state=absent 41 | when: splunk_server_conf.clustering is undefined or 42 | splunk_server_conf.clustering.master_uri is undefined 43 | notify: splunk restart 44 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/mode.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # mode 11 | 12 | - name: "Configure server.conf [clustering] - mode state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=mode 16 | value={{ splunk_server_conf.clustering.mode }} 17 | state=present 18 | when: 19 | - splunk_server_conf.clustering is defined 20 | - splunk_server_conf.clustering.mode is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [clustering] - mode state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section=clustering 26 | option=mode 27 | state=absent 28 | when: splunk_server_conf.clustering is undefined or 29 | splunk_server_conf.clustering.mode is undefined or 30 | splunk_server_conf.clustering.mode == "disabled" 31 | notify: splunk restart 32 | 33 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/multisite.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # multisite 11 | 12 | - name: "Configure server.conf [clustering] - multisite state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=multisite 16 | value={{ splunk_server_conf.clustering.multisite }} 17 | state=present 18 | when: 19 | - splunk_server_conf.clustering is defined 20 | - splunk_server_conf.clustering.multisite is defined 21 | - splunk_server_conf.clustering.multisite == "true" 22 | notify: splunk restart 23 | 24 | - name: "Configure server.conf [clustering] - multisite state=absent (default)" 25 | ini_file: dest={{ splunk_conf_path }}/server.conf 26 | section=clustering 27 | option=multisite 28 | state=absent 29 | when: splunk_server_conf.clustering is undefined or 30 | splunk_server_conf.clustering.multisite is undefined 31 | notify: splunk restart 32 | 33 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/pass4SymmKey.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # pass4SymmKey 11 | 12 | - name: "Configure server.conf [clustering] - pass4SymmKey state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=pass4SymmKey 16 | value={{ splunk_server_conf.clustering.pass4SymmKey }} 17 | state=present 18 | when: 19 | - splunk_server_conf.clustering is defined 20 | - splunk_server_conf.clustering.pass4SymmKey is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [clustering] - pass4SymmKey state=absent" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section=clustering 26 | option=pass4SymmKey 27 | state=absent 28 | when: splunk_server_conf.clustering is undefined or 29 | splunk_server_conf.clustering.pass4SymmKey is undefined 30 | notify: splunk restart 31 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/replication_factor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # replication_factor 11 | 12 | - name: "Configure server.conf [clustering] - replication_factor state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=replication_factor 16 | value={{ splunk_server_conf.clustering.replication_factor }} 17 | state=present 18 | when: 19 | - splunk_server_conf.clustering is defined 20 | - splunk_server_conf.clustering.replication_factor is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [clustering] - replication_factor state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section=clustering 26 | option=replication_factor 27 | state=absent 28 | when: splunk_server_conf.clustering is undefined or 29 | splunk_server_conf.clustering.replication_factor is undefined or 30 | splunk_server_conf.clustering.replication_factor == 3 31 | notify: splunk restart -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/search_factor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # search_factor 11 | 12 | - name: "Configure server.conf [clustering] - search_factor state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=search_factor 16 | value={{ splunk_server_conf.clustering.search_factor }} 17 | state=present 18 | when: 19 | - splunk_server_conf.clustering is defined 20 | - splunk_server_conf.clustering.search_factor is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [clustering] - search_factor state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section=clustering 26 | option=search_factor 27 | state=absent 28 | when: splunk_server_conf.clustering is undefined or 29 | splunk_server_conf.clustering.search_factor is undefined or 30 | splunk_server_conf.clustering.search_factor == 2 31 | notify: splunk restart 32 | 33 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/site_replication_factor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # site_replication_factor 11 | 12 | - name: "Configure server.conf [clustering] - site_replication_factor state=present & defined" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=site_replication_factor 16 | value="{{ splunk_server_conf.clustering.site_replication_factor }}" 17 | state=present 18 | when: 19 | - splunk_server_conf.clustering is defined 20 | - splunk_server_conf.clustering.site_replication_factor is defined 21 | 22 | 23 | - name: "Configure server.conf [clustering] - site_replication_factor state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section=clustering 26 | option=site_replication_factor 27 | state=absent 28 | when: splunk_server_conf.clustering is undefined or 29 | splunk_server_conf.clustering.site_replication_factor is undefined or 30 | splunk_server_conf.clustering.site_replication_factor == "origin:2, total:3" 31 | notify: splunk restart 32 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/diskUsage/minFreeSpace.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [diskUsage] 8 | ##################################################################################################################### 9 | 10 | # minFreeSpace 11 | 12 | - name: "Configure server.conf [diskUsage] - minFreeSpace state=present (static)" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=diskUsage 15 | option=minFreeSpace 16 | value={{ splunk_server_conf.diskUsage.minFreeSpace }} 17 | state=present 18 | when: 19 | - splunk_server_conf.diskUsage is defined 20 | - splunk_server_conf.diskUsage.minFreeSpace is defined 21 | - splunk_server_conf.diskUsage.minFreeSpace != "5000" 22 | notify: splunk restart 23 | 24 | - name: "Configure server.conf [diskUsage] - minFreeSpace state=absent (default)" 25 | ini_file: dest={{ splunk_conf_path }}/server.conf 26 | section=diskUsage 27 | option=minFreeSpace 28 | state=absent 29 | when: splunk_server_conf.diskUsage is undefined or 30 | splunk_server_conf.diskUsage.minFreeSpace is undefined 31 | notify: splunk restart 32 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/general/parallelIngestionPipelines.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [general] 8 | ##################################################################################################################### 9 | 10 | # parallelIngestionPipelines 11 | 12 | - name: "Configure server.conf [general] - parallelIngestionPipelines state=present (static)" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=general 15 | option=parallelIngestionPipelines 16 | value={{ splunk_server_conf.general.parallelIngestionPipelines }} 17 | state=present 18 | when: 19 | - splunk_server_conf.general is defined 20 | - splunk_server_conf.general.parallelIngestionPipelines is defined 21 | - splunk_server_conf.general.parallelIngestionPipelines != "1" 22 | notify: splunk restart 23 | 24 | - name: "Configure server.conf [general] - parallelIngestionPipelines state=absent (default)" 25 | ini_file: dest={{ splunk_conf_path }}/server.conf 26 | section=general 27 | option=parallelIngestionPipelines 28 | state=absent 29 | when: splunk_server_conf.general is undefined or 30 | splunk_server_conf.general.parallelIngestionPipelines is undefined 31 | notify: splunk restart 32 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/general/pass4SymmKey.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [general] 8 | ##################################################################################################################### 9 | 10 | # pass4SymmKey 11 | 12 | - name: "Configure server.conf [general] - pass4SymmKey state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=general 15 | option=pass4SymmKey 16 | value={{ splunk_server_conf.general.pass4SymmKey }} 17 | state=present 18 | when: 19 | - splunk_server_conf.general is defined 20 | - splunk_server_conf.general.pass4SymmKey is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [general] - pass4SymmKey state=absent" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section=general 26 | option=pass4SymmKey 27 | state=absent 28 | when: splunk_server_conf.general is undefined or 29 | splunk_server_conf.general.pass4SymmKey is undefined 30 | notify: splunk restart 31 | 32 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/general/site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [general] 8 | ##################################################################################################################### 9 | 10 | # site 11 | 12 | - name: "Configure server.conf [general] - site state=present (dynamic)" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=general 15 | option=site 16 | value={{ hostvars[inventory_hostname].splunk_site }} 17 | state=present 18 | when: 19 | - splunk_server_conf.general is defined 20 | - splunk_server_conf.general.site is defined 21 | - splunk_server_conf.general.site == "dynamic" 22 | notify: splunk restart 23 | 24 | - name: "Configure server.conf [general] - site state=present (static)" 25 | ini_file: dest={{ splunk_conf_path }}/server.conf 26 | section=general 27 | option=site 28 | value={{ splunk_server_conf.general.site }} 29 | state=present 30 | when: 31 | - splunk_server_conf.general is defined 32 | - splunk_server_conf.general.site is defined 33 | - splunk_server_conf.general.site != "dynamic" 34 | notify: splunk restart 35 | 36 | - name: "Configure server.conf [general] - site state=absent (default)" 37 | ini_file: dest={{ splunk_conf_path }}/server.conf 38 | section=general 39 | option=site 40 | state=absent 41 | when: splunk_server_conf.general is undefined or 42 | splunk_server_conf.general.site is undefined 43 | notify: splunk restart 44 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/general/trustedIP.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [general] 8 | ##################################################################################################################### 9 | 10 | # trustedIP 11 | 12 | - name: "Configure server.conf [general] - trustedIP state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=general 15 | option=trustedIP 16 | value={{ splunk_server_conf.general.trustedIP }} 17 | state=present 18 | when: 19 | - splunk_server_conf.general is defined 20 | - splunk_server_conf.general.trustedIP is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [general] - site state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section=general 26 | option=trustedIP 27 | state=absent 28 | when: splunk_server_conf.general is undefined or 29 | splunk_server_conf.general.trustedIP is undefined 30 | notify: splunk restart 31 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/license/master_uri.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [license] 8 | ##################################################################################################################### 9 | 10 | # master 11 | 12 | - name: "Configure server.conf [license] - master_uri state=present (dynamic)" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=license 15 | option=master_uri 16 | value="https://{{ groups['licensemaster'][0] }}:8089" 17 | state=present 18 | when: 19 | - splunk_server_conf.license is defined 20 | - splunk_server_conf.license.master_uri is defined 21 | - splunk_server_conf.license.master_uri == "dynamic" 22 | notify: splunk restart 23 | 24 | - name: "Configure server.conf [license] - master_uri state=present (static)" 25 | ini_file: dest={{ splunk_conf_path }}/server.conf 26 | section=license 27 | option=master_uri 28 | value="{{ splunk_server_conf.license.master_uri }}" 29 | state=present 30 | when: 31 | - splunk_server_conf.license is defined 32 | - splunk_server_conf.license.master_uri is defined 33 | - splunk_server_conf.license.master_uri != "dynamic" 34 | notify: splunk restart 35 | 36 | - name: "Configure server.conf [license] - master_uri state=absent (default)" 37 | ini_file: dest={{ splunk_conf_path }}/server.conf 38 | section=license 39 | option=master_uri 40 | state=absent 41 | when: splunk_server_conf.license is undefined or 42 | splunk_server_conf.license.master_uri is undefined 43 | notify: splunk restart 44 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: touch.yml 3 | - include: clustering/available_sites.yml 4 | - include: clustering/cluster_label.yml 5 | - include: clustering/master_uri.yml 6 | - include: clustering/mode.yml 7 | - include: clustering/multisite.yml 8 | - include: clustering/replication_factor.yml 9 | - include: clustering/search_factor.yml 10 | - include: clustering/site_replication_factor.yml 11 | - include: clustering/pass4SymmKey.yml 12 | - include: diskUsage/minFreeSpace.yml 13 | - include: general/parallelIngestionPipelines.yml 14 | - include: general/pass4SymmKey.yml 15 | - include: general/site.yml 16 | - include: general/trustedIP.yml 17 | - include: license/master_uri.yml 18 | - include: replication_port/port.yml 19 | - include: replication_port-ssl/port.yml 20 | - include: replication_port-ssl/rootCA.yml 21 | - include: replication_port-ssl/serverCert.yml 22 | - include: replication_port-ssl/password.yml 23 | - include: shclustering/conf_deploy_fetch_url.yml 24 | - include: shclustering/election.yml 25 | - include: shclustering/id.yml 26 | - include: shclustering/mgmt_uri.yml 27 | - include: shclustering/pass4SymmKey.yml 28 | - include: shclustering/replication_factor.yml 29 | - include: shclustering/shcluster_label.yml 30 | - include: sslConfig/sslKeysfilePassword.yml 31 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/replication_port-ssl/password.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [replication_port-ssl:] 8 | ##################################################################################################################### 9 | 10 | # password 11 | 12 | - name: "Configure server.conf [replication_port-ssl:] - password state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section="replication_port-ssl://{{ splunk_server_conf.replication_port_ssl.port }}" 15 | option=password 16 | value={{ splunk_server_conf.replication_port_ssl.password }} 17 | state=present 18 | when: 19 | - splunk_server_conf.replication_port_ssl is defined 20 | - splunk_server_conf.replication_port_ssl.password is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [replication_port-ssl:] - password state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section="replication_port-ssl://{{ splunk_server_conf.replication_port_ssl.port }}" 26 | option=password 27 | state=absent 28 | when: 29 | - splunk_server_conf.replication_port_ssl is defined 30 | - splunk_server_conf.replication_port_ssl.password is undefined 31 | notify: splunk restart 32 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/replication_port-ssl/port.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [replication_port-ssl:] 8 | ##################################################################################################################### 9 | 10 | - name: "Configure server.conf [replication_port_ssl:] - replication_port_ssl state=present" 11 | ini_file: dest={{ splunk_conf_path }}/server.conf 12 | section="replication_port-ssl://{{ splunk_server_conf.replication_port_ssl.port }}" 13 | option=port 14 | allow_no_value=yes 15 | state=present 16 | when: 17 | - splunk_server_conf.replication_port_ssl is defined 18 | - splunk_server_conf.replication_port_ssl.port is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [replication_port-ssl:] - replication_port-ssl check presence" 22 | shell: grep 'replication_port-ssl:' {{ splunk_conf_path }}/server.conf | sed 's/\[replication_port-ssl:\/\/\(.*\)]/\1/' 23 | register: splunk_server_replication_port_ssl_port_inifile 24 | changed_when: false 25 | notify: splunk restart 26 | 27 | - name: "Configure server.conf [replication_port_ssl:] - replication_port_ssl state=absent (default)" 28 | ini_file: dest="{{ splunk_conf_path }}/server.conf" 29 | section="replication_port-ssl://{{ splunk_server_replication_port_ssl_port_inifile.stdout }}" 30 | state=absent 31 | when: 32 | - splunk_server_conf.replication_port_ssl is undefined 33 | - splunk_server_replication_port_ssl_port_inifile.stdout | length == 0 34 | notify: splunk restart -------------------------------------------------------------------------------- /roles/conf/server/tasks/replication_port-ssl/rootCA.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [replication_port-ssl:] 8 | ##################################################################################################################### 9 | 10 | # rootCA 11 | 12 | - name: "Configure server.conf [replication_port-ssl:] - rootCA state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section="replication_port-ssl://{{ splunk_server_conf.replication_port_ssl.port }}" 15 | option=rootCA 16 | value={{ splunk_server_conf.replication_port_ssl.rootCA }} 17 | state=present 18 | when: 19 | - splunk_server_conf.replication_port_ssl is defined 20 | - splunk_server_conf.replication_port_ssl.rootCA is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [replication_port-ssl:] - rootCA state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section="replication_port-ssl://{{ splunk_server_conf.replication_port_ssl.port }}" 26 | option=rootCA 27 | state=absent 28 | when: 29 | - splunk_server_conf.replication_port_ssl is defined 30 | - splunk_server_conf.replication_port_ssl.rootCA is undefined 31 | notify: splunk restart 32 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/replication_port-ssl/serverCert.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [replication_port-ssl:] 8 | ##################################################################################################################### 9 | 10 | # serverCert 11 | 12 | - name: "Configure server.conf [replication_port-ssl:] - serverCert state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section="replication_port-ssl://{{ splunk_server_conf.replication_port_ssl.port }}" 15 | option=serverCert 16 | value={{ splunk_server_conf.replication_port_ssl.serverCert }} 17 | state=present 18 | when: 19 | - splunk_server_conf.replication_port_ssl is defined 20 | - splunk_server_conf.replication_port_ssl.serverCert is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [replication_port-ssl:] - serverCert state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section="replication_port-ssl://{{ splunk_server_conf.replication_port_ssl.port }}" 26 | option=serverCert 27 | state=absent 28 | when: 29 | - splunk_server_conf.replication_port_ssl is defined 30 | - splunk_server_conf.replication_port_ssl.serverCert is undefined 31 | notify: splunk restart 32 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/replication_port/port.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [replication_port:] 8 | ##################################################################################################################### 9 | 10 | - name: "Configure server.conf [replication_port:] - replication_port state=present" 11 | ini_file: dest="{{ splunk_conf_path }}/server.conf" 12 | section="replication_port://{{ splunk_server_conf.replication_port.port }}" 13 | option=" " 14 | allow_no_value=yes 15 | state=present 16 | when: 17 | - splunk_server_conf.replication_port is defined 18 | - splunk_server_conf.replication_port.port is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [replication_port:] - replication_port check presence" 22 | shell: grep 'replication_port:' {{ splunk_conf_path }}/server.conf | sed 's/\[replication_port:\/\/\(.*\)]/\1/' 23 | register: splunk_server_replication_port_port_inifile 24 | changed_when: false 25 | notify: splunk restart 26 | 27 | - name: "Configure server.conf [replication_port:] - replication_port state=absent (default)" 28 | ini_file: dest="{{ splunk_conf_path }}/server.conf" 29 | section="replication_port://{{ splunk_server_replication_port_port_inifile.stdout }}" 30 | state=absent 31 | when: 32 | - splunk_server_conf.replication_port is undefined 33 | - splunk_server_replication_port_port_inifile | length == 0 34 | notify: splunk restart 35 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/shclustering/conf_deploy_fetch_url.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [shclustering] 8 | ##################################################################################################################### 9 | 10 | # conf_deploy_fetch_url 11 | 12 | - name: "Configure server.conf [shclustering] - shclustering conf_deploy_fetch_url state=present (dynamic)" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=shclustering 15 | option=conf_deploy_fetch_url 16 | value="https://{{ groups['deployer'][0] }}:8089" 17 | state=present 18 | when: 19 | - splunk_server_conf.shclustering is defined 20 | - splunk_server_conf.shclustering.conf_deploy_fetch_url is defined 21 | - splunk_server_conf.shclustering.conf_deploy_fetch_url == "dynamic" 22 | notify: splunk restart 23 | 24 | - name: "Configure server.conf [shclustering] - shclustering conf_deploy_fetch_url state=present (static)" 25 | ini_file: dest={{ splunk_conf_path }}/server.conf 26 | section=shclustering 27 | option=conf_deploy_fetch_url 28 | value={{ splunk_server_conf.shclustering.conf_deploy_fetch_url }} 29 | state=present 30 | when: 31 | - splunk_server_conf.shclustering is defined 32 | - splunk_server_conf.shclustering.conf_deploy_fetch_url is defined 33 | - splunk_server_conf.shclustering.conf_deploy_fetch_url != "dynamic" 34 | notify: splunk restart 35 | 36 | - name: "Configure server.conf [shclustering] - shclustering conf_deploy_fetch_url state=absent" 37 | ini_file: dest={{ splunk_conf_path }}/server.conf 38 | section=shclustering 39 | option=conf_deploy_fetch_url 40 | state=absent 41 | when: splunk_server_conf.shclustering is undefined or 42 | splunk_server_conf.shclustering.conf_deploy_fetch_url is undefined 43 | notify: splunk restart -------------------------------------------------------------------------------- /roles/conf/server/tasks/shclustering/election.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [shclustering] 8 | ##################################################################################################################### 9 | 10 | # election 11 | 12 | - name: "Configure server.conf [shclustering] - election state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=shclustering 15 | option=election 16 | value={{ splunk_server_conf.shclustering.election }} 17 | state=present 18 | when: 19 | - splunk_server_conf.shclustering is defined 20 | - splunk_server_conf.shclustering.election is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [shclustering] - election state=absent" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section=shclustering 26 | option=election 27 | state=absent 28 | when: splunk_server_conf.shclustering is undefined or 29 | splunk_server_conf.shclustering.election is undefined 30 | notify: splunk restart 31 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/shclustering/id.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [shclustering] 8 | ##################################################################################################################### 9 | 10 | # id 11 | 12 | - name: "Configure server.conf [shclustering] - id state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=shclustering 15 | option=id 16 | value={{ splunk_server_conf.shclustering.id }} 17 | state=present 18 | when: 19 | - splunk_server_conf.shclustering is defined 20 | - splunk_server_conf.shclustering.id is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [shclustering] - id state=absent" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section=shclustering 26 | option=id 27 | state=absent 28 | when: splunk_server_conf.shclustering is undefined or 29 | splunk_server_conf.shclustering.id is undefined 30 | notify: splunk restart 31 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/shclustering/mgmt_uri.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [shclustering] 8 | ##################################################################################################################### 9 | 10 | # mgmt_uri 11 | 12 | - name: "Configure server.conf [shclustering] - mgmt_uri state=present (dynamic)" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=shclustering 15 | option=mgmt_uri 16 | value="https://{{ inventory_hostname }}:8089" 17 | state=present 18 | when: 19 | - splunk_server_conf.shclustering is defined 20 | - splunk_server_conf.shclustering.mgmt_uri is defined 21 | - splunk_server_conf.shclustering.mgmt_uri == "dynamic" 22 | notify: splunk restart 23 | 24 | - name: "Configure server.conf [shclustering] - mgmt_uri state=present (static)" 25 | ini_file: dest={{ splunk_conf_path }}/server.conf 26 | section=shclustering 27 | option=mgmt_uri 28 | value={{ splunk_server_conf.shclustering.mgmt_uri }} 29 | state=present 30 | when: 31 | - splunk_server_conf.shclustering is defined 32 | - splunk_server_conf.shclustering.mgmt_uri is defined 33 | - splunk_server_conf.shclustering.mgmt_uri != "dynamic" 34 | notify: splunk restart 35 | 36 | - name: "Configure server.conf [shclustering] - mgmt_uri state=absent (default)" 37 | ini_file: dest={{ splunk_conf_path }}/server.conf 38 | section=shclustering 39 | option=master_uri 40 | state=absent 41 | when: splunk_server_conf.shclustering is undefined or 42 | splunk_server_conf.shclustering.mgmt_uri is undefined 43 | notify: splunk restart 44 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/shclustering/pass4SymmKey.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [shclustering] 8 | ##################################################################################################################### 9 | 10 | # pass4SymmKey 11 | 12 | - name: "Configure server.conf [shclustering] - pass4SymmKey state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=shclustering 15 | option=pass4SymmKey 16 | value={{ splunk_server_conf.shclustering.pass4SymmKey }} 17 | state=present 18 | when: 19 | - splunk_server_conf.shclustering is defined 20 | - splunk_server_conf.shclustering.pass4SymmKey is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [shclustering] - pass4SymmKey state=absent" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section=shclustering 26 | option=pass4SymmKey 27 | state=absent 28 | when: splunk_server_conf.shclustering is undefined or 29 | splunk_server_conf.shclustering.pass4SymmKey is undefined 30 | notify: splunk restart 31 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/shclustering/replication_factor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [shclustering] 8 | ##################################################################################################################### 9 | 10 | # replication_factor 11 | 12 | - name: "Configure server.conf [shclustering] - replication_factor state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=shclustering 15 | option=replication_factor 16 | value={{ splunk_server_conf.shclustering.replication_factor }} 17 | state=present 18 | when: 19 | - splunk_server_conf.shclustering is defined 20 | - splunk_server_conf.shclustering.replication_factor is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [shclustering] - replication_factor state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section=shclustering 26 | option=replication_factor 27 | state=absent 28 | when: splunk_server_conf.shclustering is undefined or 29 | splunk_server_conf.shclustering.replication_factor is undefined or 30 | splunk_server_conf.shclustering.replication_factor == 3 31 | notify: splunk restart 32 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/shclustering/shcluster_label.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [shclustering] 8 | ##################################################################################################################### 9 | 10 | # shcluster_label 11 | 12 | - name: "Configure server.conf [shclustering] - shcluster_label state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=shclustering 15 | option=shcluster_label 16 | value={{ splunk_server_conf.shclustering.shcluster_label }} 17 | state=present 18 | when: 19 | - splunk_server_conf.shclustering is defined 20 | - splunk_server_conf.shclustering.shcluster_label is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure server.conf [shclustering] - shcluster_label state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/server.conf 25 | section=shclustering 26 | option=shcluster_label 27 | state=absent 28 | when: splunk_server_conf.shclustering is undefined or 29 | splunk_server_conf.shclustering.shcluster_label is undefined 30 | notify: splunk restart 31 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/sslConfig/sslKeysfilePassword.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [sslConfig] 8 | ##################################################################################################################### 9 | 10 | # Modify for 7.1.2 -> sslPassword 11 | # sslPassword 12 | 13 | - name: "Configure server.conf [sslConfig] - sslPassword state=present" 14 | ini_file: dest={{ splunk_conf_path }}/server.conf 15 | section=sslConfig 16 | option=sslPassword 17 | value={{ splunk_server_conf.sslConfig.sslPassword }} 18 | state=present 19 | when: 20 | - splunk_server_conf.sslConfig is defined 21 | - splunk_server_conf.sslConfig.sslPassword is defined 22 | notify: splunk restart 23 | 24 | - name: "Configure server.conf [sslConfig] - sslPassword state=absent" 25 | ini_file: dest={{ splunk_conf_path }}/server.conf 26 | section=sslConfig 27 | option=sslPassword 28 | state=absent 29 | when: splunk_server_conf.sslConfig is undefined or 30 | splunk_server_conf.sslConfig.sslPassword is undefined 31 | notify: splunk restart 32 | 33 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/touch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | # touch 7 | 8 | - name: "Touch server.conf" 9 | file: path={{ splunk_conf_path }}/server.conf 10 | owner=splunk 11 | group=splunk 12 | mode=600 13 | state=touch 14 | changed_when: false 15 | -------------------------------------------------------------------------------- /roles/conf/web/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: touch.yml 3 | - include: settings/caCertPath.yml 4 | - include: settings/enableSplunkWebSSL.yml 5 | - include: settings/httpport.yml 6 | - include: settings/privKeyPath.yml 7 | - include: settings/startwebserver.yml 8 | - include: settings/updateCheckerBaseURL.yml 9 | 10 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/settings/caCertPath.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk web.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [settings] 8 | ##################################################################################################################### 9 | 10 | # caCertPath 11 | 12 | - name: "Configure web.conf [settings] - caCertPath state=present" 13 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 14 | section=settings 15 | option=caCertPath 16 | value={{ splunk_web_conf.settings.caCertPath }} 17 | state=present 18 | when: 19 | - splunk_web_conf.settings is defined 20 | - splunk_web_conf.settings.caCertPath is defined 21 | - splunk_web_conf.settings.caCertPath != "etc/auth/splunkweb/cert.pem" 22 | notify: splunk restart 23 | 24 | - name: "Configure web.conf [settings] - caCertPath state=absent (default)" 25 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 26 | section=settings 27 | option=caCertPath 28 | state=absent 29 | when: 30 | splunk_web_conf.settings is undefined or 31 | splunk_web_conf.settings.caCertPath is undefined or 32 | splunk_web_conf.settings.caCertPath == "etc/auth/splunkweb/cert.pem" 33 | notify: splunk restart 34 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/settings/enableSplunkWebSSL.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk web.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [settings] 8 | ##################################################################################################################### 9 | 10 | # enableSplunkWebSSL 11 | 12 | - name: "Configure web.conf [settings] - enableSplunkWebSSL state=present" 13 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 14 | section=settings option=enableSplunkWebSSL 15 | value={{ splunk_web_conf.settings.enableSplunkWebSSL }} 16 | state=present 17 | when: 18 | - splunk_web_conf.settings is defined 19 | - splunk_web_conf.settings.enableSplunkWebSSL is defined 20 | - splunk_web_conf.settings.enableSplunkWebSSL == true 21 | notify: splunk restart 22 | 23 | - name: "Configure web.conf [settings] - enableSplunkWebSSL state=absent (default)" 24 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 25 | section=settings 26 | option=enableSplunkWebSSL 27 | state=absent 28 | when: splunk_web_conf.settings is undefined or 29 | splunk_web_conf.settings.enableSplunkWebSSL is undefined or 30 | splunk_web_conf.settings.enableSplunkWebSSL == false 31 | notify: splunk restart 32 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/settings/httpport.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk web.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [settings] 8 | ##################################################################################################################### 9 | 10 | # httpport 11 | 12 | - name: "Configure web.conf [settings] - httpport state=present" 13 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 14 | section=settings 15 | option=httpport 16 | value={{ splunk_web_conf.settings.httpport }} 17 | state=present 18 | when: 19 | - splunk_web_conf.settings is defined 20 | - splunk_web_conf.settings.httpport is defined 21 | - splunk_web_conf.settings.httpport != 8000 22 | notify: splunk restart 23 | 24 | - name: Configure web.conf [settings] - httpport state=absent (default)" 25 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 26 | section=settings 27 | option=httpport 28 | state=absent 29 | ignore_errors: true 30 | when: splunk_web_conf.settings is undefined or 31 | splunk_web_conf.settings.httpport is undefined or 32 | splunk_web_conf.settings.httpport == "8000" 33 | notify: splunk restart -------------------------------------------------------------------------------- /roles/conf/web/tasks/settings/privKeyPath.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk web.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [settings] 8 | ##################################################################################################################### 9 | 10 | # privKeyPath 11 | 12 | - name: "Configure web.conf [settings] - privKeyPath state=present" 13 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 14 | section=settings 15 | option=privKeyPath 16 | value={{ splunk_web_conf.settings.privKeyPath }} 17 | state=present 18 | when: 19 | - splunk_web_conf.settings is defined 20 | - splunk_web_conf.settings.privKeyPath is defined 21 | - splunk_web_conf.settings.privKeyPath != "etc/auth/splunkweb/privkey.pem" 22 | notify: splunk restart 23 | 24 | - name: "Configure web.conf [settings] - privKeyPath state=absent (default)" 25 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 26 | section=settings 27 | option=privKeyPath 28 | state=absent 29 | when: splunk_web_conf.settings is undefined or 30 | splunk_web_conf.settings.privKeyPath is undefined or 31 | splunk_web_conf.settings.privKeyPath == "etc/auth/splunkweb/privkey.pem" 32 | notify: splunk restart 33 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/settings/startwebserver.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk web.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [settings] 8 | ##################################################################################################################### 9 | 10 | # startwebserver 11 | 12 | - name: "Configure web.conf [settings] - startwebserver state=present" 13 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 14 | section=settings 15 | option=startwebserver 16 | value={{ splunk_web_conf.settings.startwebserver }} 17 | when: 18 | - splunk_web_conf.settings is defined 19 | - splunk_web_conf.settings.startwebserver is defined 20 | - splunk_web_conf.settings.startwebserver == 0 21 | notify: splunk restart 22 | 23 | - name: "Configure web.conf [settings] - startwebserver state=absent (default)" 24 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 25 | section=settings 26 | option=startwebserver 27 | state=absent 28 | when: splunk_web_conf.settings is undefined or 29 | splunk_web_conf.settings.startwebserver is undefined or 30 | splunk_web_conf.settings.startwebserver == 1 31 | notify: splunk restart 32 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/settings/updateCheckerBaseURL.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk web.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [settings] 8 | ##################################################################################################################### 9 | 10 | # updateCheckerBaseURL 11 | 12 | - name: "Configure web.conf [settings] - updateCheckerBaseURL state=present" 13 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 14 | section=settings 15 | option=updateCheckerBaseURL 16 | value={{ splunk_web_conf.settings.updateCheckerBaseURL }} 17 | state=present 18 | when: 19 | - splunk_web_conf.settings is defined 20 | - splunk_web_conf.settings.updateCheckerBaseURL is defined 21 | - splunk_web_conf.settings.updateCheckerBaseURL != "http://quickdraw.Splunk.com/js/" 22 | notify: splunk restart 23 | 24 | - name: "Configure web.conf [settings] - unset updateCheckerBaseURL state=absent (default)" 25 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 26 | section=settings 27 | option=updateCheckerBaseURL 28 | state=absent 29 | when: splunk_web_conf.settings is undefined or 30 | splunk_web_conf.settings.updateCheckerBaseURL is undefined or 31 | splunk_web_conf.settings.updateCheckerBaseURL == "http://quickdraw.Splunk.com/js/" 32 | notify: splunk restart 33 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/touch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk web.conf 4 | ##################################################################################################################### 5 | 6 | # touch 7 | 8 | - name: "Touch web.conf" 9 | file: path={{ splunk_conf_path }}/web.conf 10 | owner=splunk 11 | group=splunk 12 | mode=600 13 | state=touch 14 | changed_when: false 15 | -------------------------------------------------------------------------------- /roles/group/licensemaster/tasks/copy_enterprise_license_keys.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Copy Enterprise License Keys 4 | ##################################################################################################################### 5 | 6 | - name: Create licenses/enterprise directory 7 | file: path="{{ splunk_installation.splunk_home_path }}/etc/licenses/enterprise" 8 | state=directory 9 | mode=700 10 | owner=splunk 11 | group=splunk 12 | 13 | - name: Copy Enterprise License Keys to Licensemaster 14 | local_action: "shell scp -r {{ splunk_repository.repository_root }}/licenses/enterprise/* splunk@{{ inventory_hostname }}:{{ splunk_installation.splunk_home_path }}/etc/licenses/enterprise" 15 | -------------------------------------------------------------------------------- /roles/group/licensemaster/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: copy_enterprise_license_keys.yml 3 | -------------------------------------------------------------------------------- /roles/group/searchhead/tasks/distribute_distsearch_trustedkey.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Distribute Keys for Distributed Search 4 | ##################################################################################################################### 5 | 6 | - name: Copy Keys for distributed search 7 | local_action: "shell scp -r {{ splunk_repository.repository_root }}/distServerKeys/{{ inventory_hostname_short }}* splunk@{{ item }}:{{ splunk_installation.splunk_home_path }}/etc/auth/distServerKeys" 8 | with_items: "{{ splunk_distsearch_conf.distributedSearch.servers | create_distsearch_serverlist }}" 9 | -------------------------------------------------------------------------------- /roles/group/searchhead/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: distribute_distsearch_trustedkey.yml 3 | -------------------------------------------------------------------------------- /roles/group/shcmember/tasks/bootstrap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Bootstrap shcluster 4 | ##################################################################################################################### 5 | 6 | - name: Run bootstrap shcluster-captain 7 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk bootstrap shcluster-captain -servers_list {{ groups['shcmember'] | create_shcluster_mgmt_uri_servers }} -auth admin:{{ splunk_installation.admin_password }}" 8 | run_once: true 9 | 10 | - name: Splunk restart 11 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk restart" -------------------------------------------------------------------------------- /roles/group/shcmember/tasks/init.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Init shcluster 4 | ##################################################################################################################### 5 | 6 | - name: Splunk start 7 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk start" 8 | 9 | - name: Run init shcluster-config 10 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk init shcluster-config -mgmt_uri https://{{ inventory_hostname }}:8089 -replication_port 9888 -shcluster_label {{ splunk_server_conf.shclustering.shcluster_label }} -auth admin:{{ splunk_installation.admin_password }}" 11 | 12 | - name: Splunk restart 13 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk restart" -------------------------------------------------------------------------------- /roles/group/shcmember/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: init.yml 3 | - include: bootstrap.yml 4 | -------------------------------------------------------------------------------- /roles/install/tasks/add_authorized_key.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Add authorized key to user splunk 4 | authorized_key: user="{{splunk_installation.splunk_user}}" 5 | key="{{ splunk_installation.ssh_public_key }}" 6 | when: splunk_installation.ssh_public_key is defined 7 | 8 | -------------------------------------------------------------------------------- /roles/install/tasks/change_default_password.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # - name: Check for Splunk version 6.X 4 | # find: 5 | # paths: "{{ splunk_installation.splunk_home_path }}/" 6 | # patterns: "splunk-6.*manifest" 7 | # register: splunkv6 8 | 9 | # - name: Check for Splunk version 7.X 10 | # find: 11 | # paths: "{{ splunk_installation.splunk_home_path }}/" 12 | # patterns: "splunk-7.*manifest" 13 | # register: splunkv7 14 | 15 | - name: Check if passwd file exists 16 | stat: path={{ splunk_installation.splunk_home_path }}/etc/passwd 17 | register: has_passwd_file 18 | 19 | - name: Change default password - Splunk 6.x 20 | shell: "{{ splunk_installation.splunk_home_path }}/bin/splunk edit user admin -password '{{ splunk_installation.admin_password }}' -auth admin:changeme --accept-license" 21 | when: 22 | - has_passwd_file.stat.exists == false 23 | - splunkv6.machted is defined 24 | 25 | - name: Set admin Password - Splunk 7.X with splunk start 26 | shell: "{{ splunk_installation.splunk_home_path }}/bin/splunk start --accept-license --answer-yes --no-prompt --seed-passwd {{ splunk_installation.admin_password }}" 27 | when: 28 | - has_passwd_file.stat.exists == false 29 | - splunkv7.matched is defined 30 | 31 | - name: Stop splunk after set admin Password 32 | shell: "{{splunk_installation.splunk_home_path}}/bin/splunk stop" 33 | when: 34 | - has_passwd_file.stat.exists == false 35 | - splunkv7.matched is defined 36 | -------------------------------------------------------------------------------- /roles/install/tasks/enable_boot_start_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Remove existing init.d script 4 | file: path=/etc/init.d/splunk 5 | state=absent 6 | 7 | 8 | - name: Enable Splunk boot-start 9 | shell: "{{ splunk_installation.splunk_home_path }}/bin/splunk enable boot-start -user splunk --answer-yes --accept-license" 10 | -------------------------------------------------------------------------------- /roles/install/tasks/fetch_distserverkeys.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Get serverName 4 | shell: "grep serverName {{ splunk_installation.splunk_home_path }}/etc/system/local/server.conf | cut -c14-" 5 | register: splunk_servername 6 | 7 | - name: Fetch distServerKeys from all Servers 8 | fetch: src="{{ splunk_installation.splunk_home_path }}/etc/auth//distServerKeys/trusted.pem" 9 | dest="{{ splunk_repository.repository_root }}/distServerKeys/{{ splunk_servername.stdout }}/trusted.pem" 10 | flat=yes 11 | fail_on_missing=yes 12 | -------------------------------------------------------------------------------- /roles/install/tasks/firewalld_open_splunkports.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Open splunkd port on firewalld 4 | firewalld: port="{{ item }}" 5 | permanent=true 6 | state=enabled 7 | when: splunk_installation.firewalld_open_port is defined 8 | with_items: splunk_installation.firewalld_open_port | default() 9 | -------------------------------------------------------------------------------- /roles/install/tasks/install_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Copy Splunk package 4 | copy: src="{{ splunk_repository.repository_root }}/packages/{{ splunk_installation.package_file }}" 5 | dest="/{{ splunk_installation.remote_package_temp_path }}/{{ splunk_installation.package_file }}" 6 | mode=600 7 | 8 | - name: Install Splunk package from rpm 9 | yum: name="{{ splunk_installation.remote_package_temp_path }}/{{ splunk_installation.package_file }}" 10 | state=present 11 | when: splunk_installation.package_format == "rpm" 12 | 13 | - name: Install Splunk package from tgz 14 | unarchive: src="{{ splunk_installation.remote_package_temp_path }}/{{ splunk_installation.package_file }}" 15 | dest=/opt 16 | copy=no 17 | when: splunk_installation.package_format == "tgz" 18 | 19 | - name: Remove Splunk package 20 | command: rm "{{ splunk_installation.remote_package_temp_path }}/{{ splunk_installation.package_file }}" 21 | when: splunk_installation.delete_package_after_install != false 22 | 23 | - name: Set permissions for $SPLUNK_HOME 24 | file: path="{{ splunk_installation.splunk_home_path }}" 25 | owner="{{splunk_installation.splunk_user}}" 26 | group="{{splunk_installation.splunk_user}}" 27 | recurse=yes 28 | when: splunk_installation.package_format == "tgz" 29 | -------------------------------------------------------------------------------- /roles/install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: install_splunk.yml 3 | become: yes 4 | become_user: root 5 | 6 | - include: set_splunk_secret.yml 7 | - include: ../../checks/tasks/check_splunk_version.yml 8 | - include: change_default_password.yml 9 | - include: enable_boot_start_splunk.yml 10 | become: yes 11 | become_user: root 12 | 13 | - include: add_authorized_key.yml 14 | - include: firewalld_open_splunkports.yml 15 | - include: splunk_ftb.yml 16 | - include: fetch_distserverkeys.yml 17 | -------------------------------------------------------------------------------- /roles/install/tasks/set_splunk_secret.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Create common splunk.secret 4 | template: src=etc/auth/splunk.secret.j2 5 | dest={{ splunk_installation.splunk_home_path }}/etc/auth/splunk.secret 6 | 7 | - name: Set permissions for splunk.secret 8 | file: path={{ splunk_installation.splunk_home_path }}/etc/auth/splunk.secret 9 | owner="{{splunk_installation.splunk_user}}" 10 | group="{{splunk_installation.splunk_user}}" 11 | mode=0400 12 | 13 | -------------------------------------------------------------------------------- /roles/install/tasks/splunk_ftb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: First Time Boot Splunk 4 | service: name=splunk 5 | state=started 6 | become: yes 7 | 8 | - name: Stop Splunk 9 | service: name=splunk 10 | state=stopped 11 | become: yes -------------------------------------------------------------------------------- /roles/install/templates/etc/auth/splunk.secret.j2: -------------------------------------------------------------------------------- 1 | {{ splunk_installation.splunk_secret }} 2 | -------------------------------------------------------------------------------- /test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Network Getting Started First Playbook 4 | connection: network_cli 5 | hosts: all 6 | tasks: 7 | 8 | - name: Get config for VyOS devices 9 | vyos_facts: 10 | gather_subset: all 11 | 12 | - name: Display the config 13 | debug: 14 | msg: "The hostname is {{ ansible_net_hostname }} and the OS is {{ ansible_net_version }}" 15 | --------------------------------------------------------------------------------