├── .gitignore ├── README.md ├── Vagrantfile ├── ansible.cfg ├── files ├── RPM-GPG-KEY-EPEL-6 ├── aliases.sh ├── epel.repo ├── nginx.conf ├── splunk.init └── splunk_web.conf ├── playbook.yml ├── sw └── put_splunk_rpm_in_here └── templates └── splunk.conf.j2 /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | *.sw? 3 | .vagrant 4 | vagrant_ansible_inventory_default 5 | sw 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CentOS 6 Vagrant Box with Splunk install via Ansible 2 | 3 | Installs and sets running Splunk, on top of a [@core CentOS Vagrant Box](http://vntx.cc/boxes/centos65.box). 4 | 5 | Tested with CentOS 7 64bit and Splunk 6.2.3-264376 as of November 2015. 6 | 7 | You need to have [Ansible](http://ansible.com) installed prior to spinning this box up. 8 | 9 | Look at [playbook.yml](http://github.com/phips/splunkbox/blob/master/playbook.yml) to see what Ansible is doing to the base CentOS [box](http://docs.vagrantup.com/v2/virtualbox/boxes.html). 10 | 11 | You'll need to download the Splunk RPM and put it in a sw/ directory off of wherever you clone this to. Check it's the same version as mentioned in [playbook.yml](http://github.com/phips/splunkbox/blob/master/playbook.yml) and adjust the filename accordingly if it's not. 12 | 13 | The VM will boot and install Splunk and set it running on localhost. It will also install nginx from [EPEL](https://fedoraproject.org/wiki/EPEL), set it listening on port 80, and proxy to Splunk. There are notes in the [splunk.conf](http://github.com/phips/splunkbox/blob/master/templates/splunk.conf.j2) file about how to listen on https, and how to use basic authentication. 14 | 15 | There are also a number of Splunk '[must have](http://wiki.splunk.com/Things_I_wish_I_knew_then)' apps that are installed. You'll need to download these from [apps.splunk.com]() first - all the URLs are noted in [the playbook](http://github.com/phips/splunkbox/blob/master/playbook.yml). If you want to skip them, just set installapps to false (with [extra-vars](http://docs.ansible.com/playbooks_variables.html#passing-variables-on-the-command-line) - see the [Vagrantfile](http://github.com/phips/splunkbox/blob/master/Vagrantfile)). 16 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure("2") do |config| 5 | config.vm.box = "centos7" 6 | config.vm.network :forwarded_port, guest: 80, host: 8080 7 | 8 | config.vm.provider :virtualbox do |vb| 9 | vb.gui = false 10 | end 11 | 12 | # provision with ansible 13 | config.vm.provision "ansible" do |ansible| 14 | ansible.playbook = "playbook.yml" 15 | ansible.sudo = true 16 | ansible.host_key_checking = false 17 | # ansible.extra_vars = { installapps: false } 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | nocows = 1 3 | -------------------------------------------------------------------------------- /files/RPM-GPG-KEY-EPEL-6: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v1.4.5 (GNU/Linux) 3 | 4 | mQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1 5 | JXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B 6 | M9HK7phktqFVJ8VbY2jfTjcfxRvGM8YBwXF8hx0CDZURAjvf1xRSQJ7iAo58qcHn 7 | XtxOAvQmAbR9z6Q/h/D+Y/PhoIJp1OV4VNHCbCs9M7HUVBpgC53PDcTUQuwcgeY6 8 | pQgo9eT1eLNSZVrJ5Bctivl1UcD6P6CIGkkeT2gNhqindRPngUXGXW7Qzoefe+fV 9 | QqJSm7Tq2q9oqVZ46J964waCRItRySpuW5dxZO34WM6wsw2BP2MlACbH4l3luqtp 10 | Xo3Bvfnk+HAFH3HcMuwdaulxv7zYKXCfNoSfgrpEfo2Ex4Im/I3WdtwME/Gbnwdq 11 | 3VJzgAxLVFhczDHwNkjmIdPAlNJ9/ixRjip4dgZtW8VcBCrNoL+LhDrIfjvnLdRu 12 | vBHy9P3sCF7FZycaHlMWP6RiLtHnEMGcbZ8QpQHi2dReU1wyr9QgguGU+jqSXYar 13 | 1yEcsdRGasppNIZ8+Qawbm/a4doT10TEtPArhSoHlwbvqTDYjtfV92lC/2iwgO6g 14 | YgG9XrO4V8dV39Ffm7oLFfvTbg5mv4Q/E6AWo/gkjmtxkculbyAvjFtYAQARAQAB 15 | tCFFUEVMICg2KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjYEEwECACAFAkvS 16 | KUICGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRA7Sd8qBgi4lR/GD/wLGPv9 17 | qO39eyb9NlrwfKdUEo1tHxKdrhNz+XYrO4yVDTBZRPSuvL2yaoeSIhQOKhNPfEgT 18 | 9mdsbsgcfmoHxmGVcn+lbheWsSvcgrXuz0gLt8TGGKGGROAoLXpuUsb1HNtKEOwP 19 | Q4z1uQ2nOz5hLRyDOV0I2LwYV8BjGIjBKUMFEUxFTsL7XOZkrAg/WbTH2PW3hrfS 20 | WtcRA7EYonI3B80d39ffws7SmyKbS5PmZjqOPuTvV2F0tMhKIhncBwoojWZPExft 21 | HpKhzKVh8fdDO/3P1y1Fk3Cin8UbCO9MWMFNR27fVzCANlEPljsHA+3Ez4F7uboF 22 | p0OOEov4Yyi4BEbgqZnthTG4ub9nyiupIZ3ckPHr3nVcDUGcL6lQD/nkmNVIeLYP 23 | x1uHPOSlWfuojAYgzRH6LL7Idg4FHHBA0to7FW8dQXFIOyNiJFAOT2j8P5+tVdq8 24 | wB0PDSH8yRpn4HdJ9RYquau4OkjluxOWf0uRaS//SUcCZh+1/KBEOmcvBHYRZA5J 25 | l/nakCgxGb2paQOzqqpOcHKvlyLuzO5uybMXaipLExTGJXBlXrbbASfXa/yGYSAG 26 | iVrGz9CE6676dMlm8F+s3XXE13QZrXmjloc6jwOljnfAkjTGXjiB7OULESed96MR 27 | XtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVQ== 28 | =V/6I 29 | -----END PGP PUBLIC KEY BLOCK----- 30 | 31 | -------------------------------------------------------------------------------- /files/aliases.sh: -------------------------------------------------------------------------------- 1 | # ansible_managed 2 | alias l='ls -laF' 3 | alias lr='ls -Fartl' 4 | alias j=jobs 5 | [ -x /usr/bin/vim ] && alias vi=vim 6 | -------------------------------------------------------------------------------- /files/epel.repo: -------------------------------------------------------------------------------- 1 | [epel] 2 | name=Extra Packages for Enterprise Linux 6 - $basearch 3 | #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch 4 | mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch 5 | failovermethod=priority 6 | enabled=1 7 | gpgcheck=1 8 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 9 | -------------------------------------------------------------------------------- /files/nginx.conf: -------------------------------------------------------------------------------- 1 | # For more information on configuration, see: 2 | # * Official English Documentation: http://nginx.org/en/docs/ 3 | 4 | user nginx; 5 | worker_processes 1; 6 | 7 | error_log /var/log/nginx/error.log; 8 | #error_log /var/log/nginx/error.log notice; 9 | #error_log /var/log/nginx/error.log info; 10 | 11 | pid /var/run/nginx.pid; 12 | 13 | events { 14 | worker_connections 1024; 15 | } 16 | 17 | http { 18 | include /etc/nginx/mime.types; 19 | default_type application/octet-stream; 20 | 21 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 22 | '$status $body_bytes_sent "$http_referer" ' 23 | '"$http_user_agent" "$http_x_forwarded_for"'; 24 | 25 | access_log /var/log/nginx/access.log main; 26 | 27 | sendfile on; 28 | #tcp_nopush on; 29 | 30 | keepalive_timeout 65; 31 | include /etc/nginx/conf.d/splunk.conf; 32 | 33 | #gzip on; 34 | } 35 | -------------------------------------------------------------------------------- /files/splunk.init: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # /etc/init.d/splunk 4 | # init script for Splunk. 5 | # generated by 'splunk enable boot-start'. 6 | # 7 | # chkconfig: 2345 90 60 8 | # description: Splunk indexer service 9 | # 10 | ### THIS FILE IS MANAGED UNDER CM! ### 11 | ### LOCAL CHANGES WILL BE OVERWRITTEN! ### 12 | RETVAL=0 13 | 14 | . /etc/init.d/functions 15 | 16 | splunk_start() { 17 | echo Starting Splunk... 18 | "/opt/splunk/bin/splunk" start --no-prompt --answer-yes --accept-license 19 | RETVAL=$? 20 | [ $RETVAL -eq 0 ] && touch /var/lock/subsys/splunk 21 | } 22 | splunk_stop() { 23 | echo Stopping Splunk... 24 | "/opt/splunk/bin/splunk" stop 25 | RETVAL=$? 26 | [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/splunk 27 | } 28 | splunk_restart() { 29 | echo Restarting Splunk... 30 | "/opt/splunk/bin/splunk" restart 31 | RETVAL=$? 32 | [ $RETVAL -eq 0 ] && touch /var/lock/subsys/splunk 33 | } 34 | splunk_status() { 35 | echo Splunk status: 36 | "/opt/splunk/bin/splunk" status 37 | RETVAL=$? 38 | } 39 | case "$1" in 40 | start) 41 | splunk_start 42 | ;; 43 | stop) 44 | splunk_stop 45 | ;; 46 | restart) 47 | splunk_restart 48 | ;; 49 | status) 50 | splunk_status 51 | ;; 52 | *) 53 | echo "Usage: $0 {start|stop|restart|status}" 54 | exit 1 55 | ;; 56 | esac 57 | 58 | exit $RETVAL 59 | -------------------------------------------------------------------------------- /files/splunk_web.conf: -------------------------------------------------------------------------------- 1 | # ansible_managed 2 | 3 | [settings] 4 | server.socket_host = 127.0.0.1 5 | 6 | -------------------------------------------------------------------------------- /playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: default 3 | vars: 4 | splunkver: 6.2.3-264376-linux-2.6-x86_64 5 | installapps: False 6 | # ssl_enabled 7 | # auth_enabled 8 | 9 | tasks: 10 | - name: Ensure libselinux-python installed 11 | yum: name=libselinux-python state=present 12 | 13 | - name: Ensure aliases.sh present 14 | copy: src=files/aliases.sh dest=/etc/profile.d/aliases.sh 15 | owner=root group=root mode=0644 16 | 17 | - name: Ensure EPEL repo is configured 18 | shell: rpm -q epel-release || yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 19 | 20 | - name: Ensure hostname set 21 | hostname: name={{ inventory_hostname }} 22 | when: not inventory_hostname|match('(\d{1,3}\.){3}\d{1,3}') 23 | 24 | - name: Ensure hostname is in /etc/hosts 25 | lineinfile: 26 | dest=/etc/hosts 27 | regexp="^{{ ansible_default_ipv4.address }}.+$" 28 | line="{{ ansible_default_ipv4.address }} {{ ansible_fqdn }} {{ ansible_hostname }}" 29 | 30 | # pulls from EPEL 31 | - name: Ensure nginx is installed 32 | yum: name=nginx state=present 33 | 34 | - name: Ensure nginx config in place 35 | copy: dest=/etc/nginx/nginx.conf 36 | src=files/nginx.conf 37 | notify: 38 | - restart nginx 39 | 40 | - name: Ensure nginx proxies for local Splunk 41 | template: src=templates/splunk.conf.j2 dest=/etc/nginx/conf.d/splunk.conf 42 | owner=root group=root mode=0644 43 | notify: 44 | - restart nginx 45 | 46 | - name: Ensure Splunk package installed 47 | yum: name=/vagrant/sw/splunk-{{ splunkver }}.rpm state=present 48 | 49 | # https://apps.splunk.com/app/466/ 50 | - name: Install Sideview Utils 51 | unarchive: src=sw/sideview-utils-lgpl_135.tgz 52 | dest=/opt/splunk/etc/apps 53 | creates=/opt/splunk/etc/apps/sideview_utils 54 | when: installapps 55 | notify: 56 | - restart splunk 57 | 58 | # https://apps.splunk.com/app/748/ 59 | - name: Install SoS 60 | unarchive: src=sw/sos-splunk-on-splunk_32.tgz 61 | dest=/opt/splunk/etc/apps 62 | creates=/opt/splunk/etc/apps/sos 63 | when: installapps 64 | notify: 65 | - restart splunk 66 | 67 | # https://apps.splunk.com/app/1603/ 68 | - name: Install Splunk-6 dashboard examples 69 | unarchive: src=sw/splunk-6x-dashboard-examples_201.tgz 70 | dest=/opt/splunk/etc/apps 71 | creates=/opt/splunk/etc/apps/simple_xml_examples 72 | when: installapps 73 | notify: 74 | - restart splunk 75 | 76 | # https://apps.splunk.com/app/273/ 77 | - name: Install Splunk App for UNIX and Linux 78 | unarchive: src=sw/splunk-app-for-unix-and-linux_501.tgz 79 | dest=/opt/splunk/etc/apps 80 | creates=/opt/splunk/etc/apps/splunk_app_for_nix 81 | when: installapps 82 | notify: 83 | - restart splunk 84 | 85 | - name: Ensure Splunk service is configured 86 | copy: src=files/splunk.init dest=/etc/init.d/splunk 87 | owner=root group=root mode=0755 88 | notify: 89 | - restart splunk 90 | 91 | - name: Start Splunk service 92 | service: name=splunk state=started enabled=yes 93 | 94 | - name: Start nginx service 95 | service: name=nginx state=started enabled=yes 96 | 97 | handlers: 98 | - name: restart splunk 99 | service: name=splunk state=restarted 100 | 101 | - name: restart nginx 102 | service: name=nginx state=restarted 103 | 104 | # vim: set ts=2 sw=2 et ft=ansible: 105 | -------------------------------------------------------------------------------- /sw/put_splunk_rpm_in_here: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/phips/splunkbox/4d72794bedb34377895a535d20e9278430079e4f/sw/put_splunk_rpm_in_here -------------------------------------------------------------------------------- /templates/splunk.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | server { 4 | {% if ssl_enabled is defined -%} 5 | listen 443 ssl; 6 | {% else %} 7 | listen 80 default_server; 8 | {% endif %} 9 | server_name _; 10 | 11 | access_log /var/log/nginx/splunk_access.log; 12 | error_log /var/log/nginx/splunk_error.log; 13 | 14 | {% if ssl_enabled is defined %} 15 | ssl on; 16 | ssl_certificate certs/***PUT_YOUR_FILE_HERE***; 17 | ssl_certificate_key certs/***PUT_YOUR_FILE_HERE***; 18 | ssl_session_timeout 5m; 19 | ssl_ciphers HIGH:!aNULL:!MD5; 20 | ssl_prefer_server_ciphers on; 21 | ssl_session_cache shared:SSL:128m; 22 | {% endif %} 23 | 24 | location / { 25 | {% if auth_enabled is defined -%} 26 | auth_basic "Please Login"; 27 | auth_basic_user_file auth/htpasswd; 28 | {% endif %} 29 | proxy_pass http://localhost:8000/; 30 | 31 | proxy_set_header Host $host; 32 | proxy_set_header X-Real-IP $remote_addr; 33 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 34 | } 35 | } 36 | --------------------------------------------------------------------------------