├── .gitignore ├── LICENSE-keepalived.md ├── README.md ├── README ├── spec │ ├── app.spec │ ├── authentication.conf.spec │ ├── distsearch_conf.spec │ ├── inputs_conf.spec │ ├── outputs_conf.spec │ ├── server_conf.spec │ ├── splunk_configuration.spec │ ├── splunk_installation.spec │ ├── splunk_packages.spec │ ├── splunk_repository.spec │ └── web_conf.spec └── templates │ └── group_vars │ ├── all │ ├── README │ ├── splunk_configuration │ ├── splunk_installation │ ├── splunk_packages │ └── splunk_repository │ ├── cluster │ ├── README │ └── splunk_configuration │ ├── deployer │ ├── README │ ├── Splunk_TA_nix │ ├── Splunk_TA_windows │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── deploymentserver │ ├── README │ ├── Splunk_TA_nix │ ├── Splunk_TA_windows │ ├── apps │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── dmc │ ├── README │ ├── distsearch.conf │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── heavyforwarder │ ├── README │ ├── Splunk_TA_nix │ ├── Splunk_TA_windows │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── indexer │ ├── inputs.conf │ ├── server.conf │ └── web.conf │ ├── licensemaster │ ├── README │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── masternode │ ├── README │ ├── Splunk_TA_nix │ ├── Splunk_TA_windows │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── peernode │ ├── README │ ├── inputs.conf │ ├── server.conf │ └── web.conf │ ├── searchhead │ ├── README │ ├── apps │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── searchpeer │ ├── README │ ├── inputs.conf │ ├── server.conf │ └── web.conf │ ├── shcluster │ ├── README │ └── splunk_configuration │ ├── shcmember │ ├── README │ ├── outputs.conf │ ├── server.conf │ └── web.conf │ ├── site0 │ ├── README │ └── splunk_configuration │ ├── site1 │ ├── README │ └── splunk_configuration │ └── site2 │ ├── README │ └── splunk_configuration ├── configure_auth.yml ├── configure_deployer.yml ├── configure_deploymentserver.yml ├── configure_disks.yml ├── configure_dmc.yml ├── configure_firewall.yml ├── configure_heavyforwarder.yml ├── configure_hf_ha.yml ├── configure_indexes.yml ├── configure_licensemaster.yml ├── configure_linux.yml ├── configure_masternode.yml ├── configure_peernode.yml ├── configure_repository.yml ├── configure_searchhead.yml ├── configure_searchpeer.yml ├── configure_shcmember.yml ├── deploy_apps.yml ├── download_splunk.yml ├── filter_plugins ├── app_default.py ├── create_distsearch_serverlist.py ├── create_distsearch_servers.py └── create_shcluster_mgmt_uri_servers.py ├── group_vars ├── all │ └── README ├── cluster │ └── README ├── deployer │ └── README ├── deploymentserver │ └── README ├── dmc │ └── README ├── heavyforwarder │ └── README ├── licensemaster │ └── README ├── masternode │ └── README ├── peernode │ └── README ├── searchhead │ └── README ├── searchpeer │ └── README ├── shcluster │ └── README ├── shcmember │ └── README ├── site0 │ └── README ├── site1 │ └── README └── site2 │ └── README ├── hosts.template ├── hosts_production.template ├── install_box_addon.yml ├── install_cisco_asa_app.yml ├── install_citrix_addon.yml ├── install_dbx.yml ├── install_dca_tools_app.yml ├── install_duo_addon.yml ├── install_iis_app.yml ├── install_infosec_app.yml ├── install_nessus_addon.yml ├── install_shcmember.yml ├── install_splunk.yml ├── install_upgrade_readiness_app.yml ├── install_windows_addon.yml ├── migrate_lm.yml ├── roles ├── apps │ ├── Splunk_TA_nix │ │ ├── files │ │ │ ├── apps │ │ │ │ └── local │ │ │ │ │ └── inputs.conf.template │ │ │ ├── deployment-apps │ │ │ │ └── local │ │ │ │ │ └── inputs.conf.template │ │ │ └── shcluster │ │ │ │ └── apps │ │ │ │ └── local │ │ │ │ └── inputs.conf.template │ │ ├── tasks │ │ │ ├── configure_local.yml │ │ │ ├── copy_app.yml │ │ │ ├── main.yml │ │ │ └── remove_app.yml │ │ └── vars │ │ │ └── main.yml │ ├── Splunk_TA_windows │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── box_addon │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── cleanup_deployer.yml │ │ │ ├── copy_addon.yml │ │ │ └── main.yml │ ├── cisco_asa_app │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── cleanup_deployer.yml │ │ │ ├── copy_addon.yml │ │ │ └── main.yml │ ├── citrix_ns_addon │ │ └── tasks │ │ │ ├── cleanup_deployer.yml │ │ │ ├── cleanup_masternode.yml │ │ │ ├── cluster_push.yml │ │ │ ├── copy_addon.yml │ │ │ ├── main.yml │ │ │ └── shcluster_push.yml │ ├── db_connect │ │ ├── files │ │ │ ├── db_connections.conf │ │ │ ├── db_inputs.conf │ │ │ ├── dbx_settings.conf │ │ │ └── identities.conf │ │ └── tasks │ │ │ ├── conf_addon.yml │ │ │ ├── copy_addon.yml │ │ │ ├── copy_driver.yml │ │ │ └── main.yml │ ├── dca_tools │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── duo_addon │ │ └── tasks │ │ │ ├── cluster_push.yml │ │ │ ├── copy_addon.yml │ │ │ ├── main.yml │ │ │ └── shcluster_push.yml │ ├── iis_app │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── cleanup_deployer.yml │ │ │ ├── cleanup_masternode.yml │ │ │ ├── cluster_push.yml │ │ │ ├── copy_addon.yml │ │ │ └── main.yml │ ├── infosec_app │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── cleanup_deployer.yml │ │ │ ├── copy_addons.yml │ │ │ └── main.yml │ ├── ipfix_addon │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── cleanup_deployer.yml │ │ │ ├── copy_addon.yml │ │ │ └── main.yml │ ├── nessus_addon │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── cleanup_deployer.yml │ │ │ ├── copy_addon.yml │ │ │ ├── main.yml │ │ │ └── saved_searches.yml │ └── upgrade_readiness_app │ │ ├── handlers │ │ └── main.yml │ │ └── tasks │ │ └── main.yml ├── common │ └── handlers │ │ └── splunkd.yml ├── conf │ ├── alert_actions │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── hostname.yml │ │ │ ├── main.yml │ │ │ └── touch.yml │ ├── authentication │ │ └── tasks │ │ │ ├── auth.yml │ │ │ ├── main.yml │ │ │ ├── rolemaps.yml │ │ │ ├── strategies.yml │ │ │ └── touch.yml │ ├── authorize │ │ ├── tasks │ │ │ ├── main.yml │ │ │ ├── touch.yml │ │ │ └── user_roles.yml │ │ └── templates │ │ │ └── authorize.conf.j2 │ ├── distsearch │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── distributedSearch │ │ │ ├── cluster.yml │ │ │ ├── clustermaster.yml │ │ │ ├── deployer.yml │ │ │ ├── deploymentserver.yml │ │ │ ├── disabled.yml │ │ │ ├── licensemaster.yml │ │ │ ├── peernode.yml │ │ │ ├── searchhead.yml │ │ │ ├── server.yml │ │ │ └── shcmember.yml │ │ │ ├── main.yml │ │ │ └── touch.yml │ ├── fw │ │ └── tasks │ │ │ └── main.yml │ ├── ha │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── keepalived.conf.j2 │ ├── indexes │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ ├── cluster_indexes.conf.j2 │ │ │ ├── cluster_system_indexes.conf.j2 │ │ │ └── indexes.conf.j2 │ ├── inputs │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── SSL │ │ │ ├── password.yml │ │ │ ├── rootCA.yml │ │ │ └── serverCert.yml │ │ │ ├── main.yml │ │ │ ├── splunktcp │ │ │ └── port.yml │ │ │ └── splunktcpssl │ │ │ └── port.yml │ ├── outputs │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── indexAndForward.yml │ │ │ ├── indexer_discovery │ │ │ ├── master_uri.yml │ │ │ └── pass4SymmKey.yml │ │ │ ├── main.yml │ │ │ ├── tcpout │ │ │ ├── defaultGroup.yml │ │ │ └── indexAndForward.yml │ │ │ ├── tcpout:target_group │ │ │ ├── indexerDiscovery.yml │ │ │ ├── server.yml │ │ │ ├── sslCertPath.yml │ │ │ ├── sslPassword.yml │ │ │ ├── sslRootCAPath.yml │ │ │ ├── sslVerifyServerCert.yml │ │ │ └── useAck.yml │ │ │ └── touch.yml │ ├── server │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── clustering │ │ │ ├── available_sites.yml │ │ │ ├── cluster_label.yml │ │ │ ├── master_uri.yml │ │ │ ├── mode.yml │ │ │ ├── multisite.yml │ │ │ ├── pass4SymmKey.yml │ │ │ ├── replication_factor.yml │ │ │ ├── search_factor.yml │ │ │ └── site_replication_factor.yml │ │ │ ├── diskUsage │ │ │ └── minFreeSpace.yml │ │ │ ├── general │ │ │ ├── pass4SymmKey.yml │ │ │ ├── site.yml │ │ │ └── trustedIP.yml │ │ │ ├── license │ │ │ └── master_uri.yml │ │ │ ├── main.yml │ │ │ ├── replication_port-ssl │ │ │ ├── password.yml │ │ │ ├── port.yml │ │ │ ├── rootCA.yml │ │ │ └── serverCert.yml │ │ │ ├── replication_port │ │ │ └── port.yml │ │ │ ├── shclustering │ │ │ ├── conf_deploy_fetch_url.yml │ │ │ ├── conf_replication_include.yml │ │ │ ├── election.yml │ │ │ ├── enable.yml │ │ │ ├── id.yml │ │ │ ├── mgmt_uri.yml │ │ │ ├── pass4SymmKey.yml │ │ │ ├── replication_factor.yml │ │ │ └── shcluster_label.yml │ │ │ ├── sslConfig │ │ │ └── sslKeysfilePassword.yml │ │ │ └── touch.yml │ └── web │ │ ├── handlers │ │ └── main.yml │ │ └── tasks │ │ ├── cert.yml │ │ ├── main.yml │ │ ├── settings │ │ ├── enableSplunkWebSSL.yml │ │ ├── httpport.yml │ │ ├── privKeyPath.yml │ │ ├── rproxy.yml │ │ ├── serverCert.yml │ │ ├── startwebserver.yml │ │ └── updateCheckerBaseURL.yml │ │ └── touch.yml ├── group │ ├── licensemaster │ │ └── tasks │ │ │ ├── copy_enterprise_license_keys.yml │ │ │ ├── distsearch.yml │ │ │ ├── main.yml │ │ │ └── touch.yml │ ├── searchhead │ │ └── tasks │ │ │ ├── distribute_distsearch_trustedkey.yml │ │ │ └── main.yml │ └── shcmember │ │ ├── handlers │ │ └── main.yml │ │ ├── tasks │ │ ├── bootstrap.yml │ │ ├── conf_httpd.yml │ │ ├── copy_ssl.yml │ │ ├── init.yml │ │ ├── install_apt_pkgs.yml │ │ ├── install_yum_pkgs.yml │ │ ├── main.yml │ │ └── restart_shcmember.yml │ │ └── templates │ │ └── 000-default.conf.j2 ├── install │ ├── tasks │ │ ├── add_authorized_key.yml │ │ ├── change_default_password.yml │ │ ├── enable_boot_start_splunk.yml │ │ ├── fetch_distserverkeys.yml │ │ ├── install_splunk.yml │ │ ├── main.yml │ │ ├── set_splunk_secret.yml │ │ └── splunk_ftb.yml │ └── templates │ │ └── etc │ │ └── auth │ │ └── splunk.secret.j2 ├── migration │ ├── lm │ │ └── tasks │ │ │ └── main.yml │ └── symmkey │ │ └── tasks │ │ └── main.yml ├── overrides │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── overrides.conf.j2 ├── upgrade_master │ └── tasks │ │ └── main.yml └── upgrade_peers │ └── tasks │ └── main.yml └── upgrade_splunk.yml /.gitignore: -------------------------------------------------------------------------------- 1 | !group_vars/ 2 | group_vars/* 3 | !group_vars/*/ 4 | group_vars/*/* 5 | group_vars/.git 6 | !group_vars/*/README 7 | *.pyc 8 | -------------------------------------------------------------------------------- /README/spec/app.spec: -------------------------------------------------------------------------------- 1 | ############################################ 2 | # 3 | # Possible values for apps 4 | # 5 | ############################################ 6 | 7 | 8 | * Application Name (Path name) 9 | 10 | [apps|deployment_apps|master_apps|shcluster_apps]: 11 | * Installation destination 12 | * Note: Underscore instead of dash/slash needed due to YAML Syntax 13 | 14 | install: 15 | * Should the app be installed. 16 | * Used to uninstall app 17 | 18 | clean_install: 19 | * Should the app directory be purged before (re-)installation 20 | 21 | bundle: 22 | * The file that contains the app (tar.gz/spl) 23 | * File must reside unter splunk_repository.repository_root// 24 | 25 | 26 | ... 27 | -------------------------------------------------------------------------------- /README/spec/authentication.conf.spec: -------------------------------------------------------------------------------- 1 | # authentication.conf spec 2 | 3 | splunk_auth_conf: 4 | strategies: 5 | test_server: 6 | SSLEnabled: 1 7 | anonymous_referrals: 1 8 | bindDN: "cn=splunk_bind_user,ou=service_users,ou=dept,dc=domain,dc=tld" 9 | bindDNpassword: password 10 | charset: utf8 11 | emailAttribute: mail 12 | groupBaseDN: "ou=groups,ou=dept,dc=domain,dc=tld" 13 | groupMappingAttribute: dn 14 | groupMemberAttribute: member 15 | groupNameAttribute: cn 16 | host: ldap.domain.tld 17 | nestedGroups: 0 18 | network_timeout: 20 19 | port: 636 20 | realNameAttribute: displayname 21 | sizelimit: 1000 22 | timelimit: 15 23 | userBaseDN: "ou=users,ou=dept,dc=domain,dc=tld" 24 | userNameAttribute: samaccountname 25 | 26 | auth: 27 | authSettings: test_server 28 | authType: LDAP 29 | 30 | rolemaps: 31 | - strategy: test_server 32 | role: admin 33 | group: some_ldap_group 34 | - strategy: test_server 35 | role: user 36 | group: some_other_group 37 | 38 | -------------------------------------------------------------------------------- /README/spec/distsearch_conf.spec: -------------------------------------------------------------------------------- 1 | ############################################ 2 | # 3 | # Possible values for conf/distsearch role 4 | # 5 | # Follows Splunk distsearch.conf.spec closely 6 | # 7 | ############################################ 8 | 9 | splunk_distsearch_conf: 10 | distributedSearch: 11 | disabled: [True | False] 12 | * Defaults to false 13 | server: 14 | - "{{ groups[''] }}" 15 | - "{{ groups[''] }}" 16 | - ... 17 | - "{{ groups[''] }}" 18 | * List of inventory groups used for distributed search 19 | -------------------------------------------------------------------------------- /README/spec/inputs_conf.spec: -------------------------------------------------------------------------------- 1 | ############################################ 2 | # 3 | # Possible values for conf/inputs role 4 | # 5 | # Follows Splunk inputs.conf.spec closely 6 | # 7 | ############################################ 8 | 9 | splunk_inputs_conf: 10 | splunktcp: 11 | port: 12 | 13 | splunktcp_ssl: 14 | port: 15 | 16 | SSL: 17 | rootCA: 18 | * Certificate authority list 19 | * Autogenerated file under $SPLUNK_HOME/etc/auth/cacert.pem 20 | 21 | serverCert: 22 | * Full path to the server certificate. 23 | * Autogenerated file under $SPLUNK_HOME/etc/auth/server.pem 24 | 25 | password: 26 | * Encrypted password 27 | -------------------------------------------------------------------------------- /README/spec/splunk_configuration.spec: -------------------------------------------------------------------------------- 1 | ######################################################### 2 | # 3 | # Possible values for all/splunk_configuration group_vars 4 | # 5 | ######################################################### 6 | 7 | splunk_conf_path: 8 | * Path, where to write configuration items. Typically /opt/splunk/etc/system/local 9 | -------------------------------------------------------------------------------- /README/spec/splunk_installation.spec: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # 3 | # Possible values for all/splunk_installation group_vars 4 | # 5 | ######################################################## 6 | 7 | splunk_installation: 8 | splunk_home_path: 9 | * Mandatory 10 | * Typically /opt/splunk 11 | 12 | version: 13 | * Optional / Not used yet 14 | * Version number to be installed 15 | 16 | ssh_public_key: 17 | * Optional 18 | * The SSH public key Ansible uses to connect to Splunk hosts 19 | 20 | package_format: [rpm|tgz] 21 | * Mandatory 22 | * The package format used to install Splunk 23 | 24 | package_file: 25 | * Mandatory 26 | * The file name of the Splunk package. Files has to exist in /packages 27 | 28 | remote_package_temp_path: 29 | * Mandatory 30 | * The path where Ansible copies the Splunk package to 31 | * Typcially /tmp 32 | 33 | delete_package_after_install: 34 | * Mandatory 35 | * Should the remote Splunk Packages be deleted after installation 36 | 37 | remote_app_temp_path: 38 | * Mandatory 39 | * The path where Ansible copies the apps to 40 | * Typically /tmp 41 | 42 | admin_password: 43 | * Mandatory 44 | * The Splunk admin password in cleartext 45 | * Use Ansible Vault to keep this protected 46 | 47 | splunk_secret: 48 | * Mandatory 49 | * The splunk.secret in cleartext 50 | * Use Ansible Vault to keep this protected 51 | 52 | firewalld_open_port: 53 | port: "/tcp" 54 | port: "/tcp" 55 | ... 56 | port: "/tcp" 57 | * Optional 58 | * List of ports to open, if firewalld is used. 59 | -------------------------------------------------------------------------------- /README/spec/splunk_packages.spec: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # 3 | # Possible values for all/splunk_packages group_vars 4 | # 5 | ######################################################## 6 | 7 | splunk_packages: 8 | linux_64_rpm: 9 | * 64-bit Linux RPM Packages 10 | * Optional 11 | package: 12 | version: 13 | * Version Number 14 | url: 15 | * Package Source URL 16 | package: 17 | ... 18 | * List of packages 19 | 20 | linux_64_tgz: 21 | * 64-bit Linux TGZ Packages 22 | * Optional 23 | package: 24 | version: 25 | * Version Number 26 | url: 27 | * Package Source URL 28 | package: 29 | ... 30 | * List of packages 31 | -------------------------------------------------------------------------------- /README/spec/splunk_repository.spec: -------------------------------------------------------------------------------- 1 | ###################################################### 2 | # 3 | # Possible values for all/splunk_repository group_vars 4 | # 5 | ###################################################### 6 | 7 | splunk_repository: 8 | repository_root: 9 | * The path to the repository 10 | 11 | repository_owner: 12 | * The Unix owner of the repository 13 | 14 | repository_group: 15 | * The Unix group of the repository 16 | -------------------------------------------------------------------------------- /README/spec/web_conf.spec: -------------------------------------------------------------------------------- 1 | ############################################ 2 | # 3 | # Possible values for conf/web role 4 | # 5 | # Follows Splunk web.conf.spec closely 6 | # 7 | ############################################ 8 | 9 | splunk_web_conf: 10 | settings: 11 | enableSplunkWebSSL: [True | False] 12 | * Defaults to True 13 | 14 | httpport: 15 | * Defaults to 8000 16 | 17 | startwebserver: [True | False] 18 | * Defaults to True 19 | 20 | privKeyPath: 21 | * Relative paths are interpreted as relative to $SPLUNK_HOME 22 | * Defaults to etc/auth/splunkweb/privkey.pem 23 | 24 | serverCert: 25 | * Relative paths are interpreted as relative to $SPLUNK_HOME 26 | * Default to etc/auth/splunkweb/cert.pem 27 | 28 | updateCheckerBaseURL: [http://quickdraw.Splunk.com/js/|0] 29 | * Defaults to http://quickdraw.Splunk.com/js/ 30 | 31 | certFile: 32 | * in /ssl/ 33 | 34 | certKey: 35 | * see certFile 36 | -------------------------------------------------------------------------------- /README/templates/group_vars/all/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to all groups 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/all/splunk_configuration: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # General Conf Variables 5 | ##################################################################################################################### 6 | splunk_conf_path: /opt/splunk/etc/system/local 7 | -------------------------------------------------------------------------------- /README/templates/group_vars/all/splunk_installation: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Installation Variables 4 | ##################################################################################################################### 5 | splunk_installation: 6 | splunk_home_path: /opt/splunk 7 | version: 6.3.2 8 | ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnC6DzjkQjCXTMRqEWELAeehSldjqAemn3NflE6NKQ/wp7ekO6krRxALTBp3sD4wllCw7IRFkVPDpII29PszGxc/JL53yV2RgYRhzSxdDG5FuTKhS5FKRuQuoPPj3Y8qm1ZBxk+9W3Z/BWP593lkgLQ1v4ykO68p53+QCLy4Up1+Noyw3sRwpgx12OzDcIvjzZ2s8DjmApwXg23YB/TVS7OWG1A4AVVUa4cKq7CXnbY/uVluUnI7jUeOW1bsLnrgCuSbInxEyGmG/tcEm/2PAp22arTjpOEBvUNjdIwy6/Dhx4679pKh+KATjHpkM+iNWmy/zkl28Iv798pt8k+Zf7 root@linuxmint" 9 | 10 | package_format: rpm 11 | # package_format: [rpm|tgz] 12 | 13 | package_file: splunk-6.3.2-aaff59bb082c-linux-2.6-x86_64.rpm 14 | # package_file: splunk-6.3.2-aaff59bb082c-Linux-x86_64.tgz 15 | remote_package_temp_path: /tmp 16 | delete_package_after_install: false 17 | 18 | remote_app_temp_path: /tmp 19 | 20 | admin_password: verysecret 21 | 22 | splunk_secret: 9uaY9Z02G69pWDMd6lUQGRISmgoRllMloZTsUf3EN/aV4Tp2F5EZynoNYEyEakTrrFhnUrti/f23DdziWTGU6WGJkPnJ07uxYDByH0dLKMjWjpPGxeOZ5WHt3D3dF5qyryO27KBWJ3ZWBMfUow85cX/0RHRIQv3C28q8R7m17YUVhsv6b8CVfG/kWIVqTdpcR.jElzKYv75X2GdRgvLyBDWLC7KplnOgmaiZ0bfpaNlEV.Yp4acowkHqH4USRb 23 | 24 | firewalld_open_port: 25 | - "8000/tcp" 26 | - "8089/tcp" 27 | - "9997/tcp" 28 | - "9888/tcp" 29 | -------------------------------------------------------------------------------- /README/templates/group_vars/all/splunk_packages: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Splunk Package Variables 4 | ##################################################################################################################### 5 | 6 | splunk_packages: 7 | linux_64_rpm: 8 | package: 9 | version: 6.3.3 10 | url: "http://download.splunk.com/products/splunk/releases/6.3.3/splunk/linux/splunk-6.3.3-f44afce176d0-linux-2.6-x86_64.rpm" 11 | 12 | linux_64_tgz: 13 | package: 14 | version: "6.3.3" 15 | url: "http://download.splunk.com/products/splunk/releases/6.3.2/splunk/linux/splunk-6.3.3-f44afce176d0-Linux-x86_64.tgz" 16 | -------------------------------------------------------------------------------- /README/templates/group_vars/all/splunk_repository: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Repository Variables 4 | ##################################################################################################################### 5 | splunk_repository: 6 | repository_root: /var/lib/splunk_repository 7 | repository_owner: root 8 | repository_group: root 9 | -------------------------------------------------------------------------------- /README/templates/group_vars/cluster/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the cluster group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/cluster/splunk_configuration: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # General Conf Variables for splunk_cluster_production 4 | ##################################################################################################################### 5 | 6 | splunk_cluster_label: production 7 | -------------------------------------------------------------------------------- /README/templates/group_vars/deployer/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the deployer group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/deployer/Splunk_TA_nix: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk App Splunk_TA_nix 4 | ##################################################################################################################### 5 | 6 | Splunk_TA_nix: 7 | shcluster_apps: 8 | install: true 9 | clean_install: true 10 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/deployer/Splunk_TA_windows: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk App Splunk_TA_windows 4 | ##################################################################################################################### 5 | 6 | Splunk_TA_windows: 7 | shcluster_apps: 8 | install: true 9 | clean_install: true 10 | bundle: "splunk-add-on-for-microsoft-windows_480.tgz" 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/deployer/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 16 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 17 | indexer_discovery: 18 | production: 19 | pass4SymmKey: changeme 20 | master_uri: dynamic 21 | -------------------------------------------------------------------------------- /README/templates/group_vars/deployer/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | ##################################################################################################################### 6 | 7 | splunk_server_conf: 8 | license: 9 | master_uri: dynamic 10 | sslConfig: 11 | sslKeysfilePassword: $1$nhb+jVVyTmE 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/deployer/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: 1 10 | updateCheckerBaseURL: 0 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/deploymentserver/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the deploymentserver group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/deploymentserver/Splunk_TA_nix: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk App Splunk_TA_nix 4 | ##################################################################################################################### 5 | 6 | Splunk_TA_nix: 7 | deployment_apps: 8 | install: true 9 | clean_install: true 10 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 11 | apps: 12 | install: true 13 | clean_install: true 14 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 15 | -------------------------------------------------------------------------------- /README/templates/group_vars/deploymentserver/Splunk_TA_windows: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk App Splunk_TA_windows 4 | ##################################################################################################################### 5 | 6 | Splunk_TA_windows: 7 | deployment_apps: 8 | install: true 9 | clean_install: true 10 | bundle: "splunk-add-on-for-microsoft-windows_480.tgz" 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/deploymentserver/apps: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk Apps 4 | ##################################################################################################################### 5 | 6 | splunk_apps: 7 | Splunk_TA_windows: 8 | deployment_apps: 9 | install: true 10 | clean_install: true 11 | bundle: "splunk-add-on-for-microsoft-windows_480.tgz" 12 | 13 | Splunk_TA_nix: 14 | deployment_apps: 15 | install: true 16 | clean_install: true 17 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 18 | apps: 19 | install: true 20 | clean_install: true 21 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 22 | -------------------------------------------------------------------------------- /README/templates/group_vars/deploymentserver/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 16 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 17 | indexer_discovery: 18 | production: 19 | pass4SymmKey: changeme 20 | master_uri: dynamic 21 | -------------------------------------------------------------------------------- /README/templates/group_vars/deploymentserver/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | ##################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | site: site0 10 | license: 11 | master_uri: dynamic 12 | sslConfig: 13 | sslKeysfilePassword: $1$nhb+jVVyTmE 14 | -------------------------------------------------------------------------------- /README/templates/group_vars/deploymentserver/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: 1 10 | updateCheckerBaseURL: 0 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/dmc/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the dmc group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/dmc/distsearch.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk distsearch.conf 5 | #################################################################################################################### 6 | 7 | splunk_distsearch_conf: 8 | distributedSearch: 9 | servers: 10 | - "{{ groups['searchpeer'] }}" 11 | - "{{ groups['peernode'] }}" 12 | - "{{ groups['licensemaster'] }}" 13 | - "{{ groups['masternode'] }}" 14 | - "{{ groups['deploymentserver'] }}" 15 | - "{{ groups['deployer'] }}" 16 | - "{{ groups['shcmember'] }}" 17 | - "{{ groups['heavyforwarder'] }}" 18 | 19 | -------------------------------------------------------------------------------- /README/templates/group_vars/dmc/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 16 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 17 | sslVerifyServerCert: true 18 | indexer_discovery: 19 | production: 20 | pass4SymmKey: changeme 21 | master_uri: dynamic 22 | -------------------------------------------------------------------------------- /README/templates/group_vars/dmc/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | pass4SymmKey: $1$yVqq0RA0BTML 10 | site: dynamic 11 | sslConfig: 12 | sslKeysfilePassword: $1$nhb+jVVyTmEL 13 | license: 14 | master_uri: dynamic 15 | -------------------------------------------------------------------------------- /README/templates/group_vars/dmc/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: True 10 | updateCheckerBaseURL: 0 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/heavyforwarder/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the heavyforwarder group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/heavyforwarder/Splunk_TA_nix: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk App Splunk_TA_nix 5 | ##################################################################################################################### 6 | 7 | Splunk_TA_nix: 8 | apps: 9 | install: true 10 | clean_install: true 11 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/heavyforwarder/Splunk_TA_windows: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk App Splunk_TA_windows 5 | ##################################################################################################################### 6 | 7 | Splunk_TA_windows: 8 | apps: 9 | install: true 10 | clean_install: true 11 | bundle: "splunk-add-on-for-microsoft-windows_480.tgz" 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/heavyforwarder/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 16 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 17 | indexer_discovery: 18 | production: 19 | pass4SymmKey: changeme 20 | master_uri: dynamic 21 | -------------------------------------------------------------------------------- /README/templates/group_vars/heavyforwarder/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | site: site0 10 | license: 11 | master_uri: dynamic 12 | sslConfig: 13 | sslKeysfilePassword: $1$nhb+jVVyTmE 14 | -------------------------------------------------------------------------------- /README/templates/group_vars/heavyforwarder/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: 1 10 | updateCheckerBaseURL: 0 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/indexer/inputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk inputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_inputs_conf: 8 | splunktcp_ssl: 9 | port: 9997 10 | SSL: 11 | rootCA: $SPLUNK_HOME/etc/auth/cacert.pem 12 | serverCert: $SPLUNK_HOME/etc/auth/server.pem 13 | password: $1$2lO4zAA+GjIL 14 | -------------------------------------------------------------------------------- /README/templates/group_vars/indexer/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | pass4Symmkey: $1$yVqq0RA0BTML 10 | site: dynamic 11 | sslConfig: 12 | sslKeysfilePassword: $1$nhb+jVVyTmEL 13 | license: 14 | master_uri: dynamic 15 | clustering: 16 | mode: slave 17 | master_uri: dynamic 18 | pass4SymmKey: SecretKey 19 | replication_port_ssl: 20 | port: 9888 21 | rootCA: $SPLUNK_HOME/etc/auth/cacert.pem 22 | serverCert: $SPLUNK_HOME/etc/auth/server.pem 23 | password: $1$2lO4zAA+GjI 24 | diskUsage: 25 | minFreeSpace: 2000 26 | 27 | -------------------------------------------------------------------------------- /README/templates/group_vars/indexer/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: true 10 | startwebserver: 0 11 | updateCheckerBaseURL: 0 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/licensemaster/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the licensemaster group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/licensemaster/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 16 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 17 | indexer_discovery: 18 | production: 19 | pass4SymmKey: changeme 20 | master_uri: dynamic 21 | -------------------------------------------------------------------------------- /README/templates/group_vars/licensemaster/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | site: site0 10 | license: 11 | master_uri: self 12 | sslConfig: 13 | sslKeysfilePassword: $1$nhb+jVVyTmE 14 | -------------------------------------------------------------------------------- /README/templates/group_vars/licensemaster/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: 1 10 | updateCheckerBaseURL: 0 11 | 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/masternode/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the masternode group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/masternode/Splunk_TA_nix: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk App Splunk_TA_nix 4 | ##################################################################################################################### 5 | 6 | Splunk_TA_nix: 7 | master_apps: 8 | install: true 9 | clean_install: true 10 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/masternode/Splunk_TA_windows: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk App Splunk_TA_windows 4 | ##################################################################################################################### 5 | 6 | Splunk_TA_windows: 7 | master_apps: 8 | install: true 9 | clean_install: true 10 | bundle: "splunk-add-on-for-microsoft-windows_480.tgz" 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/masternode/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 16 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 17 | indexer_discovery: 18 | production: 19 | pass4SymmKey: changeme 20 | master_uri: dynamic 21 | 22 | -------------------------------------------------------------------------------- /README/templates/group_vars/masternode/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | site: site1 10 | license: 11 | master_uri: dynamic 12 | clustering: 13 | mode: master 14 | pass4SymmKey: changeme 15 | multisite: true 16 | replication_factor: 2 17 | site_replication_factor: "origin:1, total:2" 18 | search_factor: 2 19 | available_sites: "site1, site2" 20 | sslConfig: 21 | sslKeysfilePassword: $1$nhb+jVVyTmE 22 | -------------------------------------------------------------------------------- /README/templates/group_vars/masternode/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: 1 10 | updateCheckerBaseURL: 0 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/peernode/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the peernode group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/peernode/inputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk inputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_inputs_conf: 8 | splunktcp_ssl: 9 | port: 9997 10 | SSL: 11 | rootCA: $SPLUNK_HOME/etc/auth/cacert.pem 12 | serverCert: $SPLUNK_HOME/etc/auth/server.pem 13 | password: $1$2lO4zAA+GjIL 14 | -------------------------------------------------------------------------------- /README/templates/group_vars/peernode/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | pass4SymmKey: $1$yVqq0RA0BTML 10 | site: dynamic 11 | sslConfig: 12 | sslKeysfilePassword: $1$nhb+jVVyTmEL 13 | license: 14 | master_uri: dynamic 15 | clustering: 16 | mode: slave 17 | master_uri: dynamic 18 | pass4SymmKey: SecretKey 19 | replication_port_ssl: 20 | port: 9888 21 | rootCA: $SPLUNK_HOME/etc/auth/cacert.pem 22 | serverCert: $SPLUNK_HOME/etc/auth/server.pem 23 | password: $1$2lO4zAA+GjI 24 | -------------------------------------------------------------------------------- /README/templates/group_vars/peernode/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: true 10 | startwebserver: 0 11 | updateCheckerBaseURL: 0 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchhead/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the searchhead group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchhead/apps: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk Apps 5 | ##################################################################################################################### 6 | 7 | splunk_apps: 8 | Splunk_TA_windows: 9 | apps: 10 | install: true 11 | clean_install: true 12 | bundle: "splunk-add-on-for-microsoft-windows_480.tgz" 13 | 14 | Splunk_TA_nix: 15 | apps: 16 | install: true 17 | clean_install: true 18 | bundle: "splunk-add-on-for-unix-and-linux_520.tgz" 19 | 20 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchhead/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 16 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 17 | sslVerifyServerCert: true 18 | indexer_discovery: 19 | production: 20 | pass4SymmKey: SecretKey 21 | master_uri: dynamic 22 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchhead/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | pass4SymmKey: $1$yVqq0RA0BTML 10 | site: dynamic 11 | sslConfig: 12 | sslKeysfilePassword: $1$nhb+jVVyTmEL 13 | license: 14 | master_uri: dynamic 15 | clustering: 16 | mode: searchhead 17 | master_uri: dynamic 18 | pass4SymmKey: changeme 19 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchhead/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: True 10 | updateCheckerBaseURL: 0 11 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchpeer/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the searchpeer group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchpeer/inputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk inputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_inputs_conf: 8 | splunktcp_ssl: 9 | port: 9997 10 | SSL: 11 | rootCA: $SPLUNK_HOME/etc/auth/cacert.pem 12 | serverCert: $SPLUNK_HOME/etc/auth/server.pem 13 | password: $1$2lO4zAA+GjIL 14 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchpeer/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | general: 9 | pass4SymmKey: $1$yVqq0RA0BTML 10 | site: dynamic 11 | sslConfig: 12 | sslKeysfilePassword: $1$nhb+jVVyTmEL 13 | license: 14 | master_uri: dynamic 15 | clustering: 16 | mode: slave 17 | master_uri: dynamic 18 | pass4SymmKey: SecretKey 19 | replication_port_ssl: 20 | port: 9888 21 | rootCA: $SPLUNK_HOME/etc/auth/cacert.pem 22 | serverCert: $SPLUNK_HOME/etc/auth/server.pem 23 | password: $1$2lO4zAA+GjI 24 | -------------------------------------------------------------------------------- /README/templates/group_vars/searchpeer/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | enableSplunkWebSSL: true 10 | startwebserver: 0 11 | updateCheckerBaseURL: 0 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/shcluster/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the shcluster group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/shcluster/splunk_configuration: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # General Conf Variables for splunk_shcluster_production 4 | ##################################################################################################################### 5 | 6 | splunk_shcluster_label: production 7 | -------------------------------------------------------------------------------- /README/templates/group_vars/shcmember/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the shcmember group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/shcmember/outputs.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk outputs.conf 5 | ##################################################################################################################### 6 | 7 | splunk_outputs_conf: 8 | tcpout: 9 | defaultGroup: production 10 | target_group: 11 | production: 12 | useACK: true 13 | indexerDiscovery: production 14 | sslPassword: password 15 | sslCertPath: $SPLUNK_HOME/etc/auth/server.pem 16 | sslRootCAPath: $SPLUNK_HOME/etc/auth/ca.pem 17 | indexer_discovery: 18 | production: 19 | pass4SymmKey: changeme 20 | master_uri: dynamic 21 | -------------------------------------------------------------------------------- /README/templates/group_vars/shcmember/server.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk server.conf 5 | #################################################################################################################### 6 | 7 | splunk_server_conf: 8 | license: 9 | master_uri: dynamic 10 | clustering: 11 | mode: searchhead 12 | master_uri: dynamic 13 | shclustering: 14 | shcluster_label: production 15 | mgmt_uri: dynamic 16 | conf_deploy_fetch_url: dynamic 17 | id: 6D1F6C76-3370-40BA-98F3-2C16AEEF24F1 18 | replication_port_ssl: 19 | port: 9888 20 | rootCA: $SPLUNK_HOME/etc/auth/cacert.pem 21 | serverCert: $SPLUNK_HOME/etc/auth/server.pem 22 | password: $1$2lO4zAA+GjI 23 | -------------------------------------------------------------------------------- /README/templates/group_vars/shcmember/web.conf: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ##################################################################################################################### 4 | # Configurations for Splunk web.conf 5 | ##################################################################################################################### 6 | 7 | splunk_web_conf: 8 | settings: 9 | trustedIP: 127.0.0.1 10 | SSOMode: strict 11 | remoteUser: Cas-User 12 | -------------------------------------------------------------------------------- /README/templates/group_vars/site0/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the site0 group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/site0/splunk_configuration: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # General Conf Variables 4 | ##################################################################################################################### 5 | 6 | splunk_site: site0 7 | -------------------------------------------------------------------------------- /README/templates/group_vars/site1/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the site1 group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/site1/splunk_configuration: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # General Conf Variables 4 | ##################################################################################################################### 5 | 6 | splunk_site: site1 7 | -------------------------------------------------------------------------------- /README/templates/group_vars/site2/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the site2 group 2 | -------------------------------------------------------------------------------- /README/templates/group_vars/site2/splunk_configuration: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # General Conf Variables 4 | ##################################################################################################################### 5 | 6 | splunk_site: site2 7 | -------------------------------------------------------------------------------- /configure_auth.yml: -------------------------------------------------------------------------------- 1 | # run this on the DMC to apply changes: | rest splunk_server=* /services/authentication/providers/services/_reload 2 | # can make this automatic if we want to.. 3 | 4 | 5 | - name: Install splunk shcmember 6 | hosts: shcmember 7 | user: splunk 8 | 9 | roles: 10 | - conf/authentication 11 | - conf/authorize 12 | 13 | -------------------------------------------------------------------------------- /configure_deployer.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk deployer 2 | hosts: deployer 3 | user: splunk 4 | 5 | roles: 6 | - conf/outputs 7 | - conf/server 8 | -------------------------------------------------------------------------------- /configure_deploymentserver.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk deploymentserver 2 | hosts: deploymentserver 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/outputs 8 | - conf/server 9 | -------------------------------------------------------------------------------- /configure_disks.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk peernode disk monitoring and cleanup 2 | hosts: peernode 3 | user: root 4 | 5 | tasks: 6 | - name: change snmpd config to add disks 7 | lineinfile: dest=/etc/snmp/snmpd.conf insertafter=EOF line="disk {{item}}" state=present 8 | with_items: 9 | - / 10 | - /mnt/db 11 | - /mnt/colddb 12 | 13 | - name: reload snmpd 14 | service: name=snmpd state=restarted enabled=yes 15 | 16 | 17 | - name: add cron jobs to clear out frozendb files after 180 days 18 | copy: 19 | dest: /etc/cron.daily/frozen 20 | owner: root 21 | group: root 22 | mode: 0755 23 | content: | 24 | #!/bin/sh 25 | 26 | find /mnt/colddb/defaultdb/frozendb/ -mtime +180 -name 'rb*' -print0 | xargs -r0 rm -rf -- 27 | find /mnt/colddb/defaultdb/frozendb/ -mtime +180 -name 'db*' -print0 | xargs -r0 rm -rf -- 28 | 29 | 30 | -------------------------------------------------------------------------------- /configure_dmc.yml: -------------------------------------------------------------------------------- 1 | - name: "Configure Distributed Managemnt Console (dmc)" 2 | hosts: dmc 3 | user: splunk 4 | 5 | roles: 6 | - conf/outputs 7 | - conf/server 8 | - conf/distsearch 9 | - conf/indexes 10 | - group/searchhead 11 | -------------------------------------------------------------------------------- /configure_firewall.yml: -------------------------------------------------------------------------------- 1 | - name: "Configure ufw on all nodes" 2 | hosts: "*:!repository" 3 | user: root 4 | 5 | roles: 6 | - conf/fw 7 | -------------------------------------------------------------------------------- /configure_heavyforwarder.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk heavyforwarder 2 | hosts: heavyforwarder 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/outputs 8 | - conf/server 9 | - conf/indexes 10 | - overrides 11 | -------------------------------------------------------------------------------- /configure_hf_ha.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Configure splunk heavyforwarder with keepalived - master 3 | hosts: hf_master 4 | user: root 5 | 6 | roles: 7 | - conf/ha 8 | 9 | - name: Configure splunk heavyforwarder with keepalived - slave 10 | hosts: hf_slave 11 | user: root 12 | 13 | roles: 14 | - conf/ha 15 | -------------------------------------------------------------------------------- /configure_indexes.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk indexer cluster indexes 2 | hosts: "*:!repository" 3 | user: splunk 4 | 5 | roles: 6 | - conf/indexes 7 | -------------------------------------------------------------------------------- /configure_licensemaster.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk licensemaster 2 | hosts: licensemaster 3 | user: splunk 4 | 5 | roles: 6 | - conf/outputs 7 | - conf/server 8 | - group/licensemaster 9 | -------------------------------------------------------------------------------- /configure_linux.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk peernode linux tunables 2 | hosts: peernode 3 | user: root 4 | 5 | tasks: 6 | - name: add script blob to disable THP on boot 7 | blockinfile: 8 | path: /etc/rc.local 9 | insertbefore: "exit 0" 10 | block: | 11 | if test -f /sys/kernel/mm/transparent_hugepage/enabled; then 12 | echo never > /sys/kernel/mm/transparent_hugepage/enabled 13 | fi 14 | if test -f /sys/kernel/mm/transparent_hugepage/defrag; then 15 | echo never > /sys/kernel/mm/transparent_hugepage/defrag 16 | fi 17 | - name: set splunk ulimit fd 18 | blockinfile: 19 | path: /etc/security/limits.d/splunk.conf 20 | create: yes 21 | block: | 22 | splunk hard nofile 65535 23 | splunk soft nofile 65535 24 | 25 | 26 | -------------------------------------------------------------------------------- /configure_masternode.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk masternode 2 | hosts: masternode 3 | user: splunk 4 | 5 | roles: 6 | - conf/outputs 7 | - conf/server 8 | - conf/indexes 9 | -------------------------------------------------------------------------------- /configure_peernode.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk peernodes 2 | hosts: peernode 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/inputs 8 | - conf/server 9 | - conf/authentication 10 | 11 | -------------------------------------------------------------------------------- /configure_repository.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: repository 3 | user: root 4 | tasks: 5 | - name: Create repository root directory 6 | file: path="{{ splunk_repository.repository_root }}" 7 | state=directory 8 | 9 | - name: Create repository apps directory 10 | file: path="{{ splunk_repository.repository_root }}/apps" 11 | state=directory 12 | 13 | - name: Create repository packages directory 14 | file: path="{{ splunk_repository.repository_root }}/packages" 15 | state=directory 16 | 17 | - name: Create distServerKeys directory 18 | file: path="{{ splunk_repository.repository_root }}/distServerKeys" 19 | state=directory 20 | 21 | - name: Create licenses directory 22 | file: path="{{ splunk_repository.repository_root }}/licenses" 23 | state=directory 24 | 25 | - name: Create licenses/enterprise directory 26 | file: path="{{ splunk_repository.repository_root }}/licenses/enterprise" 27 | state=directory 28 | 29 | - name: Set repository owner/group 30 | file: path={{ splunk_repository.repository_root }} 31 | recurse=yes 32 | owner={{ splunk_repository.repository_owner }} 33 | group={{ splunk_repository.repository_group }} 34 | 35 | - name: Set repository directory mode 36 | file: path={{ splunk_repository.repository_root }} 37 | mode=0750 38 | 39 | -------------------------------------------------------------------------------- /configure_searchhead.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk searchheads 2 | hosts: searchhead 3 | user: splunk 4 | 5 | roles: 6 | - group/searchhead 7 | - conf/web 8 | - conf/outputs 9 | - conf/server 10 | -------------------------------------------------------------------------------- /configure_searchpeer.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk indexers 2 | hosts: searchpeer 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/inputs 8 | - conf/server 9 | -------------------------------------------------------------------------------- /configure_shcmember.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk shcmember 2 | hosts: shcmember 3 | user: splunk 4 | 5 | roles: 6 | - conf/web 7 | - conf/outputs 8 | - conf/server 9 | - conf/indexes 10 | - conf/alert_actions 11 | -------------------------------------------------------------------------------- /deploy_apps.yml: -------------------------------------------------------------------------------- 1 | - name: Deploy Apps 2 | hosts: "*:!repository" 3 | user: splunk 4 | 5 | roles: 6 | - apps/splunk_app_db_connect 7 | - apps/Splunk_TA_windows 8 | - apps/Splunk_TA_nix 9 | -------------------------------------------------------------------------------- /download_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: repository 3 | tasks: 4 | - name: Download Splunk rpm packages 5 | get_url: url="{{ item.value.url }}" 6 | dest={{ splunk_repository.repository_root }}/packages 7 | owner={{ splunk_repository.repository_owner }} 8 | group={{ splunk_repository.repository_group }} 9 | mode=644 10 | with_dict: "{{ splunk_packages.linux_64_rpm }}" 11 | when: splunk_installation.package_format == "rpm" and 12 | splunk_packages.linux_64_rpm is defined 13 | 14 | - name: Download Splunk tgz packages 15 | get_url: url="{{ item.value.url }}" 16 | dest={{ splunk_repository.repository_root }}/packages 17 | owner={{ splunk_repository.repository_owner }} 18 | group={{ splunk_repository.repository_group }} 19 | mode=644 20 | with_dict: "{{ splunk_packages.linux_64_tgz }}" 21 | when: splunk_installation.package_format == "tgz" and 22 | splunk_packages.linux_64_tgz is defined 23 | 24 | 25 | -------------------------------------------------------------------------------- /filter_plugins/app_default.py: -------------------------------------------------------------------------------- 1 | def app_default (app): 2 | 3 | empty_dict = {} 4 | 5 | if type(app) is dict: 6 | return app 7 | else: 8 | return empty_dict 9 | 10 | class FilterModule(object): 11 | def filters(self): 12 | return {'app_default': app_default} 13 | -------------------------------------------------------------------------------- /filter_plugins/create_distsearch_serverlist.py: -------------------------------------------------------------------------------- 1 | def create_distsearch_serverlist (serverlist): 2 | 3 | servers_normalized = [] 4 | 5 | for item in serverlist: 6 | if type(item) is unicode: 7 | item=str(item) 8 | if type(item) is str: 9 | item=[item] 10 | for sublist in item: 11 | servers_normalized.append(sublist) 12 | 13 | servers = [] 14 | [servers.append(item) for item in servers_normalized if item not in servers] 15 | 16 | return servers 17 | 18 | class FilterModule(object): 19 | def filters(self): 20 | return {'create_distsearch_serverlist': create_distsearch_serverlist} 21 | -------------------------------------------------------------------------------- /filter_plugins/create_distsearch_servers.py: -------------------------------------------------------------------------------- 1 | def create_distsearch_servers (serverlist): 2 | 3 | servers_normalized = [] 4 | 5 | for item in serverlist: 6 | if type(item) is unicode: 7 | item=str(item) 8 | if type(item) is str: 9 | item=[item] 10 | for sublist in item: 11 | servers_normalized.append(sublist) 12 | 13 | servers = [] 14 | [servers.append(item) for item in servers_normalized if item not in servers] 15 | 16 | 17 | servers = [server+":8089" for server in servers ] 18 | servers = ', '.join(servers) 19 | return servers 20 | 21 | class FilterModule(object): 22 | def filters(self): 23 | return {'create_distsearch_servers': create_distsearch_servers} 24 | -------------------------------------------------------------------------------- /filter_plugins/create_shcluster_mgmt_uri_servers.py: -------------------------------------------------------------------------------- 1 | def create_shcluster_mgmt_uri_servers (serverlist): 2 | 3 | servers_normalized = [] 4 | 5 | for item in serverlist: 6 | if type(item) is unicode: 7 | item=str(item) 8 | if type(item) is str: 9 | item=[item] 10 | for sublist in item: 11 | servers_normalized.append(sublist) 12 | 13 | servers = [] 14 | [servers.append(item) for item in servers_normalized if item not in servers] 15 | 16 | 17 | servers = ["https://"+server+":8089" for server in servers ] 18 | servers = ','.join(servers) 19 | return servers 20 | 21 | class FilterModule(object): 22 | def filters(self): 23 | return {'create_shcluster_mgmt_uri_servers': create_shcluster_mgmt_uri_servers} 24 | -------------------------------------------------------------------------------- /group_vars/all/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to all groups 2 | -------------------------------------------------------------------------------- /group_vars/cluster/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the cluster group 2 | -------------------------------------------------------------------------------- /group_vars/deployer/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the deployer group 2 | -------------------------------------------------------------------------------- /group_vars/deploymentserver/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the deploymentserver group 2 | -------------------------------------------------------------------------------- /group_vars/dmc/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the dmc group 2 | -------------------------------------------------------------------------------- /group_vars/heavyforwarder/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the heavyforwarder group 2 | -------------------------------------------------------------------------------- /group_vars/licensemaster/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the licensemaster group 2 | -------------------------------------------------------------------------------- /group_vars/masternode/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the masternode group 2 | -------------------------------------------------------------------------------- /group_vars/peernode/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the peernode group 2 | -------------------------------------------------------------------------------- /group_vars/searchhead/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the searchhead group 2 | -------------------------------------------------------------------------------- /group_vars/searchpeer/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the searchpeer group 2 | -------------------------------------------------------------------------------- /group_vars/shcluster/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the shcluster group 2 | -------------------------------------------------------------------------------- /group_vars/shcmember/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the shcmember group 2 | -------------------------------------------------------------------------------- /group_vars/site0/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the site0 group 2 | -------------------------------------------------------------------------------- /group_vars/site1/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the site1 group 2 | -------------------------------------------------------------------------------- /group_vars/site2/README: -------------------------------------------------------------------------------- 1 | # This folder contains group_vars that apply to the site2 group 2 | -------------------------------------------------------------------------------- /hosts.template: -------------------------------------------------------------------------------- 1 | [repository] 2 | localhost ansible_connection=local 3 | 4 | [shcmember] 5 | 6 | [searchhead] 7 | 8 | [searchpeer] 9 | 10 | [peernode] 11 | 12 | [licensemaster] 13 | 14 | [deployer] 15 | 16 | [masternode] 17 | 18 | [deploymentserver] 19 | 20 | [dmc] 21 | 22 | [site0] 23 | 24 | [site1] 25 | 26 | [site2] 27 | 28 | [shcluster] 29 | 30 | [cluster] 31 | 32 | [heavyforwarder] 33 | 34 | -------------------------------------------------------------------------------- /hosts_production.template: -------------------------------------------------------------------------------- 1 | [repository] 2 | localhost ansible_connection=local 3 | 4 | [shcmember] 5 | searchhead1.private.domain 6 | searchhead2.private.domain 7 | searchhead3.private.domain 8 | 9 | [searchhead] 10 | searchhead.private.domain 11 | 12 | [searchpeer] 13 | 14 | [peernode] 15 | indexer1.private.domain 16 | indexer2.private.domain 17 | 18 | [licensemaster] 19 | licensemaster.private.domain 20 | 21 | [deployer] 22 | deployer.private.domain 23 | 24 | [masternode] 25 | masternode.private.domain 26 | 27 | [deploymentserver] 28 | deploymentserver.private.domain 29 | 30 | [dmc] 31 | dmc.private.domain 32 | 33 | [site0] 34 | masternode.private.domain 35 | dmc.private.domain 36 | 37 | [site1] 38 | searchhead1.private.domain 39 | searchhead2.private.domain 40 | indexer1.private.domain 41 | 42 | [site2] 43 | searchhead3.private.domain 44 | indexer2.private.domain 45 | 46 | [shcluster] 47 | deployer.private.domain 48 | searchhead1.private.domain 49 | searchhead2.private.domain 50 | searchhead3.private.domain 51 | 52 | [cluster] 53 | masternode.private.domain 54 | indexer1.private.domain 55 | indexer2.private.domain 56 | 57 | [heavyforwarder] 58 | heavyforwarder1.private.domain 59 | -------------------------------------------------------------------------------- /install_box_addon.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Box add-on 3 | hosts: deployer:heavyforwarder 4 | remote_user: splunk 5 | 6 | roles: 7 | - roles/apps/box_addon 8 | -------------------------------------------------------------------------------- /install_cisco_asa_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Cisco-asa app add-on 3 | hosts: deployer:heavyforwarder 4 | remote_user: splunk 5 | 6 | roles: 7 | - roles/apps/cisco_asa_app 8 | -------------------------------------------------------------------------------- /install_citrix_addon.yml: -------------------------------------------------------------------------------- 1 | - name: Install citrix add-on 2 | hosts: deployer:masternode:heavyforwarder 3 | remote_user: splunk 4 | 5 | roles: 6 | - roles/apps/citrix_ns_addon 7 | - roles/apps/ipfix_addon 8 | -------------------------------------------------------------------------------- /install_dbx.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install DB Connect dependencies 3 | hosts: heavyforwarder 4 | remote_user: root 5 | tasks: 6 | - name: install packages for dbconnect addon 7 | apt: name={{item}} state=present update_cache=yes 8 | with_items: 9 | - openjdk-8-jre 10 | 11 | - name: set up java home envvar 12 | lineinfile: 13 | - path: /etc/environment 14 | - line: 'JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64"' 15 | - state: present 16 | 17 | - name: Install DB connect app 18 | hosts: heavyforwarder 19 | remote_user: splunk 20 | 21 | roles: 22 | - roles/apps/db_connect 23 | -------------------------------------------------------------------------------- /install_dca_tools_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install DCA Tools app 3 | hosts: deployer 4 | remote_user: splunk 5 | 6 | roles: 7 | - roles/apps/dca_tools 8 | -------------------------------------------------------------------------------- /install_duo_addon.yml: -------------------------------------------------------------------------------- 1 | - name: Install DUO add-on 2 | hosts: deployer:masternode:heavyforwarder 3 | remote_user: splunk 4 | 5 | roles: 6 | - roles/apps/duo_addon 7 | -------------------------------------------------------------------------------- /install_iis_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Microsoft IIS app add-on 3 | hosts: deployer:heavyforwarder:masternode 4 | remote_user: splunk 5 | 6 | roles: 7 | - roles/apps/iis_app 8 | -------------------------------------------------------------------------------- /install_infosec_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install InfoSec app and required addons 3 | hosts: deployer 4 | remote_user: splunk 5 | 6 | roles: 7 | - roles/apps/infosec_app 8 | 9 | -------------------------------------------------------------------------------- /install_nessus_addon.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Nessus add-on 3 | hosts: deployer:heavyforwarder 4 | remote_user: splunk 5 | 6 | roles: 7 | - roles/apps/nessus_addon 8 | -------------------------------------------------------------------------------- /install_shcmember.yml: -------------------------------------------------------------------------------- 1 | - name: Install splunk shcmember 2 | hosts: shcmember 3 | user: root 4 | 5 | roles: 6 | - conf/web 7 | - conf/outputs 8 | - conf/server 9 | - group/shcmember 10 | - conf/authentication 11 | - conf/server 12 | 13 | post_tasks: 14 | - name: Run splunk restart 15 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk restart" 16 | become: yes 17 | become_user: splunk 18 | when: shc_init_completed|succeeded 19 | -------------------------------------------------------------------------------- /install_splunk.yml: -------------------------------------------------------------------------------- 1 | - name: Install Splunk on all hosts 2 | hosts: "*:!repository" 3 | remote_user: root 4 | 5 | roles: 6 | - install 7 | -------------------------------------------------------------------------------- /install_upgrade_readiness_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install upgrade readiness app 3 | hosts: deployer 4 | remote_user: splunk 5 | 6 | roles: 7 | - roles/apps/upgrade_readiness_app 8 | 9 | -------------------------------------------------------------------------------- /install_windows_addon.yml: -------------------------------------------------------------------------------- 1 | - name: Install Windows add-on 2 | hosts: deployer:heavyforwarder 3 | remote_user: splunk 4 | 5 | roles: 6 | - roles/apps/Splunk_TA_windows 7 | -------------------------------------------------------------------------------- /migrate_lm.yml: -------------------------------------------------------------------------------- 1 | - name: Configure splunk indexer cluster indexes 2 | hosts: "*:!repository" 3 | user: splunk 4 | 5 | roles: 6 | - migration/lm 7 | - migration/symmkey 8 | 9 | post_tasks: 10 | - name: Run splunk restart 11 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk restart" 12 | become: yes 13 | become_user: splunk 14 | tags: 15 | - skip_ansible_lint 16 | 17 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/files/apps/local/inputs.conf.template: -------------------------------------------------------------------------------- 1 | [monitor:///var/log] 2 | disabled = 0 3 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/files/deployment-apps/local/inputs.conf.template: -------------------------------------------------------------------------------- 1 | [monitor:///var/log] 2 | disabled = 0 3 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/files/shcluster/apps/local/inputs.conf.template: -------------------------------------------------------------------------------- 1 | [monitor:///var/log] 2 | disabled = 0 3 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/tasks/copy_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Copy app to remote host 4 | copy: src="{{ splunk_repository.repository_root }}/apps/{{ app_name }}/{{ item.value.bundle }}" 5 | dest="/{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 6 | when: "{{ item.value.install }} == true" 7 | with_dict: "{{ vars['app_name'] }} | app_default" 8 | 9 | - name: Clean existing app directory 10 | file: path="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 11 | state=absent 12 | when: "{{ item.value.clean_install }} is defined and 13 | {{ item.value.clean_install }} == true" 14 | with_dict: "{{ vars['app_name'] }} | app_default" 15 | 16 | - name: Unarchive app 17 | unarchive: src="{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 18 | dest="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}" 19 | copy=no 20 | when: "{{ item.value.install }} == true" 21 | with_dict: "{{ vars['app_name'] }} | app_default" 22 | 23 | - name: Remove temporary file 24 | file: path="{{ splunk_installation.remote_app_temp_path }}/{{ item.value.bundle }}" 25 | state=absent 26 | when: "{{ item.value.install }} == true" 27 | with_dict: "{{ vars['app_name'] }} | app_default" 28 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: copy_app.yml 3 | - include: configure_local.yml 4 | - include: remove_app.yml 5 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/tasks/remove_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Remove app 4 | file: path="{{ splunk_installation.splunk_home_path }}/etc/{{ item.key | replace('shcluster_apps', 'shcluster/apps') | replace('_', '-') }}/{{ app_name }}" 5 | state=absent 6 | when: "{{ item.value.install }} is defined and 7 | {{ item.value.install }} == false" 8 | with_dict: "{{ vars['app_name'] }} | app_default" 9 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_nix/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | app_name: Splunk_TA_nix 3 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_windows/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: shcluster bundle push 3 | command: "./splunk apply shcluster-bundle restart --answer-yes -target https://{{ item }}:8089 -auth admin:{{ splunk_installation.admin_password }} -push-default-apps true" 4 | args: 5 | chdir: "{{ splunk_installation.splunk_home_path}}/bin" 6 | with_items: "{{ groups['shcmember'][0] }}" 7 | -------------------------------------------------------------------------------- /roles/apps/Splunk_TA_windows/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Deployer 3 | - name: Create app dir on deployer 4 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_windows" 5 | state=directory 6 | when: "'deployer' in group_names" 7 | 8 | - name: Copy Splunk Windows add-on to deployer 9 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.windows_addon_tgz }}" 10 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps" 11 | copy=yes 12 | owner=splunk 13 | group=splunk 14 | notify: shcluster bundle push 15 | when: "'deployer' in group_names" 16 | 17 | 18 | # Heavy Forwarder 19 | - name: Create app dir on heavyforwarder 20 | file: path="{{ splunk_installation.splunk_home_path }}/etc/apps/Splunk_TA_windows" 21 | state=directory 22 | when: "'heavyforwarder' in group_names" 23 | 24 | - name: Copy Splunk Windows add-on to heavyforwarder 25 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.windows_addon_tgz }}" 26 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/" 27 | copy=yes 28 | owner=splunk 29 | group=splunk 30 | when: "'heavyforwarder' in group_names" 31 | -------------------------------------------------------------------------------- /roles/apps/box_addon/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: shcluster bundle push 3 | command: "./splunk apply shcluster-bundle restart --answer-yes -target https://{{ item }}:8089 -auth admin:{{ splunk_installation.admin_password }} -push-default-apps true" 4 | args: 5 | chdir: "{{ splunk_installation.splunk_home_path}}/bin" 6 | with_items: "{{ groups['shcmember'][0] }}" 7 | -------------------------------------------------------------------------------- /roles/apps/box_addon/tasks/cleanup_deployer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove samples from deployer 3 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_box/samples" 4 | state=absent 5 | 6 | - name: Remove eventgen.conf from deployer 7 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_box/default/eventgen.conf" 8 | state=absent 9 | 10 | - name: Remove eventgen.conf from deployer 11 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_box/default/inputs.conf" 12 | state=absent 13 | notify: shcluster bundle push 14 | -------------------------------------------------------------------------------- /roles/apps/box_addon/tasks/copy_addon.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Deployer 3 | - name: Create app dir on deployer 4 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_box" 5 | state=directory 6 | when: "'deployer' in group_names" 7 | 8 | - name: Copy Box add-on to deployer 9 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.box_addon_tgz }}" 10 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps" 11 | copy=yes 12 | owner=splunk 13 | group=splunk 14 | notify: shcluster bundle push 15 | when: "'deployer' in group_names" 16 | 17 | 18 | # Heavy Forwarder 19 | - name: Create app dir on heavyforwarder 20 | file: path="{{ splunk_installation.splunk_home_path }}/etc/apps/Splunk_TA_box" 21 | state=directory 22 | when: "'heavyforwarder' in group_names" 23 | 24 | - name: Copy box add-on to heavyforwarder 25 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.box_addon_tgz }}" 26 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/" 27 | copy=yes 28 | owner=splunk 29 | group=splunk 30 | when: "'heavyforwarder' in group_names" 31 | -------------------------------------------------------------------------------- /roles/apps/box_addon/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: copy_addon.yml 3 | 4 | - include: cleanup_deployer.yml 5 | when: "'deployer' in group_names" 6 | -------------------------------------------------------------------------------- /roles/apps/cisco_asa_app/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: shcluster bundle push 3 | command: "./splunk apply shcluster-bundle restart --answer-yes -target https://{{ item }}:8089 -auth admin:{{ splunk_installation.admin_password }} -push-default-apps true" 4 | args: 5 | chdir: "{{ splunk_installation.splunk_home_path}}/bin" 6 | with_items: "{{ groups['shcmember'][0] }}" 7 | -------------------------------------------------------------------------------- /roles/apps/cisco_asa_app/tasks/cleanup_deployer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove samples from deployer 3 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_cisco-asa/samples" 4 | state=absent 5 | 6 | - name: Remove eventgen.conf from deployer 7 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_cisco-asa/default/eventgen.conf" 8 | state=absent 9 | 10 | - name: Remove eventgen.conf from deployer 11 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_cisco-asa/default/inputs.conf" 12 | state=absent 13 | notify: shcluster bundle push 14 | -------------------------------------------------------------------------------- /roles/apps/cisco_asa_app/tasks/copy_addon.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Deployer 3 | - name: Create app dir on deployer 4 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_cisco-asa" 5 | state=directory 6 | when: "'deployer' in group_names" 7 | 8 | - name: Copy Cisco-asa add-on to deployer 9 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.cisco_asa_app_tgz }}" 10 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps" 11 | copy=yes 12 | owner=splunk 13 | group=splunk 14 | notify: shcluster bundle push 15 | when: "'deployer' in group_names" 16 | 17 | 18 | # Heavy Forwarder 19 | - name: Create app dir on heavyforwarder 20 | file: path="{{ splunk_installation.splunk_home_path }}/etc/apps/Splunk_TA_cisco-asa" 21 | state=directory 22 | when: "'heavyforwarder' in group_names" 23 | 24 | - name: Copy Cisco-asa add-on to heavyforwarder 25 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.cisco_asa_app_tgz }}" 26 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/" 27 | copy=yes 28 | owner=splunk 29 | group=splunk 30 | when: "'heavyforwarder' in group_names" 31 | -------------------------------------------------------------------------------- /roles/apps/cisco_asa_app/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: copy_addon.yml 3 | 4 | - include: cleanup_deployer.yml 5 | when: "'deployer' in group_names" 6 | -------------------------------------------------------------------------------- /roles/apps/citrix_ns_addon/tasks/cleanup_deployer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove samples from deployer 3 | file: 4 | path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_citrix-netscaler/samples" 5 | state=absent 6 | 7 | - name: Remove eventgen.conf from deployer 8 | file: 9 | path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_citrix-netscaler/default/eventgen.conf" 10 | state=absent 11 | register: deployer_cleanup_complete 12 | -------------------------------------------------------------------------------- /roles/apps/citrix_ns_addon/tasks/cleanup_masternode.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove samples from masternode 3 | file: 4 | path="{{ splunk_installation.splunk_home_path }}/etc/master-apps/Splunk_TA_citrix-netscaler/samples" 5 | state=absent 6 | 7 | - name: Remove eventgen.conf from masternode 8 | file: 9 | path="{{ splunk_installation.splunk_home_path }}/etc/master-apps/Splunk_TA_citrix-netscaler/default/eventgen.conf" 10 | state=absent 11 | 12 | - name: Remove inputs.conf from masternode 13 | file: 14 | path="{{ splunk_installation.splunk_home_path }}/etc/master-apps/Splunk_TA_citrix-netscaler/default/inputs.conf" 15 | state=absent 16 | 17 | - name: Remove database.conf from masternode 18 | file: 19 | path="{{ splunk_installation.splunk_home_path }}/etc/master-apps/Splunk_TA_citrix-netscaler/default/database.conf" 20 | state=absent 21 | register: master_cleanup_complete 22 | 23 | -------------------------------------------------------------------------------- /roles/apps/citrix_ns_addon/tasks/cluster_push.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Push add-on to index cluster 3 | command: "./splunk apply cluster-bundle --answer-yes -auth admin:{{ splunk_installation.admin_password }}" 4 | args: 5 | chdir: "{{ splunk_installation.splunk_home_path}}/bin" 6 | when: master_cleanup_complete|succeeded 7 | -------------------------------------------------------------------------------- /roles/apps/citrix_ns_addon/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: copy_addon.yml 3 | 4 | - include: cleanup_deployer.yml 5 | when: "'deployer' in group_names" 6 | 7 | - include: cleanup_masternode.yml 8 | when: "'masternode' in group_names" 9 | 10 | - include: shcluster_push.yml 11 | when: "'deployer' in group_names" 12 | 13 | - include: cluster_push.yml 14 | when: "'masternode' in group_names" 15 | -------------------------------------------------------------------------------- /roles/apps/citrix_ns_addon/tasks/shcluster_push.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Push add-on to shcluster 3 | command: "./splunk apply shcluster-bundle --answer-yes -target https://{{ item }}:8089 -auth admin:{{ splunk_installation.admin_password }} -push-default-apps true" 4 | args: 5 | chdir: "{{ splunk_installation.splunk_home_path}}/bin" 6 | with_items: "{{ groups['shcmember'][0] }}" 7 | when: deployer_cleanup_complete|succeeded 8 | -------------------------------------------------------------------------------- /roles/apps/db_connect/files/db_connections.conf: -------------------------------------------------------------------------------- 1 | [sccm] 2 | connection_type = mssql_jtds_win_auth 3 | database = CM_OCM 4 | disabled = 0 5 | host = osu-cm-sql.oregonstate.edu 6 | identity = osu-sccm 7 | jdbcUseSSL = false 8 | localTimezoneConversionEnabled = false 9 | port = 1433 10 | readonly = true 11 | timezone = America/Los_Angeles 12 | 13 | -------------------------------------------------------------------------------- /roles/apps/db_connect/files/dbx_settings.conf: -------------------------------------------------------------------------------- 1 | [java] 2 | javaHome = /usr/lib/jvm/java-8-openjdk-amd64 3 | 4 | -------------------------------------------------------------------------------- /roles/apps/db_connect/files/identities.conf: -------------------------------------------------------------------------------- 1 | [osu-sccm] 2 | disabled = 0 3 | domain_name = oregonstate 4 | password = 5 | use_win_auth = 1 6 | username = svc-sccm-sql 7 | 8 | -------------------------------------------------------------------------------- /roles/apps/db_connect/tasks/conf_addon.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure app files (local/*.conf) 4 | copy: 5 | - src: "{{ item }}" 6 | - dest: "{{ splunk_installation.splunk_home_path }}/etc/apps/splunk_app_db_connect/local/" 7 | with_fileglob: 8 | - "*.conf" 9 | 10 | -------------------------------------------------------------------------------- /roles/apps/db_connect/tasks/copy_addon.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Heavy Forwarder 3 | - name: Create app dir on heavyforwarder 4 | file: path="{{ splunk_installation.splunk_home_path }}/etc/apps/splunk_app_db_connect" 5 | state=directory 6 | 7 | - name: Copy box add-on to heavyforwarder 8 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.db_connect_tgz }}" 9 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/" 10 | copy=yes 11 | owner=splunk 12 | group=splunk 13 | -------------------------------------------------------------------------------- /roles/apps/db_connect/tasks/copy_driver.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Heavy Forwarder 3 | - name: Copy jtds driver to heavyforwarder 4 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.db_connect_driver }}" 5 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/splunk_app_db_connect/drivers/" 6 | copy=yes 7 | owner=splunk 8 | group=splunk 9 | -------------------------------------------------------------------------------- /roles/apps/db_connect/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: copy_addon.yml 3 | - include: copy_driver.yml 4 | - include: conf_addon.yml 5 | -------------------------------------------------------------------------------- /roles/apps/dca_tools/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: shcluster bundle push 3 | command: "./splunk apply shcluster-bundle restart --answer-yes -target https://{{ item }}:8089 -auth admin:{{ splunk_installation.admin_password }}" 4 | args: 5 | chdir: "{{ splunk_installation.splunk_home_path}}/bin" 6 | with_items: "{{ groups['shcmember'][0] }}" 7 | -------------------------------------------------------------------------------- /roles/apps/dca_tools/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Deployer 3 | - name: Create app dir on deployer 4 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/dca_tools" 5 | state=directory 6 | when: "'deployer' in group_names" 7 | 8 | - name: Copy DCA Tools app to deployer 9 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.dca_tools_tgz }}" 10 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps" 11 | copy=yes 12 | owner=splunk 13 | group=splunk 14 | notify: shcluster bundle push 15 | when: "'deployer' in group_names" 16 | 17 | -------------------------------------------------------------------------------- /roles/apps/duo_addon/tasks/cluster_push.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Push add-on to index cluster 3 | command: "./splunk apply cluster-bundle --answer-yes -auth admin:{{ splunk_installation.admin_password }}" 4 | args: 5 | chdir: "{{ splunk_installation.splunk_home_path}}/bin" 6 | when: masternode_tgz_push|succeeded 7 | -------------------------------------------------------------------------------- /roles/apps/duo_addon/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: copy_addon.yml 3 | 4 | - include: shcluster_push.yml 5 | when: "'deployer' in group_names" 6 | 7 | - include: cluster_push.yml 8 | when: "'masternode' in group_names" 9 | -------------------------------------------------------------------------------- /roles/apps/duo_addon/tasks/shcluster_push.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Push add-on to shcluster 3 | command: "./splunk apply shcluster-bundle --answer-yes -target https://{{ item }}:8089 -auth admin:{{ splunk_installation.admin_password }} -push-default-apps true" 4 | args: 5 | chdir: "{{ splunk_installation.splunk_home_path}}/bin" 6 | with_items: "{{ groups['shcmember'][0] }}" 7 | when: deployer_tgz_push|succeeded 8 | -------------------------------------------------------------------------------- /roles/apps/iis_app/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: shcluster bundle push 3 | command: "./splunk apply shcluster-bundle restart --answer-yes -target https://{{ item }}:8089 -auth admin:{{ splunk_installation.admin_password }} -push-default-apps true" 4 | args: 5 | chdir: "{{ splunk_installation.splunk_home_path}}/bin" 6 | with_items: "{{ groups['shcmember'][0] }}" 7 | -------------------------------------------------------------------------------- /roles/apps/iis_app/tasks/cleanup_deployer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove samples from deployer 3 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_cisco-asa/samples" 4 | state=absent 5 | 6 | - name: Remove eventgen.conf from deployer 7 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_cisco-asa/default/eventgen.conf" 8 | state=absent 9 | 10 | - name: Remove eventgen.conf from deployer 11 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_cisco-asa/default/inputs.conf" 12 | state=absent 13 | notify: shcluster bundle push 14 | -------------------------------------------------------------------------------- /roles/apps/iis_app/tasks/cleanup_masternode.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove samples from masternode 3 | file: 4 | path="{{ splunk_installation.splunk_home_path }}/etc/master-apps/Splunk_TA_citrix-netscaler/samples" 5 | state=absent 6 | 7 | - name: Remove eventgen.conf from masternode 8 | file: 9 | path="{{ splunk_installation.splunk_home_path }}/etc/master-apps/Splunk_TA_citrix-netscaler/default/eventgen.conf" 10 | state=absent 11 | 12 | - name: Remove inputs.conf from masternode 13 | file: 14 | path="{{ splunk_installation.splunk_home_path }}/etc/master-apps/Splunk_TA_citrix-netscaler/default/inputs.conf" 15 | state=absent 16 | 17 | - name: Remove database.conf from masternode 18 | file: 19 | path="{{ splunk_installation.splunk_home_path }}/etc/master-apps/Splunk_TA_citrix-netscaler/default/database.conf" 20 | state=absent 21 | register: master_cleanup_complete 22 | 23 | -------------------------------------------------------------------------------- /roles/apps/iis_app/tasks/cluster_push.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Push add-on to index cluster 3 | command: "./splunk apply cluster-bundle --answer-yes -auth admin:{{ splunk_installation.admin_password }}" 4 | args: 5 | chdir: "{{ splunk_installation.splunk_home_path}}/bin" 6 | when: masternode_tgz_push|succeeded 7 | -------------------------------------------------------------------------------- /roles/apps/iis_app/tasks/copy_addon.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Deployer 3 | - name: Create app dir on deployer 4 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_microsoft-iis" 5 | state=directory 6 | when: "'deployer' in group_names" 7 | 8 | - name: Copy Microsoft IIS add-on to deployer 9 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.iis_app_tgz }}" 10 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps" 11 | copy=yes 12 | owner=splunk 13 | group=splunk 14 | notify: shcluster bundle push 15 | when: "'deployer' in group_names" 16 | 17 | # Masternode 18 | - name: Create app dir on masternode 19 | file: 20 | path="{{ splunk_installation.splunk_home_path }}/etc/master-apps/Splunk_TA_microsoft-iis" 21 | state=directory 22 | when: "'masternode' in group_names" 23 | 24 | - name: Copy Microsoft IIS add-on to masternode 25 | unarchive: 26 | src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.iis_app_tgz }}" 27 | dest="{{ splunk_installation.splunk_home_path }}/etc/master-apps/" 28 | copy=yes 29 | owner=splunk 30 | group=splunk 31 | when: "'masternode' in group_names" 32 | register: masternode_tgz_push 33 | 34 | -------------------------------------------------------------------------------- /roles/apps/iis_app/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: copy_addon.yml 3 | 4 | - include: cleanup_deployer.yml 5 | when: "'deployer' in group_names" 6 | 7 | - include: cleanup_masternode.yml 8 | when: "'masternode' in group_names" 9 | 10 | - include: cluster_push.yml 11 | when: "'masternode' in group_names" 12 | 13 | -------------------------------------------------------------------------------- /roles/apps/infosec_app/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: shcluster bundle push 3 | command: "./splunk apply shcluster-bundle restart --answer-yes -target https://{{ item }}:8089 -auth admin:{{ splunk_installation.admin_password }} -push-default-apps true" 4 | args: 5 | chdir: "{{ splunk_installation.splunk_home_path}}/bin" 6 | with_items: "{{ groups['shcmember'][0] }}" 7 | -------------------------------------------------------------------------------- /roles/apps/infosec_app/tasks/cleanup_deployer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove inputs.conf from deployer 3 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_SA_CIM/default/inputs.conf" 4 | state=absent 5 | notify: shcluster bundle push 6 | -------------------------------------------------------------------------------- /roles/apps/infosec_app/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: copy_addons.yml 3 | 4 | - include: cleanup_deployer.yml 5 | when: "'deployer' in group_names" 6 | 7 | -------------------------------------------------------------------------------- /roles/apps/ipfix_addon/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: shcluster bundle push 3 | command: "./splunk apply shcluster-bundle restart --answer-yes -target https://{{ item }}:8089 -auth admin:{{ splunk_installation.admin_password }} -push-default-apps true" 4 | args: 5 | chdir: "{{ splunk_installation.splunk_home_path}}/bin" 6 | with_items: "{{ groups['shcmember'][0] }}" 7 | -------------------------------------------------------------------------------- /roles/apps/ipfix_addon/tasks/cleanup_deployer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove samples from deployer 3 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_ipfix/samples" 4 | state=absent 5 | 6 | - name: Remove eventgen.conf from deployer 7 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_ipfix/default/eventgen.conf" 8 | state=absent 9 | -------------------------------------------------------------------------------- /roles/apps/ipfix_addon/tasks/copy_addon.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Deployer 3 | - name: Create app dir on deployer 4 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_ipfix" 5 | state=directory 6 | when: "'deployer' in group_names" 7 | 8 | - name: Copy Splunk Citrix add-on to deployer 9 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.ipfix_addon_tgz }}" 10 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps" 11 | copy=yes 12 | owner=splunk 13 | group=splunk 14 | notify: shcluster bundle push 15 | when: "'deployer' in group_names" 16 | 17 | 18 | # Heavy Forwarder 19 | - name: Create app dir on heavyforwarder 20 | file: path="{{ splunk_installation.splunk_home_path }}/etc/apps/Splunk_TA_ipfix" 21 | state=directory 22 | when: "'heavyforwarder' in group_names" 23 | 24 | - name: Copy Splunk Citrix add-on to heavyforwarder 25 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.ipfix_addon_tgz }}" 26 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/" 27 | copy=yes 28 | owner=splunk 29 | group=splunk 30 | when: "'heavyforwarder' in group_names" 31 | -------------------------------------------------------------------------------- /roles/apps/ipfix_addon/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: copy_addon.yml 3 | 4 | - include: cleanup_deployer.yml 5 | when: "'deployer' in group_names" 6 | -------------------------------------------------------------------------------- /roles/apps/nessus_addon/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: shcluster bundle push 3 | command: "./splunk apply shcluster-bundle restart --answer-yes -target https://{{ item }}:8089 -auth admin:{{ splunk_installation.admin_password }} -push-default-apps true" 4 | args: 5 | chdir: "{{ splunk_installation.splunk_home_path}}/bin" 6 | with_items: "{{ groups['shcmember'][0] }}" 7 | -------------------------------------------------------------------------------- /roles/apps/nessus_addon/tasks/cleanup_deployer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove samples from deployer 3 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_nessus/samples" 4 | state=absent 5 | 6 | - name: Remove eventgen.conf from deployer 7 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_nessus/default/eventgen.conf" 8 | state=absent 9 | -------------------------------------------------------------------------------- /roles/apps/nessus_addon/tasks/copy_addon.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Deployer 3 | - name: Create app dir on deployer 4 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/Splunk_TA_nessus" 5 | state=directory 6 | when: "'deployer' in group_names" 7 | 8 | - name: Copy Nessus add-on to deployer 9 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.nessus_addon_tgz }}" 10 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps" 11 | copy=yes 12 | owner=splunk 13 | group=splunk 14 | notify: shcluster bundle push 15 | when: "'deployer' in group_names" 16 | 17 | 18 | # Heavy Forwarder 19 | - name: Create app dir on heavyforwarder 20 | file: path="{{ splunk_installation.splunk_home_path }}/etc/apps/Splunk_TA_nessus" 21 | state=directory 22 | when: "'heavyforwarder' in group_names" 23 | 24 | - name: Copy Nessus add-on to heavyforwarder 25 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.nessus_addon_tgz }}" 26 | dest="{{ splunk_installation.splunk_home_path }}/etc/apps/" 27 | copy=yes 28 | owner=splunk 29 | group=splunk 30 | when: "'heavyforwarder' in group_names" 31 | -------------------------------------------------------------------------------- /roles/apps/nessus_addon/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: copy_addon.yml 3 | 4 | - include: cleanup_deployer.yml 5 | when: "'deployer' in group_names" 6 | 7 | - include: saved_searches.yml 8 | when: "'deployer' in group_names" 9 | notify: shcluster bundle push 10 | -------------------------------------------------------------------------------- /roles/apps/upgrade_readiness_app/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: shcluster bundle push 3 | command: "./splunk apply shcluster-bundle restart --answer-yes -target https://{{ item }}:8089 -auth admin:{{ splunk_installation.admin_password }} -push-default-apps true" 4 | args: 5 | chdir: "{{ splunk_installation.splunk_home_path}}/bin" 6 | with_items: "{{ groups['shcmember'][0] }}" 7 | -------------------------------------------------------------------------------- /roles/apps/upgrade_readiness_app/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Deployer 3 | - name: Create app dir on deployer 4 | file: path="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps/upgrade_readiness_app" 5 | state=directory 6 | when: "'deployer' in group_names" 7 | 8 | - name: Copy Upgrade Readiness App to deployer 9 | unarchive: src="{{ splunk_repository.repository_root }}/apps/{{ splunk_apps.upgrade_app_tgz }}" 10 | dest="{{ splunk_installation.splunk_home_path }}/etc/shcluster/apps" 11 | copy=yes 12 | owner=splunk 13 | group=splunk 14 | notify: shcluster bundle push 15 | when: "'deployer' in group_names" 16 | 17 | -------------------------------------------------------------------------------- /roles/common/handlers/splunkd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: splunk start 3 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk start" 4 | when: splunk_start is defined and 5 | splunk_start 6 | 7 | - name: splunk stop 8 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk stop" 9 | when: splunk_stop is defined and 10 | splunk_stop 11 | 12 | - name: splunk restart 13 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk restart" 14 | when: splunk_restart is defined and 15 | splunk_restart 16 | -------------------------------------------------------------------------------- /roles/conf/alert_actions/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/conf/alert_actions/tasks/hostname.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "Configure alert_actions.conf [default] hostname state=present" 4 | ini_file: dest={{ splunk_conf_path }}/alert_actions.conf 5 | section=default 6 | option=hostname 7 | value={{ splunk_alert_actions.default.hostname }} 8 | state=present 9 | when: splunk_alert_actions.default.hostname is defined 10 | notify: splunk restart 11 | 12 | - name: "Configure alert_actions.conf [default] hostname state=absent (default)" 13 | ini_file: dest={{ splunk_conf_path }}/alert_actions.conf 14 | section=default 15 | option=hostname 16 | state=absent 17 | when: splunk_alert_actions.default.hostname is undefined 18 | notify: splunk restart 19 | 20 | -------------------------------------------------------------------------------- /roles/conf/alert_actions/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: touch.yml 3 | - include: hostname.yml 4 | -------------------------------------------------------------------------------- /roles/conf/alert_actions/tasks/touch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk alert_actions.conf 4 | ##################################################################################################################### 5 | 6 | # touch 7 | 8 | - name: "Touch alert_actions.conf" 9 | file: path={{ splunk_conf_path }}/alert_actions.conf 10 | owner=splunk 11 | group=splunk 12 | mode=0600 13 | state=touch 14 | changed_when: false 15 | -------------------------------------------------------------------------------- /roles/conf/authentication/tasks/auth.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # set auth type 4 | - name: "Configure authentication.conf [auth] authSettings state=present" 5 | ini_file: dest={{ splunk_conf_path }}/authentication.conf 6 | section=authentication 7 | option=authSettings 8 | value={{ splunk_auth_conf.auth.authSettings }} 9 | state=present 10 | when: splunk_auth_conf.auth.authSettings is defined 11 | 12 | - name: "Configure authentication.conf [auth] authSettings state=absent (default)" 13 | ini_file: dest={{ splunk_conf_path }}/authentication.conf 14 | section=authentication 15 | option=authSettings 16 | state=absent 17 | when: splunk_auth_conf.auth.authSettings is undefined 18 | 19 | - name: "Configure authentication.conf [auth] authType state=present" 20 | ini_file: dest={{ splunk_conf_path }}/authentication.conf 21 | section=authentication 22 | option=authType 23 | value={{ splunk_auth_conf.auth.authType }} 24 | state=present 25 | when: splunk_auth_conf.auth.authType is defined 26 | 27 | - name: "Configure authentication.conf [auth] authType state=absent (default)" 28 | ini_file: dest={{ splunk_conf_path }}/authentication.conf 29 | section=authentication 30 | option=authType 31 | state=absent 32 | when: splunk_auth_conf.auth.authType is undefined 33 | -------------------------------------------------------------------------------- /roles/conf/authentication/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: touch.yml 3 | - include: strategies.yml 4 | - include: auth.yml 5 | - include: rolemaps.yml 6 | -------------------------------------------------------------------------------- /roles/conf/authentication/tasks/rolemaps.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # set role/server group mappings 4 | 5 | - name: "Configure authentication.conf [roleMap_] - state=present" 6 | ini_file: dest={{ splunk_conf_path }}/authentication.conf 7 | section=roleMap_{{ item.strategy }} 8 | option={{ item.role }} 9 | value={{ item.group }} 10 | state=present 11 | with_items: "{{ splunk_auth_conf.rolemaps }}" 12 | when: item.remove is undefined 13 | 14 | - name: "Configure authentication.conf [roleMap_] - state=absent (default)" 15 | ini_file: dest={{ splunk_conf_path }}/authentication.conf 16 | section=roleMap_{{ item.strategy }} 17 | option={{ item.role }} 18 | state=absent 19 | with_items: "{{ splunk_auth_conf.rolemaps }}" 20 | when: item.remove is defined 21 | 22 | -------------------------------------------------------------------------------- /roles/conf/authentication/tasks/touch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk authentication.conf 4 | ##################################################################################################################### 5 | 6 | # touch 7 | 8 | - name: "Touch authentication.conf" 9 | file: path={{ splunk_conf_path }}/authentication.conf 10 | owner=splunk 11 | group=splunk 12 | mode=0600 13 | state=touch 14 | changed_when: false 15 | -------------------------------------------------------------------------------- /roles/conf/authorize/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: touch.yml 3 | - include: user_roles.yml 4 | -------------------------------------------------------------------------------- /roles/conf/authorize/tasks/touch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk authorize.conf 4 | ##################################################################################################################### 5 | 6 | # touch 7 | 8 | - name: "Touch authorize.conf" 9 | file: path={{ splunk_conf_path }}/authorize.conf 10 | owner=splunk 11 | group=splunk 12 | mode=0600 13 | state=touch 14 | changed_when: false 15 | -------------------------------------------------------------------------------- /roles/conf/authorize/tasks/user_roles.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: create authorize.conf 3 | template: 4 | src=templates/authorize.conf.j2 5 | dest="{{ splunk_installation.splunk_home_path }}/etc/system/local/authorize.conf" 6 | owner=splunk 7 | group=splunk 8 | mode=0644 9 | when: user_roles is defined 10 | 11 | -------------------------------------------------------------------------------- /roles/conf/authorize/templates/authorize.conf.j2: -------------------------------------------------------------------------------- 1 | {% for k,v in user_roles.iteritems() %} 2 | [role_{{ k }}] 3 | {% for attr,val in v.iteritems() %} 4 | {{ attr }} = {{ val }} 5 | {% endfor %} 6 | {% endfor %} 7 | -------------------------------------------------------------------------------- /roles/conf/distsearch/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/distributedSearch/cluster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # configuration for Splunk distsearch.conf 3 | # 4 | # indexcluster 5 | 6 | - name: "Configure distsearch.conf [distributedSearch] - indexcluster state=present" 7 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 8 | section="distributedSearch:dmc_indexerclustergroup_{{ osu_environment }}" 9 | option=servers 10 | value="{{ groups['cluster'] | create_distsearch_servers }}" 11 | state=present 12 | when: groups['cluster'] is defined 13 | notify: splunk restart 14 | 15 | - name: "Configure distsearch.conf [distributedSearch] - indexcluster state=absent (default)" 16 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 17 | section="distributedSearch:dmc_indexerclustergroup_{{ osu_environment }}" 18 | option=servers 19 | state=absent 20 | when: groups['cluster'] is undefined 21 | notify: splunk restart 22 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/distributedSearch/clustermaster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Configuration for Splunk distsearch.conf 3 | # 4 | # clustermaster 5 | 6 | - name: "Configure distsearch.conf masternode [distributedSearch] - masternode state=present" 7 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 8 | section="distributedSearch:dmc_group_cluster_master" 9 | option=servers 10 | value="{{ groups['masternode'] | create_distsearch_servers }}" 11 | state=present 12 | when: groups['masternode'] is defined 13 | notify: splunk restart 14 | 15 | - name: "Configure distsearch.conf masternode [distributedSearch] - masternode state=absent (default)" 16 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 17 | section="distributedSearch:dmc_group_cluster_master" 18 | option=servers 19 | state=absent 20 | when: groups['masternode'] is undefined 21 | notify: splunk restart 22 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/distributedSearch/deployer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Configuration for Splunk distsearch.conf 3 | # 4 | # deployer 5 | 6 | - name: "Configure distsearch.conf [distributedSearch] - deployer state=present" 7 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 8 | section="distributedSearch:dmc_group_shc_deployer" 9 | option=servers 10 | value="{{ groups['deployer'] | create_distsearch_servers }}" 11 | state=present 12 | when: groups['deployer'] is defined 13 | notify: splunk restart 14 | 15 | - name: "Configure distsearch.conf [distributedSearch] - deployer state=absent (default)" 16 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 17 | section="distributedSearch:dmc_group_shc_deployer" 18 | option=servers 19 | state=absent 20 | when: groups['deployer'] is undefined 21 | notify: splunk restart 22 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/distributedSearch/deploymentserver.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Configuration for Splunk distsearch.conf 3 | # 4 | # deploymentserver 5 | 6 | - name: "Configure distsearch.conf [distributedSearch] - deploymentserver state=present" 7 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 8 | section="distributedSearch:dmc_group_deployment_server" 9 | option=servers 10 | value="{{ groups['deploymentserver'] | create_distsearch_servers }}" 11 | state=present 12 | when: groups['deploymentserver'] is defined 13 | notify: splunk restart 14 | 15 | - name: "Configure distsearch.conf [distributedSearch] - deploymentserver state=absent (default)" 16 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 17 | section="distributedSearch:dmc_group_deployment_server" 18 | option=servers 19 | state=absent 20 | when: groups['deploymentserver'] is undefined 21 | notify: splunk restart 22 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/distributedSearch/disabled.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk distsearch.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [distributedSearch] 8 | ##################################################################################################################### 9 | 10 | # disabled 11 | 12 | - name: "Configure distsearch.conf [distributedSearch] - disabled state=present" 13 | ini_file: dest="{{ splunk_conf_path }}/distsearch.conf" 14 | section=distributedSearch 15 | option=disabled 16 | value={{ splunk_distsearch_conf.distributedSearch.disabled }} 17 | state=present 18 | when: splunk_distsearch_conf.distributedSearch.disabled is defined and 19 | splunk_distsearch_conf.distributedSearch.disabled == true 20 | notify: splunk restart 21 | 22 | - name: "Configure distsearch.conf [distributedSearch] - disabled state=absent (default)" 23 | ini_file: dest="{{ splunk_conf_path }}/distsearch.conf" 24 | section=distributedSearch 25 | option=disabled 26 | state=absent 27 | when: splunk_distsearch_conf.distributedSearch.disabled is undefined or 28 | splunk_distsearch_conf.distributedSearch.disabled == false 29 | notify: splunk restart 30 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/distributedSearch/licensemaster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Configurations for Splunk distsearch.conf 3 | # 4 | # licensemaster 5 | 6 | - name: "Configure distsearch.conf [distributedSearch] - licensemaster state=present" 7 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 8 | section="distributedSearch:dmc_group_license_master" 9 | option=servers 10 | value="{{ groups['licensemaster'] | create_distsearch_servers }}" 11 | state=present 12 | when: groups['licensemaster'] is defined 13 | notify: splunk restart 14 | 15 | - name: "Configure distsearch.conf [distributedSearch] - licensemaster state=absent (default)" 16 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 17 | section="distributedSearch:dmc_group_license_master" 18 | option=servers 19 | state=absent 20 | when: groups['licensemaster'] is undefined 21 | notify: splunk restart 22 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/distributedSearch/peernode.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Configuration for Splunk distsearch.conf 3 | # 4 | # peernode 5 | 6 | - name: "Configure distsearch.conf [distributedSearch] - peernode state=present" 7 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 8 | section="distributedSearch:dmc_group_indexer" 9 | option=servers 10 | value="{{ groups['peernode'] | create_distsearch_servers }}" 11 | state=present 12 | when: groups['peernode'] is defined 13 | notify: splunk restart 14 | 15 | - name: "Configure distsearch.conf [distributedSearch] - default indexer" 16 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 17 | section="distributedSearch:dmc_group_indexer" 18 | option=default 19 | value=true 20 | when: splunk_distsearch_conf.distributedSearch.servers is defined 21 | notify: splunk restart 22 | 23 | - name: "Configure distsearch.conf [distributedSearch] - peernode state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 25 | section="distributedSearch:dmc_group_indexer" 26 | option=servers 27 | state=absent 28 | when: groups['peernode'] is undefined 29 | notify: splunk restart 30 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/distributedSearch/searchhead.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Configuration for Splunk distsearch.conf 3 | # 4 | # searchhead 5 | 6 | - name: "Configure distsearch.conf searchhead [distributedSearch] - searchhead state=present" 7 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 8 | section="distributedSearch:dmc_group_search_head" 9 | option=servers 10 | value="{{ groups['searchhead'] | create_distsearch_servers }}" 11 | state=present 12 | when: groups['searchhead'] is defined 13 | notify: splunk restart 14 | 15 | - name: "Configure distsearch.conf searchhead [distributedSearch] - searchhead state=absent (default)" 16 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 17 | section="distributedSearch:dmc_group_search_head" 18 | option=servers 19 | state=absent 20 | when: groups['searchhead'] is undefined 21 | notify: splunk restart 22 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/distributedSearch/server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk distsearch.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [distributedSearch] 8 | ##################################################################################################################### 9 | 10 | # server 11 | 12 | 13 | - name: "Configure distsearch.conf [distributedSearch] - server state=present" 14 | vars: 15 | distsearchpeers: "{{ groups['shcmember'] }}, {{ groups['licensemaster'] }}, {{ groups['masternode'] }}" 16 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 17 | section=distributedSearch 18 | option=servers 19 | value="{{ distsearchpeers | create_distsearch_servers }}" 20 | state=present 21 | when: splunk_distsearch_conf.distributedSearch.servers is defined 22 | notify: splunk restart 23 | 24 | - name: "Configure distsearch.conf [distributedSearch] - server state=absent (default)" 25 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 26 | section=distributedSearch 27 | option=servers 28 | state=absent 29 | when: splunk_distsearch_conf.distributedSearch.servers is undefined 30 | notify: splunk restart 31 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/distributedSearch/shcmember.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Configuration for Splunk distserach.conf 3 | # 4 | # shcmember 5 | 6 | - name: "Configure distsearch.conf [distributedSearch] - shcmember state=present" 7 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 8 | section="distributedSearch:dmc_searchheadclustergroup_{{ osu_environment }}" 9 | option=servers 10 | value="{{ groups['shcmember'] | create_distsearch_servers }}" 11 | state=present 12 | when: groups['shcmember'] is defined 13 | notify: splunk restart 14 | 15 | - name: "Configure distsearch.conf [distributedSearch] - shcmember state=absent (default)" 16 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 17 | section="distributedSearch:dmc_searchheadclustergroup_{{ osu_environment }}" 18 | option=servers 19 | state=absent 20 | when: groups['shcmember'] is undefined 21 | notify: splunk restart 22 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: touch.yml 3 | - include: distributedSearch/disabled.yml 4 | - include: distributedSearch/server.yml 5 | - include: distributedSearch/searchhead.yml 6 | - include: distributedSearch/clustermaster.yml 7 | - include: distributedSearch/licensemaster.yml 8 | - include: distributedSearch/deploymentserver.yml 9 | - include: distributedSearch/deployer.yml 10 | - include: distributedSearch/cluster.yml 11 | - include: distributedSearch/shcmember.yml 12 | - include: distributedSearch/peernode.yml 13 | 14 | -------------------------------------------------------------------------------- /roles/conf/distsearch/tasks/touch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk distsearch.conf 4 | ##################################################################################################################### 5 | 6 | # touch 7 | 8 | - name: "Touch distsearch.conf" 9 | file: path={{ splunk_conf_path }}/distsearch.conf 10 | owner=splunk 11 | group=splunk 12 | mode=0600 13 | state=touch 14 | changed_when: false 15 | 16 | -------------------------------------------------------------------------------- /roles/conf/fw/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup ufw 3 | ufw: state=enabled policy=deny 4 | 5 | - name: allow ssh 6 | ufw: rule=allow port=22 proto=tcp src={{ item }} 7 | with_items: "{{splunk_fw.management_allow}}" 8 | 9 | - name: allow management http 10 | ufw: rule=allow port=8000 proto=tcp src={{ item }} 11 | with_items: "{{splunk_fw.management_allow}}" 12 | 13 | - name: allow load balancer snip shcmembers 14 | ufw: rule=allow port=443 proto=tcp src={{ item }} 15 | when: "'shcmember' in group_names" 16 | with_items: "{{splunk_fw.lb_snip}}" 17 | 18 | - name: allow access to license manager 19 | ufw: rule=allow port=8089 proto=tcp src={{ item }} 20 | when: "'licensemaster' in group_names" 21 | with_items: "{{splunk_fw.lm_allow}}" 22 | 23 | - name: deny ssh to heavyforwarder all 24 | ufw: rule=deny port=22 proto=tcp src=any 25 | when: "'heavyforwarder' in group_names" 26 | 27 | - name: deny mgmt to heavyforwarder all 28 | ufw: rule=deny port=8000 proto=tcp src=any 29 | when: "'heavyforwarder' in group_names" 30 | 31 | - name: allow heavy forwarder access 32 | ufw: rule=allow src={{ item }} 33 | when: "'heavyforwarder' in group_names" 34 | with_items: "{{splunk_fw.forwarder_allow}}" 35 | 36 | - name: allow all nodes to talk to each other 37 | ufw: rule=allow src={{ item }} 38 | with_items: "{{groups['searchpeer']}}, {{groups['masternode']}}, {{groups['shcluster']}}, {{groups['cluster']}},{{groups['dmc']}},{{groups['heavyforwarder']}}" 39 | -------------------------------------------------------------------------------- /roles/conf/ha/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: restart keepalived 4 | service: name=keepalived state=restarted 5 | 6 | - name: restart network 7 | service: name=network state=restart -------------------------------------------------------------------------------- /roles/conf/ha/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This role installs and sets up keepalived 3 | 4 | - name: Install keepalived (debian/ubuntu) 5 | apt: name=keepalived state=present 6 | when: ansible_os_family == "Debian" 7 | tags: keepalived 8 | notify: restart keepalived 9 | 10 | - name: Configure keepalived 11 | template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf 12 | tags: keepalived 13 | notify: restart keepalived 14 | 15 | - name: Start keepalived 16 | service: name=keepalived state=running 17 | tags: keepalived 18 | -------------------------------------------------------------------------------- /roles/conf/ha/templates/keepalived.conf.j2: -------------------------------------------------------------------------------- 1 | ! Configuration File for keepalived 2 | global_defs { 3 | } 4 | vrrp_script chk_service { # Requires keepalived-1.1.13 5 | script "killall -0 {{ keepalived_check_process }}" # cheaper than pidof 6 | interval 2 # check every 2 seconds 7 | weight 2 # add 2 points of prio if OK 8 | } 9 | vrrp_instance VI_1 { 10 | state {{ keepalived_role }} 11 | interface {{ keepalived_shared_iface }} 12 | virtual_router_id {{ keepalived_router_id }} 13 | {% if keepalived_role.lower() == "master" %} 14 | priority {{ keepalived_priority }} 15 | {% else %} 16 | priority {{ keepalived_backup_priority }} 17 | {% endif %} 18 | advert_int 1 19 | authentication { 20 | auth_type PASS 21 | auth_pass {{ keepalived_auth_pass }} 22 | } 23 | virtual_ipaddress { 24 | {{ keepalived_shared_ip }} dev {{ keepalived_shared_iface }} label {{ keepalived_shared_iface }}:0 25 | } 26 | track_script { 27 | chk_service 28 | } 29 | unicast_peer { 30 | {{ keepalived_unicast_peer }} 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /roles/conf/indexes/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/conf/indexes/templates/cluster_indexes.conf.j2: -------------------------------------------------------------------------------- 1 | {% for k,v in cluster_indexes.iteritems() %} 2 | [{{ k }}] 3 | {% for attr,val in v.iteritems() %} 4 | {{ attr }} = {{ val }} 5 | {% endfor %} 6 | {% endfor %} 7 | -------------------------------------------------------------------------------- /roles/conf/indexes/templates/cluster_system_indexes.conf.j2: -------------------------------------------------------------------------------- 1 | {% for k,v in cluster_system_indexes.iteritems() %} 2 | [{{ k }}] 3 | {% for attr,val in v.iteritems() %} 4 | {{ attr }} = {{ val }} 5 | {% endfor %} 6 | {% endfor %} 7 | -------------------------------------------------------------------------------- /roles/conf/indexes/templates/indexes.conf.j2: -------------------------------------------------------------------------------- 1 | {% for k,v in indexes.iteritems() %} 2 | [{{ k }}] 3 | {% for attr,val in v.iteritems() %} 4 | {{ attr }} = {{ val }} 5 | {% endfor %} 6 | {% endfor %} 7 | -------------------------------------------------------------------------------- /roles/conf/inputs/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/conf/inputs/tasks/SSL/password.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk inputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [SSL] 8 | ##################################################################################################################### 9 | 10 | # password 11 | 12 | - name: "Configure inputs.conf [SSL] - set password" 13 | ini_file: dest="{{ splunk_conf_path }}/inputs.conf" 14 | section=SSL 15 | option=password 16 | value={{ splunk_inputs_conf.SSL.password }} 17 | state=present 18 | when: splunk_inputs_conf.SSL.password is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure inputs.conf [SSL] - unset password (default)" 22 | ini_file: dest="{{ splunk_conf_path }}/inputs.conf" 23 | section=SSL 24 | option=password 25 | state=absent 26 | when: splunk_inputs_conf.SSL.password is undefined 27 | notify: splunk restart 28 | -------------------------------------------------------------------------------- /roles/conf/inputs/tasks/SSL/rootCA.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk inputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [SSL] 8 | ##################################################################################################################### 9 | 10 | # rootCA 11 | 12 | - name: "Configure inputs.conf: Set rootCA" 13 | ini_file: dest="{{ splunk_conf_path }}/inputs.conf" 14 | section=SSL 15 | option=rootCA 16 | value={{ splunk_inputs_conf.SSL.rootCA }} 17 | state=present 18 | when: splunk_inputs_conf.SSL.rootCA is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure inputs.conf: Unset rootCA (default)" 22 | ini_file: dest="{{ splunk_conf_path }}/inputs.conf" 23 | section=SSL 24 | option=rootCA 25 | state=absent 26 | when: splunk_inputs_conf.SSL.rootCA is undefined 27 | notify: splunk restart 28 | -------------------------------------------------------------------------------- /roles/conf/inputs/tasks/SSL/serverCert.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk inputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [SSL] 8 | ##################################################################################################################### 9 | 10 | # serverCert 11 | 12 | - name: "Configure inputs.conf: Set serverCert" 13 | ini_file: dest="{{ splunk_conf_path }}/inputs.conf" 14 | section=SSL 15 | option=serverCert 16 | value={{ splunk_inputs_conf.SSL.serverCert }} 17 | state=present 18 | when: splunk_inputs_conf.SSL.serverCert is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure inputs.conf: Unset serverCert (default)" 22 | ini_file: dest="{{ splunk_conf_path }}/inputs.conf" 23 | section=SSL 24 | option=serverCert 25 | state=absent 26 | when: splunk_inputs_conf.SSL.serverCert is undefined 27 | notify: splunk restart 28 | -------------------------------------------------------------------------------- /roles/conf/inputs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: splunktcp/port.yml 3 | when: splunk_inputs_conf.splunktcp is defined 4 | - include: splunktcp-ssl/port.yml 5 | when: "splunk_inputs_conf.splunktcpssl is defined" 6 | - include: "{{ item }}" 7 | when: splunk_inputs_conf.SSL is defined 8 | with_items: 9 | - SSL/password.yml 10 | - SSL/rootCA.yml 11 | - SSL/serverCert.yml 12 | -------------------------------------------------------------------------------- /roles/conf/inputs/tasks/splunktcp/port.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk inputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [splunktcp:] 8 | ##################################################################################################################### 9 | 10 | - name: "Configure inputs.conf [splunktcp:] - splunktcp state=present" 11 | ini_file: dest="{{ splunk_conf_path }}/inputs.conf" 12 | section=splunktcp:{{ splunk_inputs_conf.splunktcp.port }} 13 | state=present 14 | option=dummy 15 | when: splunk_inputs_conf.splunktcp.port is defined 16 | notify: splunk restart 17 | 18 | - name: "Configure inputs.conf [splunktcp:] - splunktcp state=absent (default)" 19 | replace: dest="{{ splunk_conf_path }}/inputs.conf" 20 | regexp='\[splunktcp:\d+\]\n' 21 | replace='' 22 | when: splunk_inputs_conf.splunktcp.port is undefined 23 | notify: splunk restart 24 | -------------------------------------------------------------------------------- /roles/conf/inputs/tasks/splunktcpssl/port.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk inputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [splunktcp-ssl:] 8 | ##################################################################################################################### 9 | 10 | - name: "Configure inputs.conf [splunktcp-ssl:] - splunktcpssl state=present" 11 | ini_file: dest="{{ splunk_conf_path }}/inputs.conf" 12 | section=splunktcpssl:{{ splunk_inputs_conf.splunktcpssl.port }} 13 | state=present 14 | option=dummy 15 | when: splunk_inputs_conf.splunktcpssl.port is defined 16 | notify: splunk restart 17 | 18 | - name: "Configure inputs.conf [splunktcp-ssl:] - splunktcpssl state=absent (default)" 19 | replace: dest="{{ splunk_conf_path }}/inputs.conf" 20 | regexp='\[splunktcpssl:\d+\]\n' 21 | replace='' 22 | when: splunk_inputs_conf.splunktcpssl.port is undefined 23 | notify: splunk restart 24 | -------------------------------------------------------------------------------- /roles/conf/outputs/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/indexAndForward.yml: -------------------------------------------------------------------------------- 1 | - name: "Configure outputs.conf [indexAndForward] - index state=present" 2 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 3 | section=indexAndForward 4 | option=index 5 | value={{ splunk_outputs_conf.indexAndForward.index }} 6 | state=present 7 | when: splunk_outputs_conf.indexAndForward.index is defined 8 | notify: splunk restart 9 | 10 | - name: "Configure outputs.conf [indexAndForward] - index state=absent (default)" 11 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 12 | section=indexAndForward 13 | option=index 14 | state=absent 15 | when: splunk_outputs_conf.indexAndForward.index is undefined 16 | notify: splunk restart 17 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/indexer_discovery/pass4SymmKey.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [indexer_discovery] 8 | ##################################################################################################################### 9 | 10 | # pass4SymmKey 11 | 12 | - name: "Configure outputs.conf [indexer_discovery] - pass4SymmKey state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=indexer_discovery:{{ item.key }} 15 | option=pass4SymmKey 16 | value={{ item.value.pass4SymmKey }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.indexer_discovery }}" 19 | when: splunk_outputs_conf.indexer_discovery.{{ item.key }}.pass4SymmKey is defined 20 | notify: splunk restart 21 | tags: pass4SymmKey 22 | 23 | - name: "Configure outputs.conf [indexer_discovery] - pass4SymmKey state=absent (default)" 24 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 25 | section=indexer_discovery:{{ item.key }} 26 | option=pass4SymmKey 27 | state=absent 28 | with_dict: "{{ splunk_outputs_conf.indexer_discovery }}" 29 | when: splunk_outputs_conf.indexer_discovery.{{ item.key }}.pass4SymmKey is undefined 30 | notify: splunk restart 31 | tags: pass4SymmKey 32 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: touch.yml 3 | - include: tcpout/defaultGroup.yml 4 | - include: tcpout/indexAndForward.yml 5 | when: splunk_outputs_conf.indexAndForward is defined 6 | - include: tcpout:target_group/indexerDiscovery.yml 7 | - include: tcpout:target_group/server.yml 8 | - include: tcpout:target_group/sslCertPath.yml 9 | - include: tcpout:target_group/sslPassword.yml 10 | - include: tcpout:target_group/sslRootCAPath.yml 11 | - include: tcpout:target_group/sslVerifyServerCert.yml 12 | - include: tcpout:target_group/useAck.yml 13 | - include: indexAndForward.yml 14 | when: splunk_outputs_conf.indexAndForward is defined 15 | - include: indexer_discovery/pass4SymmKey.yml 16 | - include: indexer_discovery/master_uri.yml 17 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout/defaultGroup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout] 8 | ##################################################################################################################### 9 | 10 | # defaultGroup 11 | 12 | - name: "Configure outputs.conf [tcpout] - defaultGroup state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout 15 | option=defaultGroup 16 | value={{ splunk_outputs_conf.tcpout.defaultGroup }} 17 | state=present 18 | when: splunk_outputs_conf.tcpout.defaultGroup is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure outputs.conf [tcpout] - defaultGroup state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 23 | section=tcpout 24 | option=defaultGroup 25 | state=absent 26 | when: splunk_outputs_conf.tcpout.defaultGroup is undefined 27 | notify: splunk restart 28 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout/indexAndForward.yml: -------------------------------------------------------------------------------- 1 | - name: "Configure outputs.conf [tcpout] - indexAndForward state=present" 2 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 3 | section=tcpout 4 | option=indexAndForward 5 | value={{ splunk_outputs_conf.tcpout.indexAndForward }} 6 | state=present 7 | when: splunk_outputs_conf.tcpout.indexAndForward is defined 8 | notify: splunk restart 9 | 10 | - name: "Configure outputs.conf [tcpout] - indexAndForward state=absent (default)" 11 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 12 | section=tcpout 13 | option=indexAndForward 14 | state=absent 15 | when: splunk_outputs_conf.tcpout.indexAndForward is undefined 16 | notify: splunk restart 17 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout:target_group/indexerDiscovery.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout:] 8 | ##################################################################################################################### 9 | 10 | # tcpout:target_group 11 | 12 | - name: "Configure outputs.conf [tcpout:] - tcpout:target_group state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout:{{ item.key }} 15 | option=indexerDiscovery 16 | value={{ item.value.indexerDiscovery }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 19 | when: splunk_outputs_conf.tcpout.target_group.{{ item.key }}.indexerDiscovery is defined 20 | notify: splunk restart 21 | 22 | - name: "Configure outputs.conf [tcpout:] - tcpout:target_group state=absent (default)" 23 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 24 | section=tcpout:{{ item.key }} 25 | option=indexerDiscovery 26 | state=absent 27 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 28 | when: splunk_outputs_conf.tcpout.target_group.{{ item.key }}.indexerDiscovery is undefined 29 | notify: splunk restart 30 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout:target_group/server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout:] 8 | ##################################################################################################################### 9 | 10 | # tcpout:target_group server 11 | 12 | - name: "Configure outputs.conf [tcpout:] - server state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout:{{ item.key }} 15 | option=server 16 | value={{ item.value.server | join(",") }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 19 | when: splunk_outputs_conf.tcpout.target_group.{{ item.key }}.server is defined 20 | notify: splunk restart 21 | 22 | - name: "Configure outputs.conf [tcpout:] - server state=absent (default)" 23 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 24 | section=tcpout:{{ item.key }} 25 | option=server 26 | state=absent 27 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 28 | when: splunk_outputs_conf.tcpout.target_group.{{ item.key }}.server is undefined 29 | notify: splunk restart 30 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout:target_group/sslCertPath.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout:] 8 | ##################################################################################################################### 9 | 10 | # sslCertPath 11 | 12 | - name: "Configure outputs.conf [tcpout:] - sslCertPath state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout:{{ item.key }} 15 | option=sslCertPath 16 | value={{ item.value.sslCertPath }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 19 | when: splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslCertPath is defined 20 | notify: splunk restart 21 | 22 | - name: "Configure outputs.conf [tcpout:] - sslCertPath state=absent (default)" 23 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 24 | section=tcpout:{{ item.key }} 25 | option=sslCertPath 26 | state=absent 27 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 28 | when: splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslCertPath is undefined 29 | notify: splunk restart 30 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout:target_group/sslPassword.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout:] 8 | ##################################################################################################################### 9 | 10 | # sslPassword 11 | 12 | - name: "Configure outputs.conf [tcpout:] - sslPassword state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout:{{ item.key }} 15 | option=sslPassword 16 | value={{ item.value.sslPassword }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 19 | when: splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslPassword is defined 20 | notify: splunk restart 21 | 22 | - name: "Configure outputs.conf [tcpout:] - sslPassword state=absent (default)" 23 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 24 | section=tcpout:{{ item.key }} 25 | option=sslPassword 26 | state=absent 27 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 28 | when: splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslPassword is undefined 29 | notify: splunk restart 30 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout:target_group/sslRootCAPath.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout:] 8 | ##################################################################################################################### 9 | 10 | # sslRootCAPath 11 | 12 | - name: "Configure outputs.conf [tcpout:] - sslRootCAPath state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout:{{ item.key }} 15 | option=sslRootCAPath 16 | value={{ item.value.sslRootCAPath }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 19 | when: splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslRootCAPath is defined 20 | notify: splunk restart 21 | 22 | - name: "Configure outputs.conf [tcpout:] - sslRootCAPath state=absent (default)" 23 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 24 | section=tcpout:{{ item.key }} 25 | option=sslRootCAPath 26 | state=absent 27 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 28 | when: splunk_outputs_conf.tcpout.target_group.{{ item.key }}.sslRootCAPath is undefined 29 | notify: splunk restart 30 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/tcpout:target_group/useAck.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [tcpout:] 8 | ##################################################################################################################### 9 | 10 | # useAck 11 | 12 | - name: "Configure outputs.conf [tcpout:] - useACK state=present" 13 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 14 | section=tcpout:{{ item.key }} 15 | option=useACK 16 | value={{ item.value.useACK }} 17 | state=present 18 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 19 | when: splunk_outputs_conf.tcpout.target_group.{{ item.key }}.useACK is defined and 20 | splunk_outputs_conf.tcpout.target_group.{{ item.key }}.useACK == true 21 | notify: splunk restart 22 | 23 | - name: "Configure outputs.conf [tcpout:] - useACK (default) state=absent" 24 | ini_file: dest={{ splunk_conf_path }}/outputs.conf 25 | section=tcpout:{{ item.key }} 26 | option=useACK 27 | state=absent 28 | with_dict: "{{ splunk_outputs_conf.tcpout.target_group }}" 29 | when: splunk_outputs_conf.tcpout.target_group.{{ item.key }}.useACK is undefined 30 | notify: splunk restart 31 | -------------------------------------------------------------------------------- /roles/conf/outputs/tasks/touch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk outputs.conf 4 | ##################################################################################################################### 5 | 6 | # touch 7 | 8 | - name: "Touch outputs.conf" 9 | file: path={{ splunk_conf_path }}/outputs.conf 10 | owner=splunk 11 | group=splunk 12 | mode=0600 13 | state=touch 14 | changed_when: false 15 | -------------------------------------------------------------------------------- /roles/conf/server/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/available_sites.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # available_sites 11 | 12 | - name: "Configure server.conf [clustering] - available_sites state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=available_sites 16 | value="{{ splunk_server_conf.clustering.available_sites }}" 17 | state=present 18 | when: splunk_server_conf.clustering.available_sites is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [clustering] - available_sites state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section=clustering 24 | option=available_sites 25 | state=absent 26 | when: splunk_server_conf.clustering.site_replication_factor is undefined 27 | notify: splunk restart 28 | 29 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/cluster_label.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # cluster_label 11 | 12 | - name: "Configure server.conf [clustering] - cluster_label state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=cluster_label 16 | value="{{ splunk_cluster_label }}" 17 | state=present 18 | when: splunk_cluster_label is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [clustering] - cluster_label state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section=clustering 24 | option=cluster_label 25 | state=absent 26 | when: splunk_cluster_label is undefined 27 | notify: splunk restart 28 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/mode.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # mode 11 | 12 | - name: "Configure server.conf [clustering] - mode state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=mode 16 | value={{ splunk_server_conf.clustering.mode }} 17 | state=present 18 | when: splunk_server_conf.clustering.mode is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [clustering] - mode state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section=clustering 24 | option=mode 25 | state=absent 26 | when: splunk_server_conf.clustering.mode is undefined or 27 | splunk_server_conf.clustering.mode == "disabled" 28 | notify: splunk restart 29 | 30 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/multisite.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # multisite 11 | 12 | - name: "Configure server.conf [clustering] - multisite state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=multisite 16 | value={{ splunk_server_conf.clustering.multisite }} 17 | state=present 18 | when: splunk_server_conf.clustering.multisite is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [clustering] - multisite state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section=clustering 24 | option=multisite 25 | state=absent 26 | when: splunk_server_conf.clustering.multisite is undefined 27 | notify: splunk restart 28 | 29 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/pass4SymmKey.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # pass4SymmKey 11 | 12 | - name: "Configure server.conf [clustering] - pass4SymmKey state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=pass4SymmKey 16 | value={{ splunk_server_conf.clustering.pass4SymmKey }} 17 | state=present 18 | when: splunk_server_conf.clustering.pass4SymmKey is defined 19 | notify: splunk restart 20 | tags: pass4SymmKey 21 | 22 | - name: "Configure server.conf [clustering] - pass4SymmKey state=absent" 23 | ini_file: dest={{ splunk_conf_path }}/server.conf 24 | section=clustering 25 | option=pass4SymmKey 26 | state=absent 27 | when: splunk_server_conf.clustering.pass4SymmKey is undefined 28 | notify: splunk restart 29 | tags: pass4SymmKey 30 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/replication_factor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # replication_factor 11 | 12 | - name: "Configure server.conf [clustering] - replication_factor state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=replication_factor 16 | value={{ splunk_server_conf.clustering.replication_factor }} 17 | state=present 18 | when: splunk_server_conf.clustering.replication_factor is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [clustering] - replication_factor state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section=clustering 24 | option=replication_factor 25 | state=absent 26 | when: splunk_server_conf.clustering.replication_factor is undefined 27 | notify: splunk restart 28 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/search_factor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # search_factor 11 | 12 | - name: "Configure server.conf [clustering] - search_factor state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=search_factor 16 | value={{ splunk_server_conf.clustering.search_factor }} 17 | state=present 18 | when: splunk_server_conf.clustering.search_factor is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [clustering] - search_factor state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section=clustering 24 | option=search_factor 25 | state=absent 26 | when: splunk_server_conf.clustering.search_factor is undefined or 27 | splunk_server_conf.clustering.search_factor == 2 28 | notify: splunk restart 29 | 30 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/clustering/site_replication_factor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [clustering] 8 | ##################################################################################################################### 9 | 10 | # site_replication_factor 11 | 12 | - name: "Configure server.conf [clustering] - site_replication_factor state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=clustering 15 | option=site_replication_factor 16 | value="{{ splunk_server_conf.clustering.site_replication_factor }}" 17 | state=present 18 | when: splunk_server_conf.clustering.site_replication_factor is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [clustering] - site_replication_factor state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section=clustering 24 | option=site_replication_factor 25 | state=absent 26 | when: splunk_server_conf.clustering.site_replication_factor is undefined 27 | notify: splunk restart 28 | 29 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/diskUsage/minFreeSpace.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [diskUsage] 8 | ##################################################################################################################### 9 | 10 | # minFreeSpace 11 | 12 | - name: "Configure server.conf [diskUsage] - minFreeSpace state=present (static)" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=diskUsage 15 | option=minFreeSpace 16 | value={{ splunk_server_conf.diskUsage.minFreeSpace }} 17 | state=present 18 | when: splunk_server_conf.diskUsage.minFreeSpace is defined and 19 | splunk_server_conf.diskUsage.minFreeSpace != "5000" 20 | notify: splunk restart 21 | 22 | - name: "Configure server.conf [diskUsage] - minFreeSpace state=absent (default)" 23 | ini_file: dest={{ splunk_conf_path }}/server.conf 24 | section=diskUsage 25 | option=minFreeSpace 26 | state=absent 27 | when: splunk_server_conf.diskUsage.minFreeSpace is undefined 28 | notify: splunk restart 29 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/general/pass4SymmKey.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [general] 8 | ##################################################################################################################### 9 | 10 | # pass4SymmKey 11 | 12 | - name: "Configure server.conf [general] - pass4SymmKey state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=general 15 | option=pass4SymmKey 16 | value={{ splunk_server_conf.general.pass4SymmKey }} 17 | state=present 18 | when: splunk_server_conf.general.pass4SymmKey is defined 19 | notify: splunk restart 20 | tags: pass4SymmKey 21 | 22 | - name: "Configure server.conf [general] - pass4SymmKey state=absent" 23 | ini_file: dest={{ splunk_conf_path }}/server.conf 24 | section=general 25 | option=pass4SymmKey 26 | state=absent 27 | when: splunk_server_conf.general.pass4SymmKey is undefined 28 | notify: splunk restart 29 | tags: pass4SymmKey 30 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/general/trustedIP.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [general] 8 | ##################################################################################################################### 9 | 10 | # trustedIP 11 | 12 | - name: "Configure server.conf [general] - trustedIP state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=general 15 | option=trustedIP 16 | value={{ splunk_server_conf.general.trustedIP }} 17 | state=present 18 | when: splunk_server_conf.general.trustedIP is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [general] - site state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section=general 24 | option=trustedIP 25 | state=absent 26 | when: splunk_server_conf.general.trustedIP is undefined 27 | notify: splunk restart 28 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: touch.yml 3 | - include: "{{ item }}" 4 | when: splunk_server_conf.clustering is defined 5 | with_items: 6 | - clustering/pass4SymmKey.yml 7 | - clustering/available_sites.yml 8 | - clustering/cluster_label.yml 9 | - clustering/master_uri.yml 10 | - clustering/mode.yml 11 | - clustering/multisite.yml 12 | - clustering/replication_factor.yml 13 | - clustering/search_factor.yml 14 | - clustering/site_replication_factor.yml 15 | - include: diskUsage/minFreeSpace.yml 16 | when: splunk_server_conf.diskUsage is defined 17 | - include: general/pass4SymmKey.yml 18 | - include: general/site.yml 19 | - include: general/trustedIP.yml 20 | - include: license/master_uri.yml 21 | - include: replication_port/port.yml 22 | when: splunk_server_conf.replication_port is defined 23 | - include: "{{ item }}" 24 | when: splunk_server_conf.replication_port_ssl is defined 25 | with_items: 26 | - replication_port-ssl/port.yml 27 | - replication_port-ssl/rootCA.yml 28 | - replication_port-ssl/serverCert.yml 29 | - replication_port-ssl/password.yml 30 | - include: "{{ item }}" 31 | when: splunk_server_conf.shclustering is defined 32 | with_items: 33 | - shclustering/conf_deploy_fetch_url.yml 34 | - shclustering/conf_replication_include.yml 35 | - shclustering/enable.yml 36 | - shclustering/election.yml 37 | - shclustering/id.yml 38 | - shclustering/mgmt_uri.yml 39 | - shclustering/pass4SymmKey.yml 40 | - shclustering/replication_factor.yml 41 | - shclustering/shcluster_label.yml 42 | - include: sslConfig/sslKeysfilePassword.yml 43 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/replication_port-ssl/password.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [replication_port-ssl:] 8 | ##################################################################################################################### 9 | 10 | # password 11 | 12 | - name: "Configure server.conf [replication_port-ssl:] - password state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section="replication_port-ssl://{{ splunk_server_conf.replication_port_ssl.port }}" 15 | option=password 16 | value={{ splunk_server_conf.replication_port_ssl.password }} 17 | state=present 18 | when: splunk_server_conf.replication_port_ssl.password is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [replication_port-ssl:] - password state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section="replication_port-ssl://{{ splunk_server_conf.replication_port_ssl.port }}" 24 | option=password 25 | state=absent 26 | when: splunk_server_conf.replication_port_ssl is defined and 27 | splunk_server_conf.replication_port_ssl.password is undefined 28 | notify: splunk restart 29 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/replication_port-ssl/rootCA.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [replication_port-ssl:] 8 | ##################################################################################################################### 9 | 10 | # rootCA 11 | 12 | - name: "Configure server.conf [replication_port-ssl:] - rootCA state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section="replication_port-ssl://{{ splunk_server_conf.replication_port_ssl.port }}" 15 | option=rootCA 16 | value={{ splunk_server_conf.replication_port_ssl.rootCA }} 17 | state=present 18 | when: splunk_server_conf.replication_port_ssl.rootCA is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [replication_port-ssl:] - rootCA state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section="replication_port-ssl://{{ splunk_server_conf.replication_port_ssl.port }}" 24 | option=rootCA 25 | state=absent 26 | when: splunk_server_conf.replication_port_ssl is defined and 27 | splunk_server_conf.replication_port_ssl.rootCA is undefined 28 | notify: splunk restart 29 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/replication_port-ssl/serverCert.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [replication_port-ssl:] 8 | ##################################################################################################################### 9 | 10 | # serverCert 11 | 12 | - name: "Configure server.conf [replication_port-ssl:] - serverCert state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section="replication_port-ssl://{{ splunk_server_conf.replication_port_ssl.port }}" 15 | option=serverCert 16 | value={{ splunk_server_conf.replication_port_ssl.serverCert }} 17 | state=present 18 | when: splunk_server_conf.replication_port_ssl.serverCert is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [replication_port-ssl:] - serverCert state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section="replication_port-ssl://{{ splunk_server_conf.replication_port_ssl.port }}" 24 | option=serverCert 25 | state=absent 26 | when: splunk_server_conf.replication_port_ssl is defined and 27 | splunk_server_conf.replication_port_ssl.serverCert is undefined 28 | notify: splunk restart 29 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/shclustering/conf_replication_include.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [shclustering] 8 | ##################################################################################################################### 9 | 10 | # conf_replication_include 11 | 12 | - name: "Configure server.conf [shclustering] - conf_replication_include state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=shclustering 15 | option=conf_replication_include.history 16 | value={{ splunk_server_conf.shclustering.conf_replication_include.history }} 17 | state=present 18 | when: splunk_server_conf.shclustering.conf_replication_include.history is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [shclustering] - conf_replication_include state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section=shclustering 24 | option=conf_replication_include.history 25 | state=absent 26 | when: splunk_server_conf.shclustering.conf_replication_include.history is undefined 27 | notify: splunk restart 28 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/shclustering/election.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [shclustering] 8 | ##################################################################################################################### 9 | 10 | # election 11 | 12 | - name: "Configure server.conf [shclustering] - election state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=shclustering 15 | option=election 16 | value={{ splunk_server_conf.shclustering.election }} 17 | state=present 18 | when: splunk_server_conf.shclustering.election is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [shclustering] - election state=absent" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section=shclustering 24 | option=election 25 | state=absent 26 | when: splunk_server_conf.shclustering.election is undefined 27 | notify: splunk restart 28 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/shclustering/enable.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [shclustering] 8 | ##################################################################################################################### 9 | 10 | # disabled 11 | 12 | - name: "Configure server.conf [shclustering] - disabled state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=shclustering 15 | option=disabled 16 | value={{ splunk_server_conf.shclustering.disabled }} 17 | state=present 18 | when: splunk_server_conf.shclustering.disabled is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [shclustering] - disabled state=absent" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section=shclustering 24 | option=disabled 25 | state=absent 26 | when: splunk_server_conf.shclustering.disabled is undefined 27 | notify: splunk restart 28 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/shclustering/id.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [shclustering] 8 | ##################################################################################################################### 9 | 10 | # id 11 | 12 | - name: "Configure server.conf [shclustering] - id state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=shclustering 15 | option=id 16 | value={{ splunk_server_conf.shclustering.id }} 17 | state=present 18 | when: splunk_server_conf.shclustering.id is defined 19 | notify: splunk restart 20 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/shclustering/pass4SymmKey.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [shclustering] 8 | ##################################################################################################################### 9 | 10 | # pass4SymmKey 11 | 12 | - name: "Configure server.conf [shclustering] - pass4SymmKey state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=shclustering 15 | option=pass4SymmKey 16 | value={{ splunk_server_conf.shclustering.pass4SymmKey }} 17 | state=present 18 | when: splunk_server_conf.shclustering.pass4SymmKey is defined 19 | notify: splunk restart 20 | tags: pass4SymmKey 21 | 22 | - name: "Configure server.conf [shclustering] - pass4SymmKey state=absent" 23 | ini_file: dest={{ splunk_conf_path }}/server.conf 24 | section=shclustering 25 | option=pass4SymmKey 26 | state=absent 27 | when: splunk_server_conf.shclustering.pass4SymmKey is undefined 28 | notify: splunk restart 29 | tags: pass4SymmKey 30 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/shclustering/replication_factor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [shclustering] 8 | ##################################################################################################################### 9 | 10 | # replication_factor 11 | 12 | - name: "Configure server.conf [shclustering] - replication_factor state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=shclustering 15 | option=replication_factor 16 | value={{ splunk_server_conf.shclustering.replication_factor }} 17 | state=present 18 | when: splunk_server_conf.shclustering.replication_factor is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [shclustering] - replication_factor state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section=shclustering 24 | option=replication_factor 25 | state=absent 26 | when: splunk_server_conf.shclustering.replication_factor is undefined 27 | notify: splunk restart 28 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/shclustering/shcluster_label.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [shclustering] 8 | ##################################################################################################################### 9 | 10 | # shcluster_label 11 | 12 | - name: "Configure server.conf [shclustering] - shcluster_label state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=shclustering 15 | option=shcluster_label 16 | value="{{ splunk_shcluster_label }}" 17 | state=present 18 | when: splunk_shcluster_label is defined 19 | notify: splunk restart 20 | 21 | - name: "Configure server.conf [shclustering] - shcluster_label state=absent (default)" 22 | ini_file: dest={{ splunk_conf_path }}/server.conf 23 | section=shclustering 24 | option=shcluster_label 25 | state=absent 26 | when: splunk_shcluster_label is undefined 27 | notify: splunk restart 28 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/sslConfig/sslKeysfilePassword.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [sslConfig] 8 | ##################################################################################################################### 9 | 10 | # sslKeysfilePassword 11 | 12 | - name: "Configure server.conf [sslConfig] - sslKeysfilePassword state=present" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=sslConfig 15 | option=sslKeysfilePassword 16 | value={{ splunk_server_conf.sslConfig.sslKeysfilePassword }} 17 | state=present 18 | when: splunk_server_conf.sslConfig.sslKeysfilePassword is defined 19 | notify: splunk restart 20 | tags: sslKeysfilePassword 21 | 22 | - name: "Configure server.conf [sslConfig] - sslKeysfilePassword state=absent" 23 | ini_file: dest={{ splunk_conf_path }}/server.conf 24 | section=sslConfig 25 | option=sslKeysfilePassword 26 | state=absent 27 | when: splunk_server_conf.sslConfig.sslKeysfilePassword is undefined 28 | notify: splunk restart 29 | tags: sslKeysfilePassword 30 | -------------------------------------------------------------------------------- /roles/conf/server/tasks/touch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk server.conf 4 | ##################################################################################################################### 5 | 6 | # touch 7 | 8 | - name: "Touch server.conf" 9 | file: path={{ splunk_conf_path }}/server.conf 10 | owner=splunk 11 | group=splunk 12 | mode=0600 13 | state=touch 14 | changed_when: false 15 | -------------------------------------------------------------------------------- /roles/conf/web/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: ../../../common/handlers/splunkd.yml 3 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/cert.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Copy splunkweb cert 4 | copy: src="{{ splunk_repository.repository_root }}/ssl/{{ splunk_web_conf.settings.certFile }}" 5 | dest="/opt/splunk/etc/auth/splunkweb/{{ splunk_web_conf.settings.certFile }}" 6 | mode=0600 7 | when: "splunk_web_conf.settings.certFile is defined" 8 | - name: Copy splunkweb key 9 | copy: src="{{ splunk_repository.repository_root }}/ssl/{{ splunk_web_conf.settings.keyFile }}" 10 | dest="/opt/splunk/etc/auth/splunkweb/{{ splunk_web_conf.settings.keyFile }}" 11 | mode=0600 12 | when: "splunk_web_conf.settings.keyFile is defined" 13 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: touch.yml 3 | - include: cert.yml 4 | - include: settings/rproxy.yml 5 | - include: settings/serverCert.yml 6 | - include: settings/enableSplunkWebSSL.yml 7 | - include: settings/httpport.yml 8 | - include: settings/privKeyPath.yml 9 | - include: settings/startwebserver.yml 10 | - include: settings/updateCheckerBaseURL.yml 11 | 12 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/settings/enableSplunkWebSSL.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk web.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [settings] 8 | ##################################################################################################################### 9 | 10 | # enableSplunkWebSSL 11 | 12 | - name: "Configure web.conf [settings] - enableSplunkWebSSL state=present" 13 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 14 | section=settings option=enableSplunkWebSSL 15 | value={{ splunk_web_conf.settings.enableSplunkWebSSL }} 16 | state=present 17 | when: splunk_web_conf.settings.enableSplunkWebSSL is defined and 18 | splunk_web_conf.settings.enableSplunkWebSSL == true 19 | notify: splunk restart 20 | 21 | - name: "Configure web.conf [settings] - enableSplunkWebSSL state=absent (default)" 22 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 23 | section=settings 24 | option=enableSplunkWebSSL 25 | state=absent 26 | when: splunk_web_conf.settings.enableSplunkWebSSL is undefined or 27 | splunk_web_conf.settings.enableSplunkWebSSL == false 28 | notify: splunk restart 29 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/settings/httpport.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk web.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [settings] 8 | ##################################################################################################################### 9 | 10 | # httpport 11 | 12 | - name: "Configure web.conf [settings] - httpport state=present" 13 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 14 | section=settings 15 | option=httpport 16 | value={{ splunk_web_conf.settings.httpport }} 17 | state=present 18 | when: splunk_web_conf.settings.httpport is defined and 19 | splunk_web_conf.settings.httpport != 8000 20 | notify: splunk restart 21 | 22 | - name: Configure web.conf [settings] - httpport state=absent (default)" 23 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 24 | section=settings 25 | option=httpport 26 | state=absent 27 | when: splunk_web_conf.settings.httpport is undefined or 28 | splunk_web_conf.settings.httpport == "8000" 29 | notify: splunk restart 30 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/settings/privKeyPath.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk web.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [settings] 8 | ##################################################################################################################### 9 | 10 | # privKeyPath 11 | 12 | - name: "Configure web.conf [settings] - privKeyPath state=present" 13 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 14 | section=settings 15 | option=privKeyPath 16 | value={{ splunk_web_conf.settings.privKeyPath }} 17 | state=present 18 | when: splunk_web_conf.settings.privKeyPath is defined and 19 | splunk_web_conf.settings.privKeyPath != "etc/auth/splunkweb/privkey.pem" 20 | notify: splunk restart 21 | 22 | - name: "Configure web.conf [settings] - privKeyPath state=absent (default)" 23 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 24 | section=settings 25 | option=privKeyPath 26 | state=absent 27 | when: splunk_web_conf.settings.privKeyPath is undefined or 28 | splunk_web_conf.settings.privKeyPath == "etc/auth/splunkweb/privkey.pem" 29 | notify: splunk restart 30 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/settings/startwebserver.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk web.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [settings] 8 | ##################################################################################################################### 9 | 10 | # startwebserver 11 | 12 | - name: "Configure web.conf [settings] - startwebserver state=present" 13 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 14 | section=settings 15 | option=startwebserver 16 | value={{ splunk_web_conf.settings.startwebserver }} 17 | when: splunk_web_conf.settings.startwebserver is defined and 18 | splunk_web_conf.settings.startwebserver == 0 19 | notify: splunk restart 20 | 21 | - name: "Configure web.conf [settings] - startwebserver state=absent (default)" 22 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 23 | section=settings 24 | option=startwebserver 25 | state=absent 26 | when: splunk_web_conf.settings.startwebserver is undefined or 27 | splunk_web_conf.settings.startwebserver == 1 28 | notify: splunk restart 29 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/settings/updateCheckerBaseURL.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk web.conf 4 | ##################################################################################################################### 5 | 6 | ##################################################################################################################### 7 | # [settings] 8 | ##################################################################################################################### 9 | 10 | # updateCheckerBaseURL 11 | 12 | - name: "Configure web.conf [settings] - updateCheckerBaseURL state=present" 13 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 14 | section=settings 15 | option=updateCheckerBaseURL 16 | value={{ splunk_web_conf.settings.updateCheckerBaseURL }} 17 | state=present 18 | when: splunk_web_conf.settings.updateCheckerBaseURL is defined and 19 | splunk_web_conf.settings.updateCheckerBaseURL != "http://quickdraw.Splunk.com/js/" 20 | notify: splunk restart 21 | 22 | - name: "Configure web.conf [settings] - unset updateCheckerBaseURL state=absent (default)" 23 | ini_file: dest="{{ splunk_conf_path }}/web.conf" 24 | section=settings 25 | option=updateCheckerBaseURL 26 | state=absent 27 | when: splunk_web_conf.settings.updateCheckerBaseURL is undefined or 28 | splunk_web_conf.settings.updateCheckerBaseURL == "http://quickdraw.Splunk.com/js/" 29 | notify: splunk restart 30 | -------------------------------------------------------------------------------- /roles/conf/web/tasks/touch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Configurations for Splunk web.conf 4 | ##################################################################################################################### 5 | 6 | # touch 7 | 8 | - name: "Touch web.conf" 9 | file: path={{ splunk_conf_path }}/web.conf 10 | owner=splunk 11 | group=splunk 12 | mode=0600 13 | state=touch 14 | changed_when: false 15 | -------------------------------------------------------------------------------- /roles/group/licensemaster/tasks/copy_enterprise_license_keys.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Copy Enterprise License Keys 4 | ##################################################################################################################### 5 | 6 | - name: Create licenses/enterprise directory 7 | file: path="{{ splunk_installation.splunk_home_path }}/etc/licenses/enterprise" 8 | state=directory 9 | mode=0700 10 | owner=splunk 11 | group=splunk 12 | register: splunk_create_license_dir 13 | 14 | - name: Copy Enterprise License Keys to Licensemaster 15 | local_action: "command scp -r {{ splunk_repository.repository_root }}/licenses/enterprise/* splunk@{{ inventory_hostname }}:{{ splunk_installation.splunk_home_path }}/etc/licenses/enterprise" 16 | when: splunk_create_license_dir|succeeded or splunk_create_license_dir|skipped 17 | -------------------------------------------------------------------------------- /roles/group/licensemaster/tasks/distsearch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Configure distsearch.conf [distributedSearch] state=present" 3 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 4 | section="distributedSearch" 5 | option=servers 6 | value="{{ groups['masternode'] | create_distsearch_servers }}" 7 | state=present 8 | when: groups['masternode'] is defined 9 | notify: splunk restart 10 | 11 | - name: "Configure distsearch.conf [distributedSearch] state=absent (default)" 12 | ini_file: dest={{ splunk_conf_path }}/distsearch.conf 13 | section="distributedSearch" 14 | option=servers 15 | state=absent 16 | when: groups['masternode'] is undefined 17 | notify: splunk restart 18 | -------------------------------------------------------------------------------- /roles/group/licensemaster/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: copy_enterprise_license_keys.yml 3 | when: osu_environment == "prod" 4 | 5 | - include: touch.yml 6 | - include: distsearch.yml 7 | -------------------------------------------------------------------------------- /roles/group/licensemaster/tasks/touch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Touch distsearch.conf" 3 | file: path={{ splunk_conf_path }}/distsearch.conf 4 | owner=splunk 5 | group=splunk 6 | mode=0600 7 | state=touch 8 | changed_when: false 9 | -------------------------------------------------------------------------------- /roles/group/searchhead/tasks/distribute_distsearch_trustedkey.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Distribute Keys for Distributed Search 4 | ##################################################################################################################### 5 | 6 | - name: Copy Keys for distributed search 7 | local_action: "shell scp -r {{ splunk_repository.repository_root }}/distServerKeys/{{ ansible_hostname }} splunk@{{ item }}:{{ splunk_installation.splunk_home_path }}/etc/auth/distServerKeys/" 8 | with_items: "{{ splunk_distsearch_conf.distributedSearch.servers | create_distsearch_serverlist }}" 9 | tags: 10 | - skip_ansible_lint 11 | # linting disabled because there's no applicable pre-req 12 | -------------------------------------------------------------------------------- /roles/group/searchhead/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: distribute_distsearch_trustedkey.yml 3 | -------------------------------------------------------------------------------- /roles/group/shcmember/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart httpd 3 | service: name=apache2 state=restarted 4 | -------------------------------------------------------------------------------- /roles/group/shcmember/tasks/bootstrap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Bootstrap shcluster 4 | ##################################################################################################################### 5 | 6 | - name: Run bootstrap shcluster-captain 7 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk bootstrap shcluster-captain -servers_list {{ groups['shcmember'] | create_shcluster_mgmt_uri_servers }} -auth admin:{{ splunk_installation.admin_password }}" 8 | run_once: true 9 | become: yes 10 | become_user: splunk 11 | tags: 12 | - bootstrap 13 | when: shc_init_completed|succeeded 14 | -------------------------------------------------------------------------------- /roles/group/shcmember/tasks/conf_httpd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install apache modules 3 | apache2_module: state=present name={{item}} 4 | with_items: 5 | - proxy 6 | - proxy_http 7 | - auth_cas 8 | 9 | - name: configure reverse proxy vhost 10 | template: src=templates/000-default.conf.j2 dest=/etc/apache2/sites-available/000-default.conf owner=root group=root mode=0644 11 | register: httpd_configured 12 | notify: 13 | - restart httpd 14 | 15 | - name: enable httpd 16 | service: name=apache2 state=running enabled=yes 17 | -------------------------------------------------------------------------------- /roles/group/shcmember/tasks/copy_ssl.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: enable ssl module 4 | command: "a2enmod ssl" 5 | when: httpd_installed|succeeded 6 | 7 | - name: Copy Splunk SSL cert 8 | copy: src="{{ splunk_repository.repository_root }}/certs/{{ splunk_installation.ssl_cert }}" 9 | dest="/etc/ssl/certs/splunk-cert.crt" 10 | mode=0644 11 | 12 | - name: Copy Splunk SSL key 13 | copy: src="{{ splunk_repository.repository_root }}/certs/{{ splunk_installation.ssl_key }}" 14 | dest="/etc/ssl/certs/splunk-cert.key" 15 | mode=0644 16 | - name: Copy Splunk SSL CA cert 17 | copy: src="{{ splunk_repository.repository_root }}/certs/{{ splunk_installation.ssl_cacert }}" 18 | dest="/etc/ssl/certs/splunk-ca-cert.crt" 19 | mode=0644 20 | -------------------------------------------------------------------------------- /roles/group/shcmember/tasks/init.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Init shcluster 4 | ##################################################################################################################### 5 | 6 | - name: Run init shcluster-config 7 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk init shcluster-config -mgmt_uri https://{{ inventory_hostname }}:8089 -replication_port {{ splunk_server_conf.replication_port.port }} -auth admin:{{ splunk_installation.admin_password }}" 8 | become: yes 9 | become_user: splunk 10 | register: shc_init_completed 11 | when: httpd_configured|succeeded or httpd_configured|skipped 12 | -------------------------------------------------------------------------------- /roles/group/shcmember/tasks/install_apt_pkgs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install httpd packages 3 | apt: name={{item}} state=present update_cache=yes 4 | register: httpd_installed 5 | with_items: 6 | - apache2 7 | - libapache2-mod-auth-cas 8 | 9 | -------------------------------------------------------------------------------- /roles/group/shcmember/tasks/install_yum_pkgs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install httpd packages 3 | yum: name={{item}} state=present update_cache=yes 4 | register: httpd_installed 5 | with_items: 6 | - httpd 7 | - libapache2-mod-auth-cas 8 | 9 | -------------------------------------------------------------------------------- /roles/group/shcmember/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: install_yum_pkgs.yml 3 | when: ansible_pkg_mgr == 'yum' 4 | 5 | - include: install_apt_pkgs.yml 6 | when: ansible_pkg_mgr == 'apt' 7 | 8 | - include: copy_ssl.yml 9 | - include: conf_httpd.yml 10 | - include: restart_shcmember.yml 11 | - include: init.yml 12 | - include: restart_shcmember.yml 13 | - include: bootstrap.yml 14 | -------------------------------------------------------------------------------- /roles/group/shcmember/tasks/restart_shcmember.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ##################################################################################################################### 3 | # Restart shcmembers 4 | ##################################################################################################################### 5 | 6 | - name: Run splunk restart 7 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk restart" 8 | when: httpd_configured|succeeded or shc_init_completed|succeeded 9 | -------------------------------------------------------------------------------- /roles/group/shcmember/templates/000-default.conf.j2: -------------------------------------------------------------------------------- 1 | 2 | ServerName {{ httpd.server_name }} 3 | DocumentRoot /var/www/html 4 | CASCookiePath /var/cache/apache2/mod_auth_cas/ 5 | CASLoginURL {{ httpd.cas_login_url }} 6 | CASValidateURL {{ httpd.cas_validate_url }} 7 | 8 | Authtype CAS 9 | require valid-user 10 | CASAuthNHeader Cas-User 11 | 12 | ProxyPreserveHost On 13 | ProxyPass / http://localhost:8000/ 14 | ProxyPassReverse / http://localhost:8000/ 15 | 16 | 17 | # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, 18 | # error, crit, alert, emerg. 19 | # It is also possible to configure the loglevel for particular 20 | # modules, e.g. 21 | #LogLevel info ssl:warn 22 | 23 | ErrorLog ${APACHE_LOG_DIR}/error.log 24 | CustomLog ${APACHE_LOG_DIR}/access.log combined 25 | 26 | SSLEngine on 27 | SSLCertificateFile /etc/ssl/certs/splunk-cert.crt 28 | SSLCertificateKeyFile /etc/ssl/certs/splunk-cert.key 29 | SSLCACertificatePath /etc/ssl/certs 30 | SSLCACertificateFile /etc/ssl/certs/splunk-ca-cert.crt 31 | 32 | 33 | -------------------------------------------------------------------------------- /roles/install/tasks/add_authorized_key.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Add authorized key to user splunk 4 | authorized_key: user=splunk 5 | key="{{ splunk_installation.ssh_public_key }}" 6 | when: splunk_installation.ssh_public_key is defined 7 | -------------------------------------------------------------------------------- /roles/install/tasks/change_default_password.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Check if passwd file exists 4 | stat: path={{ splunk_installation.splunk_home_path }}/etc/passwd 5 | register: has_passwd_file 6 | 7 | - name: Change default password 8 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk edit user admin -password '{{ splunk_installation.admin_password }}' -auth admin:changeme --accept-license" 9 | when: has_passwd_file.stat.exists == false 10 | -------------------------------------------------------------------------------- /roles/install/tasks/enable_boot_start_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Remove existing init.d script 4 | file: path=/etc/init.d/splunk 5 | state=absent 6 | 7 | - name: Enable Splunk boot-start 8 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk enable boot-start -user splunk --answer-yes --accept-license" 9 | when: splunk_file_copy_complete|succeeded or splunk_file_copy_complete|skipped 10 | -------------------------------------------------------------------------------- /roles/install/tasks/fetch_distserverkeys.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Get serverName 4 | shell: "grep serverName {{ splunk_installation.splunk_home_path }}/etc/system/local/server.conf | cut -c14-" 5 | register: splunk_servername 6 | tags: 7 | - skip_ansible_lint 8 | 9 | - name: Fetch distServerKeys from all Servers 10 | fetch: src="{{ splunk_installation.splunk_home_path }}/etc/auth/distServerKeys/trusted.pem" 11 | dest="{{ splunk_repository.repository_root }}/distServerKeys/{{ splunk_servername.stdout }}/trusted.pem" 12 | flat=yes 13 | fail_on_missing=yes 14 | -------------------------------------------------------------------------------- /roles/install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: install_splunk.yml 3 | - include: set_splunk_secret.yml 4 | - include: enable_boot_start_splunk.yml 5 | - include: change_default_password.yml 6 | - include: add_authorized_key.yml 7 | - include: splunk_ftb.yml 8 | - include: fetch_distserverkeys.yml 9 | -------------------------------------------------------------------------------- /roles/install/tasks/set_splunk_secret.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Create common splunk.secret 4 | template: src=etc/auth/splunk.secret.j2 5 | dest={{ splunk_installation.splunk_home_path }}/etc/auth/splunk.secret 6 | when: splunk_installation.splunk_secret is defined 7 | 8 | - name: Set permissions for splunk.secret 9 | file: path={{ splunk_installation.splunk_home_path }}/etc/auth/splunk.secret 10 | owner=splunk 11 | group=splunk 12 | mode=0400 13 | when: splunk_installation.splunk_secret is defined 14 | 15 | -------------------------------------------------------------------------------- /roles/install/tasks/splunk_ftb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: First Time Boot Splunk 4 | service: name=splunk 5 | state=started 6 | 7 | - name: Stop Splunk 8 | service: name=splunk 9 | state=stopped 10 | -------------------------------------------------------------------------------- /roles/install/templates/etc/auth/splunk.secret.j2: -------------------------------------------------------------------------------- 1 | {{ splunk_installation.splunk_secret }} 2 | -------------------------------------------------------------------------------- /roles/migration/lm/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Configure server.conf [license] - master_uri state=present (dynamic)" 3 | ini_file: dest={{ splunk_conf_path }}/server.conf 4 | section=license 5 | option=master_uri 6 | value="https://{{ groups['licensemaster'][0] }}:8089" 7 | state=present 8 | when: splunk_server_conf.license.master_uri is defined and 9 | splunk_server_conf.license.master_uri == "dynamic" 10 | notify: splunk restart 11 | 12 | - name: "Configure server.conf [license] - master_uri state=present (static)" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=license 15 | option=master_uri 16 | value="{{ splunk_server_conf.license.master_uri }}" 17 | state=present 18 | when: splunk_server_conf.license.master_uri is defined and 19 | splunk_server_conf.license.master_uri != "dynamic" 20 | notify: splunk restart 21 | 22 | - name: "Configure server.conf [license] - master_uri state=absent (default)" 23 | ini_file: dest={{ splunk_conf_path }}/server.conf 24 | section=license 25 | option=master_uri 26 | state=absent 27 | when: splunk_server_conf.license.master_uri is undefined 28 | notify: splunk restart 29 | 30 | -------------------------------------------------------------------------------- /roles/migration/symmkey/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Configure server.conf [general] - pass4SymmKey state=present" 3 | ini_file: dest={{ splunk_conf_path }}/server.conf 4 | section=general 5 | option=pass4SymmKey 6 | value={{ splunk_server_conf.general.pass4SymmKey }} 7 | state=present 8 | when: splunk_server_conf.general.pass4SymmKey is defined 9 | notify: splunk restart 10 | tags: pass4SymmKey 11 | 12 | - name: "Configure server.conf [general] - pass4SymmKey state=absent" 13 | ini_file: dest={{ splunk_conf_path }}/server.conf 14 | section=general 15 | option=pass4SymmKey 16 | state=absent 17 | when: splunk_server_conf.general.pass4SymmKey is undefined 18 | notify: splunk restart 19 | tags: pass4SymmKey 20 | -------------------------------------------------------------------------------- /roles/overrides/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # special configs that are annoying to template and Splunk is just going to ruin them anyway. 2 | --- 3 | 4 | - name: "Configure conf file override [] - state=present" 5 | template: src=templates/overrides.conf.j2 6 | dest={{ item.filepath }} 7 | owner=splunk 8 | group=splunk 9 | mode=0600 10 | with_items: 11 | - "{{ splunk_overrides_conf.files }}" 12 | when: splunk_overrides_conf is defined 13 | 14 | -------------------------------------------------------------------------------- /roles/overrides/templates/overrides.conf.j2: -------------------------------------------------------------------------------- 1 | {{ item.data }} 2 | -------------------------------------------------------------------------------- /roles/upgrade_master/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Copy Splunk package 3 | copy: src="{{ splunk_repository.repository_root }}/packages/{{ splunk_installation.package_file }}" 4 | dest="{{ splunk_installation.remote_package_temp_path }}/{{ splunk_installation.package_file }}" 5 | mode=0600 6 | 7 | - name: Install Splunk package from tgz 8 | unarchive: src="{{ splunk_installation.remote_package_temp_path }}/{{ splunk_installation.package_file }}" 9 | dest=/opt 10 | copy=no 11 | when: splunk_installation.package_format == "tgz" 12 | 13 | - name: Remove Splunk package 14 | file: path="{{ splunk_installation.remote_package_temp_path }}/{{ splunk_installation.package_file }}" 15 | state=absent 16 | when: splunk_installation.delete_package_after_install != false 17 | 18 | - name: Set permissions for $SPLUNK_HOME 19 | file: path="{{ splunk_installation.splunk_home_path }}" 20 | owner=splunk 21 | group=splunk 22 | recurse=yes 23 | register: splunk_file_copy_complete 24 | when: splunk_installation.package_format == "tgz" 25 | 26 | - name: Start masternode 27 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk start --accept-license --answer-yes" 28 | become: true 29 | become_user: splunk 30 | become_method: su 31 | register: start_masternode 32 | when: splunk_file_copy_complete|succeeded or splunk_file_copy_complete|skipped 33 | 34 | - name: Enable maintenance mode 35 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk enable maintenance-mode --answer-yes -auth admin:{{ splunk_installation.admin_password }}" 36 | become: true 37 | become_user: splunk 38 | become_method: su 39 | when: start_masternode|succeeded 40 | 41 | -------------------------------------------------------------------------------- /roles/upgrade_peers/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Copy Splunk package 3 | copy: src="{{ splunk_repository.repository_root }}/packages/{{ splunk_installation.package_file }}" 4 | dest="{{ splunk_installation.remote_package_temp_path }}/{{ splunk_installation.package_file }}" 5 | mode=0600 6 | register: splunk_copy_pkg 7 | 8 | - name: Ensure Splunk is stopped 9 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk stop" 10 | become: true 11 | become_user: splunk 12 | become_method: su 13 | when: splunk_copy_pkg|succeeded or splunk_copy_pkg|skipped 14 | 15 | - name: Install Splunk package from tgz 16 | unarchive: src="{{ splunk_installation.remote_package_temp_path }}/{{ splunk_installation.package_file }}" 17 | dest=/opt 18 | copy=no 19 | when: splunk_installation.package_format == "tgz" 20 | 21 | - name: Remove Splunk package 22 | file: path="{{ splunk_installation.remote_package_temp_path }}/{{ splunk_installation.package_file }}" 23 | state=absent 24 | when: splunk_installation.delete_package_after_install != false 25 | 26 | - name: Set permissions for $SPLUNK_HOME 27 | file: path="{{ splunk_installation.splunk_home_path }}" 28 | owner=splunk 29 | group=splunk 30 | recurse=yes 31 | when: splunk_installation.package_format == "tgz" 32 | -------------------------------------------------------------------------------- /upgrade_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: "*:!repository" 3 | user: root 4 | 5 | pre_tasks: 6 | - name: Stop all nodes 7 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk stop" 8 | become: true 9 | become_user: splunk 10 | become_method: su 11 | when: "'deployer' not in group_names" 12 | 13 | roles: 14 | - { role: upgrade_master, when: "'masternode' in group_names" } 15 | - { role: upgrade_peers, when: "'masternode' not in group_names and 'deployer' not in group_names" } 16 | - { role: upgrade_peers, when: "'deployer' in group_names" } 17 | 18 | post_tasks: 19 | - name: Start deployer 20 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk start --accept-license --answer-yes" 21 | become: true 22 | become_user: splunk 23 | become_method: su 24 | when: "'deployer' in group_names" 25 | 26 | - name: Start remaining nodes 27 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk start --accept-license --answer-yes" 28 | become: true 29 | become_user: splunk 30 | become_method: su 31 | when: "'deployer' not in group_names and 'masternode' not in group_names" 32 | 33 | - name: Disable maintenance mode 34 | command: "{{ splunk_installation.splunk_home_path }}/bin/splunk disable maintenance-mode -auth admin:{{ splunk_installation.admin_password }}" 35 | become: true 36 | become_user: splunk 37 | become_method: su 38 | when: "'masternode' in group_names" 39 | --------------------------------------------------------------------------------