├── .github └── ISSUE_TEMPLATE │ └── bug_report.md ├── .gitignore ├── CHANGELOG.md ├── LICENSE ├── README.md ├── ROADMAP.md ├── VERSION ├── Vagrantfile ├── ansible.cfg ├── ansible ├── add_splunk_license.yml ├── backup_splunk_etc.yml ├── call_splunk_rest.yml ├── cleanup_backup_dir.yml ├── create_linkpage.yml ├── deploy_site.yml ├── disable_stop_splunkweb.yml ├── enable_splunkweb.yml ├── group_vars │ └── all │ │ └── dynamic.yml ├── install_splunk.yml ├── plugins │ └── inventory │ │ └── splunk-platform-automator.py ├── remove_splunk.yml ├── restart_splunk.yml ├── roles │ ├── baseconfig_app │ │ ├── defaults │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── install_app.yml │ │ │ ├── main.yml │ │ │ ├── org_all_deploymentclient.yml │ │ │ ├── org_all_forwarder_outputs.yml │ │ │ ├── org_all_forwarder_outputs_idxc_ssl.yml │ │ │ ├── org_all_indexer_base.yml │ │ │ ├── org_all_indexes.yml │ │ │ ├── org_all_search_base.yml │ │ │ ├── org_cluster_indexer_base.yml │ │ │ ├── org_cluster_manager_base.yml │ │ │ ├── org_cluster_search_base.yml │ │ │ ├── org_full_license_server.yml │ │ │ ├── org_indexer_volume_indexes.yml │ │ │ ├── org_multisite_manager_base.yml │ │ │ ├── org_s2_indexer_indexes.yml │ │ │ ├── org_search_volume_indexes.yml │ │ │ ├── org_site_n_indexer_base.yml │ │ │ ├── replace_master_uri.yml │ │ │ ├── save_app.yml │ │ │ ├── set_bucket_tunings.yml │ │ │ ├── set_index_vars.yml │ │ │ ├── set_indexer_volume_vars.yml │ │ │ ├── splunk_ssl_inputs_certs.yml │ │ │ ├── splunk_ssl_outputs_certs.yml │ │ │ └── splunk_ssl_web_certs.yml │ ├── cluster_manager │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── common │ │ ├── files │ │ │ └── home │ │ │ │ └── ansible_user │ │ │ │ └── bashrc.splunk │ │ └── tasks │ │ │ ├── check_ansible_requirements.yml │ │ │ ├── disable_apparmor.yml │ │ │ ├── disable_selinux.yml │ │ │ ├── fix_time_sync.yml │ │ │ ├── hosts.yml │ │ │ ├── main.yml │ │ │ ├── ntp.yml │ │ │ ├── packages.yml │ │ │ ├── set_hostname.yml │ │ │ ├── time.yml │ │ │ └── users.yml │ ├── deployer │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── deployment_server │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── main.yml │ │ │ ├── save_serverclass.yml │ │ │ ├── serverclass.yml │ │ │ └── update_serverclass.yml │ ├── heavy_forwarder │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ ├── indexer │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── check_volume_path.yml │ │ │ ├── idxcluster.yml │ │ │ ├── idxsingle.yml │ │ │ └── main.yml │ ├── ldap_server │ │ ├── defaults │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── main.yml │ │ │ └── openldap.yml │ │ └── templates │ │ │ └── var │ │ │ └── tmp │ │ │ ├── base.ldif.j2 │ │ │ ├── db.ldif.j2 │ │ │ └── monitor.ldif.j2 │ ├── license_manager │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── add_license.yml │ │ │ ├── license.yml │ │ │ └── main.yml │ ├── monitoring_console │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── add_dserver.yml │ │ │ ├── dserver.yml │ │ │ ├── main.yml │ │ │ └── update_dserver.yml │ ├── search_head │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── add_search_peers.yml │ │ │ ├── comment_macro.yml │ │ │ ├── loop_search_heads.yml │ │ │ ├── main.yml │ │ │ ├── search_peers.yml │ │ │ ├── shcluster.yml │ │ │ └── shsingle.yml │ ├── splunk_common │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── check_policykit.yml │ │ │ ├── check_splunk_install.yml │ │ │ ├── check_systemctl.yml │ │ │ ├── check_systemd_file.yml │ │ │ ├── main.yml │ │ │ ├── set_splunk_installed_version.yml │ │ │ ├── wait_for_splunkd_full.yml │ │ │ └── wait_for_splunkd_port.yml │ ├── splunk_conf │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── add_splunk_conf.yml │ │ │ ├── loop_conf_files.yml │ │ │ └── main.yml │ ├── splunk_control │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ │ └── config │ │ │ └── index.html.j2 │ ├── splunk_software │ │ ├── files │ │ │ └── etc │ │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ └── disable-thp.service │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── add_custom_policykit.yml │ │ │ ├── add_disable_thp_service.yml │ │ │ ├── add_splunk_sudoers.yml │ │ │ ├── backup_splunk_etc.yml │ │ │ ├── check_splunk_version.yml │ │ │ ├── cleanup_backup_dir.yml │ │ │ ├── disable_boot-start.yml │ │ │ ├── disable_splunkweb.yml │ │ │ ├── enable_boot-start.yml │ │ │ ├── enable_splunkweb.yml │ │ │ ├── find_target_version.yml │ │ │ ├── get_idxc_peer_status.yml │ │ │ ├── get_idxc_peerids.yml │ │ │ ├── host_servername_config.yml │ │ │ ├── install.yml │ │ │ ├── main.yml │ │ │ ├── remove_custom_policykit.yml │ │ │ ├── remove_disable_thp_service.yml │ │ │ ├── remove_init_and_ulimit.yml │ │ │ ├── remove_splunk_sudoers.yml │ │ │ ├── restart_splunk.yml │ │ │ ├── set_enable_boot_start_args.yml │ │ │ ├── splunk_command.yml │ │ │ ├── splunk_rest.yml │ │ │ ├── start_accept_license_and_stop.yml │ │ │ ├── start_splunk.yml │ │ │ ├── stop_splunk.yml │ │ │ ├── ui_config.yml │ │ │ ├── ulimit_thp.yml │ │ │ ├── uninstall.yml │ │ │ ├── update_splunk_service.yml │ │ │ ├── upgrade.yml │ │ │ ├── upgrade_idxc_rolling_begin.yml │ │ │ ├── upgrade_idxc_rolling_check.yml │ │ │ ├── upgrade_idxc_rolling_end.yml │ │ │ ├── upgrade_idxc_rolling_upgrade.yml │ │ │ ├── upgrade_shc_rolling_begin.yml │ │ │ ├── upgrade_shc_rolling_check.yml │ │ │ ├── upgrade_shc_rolling_end.yml │ │ │ ├── upgrade_shc_rolling_upgrade.yml │ │ │ ├── upgrade_software.yml │ │ │ ├── upload_and_extract.yml │ │ │ └── users.yml │ │ └── templates │ │ │ ├── etc │ │ │ ├── polkit-1 │ │ │ │ ├── localauthority │ │ │ │ │ └── 50-local.d │ │ │ │ │ │ └── splunk.pkla.j2 │ │ │ │ └── rules.d │ │ │ │ │ └── 10-splunk.rules.j2 │ │ │ ├── security │ │ │ │ └── limits.d │ │ │ │ │ └── splunk.conf.j2 │ │ │ ├── sudoers.d │ │ │ │ └── splunk.j2 │ │ │ └── systemd │ │ │ │ └── system │ │ │ │ ├── splunk.service.j2 │ │ │ │ └── splunkforwarder.service.j2 │ │ │ └── home │ │ │ └── splunk │ │ │ └── bashrc.splunk.j2 │ ├── universal_forwarder │ │ ├── defaults │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ └── main.yml │ └── universal_forwarder_windows │ │ ├── defaults │ │ └── main.yml │ │ ├── handlers │ │ └── main.yml │ │ └── tasks │ │ ├── config.yml │ │ ├── enable_rdp.yml │ │ ├── hosts.yml │ │ ├── install.yml │ │ └── main.yml ├── run_splunk_command.yml ├── setup_common.yml ├── setup_other_roles.yml ├── setup_splunk_conf.yml ├── setup_splunk_roles.yml ├── start_splunk.yml ├── stop_splunk.yml ├── test_ansible_prereqs.yml ├── update_hosts_file.yml ├── update_splunk_certs_inputs.yml ├── update_splunk_certs_web.yml ├── upgrade_splunk.yml ├── upgrade_splunk_idxc_rolling.yml └── upgrade_splunk_shc_rolling.yml ├── defaults ├── aws.yml ├── general.yml ├── os.yml ├── splunk_apps.yml ├── splunk_defaults.yml ├── splunk_dirs.yml ├── splunk_idxclusters.yml ├── splunk_shclusters.yml ├── splunk_systemd.yml └── virtualbox.yml ├── docs ├── Setup_Windows_Box.md └── Upgrade_distributed_environment.md ├── examples ├── 4idxc2site_sh.yml ├── cm1_2idxc1site_cm2_2idxc1site_ds_3shc_smc_uf.yml ├── cm_2idxc1site_3shc_uf.yml ├── cm_2idxc_sh_uf.yml ├── cm_4idxc2site_3shc_ds_uf.yml ├── cm_4idxc2site_3shc_ds_uf_SmartStore.yml ├── configuration_description.yml ├── ds_cm_2idxc1site_sh_hf_uf.yml ├── idx_3shc_uf.yml ├── idx_sh_uf.yml ├── idx_sh_uf_SmartStore.yml ├── single_node.yml ├── splunk_config_aws.yml ├── splunk_config_winuf.yml └── two_envs_each_cm_2idxc1site_ds_sh_uf.yml ├── pic └── splunk-platform-automator_overview.png ├── requirements.txt └── template └── Vagrantfile_windows /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | - provide splunk_config.yml 16 | - provide exact commands you executed 17 | 18 | **Expected behavior** 19 | A clear and concise description of what you expected to happen. 20 | 21 | **Screenshots** 22 | If applicable, add screenshots to help explain your problem. 23 | 24 | **Desktop (please complete the following information):** 25 | - OS: [e.g. Linux, OSX] 26 | - Ansible Version [ansible --version] 27 | 28 | **Additional context** 29 | Add any other context about the problem here. 30 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Mac OS X 2 | **/.DS_Store 3 | # Vagrant 4 | .vagrant 5 | # Archives 6 | *.tgz 7 | *.tar 8 | *.tar.gz 9 | *.zip 10 | # Ansible 11 | *.retry 12 | # Any log file 13 | *.log 14 | # Config directory 15 | /config 16 | **/splunk_config.yml 17 | # Auth directory 18 | /auth 19 | # Inventory directory 20 | /inventory 21 | # Apps directory 22 | /apps 23 | # Helpers directory 24 | /helpers 25 | # Test files 26 | **/test.yml 27 | **/Todo.txt 28 | # Vim 29 | *.swp 30 | *.swo 31 | # Sublime 32 | *.sublime-project 33 | *.sublime-workspace 34 | # Python 35 | __pycache__/ 36 | *.py[cod] 37 | *$py.class 38 | -------------------------------------------------------------------------------- /ROADMAP.md: -------------------------------------------------------------------------------- 1 | # Roadmap 2 | 3 | ## New Features 4 | 5 | Note: The order for implementation may change 6 | 7 | - Add support for Windows hosts with Universal Forwarder 8 | - Splunk generic app deployment 9 | - Like unix_TA: (needs this packages: net-tools lsof sysstat) 10 | - Playbooks for common splunkbase apps 11 | - Splunk Premium App deployment like ITSI and ES 12 | - Support for upgrading Splunk on all the nodes 13 | - Config options for forwarding to single indexers and heavy forwarders 14 | - Separate output conf on DS for HF, separate cluster, single indexer 15 | - Support config options for indexes (ex. new metrics index type) 16 | - Option to have master_deployment_client or org_all_deploymentclient on cm 17 | - org_all_deploymentclient for ds -> cm app deployment 18 | - Disable all the tour and other info wizards after login 19 | - Add dns_server role and configure nodes to get the host names from dns 20 | - Finish ldap_server role to be usable in Splunk (new config file needed) 21 | - Implement config syntax for host series (ex. idx1..16) for mass node deployment 22 | - Support docker container as Splunk hosts 23 | 24 | ## Fixes 25 | 26 | - Better error handling and logic checking for config file 27 | - Check in Vagrantfile, if listed idxc is defined 28 | 29 | ## Low prio, but still worth notable 30 | 31 | - Download baseconfigs from internet 32 | - Make vagrant user configurable 33 | - Make splunk user configurable 34 | - Run [Bind server](https://github.com/bertvv/ansible-role-bind) on one node 35 | -------------------------------------------------------------------------------- /VERSION: -------------------------------------------------------------------------------- 1 | 2.2.5 2 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | inventory_plugins = ./ansible/plugins/inventory 3 | inventory = ./config/splunk_config.yml, ./config/aws_ec2.yml, ./inventory 4 | host_key_checking = false 5 | force_color = 1 6 | #log_path=./ansible.log 7 | timeout = 30 8 | #callbacks_enabled = profile_tasks 9 | 10 | [inventory] 11 | any_unparsed_is_failed = true 12 | 13 | [ssh_connection] 14 | ssh_args = -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s 15 | pipelining = true 16 | 17 | [privilege_escalation] 18 | # When changing become_method, create a file ansible/group_vars/all/ansible.yml with the same value 19 | #become_method = sudo 20 | -------------------------------------------------------------------------------- /ansible/add_splunk_license.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # add a splunk license if not existing 3 | 4 | - name: add splunk license to license manager 5 | hosts: role_license_manager 6 | become: yes 7 | become_user: root 8 | 9 | tasks: 10 | 11 | - name: call license from role license_manager 12 | include_role: 13 | name: license_manager 14 | tasks_from: license 15 | -------------------------------------------------------------------------------- /ansible/backup_splunk_etc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: backup splunk config 4 | hosts: role_cluster_manager,role_deployer,role_deployment_server,role_heavy_forwarder,role_indexer,role_license_manager,role_monitoring_console,role_search_head,role_universal_forwarder 5 | become: yes 6 | become_user: root 7 | 8 | tasks: 9 | 10 | - name: call backup_splunk_etc splunk from role splunk_software 11 | include_role: 12 | name: splunk_software 13 | tasks_from: backup_splunk_etc 14 | -------------------------------------------------------------------------------- /ansible/call_splunk_rest.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Usage: call_splunk_rest.yml --limit -e "splunk_rest_endpoint=/services" 4 | # 5 | # POST Method: -e "http_method=POST" 6 | # Add 'splunk_rest_noauth=true' to use noauth method 7 | # 8 | 9 | - name: run Splunk command 10 | hosts: role_cluster_manager,role_deployer,role_deployment_server,role_heavy_forwarder,role_indexer,role_license_manager,role_monitoring_console,role_search_head,role_universal_forwarder 11 | become: yes 12 | become_user: root 13 | 14 | tasks: 15 | 16 | - name: call splunk_rest from role splunk_software 17 | include_role: 18 | name: splunk_software 19 | tasks_from: splunk_rest 20 | vars: 21 | splunk_rest_output_show: true 22 | splunk_rest_output_mode: json 23 | -------------------------------------------------------------------------------- /ansible/cleanup_backup_dir.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: backup splunk config 4 | hosts: role_cluster_manager,role_deployer,role_deployment_server,role_heavy_forwarder,role_indexer,role_license_manager,role_monitoring_console,role_search_head,role_universal_forwarder 5 | become: yes 6 | become_user: root 7 | 8 | tasks: 9 | 10 | - name: call cleanup_backup_dir splunk from role splunk_software 11 | include_role: 12 | name: splunk_software 13 | tasks_from: cleanup_backup_dir 14 | -------------------------------------------------------------------------------- /ansible/create_linkpage.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook configures navigation page 3 | 4 | - name: create splunk hosts link page 5 | hosts: localhost 6 | connection: local 7 | gather_facts: False 8 | roles: 9 | - splunk_control 10 | -------------------------------------------------------------------------------- /ansible/deploy_site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook deploys a full splunk site 3 | 4 | - name: setup common settings 5 | tags: 6 | - common 7 | import_playbook: setup_common.yml 8 | 9 | - name: create splunk control 10 | tags: 11 | - common 12 | import_playbook: create_linkpage.yml 13 | 14 | - name: install the splunk software 15 | tags: 16 | - splunk 17 | - splunk_software 18 | import_playbook: install_splunk.yml 19 | 20 | - name: setup splunk roles 21 | tags: 22 | - splunk 23 | - splunk_roles 24 | import_playbook: setup_splunk_roles.yml 25 | 26 | - name: configure splunk conf settings 27 | tags: 28 | - splunk 29 | - splunk_conf 30 | import_playbook: setup_splunk_conf.yml 31 | 32 | - name: setup other roles 33 | tags: 34 | - other_roles 35 | import_playbook: setup_other_roles.yml 36 | -------------------------------------------------------------------------------- /ansible/disable_stop_splunkweb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: disable splunkweb 4 | hosts: all,!role_universal_forwarder,!role_universal_forwarder_windows 5 | become: yes 6 | become_user: root 7 | 8 | tasks: 9 | 10 | - name: call disable_splunkwebfrom role splunk_common 11 | include_role: 12 | name: splunk_software 13 | tasks_from: disable_splunkweb.yml 14 | -------------------------------------------------------------------------------- /ansible/enable_splunkweb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: enable splunkweb 4 | hosts: all,!role_universal_forwarder,!role_universal_forwarder_windows 5 | become: yes 6 | become_user: root 7 | 8 | tasks: 9 | 10 | - name: call enable_splunkweb from role splunk_common 11 | include_role: 12 | name: splunk_software 13 | tasks_from: enable_splunkweb.yml 14 | -------------------------------------------------------------------------------- /ansible/install_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook installs the splunk software 3 | 4 | - name: install the splunk enterprise software 5 | hosts: role_cluster_manager,role_deployer,role_deployment_server,role_heavy_forwarder,role_indexer,role_license_manager,role_monitoring_console,role_search_head 6 | become: yes 7 | become_user: root 8 | roles: 9 | - role: splunk_software 10 | vars: 11 | splunk_install_app: splunk 12 | 13 | - name: install the splunk universal forwarder software 14 | hosts: role_universal_forwarder 15 | become: yes 16 | become_user: root 17 | roles: 18 | - role: splunk_software 19 | vars: 20 | splunk_install_app: splunkforwarder 21 | -------------------------------------------------------------------------------- /ansible/remove_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # remove the splunk installation 3 | 4 | - name: remove the complete splunk installation 5 | hosts: all 6 | become: yes 7 | become_user: root 8 | 9 | tasks: 10 | 11 | - name: call uninstall from role splunk_software 12 | include_role: 13 | name: splunk_software 14 | tasks_from: uninstall 15 | -------------------------------------------------------------------------------- /ansible/restart_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: restart splunk 4 | hosts: role_cluster_manager,role_deployer,role_deployment_server,role_heavy_forwarder,role_indexer,role_license_manager,role_monitoring_console,role_search_head,role_universal_forwarder 5 | become: yes 6 | become_user: root 7 | 8 | tasks: 9 | 10 | - name: call restart splunk from role splunk_software 11 | include_role: 12 | name: splunk_software 13 | tasks_from: restart_splunk 14 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variables for this role 3 | 4 | app_dest_name: "{{app_name|replace('org_', splunk_app_prefix+'_')|replace('site_n',site|default('site_n'))}}" 5 | inputs_port: "9997" 6 | inputs_port_ssl: "9998" -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/install_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the base config apps 3 | 4 | - name: find path to baseconfig app 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | become: no 9 | find: 10 | path: "{{ splunk_baseconfig }}/" 11 | pattern: "{{ app_name }}" 12 | file_type: directory 13 | recurse: yes 14 | register: baseapp_dir 15 | ignore_errors: True 16 | delegate_to: localhost 17 | 18 | - name: "({{ app_name }}) create app directory" 19 | tags: 20 | - splunk 21 | - splunk_baseconfig 22 | file: 23 | path: "{{ app_path }}/{{ app_dest_name }}" 24 | state: directory 25 | owner: "{{splunk_user}}" 26 | group: "{{splunk_group}}" 27 | mode: 0755 28 | 29 | - name: "({{ app_name }}) checking if local dir exists" 30 | tags: 31 | - splunk 32 | - splunk_baseconfig 33 | stat: path="{{ app_path }}/{{ app_dest_name }}/local" 34 | register: app_local 35 | 36 | - name: "({{ app_name }}) copy local files" 37 | tags: 38 | - splunk 39 | - splunk_baseconfig 40 | copy: 41 | src: "{{ item }}" 42 | dest: "{{ app_path }}/{{ app_dest_name }}/local/" 43 | owner: "{{splunk_user}}" 44 | group: "{{splunk_group}}" 45 | mode: 0644 46 | with_fileglob: 47 | - "{{ baseapp_dir.files.0.path }}/local/*" 48 | when: app_local.stat.exists == false 49 | 50 | - name: "({{ app_name }}) create metadata directory" 51 | tags: 52 | - splunk 53 | - splunk_baseconfig 54 | file: 55 | path: "{{ app_path }}/{{ app_dest_name }}/metadata" 56 | state: directory 57 | owner: "{{splunk_user}}" 58 | group: "{{splunk_group}}" 59 | mode: 0755 60 | 61 | - name: "({{ app_name }}) copy local.meta" 62 | tags: 63 | - splunk 64 | - splunk_baseconfig 65 | copy: 66 | src: "{{ baseapp_dir.files.0.path }}/metadata/local.meta" 67 | dest: "{{ app_path }}/{{ app_dest_name }}/metadata/local.meta" 68 | owner: "{{splunk_user}}" 69 | group: "{{splunk_group}}" 70 | mode: 0644 71 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook for this role 3 | 4 | - import_tasks: "install_app.yml" 5 | - import_tasks: "{{app_name}}.yml" 6 | 7 | - name: call save_app 8 | tags: 9 | - splunk 10 | - splunk_baseconfig 11 | - save_baseconfig 12 | - save_baseconfig_apps 13 | include_tasks: "save_app.yml" 14 | when: splunk_save_baseconfig_apps|default(false) == true 15 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/org_all_deploymentclient.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the base config app 3 | 4 | - name: "({{ app_name }}) setting deployment server" 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - org_all_deploymentclient 9 | ini_file: 10 | path: "{{ app_path }}/{{ app_dest_name }}/local/deploymentclient.conf" 11 | section: target-broker:deploymentServer 12 | option: targetUri 13 | value: "{{splunk_deployment_server|first}}:8089" 14 | owner: "{{splunk_user}}" 15 | group: "{{splunk_group}}" 16 | mode: 0644 17 | notify: restart splunk 18 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/org_all_forwarder_outputs_idxc_ssl.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the base config app 3 | 4 | - name: "({{ app_name }}) setting ssl vars in tcpout stanza for clustered indexers" 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - org_all_forwarder_outputs 9 | - outputs_ssl 10 | ini_file: 11 | path: "{{ app_path }}/{{ app_dest_name }}/local/outputs.conf" 12 | section: tcpout:{{ index_cluster_name+'_indexers' }} 13 | option: "{{ item.key }}" 14 | value: "{{ item.value }}" 15 | owner: "{{splunk_user}}" 16 | group: "{{splunk_group}}" 17 | mode: 0600 18 | notify: restart splunk 19 | with_dict: "{{ splunk_ssl.outputs.config }}" 20 | when: splunk_ssl.outputs.enable == true 21 | 22 | - name: "({{ app_name }}) setting ssl cert path in tcpout stanza for clustered indexers" 23 | tags: 24 | - splunk 25 | - splunk_baseconfig 26 | - org_all_forwarder_outputs 27 | - outputs_ssl 28 | ini_file: 29 | path: "{{ app_path }}/{{ app_dest_name }}/local/outputs.conf" 30 | section: tcpout:{{ index_cluster_name+'_indexers' }} 31 | option: "{{ item.varkey }}" 32 | value: "$SPLUNK_HOME/etc/apps/{{ app_dest_name }}/default/{{ item.varvalue|basename }}" 33 | owner: "{{splunk_user}}" 34 | group: "{{splunk_group}}" 35 | mode: 0600 36 | notify: restart splunk 37 | with_items: 38 | - { varkey: "sslRootCAPath", varvalue: "{{ splunk_ssl.outputs.config.sslRootCAPath|default('cacert.pem') }}" } 39 | - { varkey: "sslCertPath", varvalue: "{{ splunk_ssl.outputs.config.sslCertPath|default('client.pem') }}" } 40 | when: 41 | - splunk_ssl.outputs.enable == true 42 | - splunk_ssl.outputs.own_certs == true 43 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/org_all_indexer_base.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the base config app 3 | 4 | - name: "({{ app_name }}) disable none-ssl in inputs.conf" 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - org_all_indexer_base 9 | - inputs_ssl 10 | ini_file: 11 | path: "{{ app_path }}/{{ app_dest_name }}/local/inputs.conf" 12 | section: "splunktcp://{{inputs_port}}" 13 | option: "disabled" 14 | value: "1" 15 | owner: "{{splunk_user}}" 16 | group: "{{splunk_group}}" 17 | mode: 0600 18 | notify: restart splunk 19 | when: splunk_ssl.inputs.enable == true 20 | 21 | - name: "({{ app_name }}) enable ssl in inputs.conf" 22 | tags: 23 | - splunk 24 | - splunk_baseconfig 25 | - org_all_indexer_base 26 | - inputs_ssl 27 | ini_file: 28 | path: "{{ app_path }}/{{ app_dest_name }}/local/inputs.conf" 29 | section: "splunktcp-ssl://{{inputs_port_ssl}}" 30 | option: "disabled" 31 | value: "0" 32 | owner: "{{splunk_user}}" 33 | group: "{{splunk_group}}" 34 | mode: 0600 35 | notify: restart splunk 36 | when: splunk_ssl.inputs.enable == true 37 | 38 | - name: "({{ app_name }}) setting ssl configs in inputs.conf" 39 | tags: 40 | - splunk 41 | - splunk_baseconfig 42 | - org_all_indexer_base 43 | - inputs_ssl 44 | ini_file: 45 | path: "{{ app_path }}/{{ app_dest_name }}/local/inputs.conf" 46 | section: "SSL" 47 | option: "{{ item.key }}" 48 | value: "{{ item.value }}" 49 | owner: "{{splunk_user}}" 50 | group: "{{splunk_group}}" 51 | mode: 0600 52 | notify: restart splunk 53 | with_dict: "{{ splunk_ssl.inputs.config }}" 54 | when: splunk_ssl.inputs.enable == true 55 | 56 | - name: "({{ app_name }}) call set_bucket_tunings" 57 | tags: 58 | - splunk 59 | - splunk_baseconfig 60 | - org_all_indexer_base 61 | include_tasks: set_bucket_tunings.yml -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/org_all_indexes.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the base config app 3 | 4 | - name: Fail if homePath != coldPath (SmartStore) 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - org_all_indexes 9 | fail: 10 | msg: "homePath ({{splunk_volume_defaults.homePath|default('primary')}}) must be equal to coldPath ({{splunk_volume_defaults.coldPath|default('primary')}}) when using SmartStore" 11 | when: 12 | - splunk_volume_defaults.remotePath is defined 13 | - splunk_volume_defaults.homePath|default("primary") != splunk_volume_defaults.coldPath|default("primary") 14 | 15 | - name: "({{ app_name }}) set index default path options" 16 | tags: 17 | - splunk 18 | - splunk_baseconfig 19 | - org_all_indexes 20 | include_tasks: set_index_vars.yml 21 | with_dict: "{{ splunk_indexes_path_settings|default({}) }}" 22 | vars: 23 | index_name: "{{ item.key }}" 24 | index_vars: "{{ item.value }}" 25 | splunk_indexes: { 'default': {} } 26 | when: 27 | - splunk_indexes_default_paths|default(false) == true 28 | - splunk_indexes_path_settings|default({})|length > 0 29 | 30 | - name: "({{ app_name }}) set index path options" 31 | tags: 32 | - splunk 33 | - splunk_baseconfig 34 | - org_all_indexes 35 | include_tasks: set_index_vars.yml 36 | with_dict: "{{ splunk_indexes_path_settings|default({}) }}" 37 | vars: 38 | index_name: "{{ item.key }}" 39 | index_vars: "{{ item.value }}" 40 | when: 41 | - splunk_indexes_default_paths|default(false) == false 42 | - splunk_indexes_path_settings|default({})|length > 0 43 | 44 | - name: "({{ app_name }}) set index options" 45 | tags: 46 | - splunk 47 | - splunk_baseconfig 48 | - org_all_indexes 49 | include_tasks: set_index_vars.yml 50 | with_dict: "{{ splunk_indexes_settings|default({}) }}" 51 | vars: 52 | index_name: "{{ item.key }}" 53 | index_vars: "{{ item.value }}" 54 | 55 | when: splunk_indexes_settings|default({})|length > 0 56 | 57 | - name: "({{ app_name }}) configure volume for homePath" 58 | tags: 59 | - splunk 60 | - splunk_baseconfig 61 | - org_all_indexes 62 | replace: 63 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 64 | regexp: '^(homePath\s*=\s*)volume:\w*' 65 | replace: '\1volume:{{splunk_volume_defaults.homePath|default("primary")}}' 66 | notify: restart splunk 67 | 68 | - name: "({{ app_name }}) configure volume for coldPath" 69 | tags: 70 | - splunk 71 | - splunk_baseconfig 72 | - org_all_indexes 73 | replace: 74 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 75 | regexp: '^(coldPath\s*=\s*)volume:\w*' 76 | replace: '\1volume:{{splunk_volume_defaults.coldPath|default("primary")}}' 77 | notify: restart splunk 78 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/org_all_search_base.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the base config app 3 | 4 | # We do not need these files for now, but still put it for future use 5 | 6 | - name: "({{ app_name }}) check for authentication.conf.disable" 7 | tags: 8 | - splunk 9 | - splunk_baseconfig 10 | - org_all_search_base 11 | stat: path={{ app_path }}/{{ app_dest_name }}/local/authentication.conf.disable 12 | register: authentication_stat 13 | 14 | - name: "({{ app_name }}) disable authentication.conf" 15 | tags: 16 | - splunk 17 | - splunk_baseconfig 18 | - org_all_search_base 19 | command: mv {{ app_path }}/{{ app_dest_name }}/local/authentication.conf {{ app_path }}/{{ app_dest_name }}/local/authentication.conf.disable 20 | when: not authentication_stat.stat.exists 21 | 22 | - name: "({{ app_name }}) check for authorize.conf.disable" 23 | tags: 24 | - splunk 25 | - splunk_baseconfig 26 | - org_all_search_base 27 | stat: path={{ app_path }}/{{ app_dest_name }}/local/authorize.conf.disable 28 | register: authorize_stat 29 | 30 | - name: "({{ app_name }}) disable authorize.conf" 31 | tags: 32 | - splunk 33 | - splunk_baseconfig 34 | - org_all_search_base 35 | command: mv {{ app_path }}/{{ app_dest_name }}/local/authorize.conf {{ app_path }}/{{ app_dest_name }}/local/authorize.conf.disable 36 | when: not authorize_stat.stat.exists 37 | 38 | - name: "({{ app_name }}) check for web.conf.disable" 39 | tags: 40 | - splunk 41 | - splunk_baseconfig 42 | - org_all_search_base 43 | stat: path={{ app_path }}/{{ app_dest_name }}/local/web.conf.disable 44 | register: web_stat 45 | when: splunk_ssl.web.enable != true 46 | 47 | - name: "({{ app_name }}) disable web.conf" 48 | tags: 49 | - splunk 50 | - splunk_baseconfig 51 | - org_all_search_base 52 | command: mv {{ app_path }}/{{ app_dest_name }}/local/web.conf {{ app_path }}/{{ app_dest_name }}/local/web.conf.disable 53 | when: splunk_ssl.web.enable != true and not web_stat.stat.exists 54 | 55 | - name: "({{ app_name }}) enable ssl in web.conf" 56 | tags: 57 | - splunk 58 | - splunk_baseconfig 59 | - org_all_search_base 60 | ini_file: 61 | path: "{{ app_path }}/{{ app_dest_name }}/local/web.conf" 62 | section: settings 63 | option: "{{ item.key }}" 64 | value: "{{ item.value }}" 65 | owner: "{{splunk_user}}" 66 | group: "{{splunk_group}}" 67 | mode: 0600 68 | notify: restart splunk 69 | with_dict: "{{ splunk_ssl.web.config }}" 70 | when: splunk_ssl.web.enable == true 71 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/org_cluster_manager_base.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the base config app 3 | 4 | - name: "({{ app_name }}) setting mode" 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - org_cluster_manager_base 9 | ini_file: 10 | path: "{{ app_path }}/{{ app_dest_name }}/local/server.conf" 11 | section: clustering 12 | option: mode 13 | value: "{{splunk_cluster_manager_mode}}" 14 | owner: "{{splunk_user}}" 15 | group: "{{splunk_group}}" 16 | mode: 0600 17 | notify: restart splunk 18 | 19 | - name: "({{ app_name }}) setting replication factor" 20 | tags: 21 | - splunk 22 | - splunk_baseconfig 23 | - org_cluster_manager_base 24 | ini_file: 25 | path: "{{ app_path }}/{{ app_dest_name }}/local/server.conf" 26 | section: clustering 27 | option: replication_factor 28 | value: "{{splunk_idxc_rf}}" 29 | owner: "{{splunk_user}}" 30 | group: "{{splunk_group}}" 31 | mode: 0600 32 | notify: restart splunk 33 | 34 | - name: "({{ app_name }}) setting search factor" 35 | tags: 36 | - splunk 37 | - splunk_baseconfig 38 | - org_cluster_manager_base 39 | ini_file: 40 | path: "{{ app_path }}/{{ app_dest_name }}/local/server.conf" 41 | section: clustering 42 | option: search_factor 43 | value: "{{splunk_idxc_sf}}" 44 | owner: "{{splunk_user}}" 45 | group: "{{splunk_group}}" 46 | mode: 0600 47 | notify: restart splunk 48 | 49 | - name: "({{ app_name }}) setting cluster label" 50 | tags: 51 | - splunk 52 | - splunk_baseconfig 53 | - org_cluster_manager_base 54 | ini_file: 55 | path: "{{ app_path }}/{{ app_dest_name }}/local/server.conf" 56 | section: clustering 57 | option: cluster_label 58 | value: "{{splunk_idxc_label}}" 59 | owner: "{{splunk_user}}" 60 | group: "{{splunk_group}}" 61 | mode: 0600 62 | notify: restart splunk 63 | 64 | - name: "({{ app_name }}) setting unhashed clustering pass4SymmKey" 65 | tags: 66 | - splunk 67 | - splunk_baseconfig 68 | - org_cluster_manager_base 69 | ini_file: 70 | path: "{{ app_path }}/{{ app_dest_name }}/local/server.conf" 71 | section: clustering 72 | option: pass4SymmKey 73 | value: "{{splunk_idxc_pass}}" 74 | owner: "{{splunk_user}}" 75 | group: "{{splunk_group}}" 76 | mode: 0600 77 | notify: restart splunk 78 | when: app_local.stat.exists == false 79 | 80 | - name: "({{ app_name }}) setting unhashed indexer discovery pass4SymmKey" 81 | tags: 82 | - splunk 83 | - splunk_baseconfig 84 | - org_cluster_manager_base 85 | ini_file: 86 | path: "{{ app_path }}/{{ app_dest_name }}/local/server.conf" 87 | section: indexer_discovery 88 | option: pass4SymmKey 89 | value: "{{idxc_discovery_password}}" 90 | owner: "{{splunk_user}}" 91 | group: "{{splunk_group}}" 92 | mode: 0600 93 | notify: restart splunk 94 | when: app_local.stat.exists == false and idxc_discovery_password is defined 95 | 96 | - name: "({{ app_name }}) setting summary_replication = true" 97 | tags: 98 | - splunk 99 | - splunk_baseconfig 100 | - org_cluster_manager_base 101 | ini_file: 102 | path: "{{ app_path }}/{{ app_dest_name }}/local/server.conf" 103 | section: clustering 104 | option: summary_replication 105 | value: "true" 106 | owner: "{{splunk_user}}" 107 | group: "{{splunk_group}}" 108 | mode: 0600 109 | notify: restart splunk 110 | when: splunk_installed_version is version_compare('6.4.0', '>=') and splunk_volume_defaults.remotePath is not defined -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/org_full_license_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the base config app 3 | 4 | - name: "call replace_master_uri" 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - org_full_license_server 9 | include_tasks: replace_master_uri.yml 10 | vars: 11 | splunk_file_to_change: "{{ app_path }}/{{ app_dest_name }}/local/server.conf" 12 | 13 | - name: "({{ app_name }}) setting license manager_uri" 14 | tags: 15 | - splunk 16 | - splunk_baseconfig 17 | - org_full_license_server 18 | ini_file: 19 | path: "{{ app_path }}/{{ app_dest_name }}/local/server.conf" 20 | section: license 21 | option: "{{splunk_manager_uri_var}}" 22 | value: "https://{{splunk_license_manager|first}}:8089" 23 | owner: "{{splunk_user}}" 24 | group: "{{splunk_group}}" 25 | mode: 0644 26 | notify: restart splunk 27 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/org_indexer_volume_indexes.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the base config app 3 | 4 | - name: Fail if homePath != coldPath (SmartStore) 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - org_indexer_volume_indexes 9 | fail: 10 | msg: "homePath ({{splunk_volume_defaults.homePath|default('primary')}}) must be equal to coldPath ({{splunk_volume_defaults.coldPath|default('primary')}}) when using SmartStore" 11 | when: 12 | - splunk_volume_defaults.remotePath is defined 13 | - splunk_volume_defaults.homePath|default("primary") != splunk_volume_defaults.coldPath|default("primary") 14 | 15 | - name: "({{ app_name }}) rename volume:primary" 16 | tags: 17 | - splunk 18 | - splunk_baseconfig 19 | - org_indexer_volume_indexes 20 | replace: 21 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 22 | regexp: '^\[volume:primary\]' 23 | replace: "[volume:{{ splunk_volume_defaults['homePath']|default('primary') }}]" 24 | when: splunk_indexer_volumes_local|length > 0 25 | 26 | - name: "({{ app_name }}) get volume file system available size" 27 | tags: 28 | - splunk 29 | - splunk_baseconfig 30 | - org_indexer_volume_indexes 31 | shell: "df --block-size=M --output=size {{ volume_vars['path']|default(splunk_home+'/var/lib/splunk') }} | tail -1 | tr -d 'M'" 32 | check_mode: no 33 | changed_when: false 34 | register: volume_fs_avail 35 | become: yes 36 | become_user: "{{splunk_user}}" 37 | with_dict: "{{ splunk_indexer_volumes_local }}" 38 | vars: 39 | volume_name: "{{ item.key }}" 40 | volume_vars: "{{ item.value }}" 41 | delegate_to: "{{ splunk_idxc_indexer_list|default([])|union(splunk_indexer_list|default([]))|first }}" 42 | when: splunk_volume_defaults.VolumeDataSize_Free_MB is defined 43 | 44 | - name: "({{ app_name }}) calculate maxVolumeDataSizeMB" 45 | tags: 46 | - splunk 47 | - splunk_baseconfig 48 | - org_indexer_volume_indexes 49 | set_fact: 50 | splunk_indexer_volumes_tmp: >- 51 | {%- set res = splunk_indexer_volumes_local -%} 52 | {%- for volume in volume_fs_avail.results -%} 53 | {%- if splunk_indexer_volumes_local[volume.item.key]['maxVolumeDataSizeMB'] is not defined -%} 54 | {%- set _ = res[volume.item.key].update({'maxVolumeDataSizeMB': (volume.stdout|int - splunk_volume_defaults.VolumeDataSize_Free_MB|default(800)|int)}) -%} 55 | {%- endif -%} 56 | {%- endfor -%} 57 | {{ res }} 58 | when: splunk_volume_defaults.VolumeDataSize_Free_MB is defined and volume_fs_avail is defined 59 | 60 | - name: "({{ app_name }}) set indexer volume variables for local volumes" 61 | tags: 62 | - splunk 63 | - splunk_baseconfig 64 | - org_indexer_volume_indexes 65 | include_tasks: set_indexer_volume_vars.yml 66 | with_dict: "{{ splunk_indexer_volumes_tmp|default(splunk_indexer_volumes_local) }}" 67 | vars: 68 | volume_name: "{{ item.key }}" 69 | volume_vars: "{{ item.value }}" 70 | when: splunk_indexer_volumes_local|length > 0 71 | 72 | - name: "({{ app_name }}) setting volume:primary" 73 | tags: 74 | - splunk 75 | - splunk_baseconfig 76 | - org_indexer_volume_indexes 77 | ini_file: 78 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 79 | section: volume:primary 80 | option: path 81 | value: "{{splunk_home}}/var/lib/splunk" 82 | owner: "{{splunk_user}}" 83 | group: "{{splunk_group}}" 84 | mode: 0644 85 | notify: restart splunk 86 | when: splunk_indexer_volumes_local|length < 1 or splunk_volume_defaults.homePath is not defined 87 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/org_s2_indexer_indexes.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the base config app 3 | 4 | - name: Fail if homePath != coldPath (SmartStore) 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - org_s2_indexer_indexes 9 | fail: 10 | msg: "homePath ({{splunk_volume_defaults.homePath|default('primary')}}) must be equal to coldPath ({{splunk_volume_defaults.coldPath|default('primary')}}) when using SmartStore" 11 | when: 12 | - splunk_volume_defaults.remotePath is defined 13 | - splunk_volume_defaults.homePath|default("primary") != splunk_volume_defaults.coldPath|default("primary") 14 | 15 | - name: "({{ app_name }}) remove volume:splunkcloud_vol stanza" 16 | tags: 17 | - splunk 18 | - splunk_baseconfig 19 | - org_s2_indexer_indexes 20 | ini_file: 21 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 22 | section: volume:splunkcloud_vol 23 | state: "absent" 24 | owner: "{{splunk_user}}" 25 | group: "{{splunk_group}}" 26 | mode: 0600 27 | notify: restart splunk 28 | 29 | - name: "({{ app_name }}) remove comments" 30 | tags: 31 | - splunk 32 | - splunk_baseconfig 33 | - org_s2_indexer_indexes 34 | blockinfile: 35 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 36 | block: | 37 | # these values will be supplied by cloud ops. 38 | # replace with the actual credentials. 39 | state: "absent" 40 | owner: "{{splunk_user}}" 41 | group: "{{splunk_group}}" 42 | mode: 0600 43 | notify: restart splunk 44 | 45 | - name: "({{ app_name }}) set indexer volume variables for remote volumes" 46 | tags: 47 | - splunk 48 | - splunk_baseconfig 49 | - org_s2_indexer_indexes 50 | include_tasks: set_indexer_volume_vars.yml 51 | with_dict: "{{ splunk_indexer_volumes_remote }}" 52 | vars: 53 | volume_name: "{{ item.key }}" 54 | volume_vars: "{{ item.value }}" 55 | when: 56 | - splunk_indexer_volumes is defined 57 | - splunk_indexer_volumes_remote|length > 0 58 | 59 | - name: "({{ app_name }}) configure volume for remotePath" 60 | tags: 61 | - splunk 62 | - splunk_baseconfig 63 | - org_s2_indexer_indexes 64 | ini_file: 65 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 66 | section: default 67 | option: remotePath 68 | value: "volume:{{splunk_volume_defaults.remotePath}}/$_index_name" 69 | owner: "{{splunk_user}}" 70 | group: "{{splunk_group}}" 71 | mode: 0600 72 | notify: restart splunk 73 | when: splunk_volume_defaults.remotePath is defined -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/org_search_volume_indexes.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the base config app 3 | 4 | - name: Fail if homePath != coldPath (SmartStore) 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - org_indexer_volume_indexes 9 | fail: 10 | msg: "homePath ({{splunk_volume_defaults.homePath|default('primary')}}) must be equal to coldPath ({{splunk_volume_defaults.coldPath|default('primary')}}) when using SmartStore" 11 | when: 12 | - splunk_volume_defaults.remotePath is defined 13 | - splunk_volume_defaults.homePath|default("primary") != splunk_volume_defaults.coldPath|default("primary") 14 | 15 | - name: "({{ app_name }}) rename volume:primary" 16 | tags: 17 | - splunk 18 | - splunk_baseconfig 19 | - org_indexer_volume_indexes 20 | replace: 21 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 22 | regexp: '^\[volume:primary\]' 23 | replace: '[volume:{{splunk_indexer_volumes_local|first|default(["primary"])}}]' 24 | when: splunk_indexer_volumes_local|length > 0 25 | 26 | - name: "({{ app_name }}) setting volume:primary" 27 | tags: 28 | - splunk 29 | - splunk_baseconfig 30 | - org_indexer_volume_indexes 31 | ini_file: 32 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 33 | section: volume:{{item.key}} 34 | option: path 35 | value: "{{splunk_home}}/var/lib/splunk" 36 | owner: "{{splunk_user}}" 37 | group: "{{splunk_group}}" 38 | mode: 0644 39 | with_dict: "{{splunk_indexer_volumes_local}}" 40 | notify: restart splunk 41 | when: splunk_indexer_volumes_local|length > 0 42 | 43 | - name: "({{ app_name }}) setting volume:primary" 44 | tags: 45 | - splunk 46 | - splunk_baseconfig 47 | - org_search_volume_indexes 48 | ini_file: 49 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 50 | section: volume:primary 51 | option: path 52 | value: "{{splunk_home}}/var/lib/splunk" 53 | owner: "{{splunk_user}}" 54 | group: "{{splunk_group}}" 55 | mode: 0644 56 | notify: restart splunk 57 | when: splunk_indexer_volumes_local|length < 1 or splunk_volume_defaults.homePath is not defined 58 | 59 | - name: "({{ app_name }}) remove volume:secondary" 60 | tags: 61 | - splunk 62 | - splunk_baseconfig 63 | - org_search_volume_indexes 64 | ini_file: 65 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 66 | section: volume:secondary 67 | state: absent 68 | value: "{{splunk_home}}/var/lib/splunk" 69 | owner: "{{splunk_user}}" 70 | group: "{{splunk_group}}" 71 | mode: 0644 72 | notify: restart splunk 73 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/org_site_n_indexer_base.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the base config app 3 | 4 | - name: "({{ app_name }}) setting indexer site" 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - org_site_n_indexer_base 9 | ini_file: 10 | path: "{{ app_path }}/{{ app_dest_name }}/local/server.conf" 11 | section: general 12 | option: site 13 | value: "{{site}}" 14 | owner: "{{splunk_user}}" 15 | group: "{{splunk_group}}" 16 | mode: 0600 17 | notify: restart splunk 18 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/replace_master_uri.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook replaces master_uri -> manager_uri or vice versa 3 | 4 | - name: "({{ app_name }}) rename (master|manager)_uri to {{splunk_manager_uri_var}}" 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | replace: 9 | path: "{{ splunk_file_to_change }}" 10 | regexp: '(master|manager)_uri' 11 | replace: "{{splunk_manager_uri_var}}" 12 | owner: "{{splunk_user}}" 13 | group: "{{splunk_group}}" -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/save_app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook saves a copy of the app on the ansible host 3 | 4 | - name: create hostname and app dir on ansible host 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - save_baseconfig 9 | - save_baseconfig_apps 10 | file: 11 | path: "../{{splunk_save_baseconfig_apps_dir|default('apps')}}/{{inventory_hostname}}/{{ app_path }}/{{ app_dest_name }}" 12 | state: directory 13 | become: no 14 | delegate_to: localhost 15 | 16 | - name: save app content to ansible host 17 | tags: 18 | - splunk 19 | - splunk_baseconfig 20 | - save_baseconfig 21 | - save_baseconfig_apps 22 | synchronize: 23 | src: "{{ app_path }}/{{ app_dest_name }}" 24 | dest: "../{{splunk_save_baseconfig_apps_dir|default('apps')}}/{{inventory_hostname}}/{{ app_path }}/" 25 | rsync_path: "sudo -u {{splunk_user}} rsync" 26 | mode: pull 27 | become: no 28 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/set_bucket_tunings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook configures additional settings for indexers 3 | 4 | - name: "({{ app_name }}) set journalCompression = zstd in indexes.conf" 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - bucket_tunings 9 | - journalCompression 10 | ini_file: 11 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 12 | section: "default" 13 | option: "journalCompression" 14 | value: "zstd" 15 | owner: "{{splunk_user}}" 16 | group: "{{splunk_group}}" 17 | mode: 0600 18 | notify: restart splunk 19 | when: splunk_installed_version is version_compare('7.2', '>=') 20 | 21 | - name: "({{ app_name }}) set tsidxWritingLevel = 3 in indexes.conf" 22 | tags: 23 | - splunk 24 | - splunk_baseconfig 25 | - bucket_tunings 26 | - tsidxWritingLevel 27 | ini_file: 28 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 29 | section: "default" 30 | option: "tsidxWritingLevel" 31 | value: >- 32 | {%- if splunk_installed_version is version_compare('8.1', '>=') -%} 33 | 4 34 | {%- else -%} 35 | 3 36 | {%- endif -%} 37 | owner: "{{splunk_user}}" 38 | group: "{{splunk_group}}" 39 | mode: 0600 40 | notify: restart splunk 41 | when: splunk_installed_version is version_compare('7.2', '>=') -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/set_index_vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook configures additional settings for indexes 3 | 4 | - name: "setting option for index '{{ index_name }}'" 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - org_all_indexes 9 | ini_file: 10 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 11 | section: "{{ index_name }}" 12 | option: >- 13 | {%- if index_var.key != 'null' -%}{{index_var.key}}{%- else -%}{%- endif -%} 14 | value: >- 15 | {%- if index_var.value != 'null' -%}{{index_var.value}}{%- else -%}{%- endif -%} 16 | owner: "{{splunk_user}}" 17 | group: "{{splunk_group}}" 18 | mode: 0644 19 | allow_no_value: >- 20 | {%- if index_var.key is defined -%}false{%- else -%}true{%- endif -%} 21 | with_dict: >- 22 | {%- if index_vars|length > 0 -%}{{index_vars}}{%- else -%}{'null': 'null'}{%- endif -%} 23 | loop_control: 24 | loop_var: index_var 25 | notify: restart splunk 26 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/set_indexer_volume_vars.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook configures additional settings for volumes 3 | 4 | - name: "setting volume variable for volume '{{ volume_name }}'" 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - org_indexer_volume_indexes 9 | ini_file: 10 | path: "{{ app_path }}/{{ app_dest_name }}/local/indexes.conf" 11 | section: volume:{{ volume_name }} 12 | option: "{{ volume_var.key }}" 13 | value: "{{ volume_var.value }}" 14 | owner: "{{splunk_user}}" 15 | group: "{{splunk_group}}" 16 | mode: 0644 17 | with_dict: "{{ volume_vars }}" 18 | loop_control: 19 | loop_var: volume_var 20 | notify: restart splunk 21 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/splunk_ssl_inputs_certs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook installs certs for ssl on inputs 3 | 4 | - name: check rootCA filename to copy 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - inputs_ssl 9 | stat: 10 | path: "{{ splunk_auth_dir }}/{{ item }}" 11 | with_items: 12 | - "{{ splunk_ssl.inputs.config.rootCA|basename|default('cacert.pem') }}" 13 | register: cacert_pems 14 | delegate_to: localhost 15 | become: no 16 | when: splunk_ssl.inputs.enable == true and splunk_ssl.inputs.own_certs == true 17 | 18 | - name: check serverCert filename to copy 19 | tags: 20 | - splunk 21 | - splunk_baseconfig 22 | - inputs_ssl 23 | stat: 24 | path: "{{ splunk_auth_dir }}/{{ item }}" 25 | with_items: 26 | - "{{ splunk_ssl.inputs.config.serverCert|basename|default('server.pem') }}" 27 | register: server_pems 28 | delegate_to: localhost 29 | become: no 30 | when: splunk_ssl.inputs.enable == true and splunk_ssl.inputs.own_certs == true 31 | 32 | - name: set cert file names 33 | tags: 34 | - splunk 35 | - splunk_baseconfig 36 | - inputs_ssl 37 | set_fact: 38 | cacert_pem: "{% for result in cacert_pems.results %}{% if result.stat.exists == true %}{{ result.item }}{% endif %}{% endfor %}" 39 | server_pem: "{% for result in server_pems.results %}{% if result.stat.exists == true %}{{ result.item }}{% endif %}{% endfor %}" 40 | when: splunk_ssl.inputs.enable == true and splunk_ssl.inputs.own_certs == true 41 | 42 | - name: fail if no cacert found 43 | tags: 44 | - splunk 45 | - splunk_baseconfig 46 | - inputs_ssl 47 | fail: 48 | msg: "Cannot find a cacert.pem file for host '{{ inventory_hostname }}' in the '{{ splunk_auth_dir }}' directory!" 49 | when: splunk_ssl.inputs.enable == true and splunk_ssl.inputs.own_certs == true and cacert_pem == "" 50 | 51 | - name: fail if no pem cert found 52 | tags: 53 | - splunk 54 | - splunk_baseconfig 55 | - inputs_ssl 56 | fail: 57 | msg: "Cannot find a .pem file for host '{{ inventory_hostname }}' in the '{{ splunk_auth_dir }}' directory!" 58 | when: splunk_ssl.inputs.enable == true and splunk_ssl.inputs.own_certs == true and server_pem == "" 59 | 60 | - name: create path for custom certs 61 | tags: 62 | - splunk 63 | - splunk_baseconfig 64 | - inputs_ssl 65 | file: 66 | state: directory 67 | recurse: true 68 | path: "{{ splunk_home }}/{{ item }}" 69 | owner: "{{splunk_user}}" 70 | group: "{{splunk_group}}" 71 | with_items: 72 | - "{{ splunk_ssl.inputs.config.rootCA|replace('$SPLUNK_HOME/', '')|dirname }}" 73 | - "{{ splunk_ssl.inputs.config.serverCert|replace('$SPLUNK_HOME/', '')|dirname }}" 74 | when: splunk_ssl.inputs.enable == true and splunk_ssl.inputs.own_certs == true 75 | 76 | - name: copy certs file for inputs ssl 77 | tags: 78 | - splunk 79 | - splunk_baseconfig 80 | - inputs_ssl 81 | copy: 82 | src: "{{ splunk_auth_dir }}/{{ item.src }}" 83 | dest: "{{ splunk_home }}/{{ item.dest }}" 84 | owner: "{{splunk_user}}" 85 | group: "{{splunk_group}}" 86 | mode: 0600 87 | with_items: 88 | - { src: '{{ cacert_pem }}', dest: "{{ splunk_ssl.inputs.config.rootCA|replace('$SPLUNK_HOME/', '')|dirname }}" } 89 | - { src: '{{ server_pem }}', dest: "{{ splunk_ssl.inputs.config.serverCert|replace('$SPLUNK_HOME/', '')|dirname }}" } 90 | when: splunk_ssl.inputs.enable == true and splunk_ssl.inputs.own_certs == true 91 | -------------------------------------------------------------------------------- /ansible/roles/baseconfig_app/tasks/splunk_ssl_outputs_certs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook installs certs for ssl on inputs 3 | 4 | - name: check sslRootCAPath filename to copy 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - outputs_ssl 9 | stat: 10 | path: "{{ splunk_auth_dir }}/{{ item }}" 11 | with_items: 12 | - "{{ splunk_ssl.outputs.config.sslRootCAPath|basename|default('cacert.pem') }}" 13 | register: cacert_pems 14 | delegate_to: localhost 15 | become: no 16 | when: splunk_ssl.outputs.enable == true and splunk_ssl.outputs.own_certs == true 17 | 18 | - name: check sslCertPath filename to copy 19 | tags: 20 | - splunk 21 | - splunk_baseconfig 22 | - outputs_ssl 23 | stat: 24 | path: "{{ splunk_auth_dir }}/{{ item }}" 25 | with_items: 26 | - "{{ splunk_ssl.outputs.config.sslCertPath|basename|default('client.pem') }}" 27 | register: client_pems 28 | delegate_to: localhost 29 | become: no 30 | when: splunk_ssl.outputs.enable == true and splunk_ssl.outputs.own_certs == true 31 | 32 | - name: set cert file names 33 | tags: 34 | - splunk 35 | - splunk_baseconfig 36 | - outputs_ssl 37 | set_fact: 38 | cacert_pem: "{% for result in cacert_pems.results %}{% if result.stat.exists == true %}{{ result.item }}{% endif %}{% endfor %}" 39 | client_pem: "{% for result in client_pems.results %}{% if result.stat.exists == true %}{{ result.item }}{% endif %}{% endfor %}" 40 | when: splunk_ssl.outputs.enable == true and splunk_ssl.outputs.own_certs == true 41 | 42 | #FIXME: Fix the error message to include the correct filename 43 | - name: fail if no cacert found 44 | tags: 45 | - splunk 46 | - splunk_baseconfig 47 | - outputs_ssl 48 | fail: 49 | msg: "Cannot find a cacert.pem file for host '{{ inventory_hostname }}' in the '{{ splunk_auth_dir }}' directory!" 50 | when: splunk_ssl.outputs.enable == true and splunk_ssl.outputs.own_certs == true and cacert_pem == "" 51 | 52 | #FIXME: Fix the error message to include the correct filename 53 | - name: fail if no pem cert found 54 | tags: 55 | - splunk 56 | - splunk_baseconfig 57 | - outputs_ssl 58 | fail: 59 | msg: "Cannot find a .pem file for host '{{ inventory_hostname }}' in the '{{ splunk_auth_dir }}' directory!" 60 | when: splunk_ssl.outputs.enable == true and splunk_ssl.outputs.own_certs == true and client_pem == "" 61 | 62 | - name: create path for custom certs 63 | tags: 64 | - splunk 65 | - splunk_baseconfig 66 | - outputs_ssl 67 | file: 68 | state: directory 69 | recurse: true 70 | path: "{{ app_path }}/{{ app_dest_name }}/default" 71 | owner: "{{splunk_user}}" 72 | group: "{{splunk_group}}" 73 | when: splunk_ssl.outputs.enable == true and splunk_ssl.outputs.own_certs == true 74 | 75 | - name: copy certs file for inputs ssl 76 | tags: 77 | - splunk 78 | - splunk_baseconfig 79 | - outputs_ssl 80 | copy: 81 | src: "{{ splunk_auth_dir }}/{{ item.src }}" 82 | dest: "{{ item.dest }}" 83 | owner: "{{splunk_user}}" 84 | group: "{{splunk_group}}" 85 | mode: 0600 86 | with_items: 87 | - { src: '{{ cacert_pem }}', dest: "{{ app_path }}/{{ app_dest_name }}/default" } 88 | - { src: '{{ client_pem }}', dest: "{{ app_path }}/{{ app_dest_name }}/default" } 89 | when: splunk_ssl.outputs.enable == true and splunk_ssl.outputs.own_certs == true 90 | -------------------------------------------------------------------------------- /ansible/roles/cluster_manager/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variables for this role 3 | 4 | splunk_install_app: splunk -------------------------------------------------------------------------------- /ansible/roles/cluster_manager/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: splunk_common 4 | -------------------------------------------------------------------------------- /ansible/roles/common/files/home/ansible_user/bashrc.splunk: -------------------------------------------------------------------------------- 1 | # Aliases 2 | alias splunk="s splunk" 3 | alias s="sudo -i -u splunk" 4 | alias r="sudo -i" 5 | -------------------------------------------------------------------------------- /ansible/roles/common/tasks/check_ansible_requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook checks for the required packages 3 | 4 | - name: check for acl 5 | tags: 6 | - splunk 7 | - splunk_common 8 | stat: 9 | path: /usr/bin/setfacl 10 | register: acl 11 | 12 | - name: Fail if acl is not installed 13 | fail: 14 | msg: "Package 'acl' is not installed. This is required for Ansible." 15 | when: acl.stat.exists == false 16 | -------------------------------------------------------------------------------- /ansible/roles/common/tasks/disable_apparmor.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook disables selinux 3 | 4 | - name: collect facts about system services 5 | tags: 6 | - common 7 | - apparmor 8 | service_facts: 9 | register: services_state 10 | when: 11 | - disable_apparmor|default(false) == true 12 | 13 | - name: stop and disable AppArmor 14 | tags: 15 | - common 16 | - apparmor 17 | service: 18 | name: apparmor 19 | state: stopped 20 | enabled: no 21 | when: 22 | - disable_apparmor|default(false) == true 23 | - services_state.ansible_facts.services['apparmor.service'] is defined 24 | - services_state.ansible_facts.services['apparmor.service']['status'] == 'enabled' 25 | -------------------------------------------------------------------------------- /ansible/roles/common/tasks/disable_selinux.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook disables selinux 3 | 4 | - name: check SELinux state 5 | shell: which getenforce > /dev/null 2>&1 && getenforce 6 | check_mode: no 7 | changed_when: false 8 | failed_when: "selinux_state.rc > 1" 9 | register: selinux_state 10 | when: disable_selinux|default(false) == true 11 | 12 | - name: disable SELinux 13 | tags: 14 | - common 15 | - selinux 16 | selinux: 17 | state: disabled 18 | register: need_reboot 19 | when: 20 | - disable_selinux|default(false) == true 21 | - selinux_state.stdout|lower == "enforcing" 22 | 23 | - name: reboot the server and wait for it to come back up. 24 | reboot: 25 | when: need_reboot.reboot_required|default(false) == true 26 | -------------------------------------------------------------------------------- /ansible/roles/common/tasks/fix_time_sync.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook does setup a time sync fix 3 | 4 | - name: setup time sync cronjob 5 | tags: 6 | - common 7 | - fix_time_sync 8 | - ntp 9 | - chrony 10 | cron: 11 | name: "sync time" 12 | minute: "*/5" 13 | job: "/bin/chronyc makestep >/dev/null" 14 | become: yes 15 | become_user: root 16 | -------------------------------------------------------------------------------- /ansible/roles/common/tasks/hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install a hosts file for all the hosts 3 | 4 | #TODO Remove in future versions 5 | - name: remove vagrant-hostmanager entries 6 | tags: 7 | - common 8 | - hosts 9 | blockinfile: 10 | path: /etc/hosts 11 | state: absent 12 | marker: "## {mark}" 13 | marker_begin: "vagrant-hostmanager-start" 14 | marker_end: "vagrant-hostmanager-end" 15 | become: yes 16 | become_user: root 17 | 18 | - name: add splunk hosts to /etc/hosts 19 | tags: 20 | - common 21 | - hosts 22 | blockinfile: 23 | path: /etc/hosts 24 | block: | 25 | {{ splunk_hosts_entries }} 26 | marker: "# {mark} SPLUNKENIZER MANAGED BLOCK (splunk hosts)" 27 | become: yes 28 | become_user: root 29 | -------------------------------------------------------------------------------- /ansible/roles/common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook for this role 3 | 4 | - name: 5 | include_tasks: set_hostname.yml 6 | when: ansible_os_family|lower != 'windows' 7 | 8 | - name: 9 | include_tasks: packages.yml 10 | when: 11 | - packages|default([],true)|length > 0 12 | - ansible_os_family|lower != 'windows' 13 | 14 | - name: 15 | include_tasks: check_ansible_requirements.yml 16 | when: ansible_os_family|lower != 'windows' 17 | 18 | - name: 19 | include_tasks: users.yml 20 | when: ansible_os_family|lower != 'windows' 21 | 22 | - name: 23 | include_tasks: time.yml 24 | when: ansible_os_family|lower != 'windows' 25 | 26 | - name: 27 | include_tasks: disable_selinux.yml 28 | when: 29 | - disable_selinux|default(false) == true 30 | - ansible_os_family|lower != 'windows' 31 | - "'role_universal_forwarder' not in group_names" 32 | 33 | - name: 34 | include_tasks: disable_apparmor.yml 35 | when: 36 | - ansible_os_family|lower != 'windows' 37 | - disable_apparmor|default(false) == true 38 | 39 | - name: 40 | include_tasks: hosts.yml 41 | when: 42 | - ansible_os_family|lower != 'windows' 43 | - update_hosts_file|default(false) == true 44 | 45 | - name: 46 | include_tasks: fix_time_sync.yml 47 | when: 48 | - ansible_os_family|lower != 'windows' 49 | - enable_time_sync_cron|default(false) == true 50 | -------------------------------------------------------------------------------- /ansible/roles/common/tasks/ntp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook does setup 3 | 4 | - name: enable chronyd 5 | tags: 6 | - common 7 | - ntp 8 | - chrony 9 | service: 10 | name: chronyd 11 | state: started 12 | enabled: yes 13 | -------------------------------------------------------------------------------- /ansible/roles/common/tasks/packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook installs additional os packages 3 | 4 | - name: Run apt-get update 5 | apt: 6 | update_cache: yes 7 | when: ansible_os_family == "Debian" 8 | 9 | - name: install additional os packages 10 | tags: 11 | - common 12 | - packages 13 | package: 14 | name: "{{ packages }}" 15 | state: latest 16 | -------------------------------------------------------------------------------- /ansible/roles/common/tasks/set_hostname.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook sets the os hostname 3 | 4 | - name: set os hostname to {{ inventory_hostname }} 5 | tags: 6 | - common 7 | - hostname 8 | hostname: 9 | name: "{{ inventory_hostname }}" 10 | when: set_hostname|default(false) == true 11 | -------------------------------------------------------------------------------- /ansible/roles/common/tasks/time.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the basic time settings 3 | 4 | - name: set timezone 5 | tags: 6 | - common 7 | - timezone 8 | timezone: 9 | name: "{{ time_zone }}" 10 | -------------------------------------------------------------------------------- /ansible/roles/common/tasks/users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install a basic user with the login keys 3 | 4 | - name: Adding splunk aliases 5 | tags: 6 | - common 7 | - bashrc 8 | copy: 9 | src: home/ansible_user/bashrc.splunk 10 | dest: "~{{ ansible_user }}/.bashrc.splunk" 11 | mode: 0644 12 | become: yes 13 | become_user: "{{ ansible_user }}" 14 | 15 | - name: insert/update bashrc for splunk stuff 16 | tags: 17 | - common 18 | - bashrc 19 | blockinfile: 20 | create: yes 21 | path: "~{{ ansible_user }}/.bashrc" 22 | marker: "#" 23 | insertafter: "export PATH" 24 | content: | 25 | if [ -f ~/.bashrc.splunk ]; then 26 | . ~/.bashrc.splunk 27 | fi 28 | -------------------------------------------------------------------------------- /ansible/roles/deployer/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variables for this role 3 | 4 | splunk_install_app: splunk -------------------------------------------------------------------------------- /ansible/roles/deployer/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: splunk_common 4 | -------------------------------------------------------------------------------- /ansible/roles/deployment_server/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variables for this role 3 | 4 | splunk_install_app: splunk -------------------------------------------------------------------------------- /ansible/roles/deployment_server/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: splunk_common 4 | -------------------------------------------------------------------------------- /ansible/roles/deployment_server/tasks/save_serverclass.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook saves a copy of the serverclass.conf on the ansible host 3 | 4 | - name: create hostname and system/local dir on ansible host 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - deployment_server 9 | - serverclass 10 | - save_baseconfig 11 | - save_serverclass 12 | file: 13 | path: "../{{splunk_save_baseconfig_apps_dir|default('apps')}}/{{inventory_hostname}}/{{ splunk_install_dir }}/splunk/etc/system/local/" 14 | state: directory 15 | become: no 16 | delegate_to: localhost 17 | 18 | - name: save serverclass file to ansible host 19 | tags: 20 | - splunk 21 | - splunk_baseconfig 22 | - deployment_server 23 | - serverclass 24 | - save_baseconfig 25 | - save_serverclass 26 | synchronize: 27 | src: "{{ splunk_install_dir }}/splunk/etc/system/local/serverclass.conf" 28 | dest: "../{{splunk_save_baseconfig_apps_dir|default('apps')}}/{{splunk_deployment_server|first}}/{{ splunk_install_dir }}/splunk/etc/system/local/" 29 | rsync_path: "{{ become_method|default('sudo') }} -u {{splunk_user}} rsync" 30 | mode: pull 31 | become: no 32 | -------------------------------------------------------------------------------- /ansible/roles/deployment_server/tasks/update_serverclass.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook contains common tasks in this role 3 | 4 | - name: check if deployment_server is available 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - deployment_server 9 | - serverclass 10 | wait_for: 11 | host: '{{splunk_deployment_server|first}}' 12 | port: 8089 13 | timeout: 1 14 | register: host_check 15 | check_mode: False 16 | failed_when: host_check.msg is defined and "error" in host_check.msg 17 | changed_when: host_check.state is defined and host_check.state == 'started' 18 | when: groups.role_deployment_server is defined and inventory_hostname not in groups.role_deployment_server 19 | 20 | - name: call serverclass tasks on deployment_server 21 | tags: 22 | - splunk 23 | - splunk_baseconfig 24 | - deployment_server 25 | - serverclass 26 | import_role: 27 | name: deployment_server 28 | tasks_from: serverclass 29 | delegate_to: '{{splunk_deployment_server|first}}' 30 | vars: 31 | splunk_install_app: splunk 32 | when: host_check.state is defined and host_check.state == 'started' 33 | -------------------------------------------------------------------------------- /ansible/roles/heavy_forwarder/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variables for this role 3 | 4 | splunk_install_app: splunk -------------------------------------------------------------------------------- /ansible/roles/heavy_forwarder/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: splunk_common 4 | -------------------------------------------------------------------------------- /ansible/roles/indexer/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variables for this role 3 | 4 | splunk_install_app: splunk -------------------------------------------------------------------------------- /ansible/roles/indexer/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: splunk_common 4 | -------------------------------------------------------------------------------- /ansible/roles/indexer/tasks/check_volume_path.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Check if we can access the storage layer for storing buckets 3 | 4 | - name: "getting volume status" 5 | tags: 6 | - splunk 7 | - indexer 8 | - check_volume_path 9 | stat: 10 | path: "{{ volume_path }}" 11 | register: volumepath 12 | 13 | - name: "check if volume exists" 14 | tags: 15 | - splunk 16 | - indexer 17 | - check_volume_path 18 | fail: 19 | msg: "volume:{{ volume_name }} path: {{ volume_path }} does not exist" 20 | when: volumepath.stat.exists == false 21 | 22 | - name: "check if volume path is a directory" 23 | tags: 24 | - splunk 25 | - indexer 26 | - check_volume_path 27 | fail: 28 | msg: "volume:{{ volume_name }} path: {{ volume_path }} is not a directory" 29 | when: volumepath.stat.isdir == false 30 | 31 | - name: "check if volume path is own by splunk user" 32 | tags: 33 | - splunk 34 | - indexer 35 | - check_volume_path 36 | fail: 37 | msg: "volume:{{ volume_name }} path: {{ volume_path }} is not owned by user {{splunk_user}}" 38 | when: volumepath.stat.pw_name != splunk_user 39 | 40 | - name: "check if volume path is writeable" 41 | tags: 42 | - splunk 43 | - indexer 44 | - check_volume_path 45 | fail: 46 | msg: "volume:{{ volume_name }} path: {{ volume_path }} is not writable by user {{splunk_user}}" 47 | when: volumepath.stat.wusr == false 48 | -------------------------------------------------------------------------------- /ansible/roles/indexer/tasks/idxcluster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook for this role 3 | 4 | - name: start indexer cluster node 5 | tags: 6 | - splunk 7 | - indexer 8 | - idxcluster 9 | debug: 10 | msg: "Configuring indexer cluster" 11 | 12 | - name: apply baseconfig app org_cluster_indexer_base 13 | tags: 14 | - splunk 15 | - splunk_baseconfig 16 | - indexer 17 | - idxcluster 18 | - org_cluster_indexer_base 19 | include_role: 20 | name: baseconfig_app 21 | vars: 22 | app_name: 'org_cluster_indexer_base' 23 | app_path: '{{splunk_home}}/etc/apps' 24 | 25 | - name: apply baseconfig app org_site_n_indexer_base 26 | tags: 27 | - splunk 28 | - splunk_baseconfig 29 | - indexer 30 | - idxcluster 31 | - org_site_n_indexer_base 32 | include_role: 33 | name: baseconfig_app 34 | vars: 35 | app_name: 'org_site_n_indexer_base' 36 | app_path: '{{splunk_home}}/etc/apps' 37 | when: site is defined and "'site' in site" 38 | -------------------------------------------------------------------------------- /ansible/roles/indexer/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook for this role 3 | 4 | - name: start role tasks 5 | tags: 6 | - splunk 7 | - indexer 8 | debug: 9 | msg: "role '{{ role_name }}' start" 10 | 11 | #TODO: create volume directories 12 | #- name: create volume directories 13 | # tags: 14 | # - splunk 15 | # - indexer 16 | # - create_volume_path 17 | # file: 18 | # path: "{{ item.value.path }}" 19 | # state: directory 20 | # owner: "{{splunk_user}}" 21 | # group: "{{splunk_group}}" 22 | # mode: 0755 23 | # with_dict: "{{ splunk_indexer_volumes }}" 24 | # when: splunk_indexer_volumes_local|length > 0 25 | 26 | - name: check volume pathes 27 | tags: 28 | - splunk 29 | - indexer 30 | - check_volume_path 31 | include_tasks: check_volume_path.yml 32 | with_dict: "{{ splunk_indexer_volumes_local }}" 33 | vars: 34 | volume_name: "{{ item.key }}" 35 | volume_path: "{{ item.value.path|default(splunk_home+'/var/lib/splunk') }}" 36 | when: splunk_indexer_volumes_local|length > 0 37 | 38 | - name: install certs for inputs ssl 39 | tags: 40 | - splunk 41 | - splunk_baseconfig 42 | - indexer 43 | - idxsingle 44 | - idxcluster 45 | - inputs_ssl 46 | include_role: 47 | name: baseconfig_app 48 | tasks_from: splunk_ssl_inputs_certs 49 | when: splunk_ssl.inputs.enable == true and splunk_ssl.inputs.own_certs == true 50 | 51 | - include_tasks: idxcluster.yml 52 | when: idxc_name is defined 53 | 54 | - include_tasks: idxsingle.yml 55 | when: idxc_name is not defined 56 | -------------------------------------------------------------------------------- /ansible/roles/ldap_server/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variables for this role 3 | 4 | ldap_root_passwd: ldapsecret 5 | ldap_dc: dc=splunk,dc=training 6 | ldap_dc_name: splunk 7 | -------------------------------------------------------------------------------- /ansible/roles/ldap_server/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook for this role 3 | 4 | - include_tasks: openldap.yml 5 | -------------------------------------------------------------------------------- /ansible/roles/ldap_server/tasks/openldap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook configures an LDAP server 3 | 4 | # Following this guide: http://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html 5 | 6 | - name: install openladp packages 7 | tags: 8 | - ldap 9 | package: 10 | name: 11 | - openldap 12 | - openldap-clients 13 | - openldap-servers 14 | state: latest 15 | 16 | - name: enable and start service slapd 17 | tags: 18 | - ldap 19 | service: 20 | name: slapd 21 | state: started 22 | enabled: yes 23 | 24 | - name: check for ldap db config file 25 | tags: 26 | - ldap 27 | stat: path="/var/tmp/db.ldif" 28 | register: ldap_config 29 | 30 | - name: create LDAP root password 31 | tags: 32 | - ldap 33 | shell: slappasswd -s {{ldap_root_passwd}} 34 | register: ldap_root_hash 35 | when: ldap_config.stat.exists == false 36 | 37 | - name: define ldap db config file 38 | tags: 39 | - ldap 40 | template: 41 | src: var/tmp/db.ldif.j2 42 | dest: /var/tmp/db.ldif 43 | when: ldap_config.stat.exists == false 44 | 45 | - name: add ldap db config file 46 | tags: 47 | - ldap 48 | shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /var/tmp/db.ldif 49 | when: ldap_config.stat.exists == false 50 | 51 | - name: "check for ldap monitor config file" 52 | stat: path="/var/tmp/monitor.ldif" 53 | register: ldap_monitor_config 54 | 55 | - name: define monitor config file 56 | tags: 57 | - ldap 58 | template: 59 | src: var/tmp/monitor.ldif.j2 60 | dest: /var/tmp/monitor.ldif 61 | when: ldap_monitor_config.stat.exists == false 62 | 63 | - name: add ldap monitor config 64 | tags: 65 | - ldap 66 | shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /var/tmp/monitor.ldif 67 | when: ldap_monitor_config.stat.exists == false 68 | 69 | - name: check for ldap DB_CONFIG file 70 | tags: 71 | - ldap 72 | stat: path="/var/lib/ldap/DB_CONFIG" 73 | register: ldap_db_config 74 | 75 | - name: copy /var/lib/ldap/DB_CONFIG from example 76 | tags: 77 | - ldap 78 | shell: cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG 79 | when: ldap_db_config.stat.exists == false 80 | 81 | - name: set correct file permissions for DB_CONFIG 82 | tags: 83 | - ldap 84 | file: 85 | path: /var/lib/ldap/DB_CONFIG 86 | owner: ldap 87 | group: ldap 88 | mode: 0644 89 | 90 | - name: add more schemas 91 | tags: 92 | - ldap 93 | shell: ldapadd -Y EXTERNAL -H ldapi:/// -f {{item}} 94 | with_items: 95 | - /etc/openldap/schema/cosine.ldif 96 | - /etc/openldap/schema/nis.ldif 97 | - /etc/openldap/schema/inetorgperson.ldif 98 | when: ldap_db_config.stat.exists == false 99 | 100 | - name: "check for ldap base config file" 101 | tags: 102 | - ldap 103 | stat: path="/var/tmp/base.ldif" 104 | register: ldap_base_config 105 | 106 | - name: define domain config 107 | tags: 108 | - ldap 109 | template: 110 | src: var/tmp/base.ldif.j2 111 | dest: /var/tmp/base.ldif 112 | when: ldap_base_config.stat.exists == false 113 | 114 | - name: build lDAP directory sturcture 115 | tags: 116 | - ldap 117 | shell: ldapadd -x -w {{ldap_root_passwd}} -D "cn=ldapadm,{{ldap_dc}}" -f /var/tmp/base.ldif 118 | when: ldap_base_config.stat.exists == false 119 | -------------------------------------------------------------------------------- /ansible/roles/ldap_server/templates/var/tmp/base.ldif.j2: -------------------------------------------------------------------------------- 1 | dn: {{ldap_dc}} 2 | dc: {{ldap_dc_name}} 3 | objectClass: top 4 | objectClass: domain 5 | 6 | dn: cn=ldapadm,{{ldap_dc}} 7 | objectClass: organizationalRole 8 | cn: ldapadm 9 | description: LDAP Manager 10 | 11 | dn: ou=People,{{ldap_dc}} 12 | objectClass: organizationalUnit 13 | ou: People 14 | 15 | dn: ou=Group,{{ldap_dc}} 16 | objectClass: organizationalUnit 17 | ou: Group 18 | -------------------------------------------------------------------------------- /ansible/roles/ldap_server/templates/var/tmp/db.ldif.j2: -------------------------------------------------------------------------------- 1 | dn: olcDatabase={2}hdb,cn=config 2 | changetype: modify 3 | replace: olcSuffix 4 | olcSuffix: {{ldap_dc}} 5 | 6 | dn: olcDatabase={2}hdb,cn=config 7 | changetype: modify 8 | replace: olcRootDN 9 | olcRootDN: cn=ldapadm,{{ldap_dc}} 10 | 11 | dn: olcDatabase={2}hdb,cn=config 12 | changetype: modify 13 | replace: olcRootPW 14 | olcRootPW: {{ldap_root_hash.stdout}} 15 | -------------------------------------------------------------------------------- /ansible/roles/ldap_server/templates/var/tmp/monitor.ldif.j2: -------------------------------------------------------------------------------- 1 | dn: olcDatabase={1}monitor,cn=config 2 | changetype: modify 3 | replace: olcAccess 4 | olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,{{ldap_dc}}" read by * none 5 | -------------------------------------------------------------------------------- /ansible/roles/license_manager/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variables for this role 3 | 4 | splunk_install_app: splunk -------------------------------------------------------------------------------- /ansible/roles/license_manager/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: splunk_common 4 | -------------------------------------------------------------------------------- /ansible/roles/license_manager/tasks/add_license.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook installs a splunk license 3 | 4 | - name: get guid of source license file 5 | tags: 6 | - splunk 7 | - license_manager 8 | xml: 9 | path: "{{ splunk_software }}/{{ splunk_license_file_name }}" 10 | xpath: /license/payload/guid 11 | content: 'text' 12 | register: lic_guid_src 13 | delegate_to: localhost 14 | become: no 15 | 16 | - name: "check for license guid {{ lic_guid_src.matches[0].guid }} in splunk" 17 | tags: 18 | - splunk 19 | - license_manager 20 | command: "{{ splunk_home }}/bin/splunk list license -auth admin:{{splunk_admin_password}}" 21 | become: yes 22 | become_user: "{{ splunk_user }}" 23 | register: grep_result 24 | check_mode: no 25 | changed_when: false 26 | 27 | - name: copy license file to tmp location 28 | tags: 29 | - splunk 30 | - license_manager 31 | copy: 32 | src: "{{ splunk_software }}/{{ splunk_license_file_name }}" 33 | dest: "/tmp/{{ splunk_license_file_name }}" 34 | owner: "{{ splunk_user }}" 35 | group: "{{ splunk_group }}" 36 | when: grep_result.stdout is not search(lic_guid_src.matches[0].guid) 37 | 38 | - name: add license file to splunk 39 | tags: 40 | - splunk 41 | - license_manager 42 | command: "{{ splunk_home }}/bin/splunk add license /tmp/{{ splunk_license_file_name }} -auth admin:{{splunk_admin_password}}" 43 | become: yes 44 | become_user: "{{ splunk_user }}" 45 | when: grep_result.stdout is not search(lic_guid_src.matches[0].guid) 46 | notify: restart splunk 47 | 48 | - name: remove license file from tmp location 49 | tags: 50 | - splunk 51 | - license_manager 52 | file: 53 | path: "/tmp/{{ splunk_license_file_name }}" 54 | state: absent 55 | -------------------------------------------------------------------------------- /ansible/roles/license_manager/tasks/license.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook installs a splunk licenses 3 | 4 | - name: loop through the license files 5 | tags: 6 | - splunk 7 | - license_manager 8 | include_tasks: 9 | file: add_license.yml 10 | with_items: "{{ splunk_license_file }}" 11 | loop_control: 12 | loop_var: splunk_license_file_name 13 | when: splunk_license_file is defined 14 | -------------------------------------------------------------------------------- /ansible/roles/license_manager/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook for this role 3 | 4 | - name: apply baseconfig app org_all_deploymentclient 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - license_manager 9 | - org_all_deploymentclient 10 | include_role: 11 | name: baseconfig_app 12 | vars: 13 | app_name: 'org_all_deploymentclient' 14 | app_path: '{{splunk_home}}/etc/apps' 15 | when: splunk_deployment_server|default()|length > 0 and inventory_hostname not in groups.role_deployment_server 16 | 17 | - name: apply baseconfig app org_all_forwarder_outputs 18 | tags: 19 | - splunk 20 | - splunk_baseconfig 21 | - license_manager 22 | - org_all_forwarder_outputs 23 | include_role: 24 | name: baseconfig_app 25 | vars: 26 | app_name: 'org_all_forwarder_outputs' 27 | app_path: '{{splunk_home}}/etc/apps' 28 | when: splunk_deployment_server|default()|length == 0 and inventory_hostname not in groups.role_indexer 29 | 30 | - name: install certs for web ssl 31 | tags: 32 | - splunk 33 | - splunk_baseconfig 34 | - license_manager 35 | - org_all_search_base 36 | - web_ssl 37 | include_role: 38 | name: baseconfig_app 39 | tasks_from: splunk_ssl_web_certs 40 | when: splunk_ssl.web.enable == true and splunk_ssl.web.own_certs == true 41 | 42 | - name: apply baseconfig app org_all_search_base 43 | tags: 44 | - splunk 45 | - splunk_baseconfig 46 | - license_manager 47 | - org_all_search_base 48 | include_role: 49 | name: baseconfig_app 50 | vars: 51 | app_name: 'org_all_search_base' 52 | app_path: '{{splunk_home}}/etc/apps' 53 | when: splunk_deployment_server|default()|length == 0 54 | 55 | - include_tasks: license.yml 56 | 57 | - name: call update_dserver from role monitoring_console 58 | tags: 59 | - splunk 60 | - splunk_baseconfig 61 | - monitoring_console 62 | - dserver 63 | include_role: 64 | name: monitoring_console 65 | tasks_from: update_dserver 66 | vars: 67 | splunk_dservers: "[ '{{ inventory_hostname }}' ]" 68 | when: splunk_monitoring_console|default()|length > 0 and inventory_hostname not in groups.role_monitoring_console 69 | -------------------------------------------------------------------------------- /ansible/roles/monitoring_console/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variables for this role 3 | 4 | splunk_install_app: splunk -------------------------------------------------------------------------------- /ansible/roles/monitoring_console/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: splunk_common 4 | -------------------------------------------------------------------------------- /ansible/roles/monitoring_console/tasks/add_dserver.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # add a certain dserver, if available 3 | 4 | - name: check if dserver is available 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - monitoring_console 9 | - dserver 10 | wait_for: 11 | host: '{{ dserver_name }}' 12 | port: 8089 13 | timeout: 1 14 | register: dserver_check 15 | check_mode: False 16 | failed_when: dserver_check.msg is defined and "error" in dserver_check.msg 17 | changed_when: dserver_check.state is defined and dserver_check.state == 'started' 18 | 19 | # delegate_to with include_role and loops run on current host in ansible 2.5+ so we need to delegate here again: 20 | # See: https://medium.com/opsops/ansible-2-5-delegate-to-and-include-role-20cd7e67008e 21 | - name: add new dserver 22 | tags: 23 | - splunk 24 | - splunk_baseconfig 25 | - monitoring_console 26 | - dserver 27 | command: "{{ splunk_home }}/bin/splunk add search-server {{ dserver_name }}:8089 -remoteUsername admin -remotePassword {{splunk_admin_password}} -auth admin:{{splunk_admin_password}}" 28 | delegate_to: '{{splunk_monitoring_console|first}}' 29 | become: yes 30 | become_user: "{{ splunk_user }}" 31 | when: dserver_check.state is defined and dserver_check.state == 'started' 32 | -------------------------------------------------------------------------------- /ansible/roles/monitoring_console/tasks/dserver.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # get the list of existing dservers and add the missing ones 3 | 4 | - name: get list of current distributedSearch servers 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - monitoring_console 9 | - dserver 10 | # Same command is in search_head/tasks/search_peers.yml 11 | include_role: 12 | name: splunk_software 13 | tasks_from: splunk_rest 14 | vars: 15 | splunk_rest_endpoint: /services/search/distributed/peers 16 | 17 | - name: create current_dservers list 18 | tags: 19 | - splunk 20 | - splunk_baseconfig 21 | - monitoring_console 22 | - dserver 23 | - splunk_rest 24 | set_fact: 25 | current_dservers: "{{ splunk_rest_json_output | json_query(jmesquery) | map('regex_replace', ':\\d+$', '') }}" 26 | vars: 27 | jmesquery: "entry[*].name" 28 | 29 | - name: call add_dserver 30 | tags: 31 | - splunk 32 | - splunk_baseconfig 33 | - monitoring_console 34 | - dserver 35 | include_tasks: add_dserver.yml 36 | with_items: 37 | - "{{ splunk_dservers | difference(current_dservers) }}" 38 | loop_control: 39 | loop_var: dserver_name 40 | when: "splunk_dservers|difference(current_dservers)|length > 0" 41 | -------------------------------------------------------------------------------- /ansible/roles/monitoring_console/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook for this role 3 | 4 | - name: start role tasks 5 | tags: 6 | - splunk 7 | - monitoring_console 8 | debug: 9 | msg: "role '{{ role_name }}' start" 10 | 11 | - name: apply baseconfig app org_all_deploymentclient 12 | tags: 13 | - splunk 14 | - splunk_baseconfig 15 | - monitoring_console 16 | - org_all_deploymentclient 17 | include_role: 18 | name: baseconfig_app 19 | vars: 20 | app_name: 'org_all_deploymentclient' 21 | app_path: '{{splunk_home}}/etc/apps' 22 | when: splunk_deployment_server|default()|length > 0 and inventory_hostname not in groups.role_deployment_server 23 | 24 | - name: apply baseconfig app org_all_forwarder_outputs 25 | tags: 26 | - splunk 27 | - splunk_baseconfig 28 | - monitoring_console 29 | - org_all_forwarder_outputs 30 | include_role: 31 | name: baseconfig_app 32 | vars: 33 | app_name: 'org_all_forwarder_outputs' 34 | app_path: '{{splunk_home}}/etc/apps' 35 | when: splunk_deployment_server|default()|length == 0 and inventory_hostname not in groups.role_indexer 36 | 37 | - name: install certs for web ssl 38 | tags: 39 | - splunk 40 | - splunk_baseconfig 41 | - monitoring_console 42 | - org_all_search_base 43 | - web_ssl 44 | include_role: 45 | name: baseconfig_app 46 | tasks_from: splunk_ssl_web_certs 47 | when: splunk_ssl.web.enable == true and splunk_ssl.web.own_certs == true 48 | 49 | - name: apply baseconfig app org_all_search_base 50 | tags: 51 | - splunk 52 | - splunk_baseconfig 53 | - monitoring_console 54 | - org_all_search_base 55 | include_role: 56 | name: baseconfig_app 57 | vars: 58 | app_name: 'org_all_search_base' 59 | app_path: '{{splunk_home}}/etc/apps' 60 | when: splunk_deployment_server|default()|length == 0 61 | 62 | - name: apply baseconfig app org_full_license_server 63 | tags: 64 | - splunk 65 | - splunk_baseconfig 66 | - monitoring_console 67 | - org_full_license_server 68 | include_role: 69 | name: baseconfig_app 70 | vars: 71 | app_name: 'org_full_license_server' 72 | app_path: '{{splunk_home}}/etc/apps' 73 | when: splunk_deployment_server|default()|length == 0 and splunk_license_manager|default()|length > 0 and inventory_hostname not in groups.role_license_manager|default([]) 74 | 75 | - name: apply baseconfig app org_cluster_search_base 76 | tags: 77 | - splunk 78 | - splunk_baseconfig 79 | - monitoring_console 80 | - org_cluster_search_base 81 | include_role: 82 | name: baseconfig_app 83 | vars: 84 | app_name: 'org_cluster_search_base' 85 | app_path: '{{splunk_home}}/etc/apps' 86 | when: 87 | - (splunk_deployment_server|default()|length == 0 or inventory_hostname in groups.role_deployment_server) 88 | - splunk_search_peer_idxc_list|length > 0 89 | - inventory_hostname not in groups.role_cluster_manager 90 | 91 | - include_tasks: dserver.yml 92 | -------------------------------------------------------------------------------- /ansible/roles/monitoring_console/tasks/update_dserver.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # update dservers if needed 3 | 4 | - name: check if monitoring_console is available 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - monitoring_console 9 | - dserver 10 | wait_for: 11 | host: '{{splunk_monitoring_console|first}}' 12 | port: 8089 13 | timeout: 1 14 | register: host_check 15 | check_mode: False 16 | failed_when: host_check.msg is defined and "error" in host_check.msg 17 | changed_when: host_check.state is defined and host_check.state == 'started' 18 | when: splunk_monitoring_console|default()|length > 0 and inventory_hostname not in groups.role_monitoring_console 19 | 20 | - name: call dserver from role monitoring_console 21 | tags: 22 | - splunk 23 | - splunk_baseconfig 24 | - monitoring_console 25 | - dserver 26 | import_role: 27 | name: monitoring_console 28 | tasks_from: dserver 29 | delegate_to: '{{splunk_monitoring_console|first}}' 30 | when: splunk_monitoring_console|default()|length > 0 and host_check.state is defined and host_check.state == 'started' 31 | -------------------------------------------------------------------------------- /ansible/roles/search_head/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variables for this role 3 | 4 | splunk_install_app: splunk -------------------------------------------------------------------------------- /ansible/roles/search_head/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: splunk_common 4 | -------------------------------------------------------------------------------- /ansible/roles/search_head/tasks/add_search_peers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook contains common tasks in this role 3 | 4 | - name: check if search_head {{search_head}} is available 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - search_head 9 | - search_peer 10 | wait_for: 11 | host: '{{search_head}}' 12 | port: 8089 13 | timeout: 1 14 | register: host_check 15 | check_mode: False 16 | failed_when: host_check.msg is defined and "error" in host_check.msg 17 | when: search_head|default()|length > 0 18 | 19 | - name: add search peers on search head 20 | tags: 21 | - splunk 22 | - splunk_baseconfig 23 | - search_head 24 | - search_peer 25 | import_role: 26 | name: search_head 27 | tasks_from: search_peers 28 | delegate_to: '{{search_head}}' 29 | vars: 30 | splunk_search_peer_idx_list: "{{ hostvars[search_head]['splunk_search_peer_list']['indexer'] }}" 31 | when: search_head|default()|length > 0 and host_check.state is defined and host_check.state == 'started' 32 | -------------------------------------------------------------------------------- /ansible/roles/search_head/tasks/comment_macro.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook contains common settings for search heads 3 | 4 | - name: check for apps/search/metadata/local.meta 5 | tags: 6 | - splunk 7 | - search_head 8 | - shsettings 9 | - comment_macro 10 | stat: path={{ splunk_home }}/etc/apps/search/metadata/local.meta 11 | register: localmeta_result 12 | 13 | - name: "check if comment macro exists in local.meta" 14 | tags: 15 | - splunk 16 | - search_head 17 | - shsettings 18 | - comment_macro 19 | shell: 'grep "\[macros\/comment(1)\]" {{ splunk_home }}/etc/apps/search/metadata/local.meta' 20 | become: yes 21 | become_user: "{{ splunk_user }}" 22 | register: grep_result 23 | check_mode: no 24 | failed_when: "grep_result.rc > 1" 25 | changed_when: "grep_result.rc == 1" 26 | when: localmeta_result.stat.exists == true 27 | 28 | - name: "allow the comment macro for all apps" 29 | tags: 30 | - splunk 31 | - search_head 32 | - shsettings 33 | - comment_macro 34 | ini_file: 35 | path: "{{ app_path }}/search/metadata/local.meta" 36 | section: "macros/comment(1)" 37 | option: "{{ item.var }}" 38 | value: "{{ item.value }}" 39 | owner: "{{splunk_user}}" 40 | group: "{{splunk_group}}" 41 | mode: 0644 42 | with_items: 43 | - { var: 'access', value: 'read : [ * ], write : [ admin, power ]' } 44 | - { var: 'export', value: 'system' } 45 | - { var: 'owner', value: 'nobody' } 46 | - { var: 'version', value: '{{ splunk_installed_version }}' } 47 | - { var: 'modtime', value: '{{ ansible_date_time.epoch + ".000000000"}}' } 48 | # don't restart because it dusturbes the SHC configuration 49 | # notify: restart splunk 50 | when: localmeta_result.stat.exists == false or grep_result.rc == 1 51 | -------------------------------------------------------------------------------- /ansible/roles/search_head/tasks/loop_search_heads.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook contains common tasks in this role 3 | 4 | - name: loop through all search heads and add single indexers as search peers 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - search_head 9 | - search_peer 10 | include_role: 11 | name: search_head 12 | tasks_from: add_search_peers 13 | with_items: 14 | - "{{ splunk_shc_all_host_list + splunk_search_head_list }}" 15 | loop_control: 16 | loop_var: search_head 17 | when: splunk_shc_all_host_list|default([])|length > 0 or splunk_search_head_list|default([])|length > 0 18 | -------------------------------------------------------------------------------- /ansible/roles/search_head/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook for this role 3 | 4 | - name: start role tasks 5 | tags: 6 | - splunk 7 | - search_head 8 | debug: 9 | msg: "role '{{ role_name }}' start" 10 | 11 | - name: install certs for web ssl 12 | tags: 13 | - splunk 14 | - splunk_baseconfig 15 | - search_head 16 | - org_all_search_base 17 | - web_ssl 18 | include_role: 19 | name: baseconfig_app 20 | tasks_from: splunk_ssl_web_certs 21 | when: splunk_ssl.web.enable == true and splunk_ssl.web.own_certs == true 22 | 23 | - include_tasks: shcluster.yml 24 | tags: 25 | - splunk 26 | - search_head 27 | - shcluster 28 | when: shc_name is defined 29 | 30 | - include_tasks: shsingle.yml 31 | tags: 32 | - splunk 33 | - search_head 34 | - shsingle 35 | when: shc_name is not defined 36 | -------------------------------------------------------------------------------- /ansible/roles/search_head/tasks/search_peers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook adds single indexers as search peers 3 | 4 | - name: get list of current distributedSearch peers (single indexers) 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - search_head 9 | - search_peer 10 | # Same command is in monitoring_console/tasks/dserver.yml 11 | include_role: 12 | name: splunk_software 13 | tasks_from: splunk_rest 14 | vars: 15 | splunk_rest_endpoint: /services/search/distributed/peers 16 | register: current_dservers 17 | 18 | - name: create current_dservers list 19 | tags: 20 | - splunk 21 | - splunk_baseconfig 22 | - monitoring_console 23 | - dserver 24 | - splunk_rest 25 | set_fact: 26 | current_dservers: "{{ splunk_rest_json_output | json_query(jmesquery) | map('regex_replace', ':\\d+$', '') }}" 27 | vars: 28 | jmesquery: "entry[*].name" 29 | 30 | - name: adding new distributedSearch peer (single indexers) 31 | tags: 32 | - splunk 33 | - splunk_baseconfig 34 | - search_head 35 | - search_peer 36 | command: "{{ splunk_home }}/bin/splunk add search-server {{ item }}:8089 -remoteUsername admin -remotePassword {{splunk_admin_password}} -auth admin:{{splunk_admin_password}}" 37 | with_items: 38 | - "{{ splunk_search_peer_idx_list | difference(current_dservers) }}" 39 | become: yes 40 | become_user: "{{ splunk_user }}" 41 | when: "splunk_search_peer_idx_list|difference(current_dservers)|length > 0" 42 | -------------------------------------------------------------------------------- /ansible/roles/splunk_common/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variables for this role 3 | 4 | # default, but will be overwritten, when found 5 | splunk_is_installed: false 6 | 7 | splunk_user: splunk 8 | splunk_group: splunk 9 | splunk_install_dir: /opt 10 | splunk_backup_dir: '{{ splunk_install_dir }}/{{splunk_install_app}}_backup' 11 | # This var is coming from the calling role, otherwise it will determined 12 | #splunk_install_app: splunk 13 | splunk_service_name: splunk 14 | splunk_home: '{{splunk_install_dir}}/{{splunk_install_app}}' 15 | app_path: '{{splunk_home}}/etc/apps' 16 | use_systemctl: false 17 | use_policykit: false 18 | splunk_architecture: amd64 19 | -------------------------------------------------------------------------------- /ansible/roles/splunk_common/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Handlers are run in the order they are listed, not in the order that they are notified 3 | # See: https://docs.ansible.com/ansible/latest/reference_appendices/glossary.html#Notify 4 | 5 | - name: wait for SHC service ready and call push bundle 6 | tags: 7 | - splunk 8 | - splunk_common 9 | - search_head 10 | - shcluster 11 | command: "{{ splunk_home }}/bin/splunk show shcluster-status -auth admin:{{ splunk_admin_password }}" 12 | become: yes 13 | become_user: "{{ splunk_user }}" 14 | register: shcluster_ready 15 | until: "shcluster_ready.stdout.find('service_ready_flag : 1') != -1 and shcluster_ready.stdout.find('status : Down') != 0" 16 | retries: 15 17 | delay: 10 18 | delegate_to: "{{splunk_shc_host_list|first}}" 19 | notify: push shcluster bundle 20 | 21 | - name: push shcluster bundle 22 | tags: 23 | - splunk 24 | - splunk_common 25 | - search_head 26 | - shcluster 27 | command: "{{ splunk_home }}/bin/splunk apply shcluster-bundle -target https://{{splunk_shc_host_list|first}}:8089 -auth admin:{{ splunk_admin_password }} --answer-yes" 28 | become: yes 29 | become_user: "{{ splunk_user }}" 30 | delegate_to: "{{ splunk_shc_deployer }}" 31 | 32 | - name: reload deploy-server 33 | tags: 34 | - splunk 35 | - splunk_common 36 | - deployment_server 37 | command: "{{ splunk_home }}/bin/splunk reload deploy-server -auth admin:{{splunk_admin_password}}" 38 | become: yes 39 | become_user: "{{ splunk_user }}" 40 | delegate_to: "{{splunk_deployment_server|first}}" 41 | 42 | - name: restart splunk 43 | tags: 44 | - splunk 45 | - splunk_common 46 | - splunk_software 47 | service: 48 | name: "{{splunk_service_name}}" 49 | state: restarted 50 | become: yes 51 | become_user: root 52 | delegate_to: "{{ inventory_hostname }}" 53 | when: app_path == splunk_home + '/etc/apps' 54 | -------------------------------------------------------------------------------- /ansible/roles/splunk_common/tasks/check_policykit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "check for policykit" 4 | tags: 5 | - splunk 6 | - splunk_common 7 | stat: 8 | path: /usr/bin/pkaction 9 | register: policykit 10 | 11 | - name: Fail if policykit is not installed 12 | tags: 13 | - splunk 14 | - splunk_common 15 | fail: 16 | msg: "Policykit (polkit) is not installed. Install the policykit package or set splunk_use_policykit to false." 17 | when: 18 | - splunk_use_policykit|default(true) == true 19 | - policykit.stat.exists == false 20 | 21 | - name: set policykit 22 | tags: 23 | - splunk 24 | - splunk_common 25 | set_fact: 26 | use_policykit: true 27 | when: 28 | - splunk_use_policykit|default(true) == true 29 | - policykit.stat.exists == true 30 | -------------------------------------------------------------------------------- /ansible/roles/splunk_common/tasks/check_splunk_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "check for existing {{splunk_install_dir}}/{{splunk_install_app_var}} dir" 4 | tags: 5 | - splunk 6 | - splunk_common 7 | stat: 8 | path: "{{splunk_install_dir}}/{{splunk_install_app_var}}" 9 | vars: 10 | splunk_install_app_var: splunk 11 | register: splunk_install_app_dir 12 | when: splunk_install_app is not defined 13 | 14 | - name: "check for existing {{splunk_install_dir}}/{{splunk_install_app_var}} dir" 15 | tags: 16 | - splunk 17 | - splunk_common 18 | stat: 19 | path: "{{splunk_install_dir}}/{{splunk_install_app_var}}" 20 | vars: 21 | splunk_install_app_var: splunkforwarder 22 | register: splunkforwarder_install_app_dir 23 | when: splunk_install_app is not defined 24 | 25 | - name: set var splunk_install_app=splunk 26 | tags: 27 | - splunk 28 | - splunk_common 29 | set_fact: 30 | splunk_install_app: splunk 31 | when: 32 | - splunk_install_app_dir.stat is defined 33 | - splunk_install_app_dir.stat.exists == true 34 | 35 | - name: set var splunk_install_app=splunkforwarder 36 | tags: 37 | - splunk 38 | - splunk_common 39 | set_fact: 40 | splunk_install_app: splunkforwarder 41 | when: 42 | - splunkforwarder_install_app_dir.stat is defined 43 | - splunkforwarder_install_app_dir.stat.exists == true 44 | 45 | - name: "check for existing splunk install" 46 | tags: 47 | - splunk 48 | - splunk_common 49 | stat: 50 | path: "{{splunk_install_dir}}/{{splunk_install_app}}/bin/splunk" 51 | register: splunk_bin_stat 52 | 53 | - name: set var splunk_is_installed=true 54 | tags: 55 | - splunk 56 | - splunk_common 57 | set_fact: 58 | splunk_is_installed: true 59 | when: splunk_bin_stat.stat.exists == true 60 | -------------------------------------------------------------------------------- /ansible/roles/splunk_common/tasks/check_systemctl.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "check for systemctl" 4 | tags: 5 | - splunk 6 | - splunk_common 7 | stat: 8 | path: /bin/systemctl 9 | register: systemctl 10 | 11 | - name: set systemctl 12 | tags: 13 | - splunk 14 | - splunk_common 15 | set_fact: 16 | use_systemctl: true 17 | when: systemctl.stat.exists == true 18 | -------------------------------------------------------------------------------- /ansible/roles/splunk_common/tasks/check_systemd_file.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "check for splunk systemd service file" 4 | tags: 5 | - splunk 6 | - splunk_common 7 | stat: 8 | path: "/etc/systemd/system/{{splunk_service_name}}.service" 9 | register: check_splunk_systemd 10 | 11 | - name: set use_splunk_systemd 12 | tags: 13 | - splunk 14 | - splunk_common 15 | set_fact: 16 | use_splunk_systemd: true 17 | when: check_splunk_systemd.stat.exists == true 18 | -------------------------------------------------------------------------------- /ansible/roles/splunk_common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook for this role 3 | 4 | - name: start role tasks 5 | tags: 6 | - splunk 7 | - splunk_common 8 | debug: 9 | msg: "role '{{ role_name }}' start" 10 | 11 | - include_tasks: check_systemctl.yml 12 | 13 | - include_tasks: check_policykit.yml 14 | 15 | - include_tasks: set_splunk_installed_version.yml 16 | 17 | - include_tasks: check_systemd_file.yml 18 | -------------------------------------------------------------------------------- /ansible/roles/splunk_common/tasks/set_splunk_installed_version.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook for this role 3 | 4 | - name: call check_splunk_install 5 | tags: 6 | - splunk 7 | - splunk_common 8 | include_tasks: "check_splunk_install.yml" 9 | 10 | - name: find installed splunk version 11 | tags: 12 | - splunk 13 | - splunk_common 14 | shell: 'grep -w VERSION {{ splunk_home }}/etc/splunk.version | cut -d= -f 2' 15 | become: yes 16 | become_user: "{{ splunk_user }}" 17 | check_mode: no 18 | changed_when: false 19 | register: version_output 20 | when: splunk_is_installed|default(false) == true 21 | 22 | - name: set splunk_installed_version variable 23 | tags: 24 | - splunk 25 | - splunk_common 26 | set_fact: 27 | splunk_installed_version: '{{ version_output.stdout }}' 28 | splunk_exists: true 29 | when: version_output.stdout is defined 30 | 31 | - name: splunk version found 32 | tags: 33 | - splunk 34 | - splunk_common 35 | debug: 36 | msg: 'found {{ splunk_install_app }} version {{ splunk_installed_version }}' 37 | when: version_output.stdout is defined 38 | 39 | - name: set splunkforwarder systemd service name 40 | tags: 41 | - splunk 42 | - splunk_software 43 | set_fact: 44 | splunk_service_name: "splunkforwarder" 45 | when: use_systemctl == true 46 | and version_output.stdout is defined 47 | and splunk_installed_version is version_compare('7.2.2', '>=') 48 | and splunk_install_app == "splunkforwarder" 49 | -------------------------------------------------------------------------------- /ansible/roles/splunk_common/tasks/wait_for_splunkd_full.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: wait for splunkd to be fully started 4 | tags: 5 | - splunk 6 | - splunk_common 7 | shell: '{{ splunk_home }}/bin/splunk status | grep "splunk helpers" | sed -e "s/.*PIDs: \([0-9 ]*\).*/\1/" | wc -w' 8 | become: yes 9 | become_user: "{{ splunk_user }}" 10 | check_mode: no 11 | register: splunk_helpers_pid_count 12 | until: "splunk_helpers_pid_count.stdout|int > 2" 13 | retries: 60 14 | delay: 10 15 | -------------------------------------------------------------------------------- /ansible/roles/splunk_common/tasks/wait_for_splunkd_port.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: wait for splunkd port to be online 4 | tags: 5 | - splunk 6 | - splunk_common 7 | wait_for: 8 | timeout: 500 9 | port: 8089 10 | delay: 10 11 | state: started 12 | -------------------------------------------------------------------------------- /ansible/roles/splunk_conf/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: splunk_common 4 | -------------------------------------------------------------------------------- /ansible/roles/splunk_conf/tasks/add_splunk_conf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Sets configs for splunk in custom files 3 | 4 | - name: "setting configs in file {{ splunk_home }}/etc/{{ splunk_conf_list_items.key }}" 5 | tags: 6 | - splunk 7 | - splunk_conf 8 | ini_file: 9 | path: "{{ splunk_home }}/etc/{{ splunk_conf_list_items.key }}" 10 | section: "{{ item.section }}" 11 | option: "{{ item.key }}" 12 | value: "{{ item.value }}" 13 | mode: 0600 14 | become: yes 15 | become_user: "{{ splunk_user }}" 16 | notify: restart splunk 17 | with_items: "{{ splunk_conf_settings_list }}" 18 | when: splunk_conf_settings_list|length > 0 19 | -------------------------------------------------------------------------------- /ansible/roles/splunk_conf/tasks/loop_conf_files.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook installs splunk apps 3 | 4 | - name: loop through the config files 5 | tags: 6 | - splunk 7 | - splunk_conf 8 | include_tasks: 9 | file: add_splunk_conf.yml 10 | with_dict: "{{ splunk_conf }}" 11 | loop_control: 12 | loop_var: splunk_conf_list_items 13 | when: splunk_conf is defined 14 | -------------------------------------------------------------------------------- /ansible/roles/splunk_conf/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook for this role 3 | 4 | - import_tasks: "loop_conf_files.yml" 5 | -------------------------------------------------------------------------------- /ansible/roles/splunk_control/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook for this role 3 | 4 | - name: start role tasks 5 | tags: 6 | - splunk 7 | - splunk_software 8 | debug: 9 | msg: "role '{{ role_name }}' start" 10 | 11 | - name: Create Splunk Hosts index.html 12 | tags: 13 | - splunk 14 | - splunk_control 15 | template: 16 | src: "config/index.html.j2" 17 | dest: "../config/index.html" -------------------------------------------------------------------------------- /ansible/roles/splunk_software/files/etc/systemd/system/disable-thp.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description = Disable Transparent Huge Pages SYSTEMD Service 3 | 4 | [Service] 5 | Type = oneshot 6 | RemainAfterExit = True 7 | ExecStart = /bin/sh -c "echo never >/sys/kernel/mm/transparent_hugepage/enabled" 8 | ExecStart = /bin/sh -c "echo never >/sys/kernel/mm/transparent_hugepage/defrag" 9 | 10 | [Install] 11 | WantedBy = multi-user.target 12 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: splunk_common 4 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/add_custom_policykit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: find systemd version 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_polkit 8 | shell: "systemctl --version | grep -w systemd | cut -d' ' -f 2" 9 | check_mode: no 10 | changed_when: false 11 | register: systemd_version_output 12 | 13 | - name: find polkit version 14 | tags: 15 | - splunk 16 | - splunk_software 17 | - splunk_polkit 18 | shell: "pkaction --version | grep -w version | cut -d' ' -f 3" 19 | check_mode: no 20 | changed_when: false 21 | register: polkit_version_output 22 | 23 | - name: add splunk polkit rules file 24 | tags: 25 | - splunk 26 | - splunk_software 27 | - splunk_polkit 28 | template: 29 | src: etc/polkit-1/rules.d/10-splunk.rules.j2 30 | dest: /etc/polkit-1/rules.d/10-{{ splunk_service_name }}.rules 31 | owner: "root" 32 | group: "root" 33 | mode: 0644 34 | when: 35 | - systemd_version_output.stdout|int >= 226 36 | - polkit_version_output.stdout is version_compare('0.105', '>') 37 | 38 | - name: add splunk polkit pkla file 39 | tags: 40 | - splunk 41 | - splunk_software 42 | - splunk_polkit 43 | template: 44 | src: etc/polkit-1/localauthority/50-local.d/splunk.pkla.j2 45 | dest: /etc/polkit-1/localauthority/50-local.d/{{ splunk_service_name }}.pkla 46 | owner: "root" 47 | group: "root" 48 | mode: 0644 49 | when: 50 | - systemd_version_output.stdout|int >= 226 51 | - polkit_version_output.stdout is version_compare('0.105', '<=') 52 | 53 | - name: call remove_splunk_sudoers 54 | tags: 55 | - splunk 56 | - splunk_software 57 | - splunk_upgrade 58 | include_tasks: remove_splunk_sudoers.yml 59 | when: systemd_version_output.stdout|int >= 226 60 | 61 | - name: call add_splunk_sudoers 62 | tags: 63 | - splunk 64 | - splunk_software 65 | - splunk_install 66 | - splunk_sudoers 67 | include_tasks: add_splunk_sudoers.yml 68 | when: systemd_version_output.stdout|int < 226 69 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/add_disable_thp_service.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "install disable-thp systemd service" 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_disable_thp 8 | copy: 9 | src: "etc/systemd/system/disable-thp.service" 10 | dest: "/etc/systemd/system/disable-thp.service" 11 | owner: root 12 | group: root 13 | mode: 0644 14 | when: use_systemctl == true 15 | 16 | - name: commit changes to systemctl 17 | tags: 18 | - splunk 19 | - splunk_software 20 | - splunk_install 21 | command: systemctl daemon-reload 22 | when: use_systemctl == true 23 | 24 | - name: enable and start disable-thp service 25 | tags: 26 | - splunk 27 | - splunk_software 28 | - splunk_disable_thp 29 | service: 30 | name: disable-thp 31 | state: started 32 | enabled: yes 33 | when: use_systemctl == true 34 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/add_splunk_sudoers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: add splunk sudoers file 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_sudoers 8 | template: 9 | src: etc/sudoers.d/splunk.j2 10 | dest: /etc/sudoers.d/splunk 11 | owner: "root" 12 | group: "root" 13 | mode: 0440 14 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/backup_splunk_etc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: create splunk backup dir {{ splunk_backup_dir }} 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_backup 8 | file: 9 | path: "{{ splunk_backup_dir }}" 10 | state: directory 11 | owner: "{{splunk_user}}" 12 | group: "{{splunk_group}}" 13 | mode: 0755 14 | become: yes 15 | become_user: root 16 | 17 | - name: backup splunk etc directory {{ splunk_home }}/etc 18 | tags: 19 | - splunk 20 | - splunk_software 21 | - splunk_backup 22 | archive: 23 | path: "{{ splunk_home }}/etc" 24 | dest: "{{ splunk_backup_dir }}/{{ splunk_install_app }}_etc_v{{ splunk_installed_version }}_{{ansible_date_time.date|replace('-','')}}_{{ansible_date_time.time|replace(':','')}}.tgz" 25 | format: gz 26 | become: yes 27 | become_user: "{{ splunk_user }}" 28 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/check_splunk_version.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Different checks for installed or target version 3 | 4 | - name: checking if splunk is installed 5 | tags: 6 | - splunk 7 | - splunk_software 8 | - splunk_upgrade 9 | stat: 10 | path: "{{ splunk_home }}/bin/splunk" 11 | register: splunk_path 12 | 13 | - name: splunk is installed here 14 | tags: 15 | - splunk 16 | - splunk_software 17 | - splunk_upgrade 18 | debug: 19 | msg: 'splunk found as {{ splunk_home }}/bin/splunk' 20 | when: splunk_path.stat.exists 21 | 22 | - name: no Splunk installation found 23 | tags: 24 | - splunk 25 | - splunk_software 26 | - splunk_upgrade 27 | fail: 28 | msg: "No Splunk installation found, ending" 29 | when: splunk_path.stat.exists == false 30 | 31 | - name: find target version 32 | tags: 33 | - splunk 34 | - splunk_software 35 | - splunk_upgrade 36 | include_tasks: find_target_version.yml 37 | when: find_target_version|default(true) == true 38 | 39 | - name: fail on installed version 40 | tags: 41 | - splunk 42 | - splunk_software 43 | - splunk_upgrade 44 | fail: 45 | msg: "{{inventory_hostname}} must be upgraded!" 46 | when: 47 | - fail_on_missing_upgrade|default(false) == true 48 | - splunk_installed_version != splunk_target_version 49 | 50 | - name: inform about not upgrading 51 | tags: 52 | - splunk 53 | - splunk_software 54 | - splunk_upgrade 55 | debug: 56 | msg: "Installed version '{{ splunk_installed_version }}' is equal to upgrade version '{{ splunk_target_version }}' -> nothing to upgrade" 57 | when: 58 | - inform_on_already_upgraded|default(false) == true 59 | - splunk_installed_version == splunk_target_version 60 | 61 | - name: set splunk_current_version 62 | tags: 63 | - splunk 64 | - splunk_software 65 | - splunk_upgrade 66 | set_fact: 67 | splunk_current_version: "{{ splunk_installed_version }}" -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/cleanup_backup_dir.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook removes backup archives 3 | 4 | - name: find files to remove under {{splunk_backup_dir}}/ 5 | tags: 6 | - splunk 7 | - splunk_software 8 | - splunk_backup 9 | find: 10 | paths: "{{splunk_backup_dir}}/" 11 | file_type: file 12 | recurse: no 13 | patterns: '{{ splunk_install_app }}_etc_v*.tgz' 14 | use_regex: no 15 | register: backup_files_to_delete 16 | become: yes 17 | become_user: "{{ splunk_user }}" 18 | 19 | - name: backup files to remove 20 | tags: 21 | - splunk 22 | - splunk_software 23 | - splunk_backup 24 | debug: 25 | msg: "{{ item }}" 26 | vars: 27 | archive_list: "{{ backup_files_to_delete | json_query(query) | list }}" 28 | query: "files[*].path" 29 | with_items: 30 | - "{{ backup_files_to_delete | json_query(query) | list }}" 31 | 32 | - name: remove backup archives under {{splunk_backup_dir}}/ 33 | tags: 34 | - splunk 35 | - splunk_software 36 | - splunk_backup 37 | tags: 38 | - splunk 39 | - splunk_software 40 | file: 41 | path: "{{item.path}}" 42 | state: absent 43 | with_items: "{{ backup_files_to_delete.files }}" 44 | become: yes 45 | become_user: "{{ splunk_user }}" 46 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/disable_boot-start.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: disable boot-start 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_uninstall 8 | command: "{{ splunk_home }}/bin/splunk disable boot-start" 9 | when: 10 | - use_systemctl == true 11 | - use_splunk_systemd|default(false) == true 12 | 13 | - name: remove {{splunk_service_name}}.service file 14 | tags: 15 | - splunk 16 | - splunk_software 17 | - splunk_uninstall 18 | file: 19 | path: "/etc/systemd/system/{{splunk_service_name}}.service" 20 | state: absent 21 | when: use_systemctl == true 22 | 23 | - name: commit changes to systemctl 24 | tags: 25 | - splunk 26 | - splunk_software 27 | - splunk_uninstall 28 | command: systemctl daemon-reload 29 | when: use_systemctl == true -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/disable_splunkweb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "({{ app_name }}) disable startwebserver in web.conf" 4 | tags: 5 | - splunk 6 | - splunk_webserver 7 | ini_file: 8 | path: "{{ splunk_home }}/etc/system/local/web.conf" 9 | section: settings 10 | option: "startwebserver" 11 | value: 0 12 | owner: "{{splunk_user}}" 13 | group: "{{splunk_group}}" 14 | mode: 0600 15 | register: startwebserver 16 | 17 | - name: restart splunkweb 18 | tags: 19 | - splunk 20 | - splunk_webserver 21 | command: "{{ splunk_home }}/bin/splunk restart splunkweb -auth admin:{{splunk_admin_password}}" 22 | when: startwebserver.changed 23 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/enable_boot-start.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: enable boot-start 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_install 8 | command: "{{ splunk_home }}/bin/splunk enable boot-start {{splunk_systemd_managed|default()}} {{splunk_create_polkit_rules|default()}} -user {{ splunk_user }} {{splunk_unit_file_name|default()}} --answer-yes --no-prompt {% if splunk_installed_version is version_compare('7.2.2', '>=') %}--accept-license{% endif %}" 9 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/enable_splunkweb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "({{ app_name }}) remove startwebserver in web.conf" 4 | tags: 5 | - splunk 6 | - splunk_webserver 7 | ini_file: 8 | path: "{{ splunk_home }}/etc/system/local/web.conf" 9 | section: settings 10 | option: "startwebserver" 11 | state: absent 12 | owner: "{{splunk_user}}" 13 | group: "{{splunk_group}}" 14 | mode: 0644 15 | register: startwebserver 16 | 17 | - name: start splunkweb 18 | tags: 19 | - splunk 20 | - splunk_webserver 21 | debug: 22 | msg: "You have to restart splunk to start splunkweb." 23 | when: startwebserver.changed -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/find_target_version.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: find splunk archive files 4 | tags: 5 | - splunk 6 | - splunk_software 7 | find: 8 | path: "{{splunk_software}}/" 9 | pattern: "{{splunk_install_app}}-*-?inux-{{splunk_architecture|default('amd64')}}.tgz" 10 | file_type: file 11 | recurse: no 12 | register: splunk_archive_files 13 | delegate_to: localhost 14 | become: no 15 | 16 | - name: find latest splunk version 17 | tags: 18 | - splunk 19 | - splunk_software 20 | set_fact: 21 | splunk_target_version: "{{splunk_archive_files.files|sort(attribute='path')|map(attribute='path')|list|last|basename|regex_replace('.*-([0-9]+\\.[0-9]+[\\.]*[0-9]*[\\.]*[0-9]*)-.*', '\\1')}}" 22 | when: splunk_version == 'latest' and splunk_archive_files.files|length > 0 23 | 24 | - name: fail if no splunk binaries are found for latest version 25 | tags: 26 | - splunk 27 | - splunk_software 28 | fail: 29 | msg: "Cannot find latest splunk binaries in directory {{splunk_software}}, check variables 'splunk_version' and 'splunk_architecture'" 30 | when: splunk_version == 'latest' and splunk_target_version is not defined 31 | 32 | - name: set splunk_target_version 33 | tags: 34 | - splunk 35 | - splunk_software 36 | set_fact: 37 | splunk_target_version: "{{ splunk_version }}" 38 | when: splunk_version != 'latest' 39 | 40 | - name: get splunk archive for given version 41 | tags: 42 | - splunk 43 | - splunk_software 44 | set_fact: 45 | splunk_archive: '{{splunk_archive_files.files|map(attribute="path")|list|select("match",".*-"+splunk_target_version+"-.*")|list}}' 46 | when: splunk_archive_files.files is defined 47 | 48 | - name: fail if no splunk binaries are found for given version 49 | tags: 50 | - splunk 51 | - splunk_software 52 | fail: 53 | msg: "Cannot find splunk binary for version '{{ splunk_target_version }}' in directory {{splunk_software}}" 54 | when: splunk_archive is not defined or splunk_archive|length == 0 55 | 56 | - name: list found splunk archive 57 | tags: 58 | - splunk 59 | - splunk_software 60 | debug: 61 | msg: "Using Splunk archive: {{splunk_archive.0}}" 62 | when: splunk_archive is defined 63 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/get_idxc_peer_status.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Get peerlist for indexer cluster 3 | 4 | - name: get cluster peer ids 5 | tags: 6 | - splunk 7 | - splunk_software 8 | - splunk_rest 9 | import_tasks: splunk_rest.yml 10 | vars: 11 | splunk_rest_endpoint: "/services/cluster/master/peers/{{ idxc_peerid|first }}" 12 | delegate_to: "{{ splunk_idxc_cm }}" 13 | 14 | - name: set peer status 15 | tags: 16 | - splunk 17 | - splunk_software 18 | - splunk_rest 19 | set_fact: 20 | idxc_peer_status: "{{ splunk_rest_json_output.entry[0].content.status }}" 21 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/get_idxc_peerids.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Get peerlist for indexer cluster 3 | 4 | - name: get cluster peer ids 5 | tags: 6 | - splunk 7 | - splunk_software 8 | - splunk_rest 9 | import_tasks: splunk_rest.yml 10 | vars: 11 | splunk_rest_endpoint: /services/cluster/master/peers 12 | delegate_to: "{{ splunk_idxc_cm }}" 13 | 14 | - name: create peerid list 15 | tags: 16 | - splunk 17 | - splunk_software 18 | - splunk_rest 19 | set_fact: 20 | idxc_name_peerids: "{{ splunk_rest_json_output | json_query(jmesquery) }}" 21 | vars: 22 | jmesquery: "entry[*].{name: content.label, peerid: name}" 23 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/host_servername_config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook configures host and servername settings 3 | 4 | - name: set serverName to {{inventory_hostname}} 5 | tags: 6 | - splunk 7 | - splunk_software 8 | - splunk_set_servername 9 | ini_file: 10 | path: "{{ splunk_home }}/etc/system/local/server.conf" 11 | section: general 12 | option: "serverName" 13 | value: "{{inventory_hostname}}" 14 | owner: "{{splunk_user}}" 15 | group: "{{splunk_group}}" 16 | mode: 0600 17 | notify: restart splunk 18 | when: splunk_set_servername|default(false) == true 19 | 20 | - name: set default-hostname to {{inventory_hostname}} 21 | tags: 22 | - splunk 23 | - splunk_software 24 | - splunk_set_default_hostname 25 | ini_file: 26 | path: "{{ splunk_home }}/etc/system/local/inputs.conf" 27 | section: default 28 | option: "host" 29 | value: "{{inventory_hostname}}" 30 | owner: "{{splunk_user}}" 31 | group: "{{splunk_group}}" 32 | mode: 0600 33 | notify: restart splunk 34 | when: splunk_set_default_hostname|default(false) == true 35 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/remove_custom_policykit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook removes policy kit config or suoders file 3 | 4 | - name: "remove /etc/polkit-1/rules.d/10-{{splunk_service_name}}.rules" 5 | tags: 6 | - splunk 7 | - splunk_software 8 | - splunk_uninstall 9 | file: 10 | path: "/etc/polkit-1/rules.d/10-{{splunk_service_name}}.rules" 11 | state: absent 12 | 13 | - name: "remove /etc/polkit-1/rules.d/10-Splunkd.rules" 14 | tags: 15 | - splunk 16 | - splunk_software 17 | - splunk_uninstall 18 | file: 19 | path: "/etc/polkit-1/rules.d/10-Splunkd.rules" 20 | state: absent 21 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/remove_disable_thp_service.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: stop and disable disable-thp service 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_disable_thp 8 | service: 9 | name: disable-thp 10 | state: stopped 11 | enabled: no 12 | when: use_systemctl == true 13 | 14 | - name: remove disable-thp.service systemd file 15 | tags: 16 | - splunk 17 | - splunk_software 18 | - splunk_uninstall 19 | file: 20 | path: /etc/systemd/system/disable-thp.service 21 | state: absent 22 | when: use_systemctl == true 23 | 24 | - name: commit changes to systemctl 25 | tags: 26 | - splunk 27 | - splunk_software 28 | - splunk_install 29 | command: systemctl daemon-reload 30 | when: use_systemctl == true -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/remove_init_and_ulimit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: check /etc/init.d/splunk 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_remove_init 8 | stat: 9 | path: "/etc/init.d/splunk" 10 | register: check_splunk_init 11 | 12 | - name: disable boot-start 13 | tags: 14 | - splunk 15 | - splunk_software 16 | - splunk_remove_init 17 | command: "{{ splunk_home }}/bin/splunk disable boot-start" 18 | when: check_splunk_init.stat.exists == true 19 | 20 | - name: find rc.d file to remove 21 | tags: 22 | - splunk 23 | - splunk_software 24 | - splunk_remove_init 25 | find: 26 | paths: "/etc" 27 | file_type: any 28 | recurse: yes 29 | follow: yes 30 | patterns: '[KS][0-9]+splunk$' 31 | use_regex: yes 32 | register: init_files_to_delete 33 | 34 | - name: remove all rc.d files 35 | tags: 36 | - splunk 37 | - splunk_software 38 | - splunk_remove_init 39 | file: 40 | path: "{{item.path}}" 41 | state: absent 42 | with_items: "{{ init_files_to_delete.files }}" 43 | 44 | - name: remove /etc/init.d/splunk 45 | tags: 46 | - splunk 47 | - splunk_software 48 | - splunk_remove_init 49 | file: 50 | path: /etc/init.d/splunk 51 | state: absent 52 | 53 | - name: commit changes to systemctl 54 | tags: 55 | - splunk 56 | - splunk_software 57 | - splunk_remove_init 58 | command: systemctl daemon-reload 59 | when: use_systemctl == true 60 | 61 | - name: check /etc/rc.local 62 | tags: 63 | - splunk 64 | - splunk_software 65 | - splunk_remove_init 66 | stat: 67 | path: "/etc/rc.local" 68 | register: check_rc_local 69 | 70 | - name: remove disable THP in /etc/rc.local 71 | tags: 72 | - splunk 73 | - splunk_software 74 | - splunk_remove_init 75 | blockinfile: 76 | path: /etc/rc.local 77 | state: absent 78 | marker: "# {mark} ANSIBLE MANAGED BLOCK (THP)" 79 | when: check_rc_local.stat.exists == true 80 | 81 | - name: "remove /etc/security/limits.d/splunk.conf" 82 | tags: 83 | - splunk 84 | - splunk_software 85 | - splunk_remove_init 86 | file: 87 | path: "/etc/security/limits.d/splunk.conf" 88 | state: absent 89 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/remove_splunk_sudoers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: remove splunk sudoers file 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_sudoers 8 | file: 9 | path: /etc/sudoers.d/splunk 10 | state: absent 11 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/restart_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: restart splunk 4 | tags: 5 | - splunk 6 | - splunk_common 7 | - splunk_restart 8 | service: 9 | name: "{{splunk_service_name}}" 10 | state: restarted 11 | become: yes 12 | become_user: root 13 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/set_enable_boot_start_args.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: call set_splunk_installed_version from splunk_common 4 | tags: 5 | - splunk 6 | - splunk_software 7 | include_role: 8 | name: splunk_common 9 | tasks_from: set_splunk_installed_version 10 | 11 | - name: set splunk systemd-managed to 1 12 | tags: 13 | - splunk 14 | - splunk_software 15 | set_fact: 16 | splunk_systemd_managed: "-systemd-managed 1" 17 | when: 18 | - use_systemctl == true 19 | - version_output.stdout is defined 20 | - splunk_installed_version is version_compare('7.2.2', '>=') 21 | 22 | - name: set splunk systemd service file name 23 | tags: 24 | - splunk 25 | - splunk_software 26 | set_fact: 27 | splunk_unit_file_name: "-systemd-unit-file-name {{splunk_service_name}}" 28 | when: 29 | - use_systemctl == true 30 | - version_output.stdout is defined 31 | - splunk_installed_version is version_compare('7.2.2', '>=') 32 | 33 | - name: set splunk create-polkit-rules to 1 34 | tags: 35 | - splunk 36 | - splunk_software 37 | set_fact: 38 | splunk_create_polkit_rules: "-create-polkit-rules 1" 39 | when: 40 | - use_policykit == true 41 | - use_systemctl == true 42 | - version_output.stdout is defined 43 | - splunk_installed_version is version_compare('8.1.1', '>=') 44 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/splunk_command.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "run Splunk command: 'splunk {{ splunk_command }}'" 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_command 8 | command: '{{ splunk_home }}/bin/splunk {{ splunk_command|default("help") }} --answer-yes --no-prompt -auth {{splunk_admin_user|default("admin")}}:{{splunk_admin_password}}' 9 | become: yes 10 | become_user: "{{ splunk_user }}" 11 | register: splunk_command_output 12 | 13 | - name: output from command 14 | tags: 15 | - splunk 16 | - splunk_software 17 | - splunk_command 18 | debug: 19 | var: splunk_command_output.stdout_lines 20 | when: splunk_command_output_show|default(true)|bool == true 21 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/splunk_rest.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: 'call Splunk rest (noauth): {{ http_method|default("GET") }} {{ splunk_rest_endpoint|default("/") }}' 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_rest 8 | shell: '/opt/splunk/bin/splunk cmd splunkd rest --noauth {{ http_method|default("GET") }} {{ splunk_rest_endpoint|default("/") }} output_mode={{ splunk_rest_output_mode|default("json") }} {%- if splunk_rest_output_mode|default("json") == "json" -%}| tail -1{%- endif -%}' 9 | register: splunk_rest_output 10 | when: splunk_rest_noauth|default(false) == true 11 | 12 | - name: get rest output 13 | tags: 14 | - splunk 15 | - splunk_software 16 | - splunk_rest 17 | set_fact: 18 | splunk_rest_json_output: "{{ splunk_rest_output.stdout|to_json|from_json }}" 19 | when: 20 | - splunk_rest_noauth|default(false)|bool == true 21 | - splunk_rest_output_mode|default("json") == "json" 22 | 23 | - name: 'call Splunk rest (auth): {{ http_method|default("GET") }} {{ splunk_rest_endpoint|default("/") }}' 24 | tags: 25 | - splunk 26 | - splunk_software 27 | - splunk_rest 28 | uri: 29 | url: "https://localhost:8089/{{ splunk_rest_endpoint|default('/') }}" 30 | user: admin 31 | password: "{{ splunk_admin_password }}" 32 | method: "{{ http_method|default('GET') }}" 33 | body_format: form-urlencoded 34 | body: 35 | output_mode: "{{ splunk_rest_output_mode|default('json') }}" 36 | return_content: yes 37 | force_basic_auth: yes 38 | validate_certs: no 39 | register: splunk_rest_output 40 | when: splunk_rest_noauth|default(true)|bool == true 41 | changed_when: http_method|default('GET') == 'POST' 42 | 43 | - name: get rest output 44 | tags: 45 | - splunk 46 | - splunk_software 47 | - splunk_rest 48 | set_fact: 49 | splunk_rest_json_output: "{{ splunk_rest_output.content|to_json|from_json }}" 50 | when: 51 | - splunk_rest_noauth|default(false)|bool == false 52 | - splunk_rest_output_mode|default("json") == "json" 53 | 54 | - name: output json 55 | tags: 56 | - splunk 57 | - splunk_software 58 | - splunk_rest 59 | debug: 60 | var: splunk_rest_output 61 | when: 62 | - splunk_rest_output_show|default(false)|bool == true 63 | - splunk_rest_output_mode|default("json") == "xml" 64 | 65 | - name: output json 66 | tags: 67 | - splunk 68 | - splunk_software 69 | - splunk_rest 70 | debug: 71 | var: splunk_rest_json_output 72 | when: 73 | - splunk_rest_output_show|default(false)|bool == true 74 | - splunk_rest_output_mode|default("json") == "json" -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/start_accept_license_and_stop.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: accept license and start splunk 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_install 8 | command: "{{ splunk_home }}/bin/splunk start --accept-license --answer-yes --no-prompt" 9 | become: yes 10 | become_user: "{{ splunk_user }}" 11 | 12 | - name: stop splunk 13 | tags: 14 | - splunk 15 | - splunk_software 16 | - splunk_install 17 | command: "{{ splunk_home }}/bin/splunk stop --answer-yes --no-prompt" 18 | become: yes 19 | become_user: "{{ splunk_user }}" -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/start_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: start splunk 4 | tags: 5 | - splunk 6 | - splunk_common 7 | - splunk_start 8 | service: 9 | name: "{{splunk_service_name}}" 10 | state: started 11 | become: yes 12 | become_user: root 13 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/stop_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: stop splunk 4 | tags: 5 | - splunk 6 | - splunk_common 7 | - splunk_stop 8 | service: 9 | name: "{{splunk_service_name}}" 10 | state: stopped 11 | become: yes 12 | become_user: root 13 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/ui_config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook configures splunk user interface 3 | 4 | - name: check if splunk first login is turned off 5 | tags: 6 | - splunk 7 | - splunk_software 8 | - ui_config 9 | - first_login_off 10 | stat: 11 | path: "{{ splunk_home }}/etc/.ui_login" 12 | register: splunk_first_login 13 | when: splunk_install_app == "splunk" 14 | 15 | - name: disable first login page 16 | tags: 17 | - splunk 18 | - splunk_software 19 | - ui_config 20 | - first_login_off 21 | file: 22 | path: "{{ splunk_home }}/etc/.ui_login" 23 | state: touch 24 | owner: "{{ splunk_user }}" 25 | group: "{{ splunk_group }}" 26 | mode: 0600 27 | when: splunk_install_app == "splunk" and not splunk_first_login.stat.exists 28 | 29 | - name: set user/passwd info to login page 30 | tags: 31 | - splunk 32 | - splunk_software 33 | - ui_config 34 | - splunk_user_password 35 | set_fact: 36 | splunk_loginpage_user_info: "

User: admin
Password: {{splunk_admin_password}}" 37 | when: splunk_loginpage_print_userpw|default(true) == true 38 | 39 | - name: set splunk roles info to login page 40 | tags: 41 | - splunk 42 | - splunk_software 43 | - ui_config 44 | - splunk_roles_info 45 | set_fact: 46 | splunk_loginpage_role_info: "
Splunk Roles: {{splunk_roles}}" 47 | when: splunk_loginpage_print_roles|default(true) == true 48 | 49 | - name: set hostname info to login page 50 | tags: 51 | - splunk 52 | - splunk_software 53 | - ui_config 54 | - splunk_roles_info 55 | set_fact: 56 | splunk_loginpage_hostname_info: "Hostname: {{inventory_hostname}}" 57 | when: splunk_loginpage_print_hostname|default(true) == true 58 | 59 | - name: add user and roles info to login page 60 | tags: 61 | - splunk 62 | - splunk_software 63 | - ui_config 64 | - login_page_info 65 | ini_file: 66 | path: "{{ splunk_home }}/etc/system/local/web.conf" 67 | section: settings 68 | option: "login_content" 69 | value: "{{splunk_loginpage_hostname_info|default()}}{{splunk_loginpage_role_info|default()}}{{splunk_loginpage_user_info|default()}}" 70 | owner: "{{splunk_user}}" 71 | group: "{{splunk_group}}" 72 | mode: 0644 73 | notify: restart splunk 74 | when: 75 | - splunk_install_app == "splunk" 76 | - splunk_loginpage_print_userpw|default(true) == true or splunk_loginpage_print_roles|default(true) == true or splunk_loginpage_print_hostname|default(true) == true 77 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/ulimit_thp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the apps required in a server 3 | 4 | - name: checking if splunk init.d file is installed 5 | tags: 6 | - splunk 7 | - splunk_software 8 | stat: 9 | path: "/etc/init.d/splunk" 10 | register: splunk_initd 11 | 12 | - name: splunk is installed here 13 | tags: 14 | - splunk 15 | - splunk_software 16 | set_fact: 17 | when: splunk_path.stat.exists 18 | 19 | - name: add disable THP in /etc/rc.local 20 | tags: 21 | - splunk 22 | - splunk_software 23 | - splunk_disable_thp 24 | blockinfile: 25 | path: /etc/rc.local 26 | insertbefore: "^exit 0" 27 | create: yes 28 | marker: "# {mark} ANSIBLE MANAGED BLOCK (THP)" 29 | content: | 30 | #SPLUNK: disable THP at boot time 31 | THP=`find /sys/kernel/mm/ -name transparent_hugepage -type d | tail -n 1` 32 | for SETTING in "enabled" "defrag";do 33 | if test -f ${THP}/${SETTING}; then 34 | echo never > ${THP}/${SETTING} 35 | fi 36 | done 37 | when: splunk_initd.stat.exists == true 38 | 39 | - name: "install /etc/security/limits.d/splunk.conf" 40 | tags: 41 | - splunk 42 | - splunk_software 43 | - splunk_ulimits 44 | template: 45 | src: "etc/security/limits.d/splunk.conf.j2" 46 | dest: "/etc/security/limits.d/splunk.conf" 47 | owner: root 48 | group: root 49 | mode: 0644 50 | when: splunk_initd.stat.exists == true 51 | 52 | - name: add disable_huge and change_ulimits functions to /etc/init.d/splunk 53 | tags: 54 | - splunk 55 | - splunk_software 56 | - splunk_ulimits 57 | - splunk_disable_thp 58 | blockinfile: 59 | path: /etc/init.d/splunk 60 | marker: "# {mark} ANSIBLE MANAGED BLOCK (functions)" 61 | insertbefore: "^case" 62 | content: | 63 | # disable hugepages 64 | disable_huge() { 65 | echo "disabling huge page support" 66 | THP=`find /sys/kernel/mm/ -name transparent_hugepage -type d | tail -n 1` 67 | for SETTING in "enabled" "defrag";do 68 | if test -f ${THP}/${SETTING}; then 69 | echo never > ${THP}/${SETTING} 70 | fi 71 | done 72 | } 73 | 74 | # change ulimits 75 | change_ulimit() { 76 | ulimit -Hn 65535 77 | ulimit -Sn 65535 78 | ulimit -Hu 20480 79 | ulimit -Su 20480 80 | ulimit -Hf unlimited 81 | ulimit -Sf unlimited 82 | } 83 | when: splunk_initd.stat.exists == true 84 | 85 | - name: enable usage of functions during start in /etc/init.d/splunk 86 | tags: 87 | - splunk 88 | - splunk_software 89 | - splunk_ulimits 90 | - splunk_disable_thp 91 | blockinfile: 92 | path: /etc/init.d/splunk 93 | marker: " # {mark} ANSIBLE MANAGED BLOCK (start)" 94 | insertbefore: "splunk_start$" 95 | content: |2 96 | disable_huge 97 | change_ulimit 98 | when: splunk_initd.stat.exists == true 99 | 100 | - name: enable usage of functions during restart in /etc/init.d/splunk 101 | tags: 102 | - splunk 103 | - splunk_software 104 | - splunk_ulimits 105 | - splunk_disable_thp 106 | blockinfile: 107 | path: /etc/init.d/splunk 108 | marker: " # {mark} ANSIBLE MANAGED BLOCK (restart)" 109 | insertbefore: "splunk_restart$" 110 | content: |2 111 | disable_huge 112 | change_ulimit 113 | when: splunk_initd.stat.exists == true 114 | 115 | - name: commit changes to systemctl 116 | tags: 117 | - splunk 118 | - splunk_software 119 | command: systemctl daemon-reload 120 | when: use_systemctl == true and splunk_initd.stat.exists == true 121 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/update_splunk_service.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: "update {{splunk_service_name}} systemd service file" 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_unit_file 8 | ini_file: 9 | path: "/etc/systemd/system/{{splunk_service_name}}.service" 10 | section: "{{ item.section }}" 11 | option: "{{ item.var }}" 12 | value: "{{ item.val }}" 13 | owner: root 14 | group: root 15 | mode: 0644 16 | no_extra_spaces: yes 17 | with_items: "{{ splunk_systemd_services_updates }}" 18 | when: use_systemctl == true and splunk_systemd_services[splunk_service_name] is defined 19 | 20 | - name: commit changes to systemctl 21 | tags: 22 | - splunk 23 | - splunk_software 24 | - splunk_unit_file 25 | command: systemctl daemon-reload 26 | when: use_systemctl == true 27 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/upgrade_idxc_rolling_begin.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: check if cluster manager has been upgraded already 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_upgrade 8 | - splunk_upgrade_idxc_rolling 9 | include_tasks: check_splunk_version.yml 10 | vars: 11 | fail_on_missing_upgrade: true 12 | 13 | - name: check cluster state 14 | tags: 15 | - splunk 16 | - splunk_software 17 | - splunk_upgrade 18 | - splunk_upgrade_idxc_rolling 19 | include_tasks: splunk_rest.yml 20 | vars: 21 | splunk_rest_endpoint: /services/cluster/master/status 22 | 23 | - name: set state variables 24 | tags: 25 | - splunk 26 | - splunk_software 27 | - splunk_upgrade 28 | - splunk_upgrade_idxc_rolling 29 | set_fact: 30 | idxc_searchable_rolling: "{{ splunk_rest_json_output.entry[0].content.searchable_rolling|bool }}" 31 | idxc_service_ready_flag: "{{ splunk_rest_json_output.entry[0].content.service_ready_flag|bool }}" 32 | vars: 33 | splunk_rest_json_output: "{{ splunk_rest_output.content|to_json|from_json }}" 34 | 35 | - name: fail if cluster service_ready_flag not ok 36 | tags: 37 | - splunk 38 | - splunk_software 39 | - splunk_upgrade 40 | - splunk_upgrade_idxc_rolling 41 | fail: 42 | msg: "Cluster is not healthy!" 43 | when: idxc_service_ready_flag == false 44 | 45 | - name: call splunk rest endpiont 46 | tags: 47 | - splunk 48 | - splunk_software 49 | - splunk_rest 50 | - splunk_upgrade 51 | - splunk_upgrade_idxc_rolling 52 | include_tasks: splunk_rest.yml 53 | vars: 54 | splunk_rest_endpoint: /services/cluster/master/health 55 | when: idxc_searchable_rolling == false 56 | 57 | - name: fail if cluster preflight not ok 58 | tags: 59 | - splunk 60 | - splunk_software 61 | - splunk_upgrade 62 | - splunk_upgrade_idxc_rolling 63 | fail: 64 | msg: "Cluster Health preflight check was not successfull!" 65 | when: 66 | - idxc_searchable_rolling == false 67 | - splunk_rest_json_output.entry[0].content.pre_flight_check|int != 1 68 | 69 | - name: init rolling upgrade 70 | tags: 71 | - splunk 72 | - splunk_software 73 | - splunk_rest 74 | - splunk_upgrade 75 | - splunk_upgrade_idxc_rolling 76 | include_tasks: splunk_rest.yml 77 | vars: 78 | splunk_rest_endpoint: /services/cluster/master/control/control/rolling_upgrade_init 79 | http_method: POST 80 | when: idxc_searchable_rolling == false 81 | 82 | - name: init output 83 | tags: 84 | - splunk 85 | - splunk_software 86 | - splunk_upgrade 87 | - splunk_upgrade_idxc_rolling 88 | debug: 89 | msg: "{{ splunk_rest_json_output.messages[0].text }}" 90 | when: idxc_searchable_rolling == false 91 | changed_when: idxc_searchable_rolling == false 92 | 93 | - name: init output 94 | tags: 95 | - splunk 96 | - splunk_software 97 | - splunk_upgrade 98 | - splunk_upgrade_idxc_rolling 99 | debug: 100 | msg: "Cluster is already in searchable rolling upgrade mode." 101 | when: idxc_searchable_rolling == true -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/upgrade_idxc_rolling_check.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: call check_splunk_version 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_upgrade 8 | - splunk_upgrade_idxc_rolling 9 | include_tasks: check_splunk_version.yml 10 | vars: 11 | inform_on_already_upgraded: true 12 | 13 | - name: call rolling upgrade for peer 14 | tags: 15 | - splunk 16 | - splunk_software 17 | - splunk_upgrade 18 | - splunk_upgrade_idxc_rolling 19 | include_tasks: upgrade_idxc_rolling_upgrade.yml 20 | when: splunk_installed_version != splunk_target_version -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/upgrade_idxc_rolling_end.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: check cluster state 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_rest 8 | - splunk_upgrade 9 | - splunk_upgrade_idxc_rolling 10 | include_tasks: splunk_rest.yml 11 | vars: 12 | splunk_rest_endpoint: /services/cluster/master/status 13 | 14 | - name: set state variables 15 | tags: 16 | - splunk 17 | - splunk_software 18 | - splunk_upgrade 19 | - splunk_upgrade_idxc_rolling 20 | set_fact: 21 | idxc_searchable_rolling: "{{ splunk_rest_json_output.entry[0].content.searchable_rolling|bool }}" 22 | idxc_service_ready_flag: "{{ splunk_rest_json_output.entry[0].content.service_ready_flag|bool }}" 23 | vars: 24 | splunk_rest_json_output: "{{ splunk_rest_output.content|to_json|from_json }}" 25 | 26 | - name: finalize rolling upgrade 27 | tags: 28 | - splunk 29 | - splunk_software 30 | - splunk_rest 31 | - splunk_upgrade 32 | - splunk_upgrade_idxc_rolling 33 | include_tasks: splunk_rest.yml 34 | vars: 35 | splunk_rest_endpoint: /services/cluster/master/control/control/rolling_upgrade_finalize 36 | http_method: POST 37 | when: idxc_searchable_rolling == true 38 | 39 | - name: finalize output 40 | tags: 41 | - splunk 42 | - splunk_software 43 | - splunk_upgrade 44 | - splunk_upgrade_idxc_rolling 45 | debug: 46 | msg: "{{ splunk_rest_json_output.messages[0].text }}" 47 | when: idxc_searchable_rolling == true 48 | changed_when: idxc_searchable_rolling == true 49 | 50 | - name: finalize output 51 | tags: 52 | - splunk 53 | - splunk_software 54 | - splunk_upgrade 55 | - splunk_upgrade_idxc_rolling 56 | debug: 57 | msg: "Cluster searchable rolling was already finalized." 58 | when: idxc_searchable_rolling == false -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/upgrade_idxc_rolling_upgrade.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: call get_idxc_peerids 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_upgrade 8 | - splunk_upgrade_idxc_rolling 9 | include_tasks: get_idxc_peerids.yml 10 | 11 | - name: set idxc_peerid 12 | tags: 13 | - splunk 14 | - splunk_software 15 | - splunk_upgrade 16 | - splunk_upgrade_idxc_rolling 17 | set_fact: 18 | idxc_peerid: "{{ idxc_name_peerids | json_query(query) }}" 19 | vars: 20 | query: "[? name=='{{ inventory_hostname }}'].peerid" 21 | 22 | - name: call get_idxc_peer_status 23 | tags: 24 | - splunk 25 | - splunk_software 26 | - splunk_upgrade 27 | - splunk_upgrade_idxc_rolling 28 | include_tasks: get_idxc_peer_status.yml 29 | 30 | - name: fail if peer has wrong state 31 | tags: 32 | - splunk 33 | - splunk_software 34 | - splunk_upgrade 35 | - splunk_upgrade_idxc_rolling 36 | fail: 37 | msg: "Cluster Peer {{ inventory_hostname }} has wrong state '{{ idxc_peer_status }}'" 38 | when: 39 | - idxc_peer_status != 'Up' 40 | - idxc_peer_status != 'Down' 41 | - idxc_peer_status != 'ReassigningPrimaries' 42 | 43 | - name: offline indexer 44 | tags: 45 | - splunk 46 | - splunk_software 47 | - splunk_rest 48 | - splunk_upgrade 49 | - splunk_upgrade_idxc_rolling 50 | include_tasks: splunk_rest.yml 51 | vars: 52 | splunk_rest_endpoint: /services/cluster/slave/control/control/decommission 53 | http_method: POST 54 | when: idxc_peer_status == 'Up' 55 | 56 | # There is not 'loop until' with include_tasks. So, we need to code the rest call directly here. 57 | - name: check for peer to be down 58 | tags: 59 | - splunk 60 | - splunk_software 61 | - splunk_rest 62 | - splunk_upgrade 63 | - splunk_upgrade_idxc_rolling 64 | uri: 65 | url: "https://localhost:8089//services/cluster/master/peers/{{ idxc_peerid|first }}" 66 | user: admin 67 | password: "{{ splunk_admin_password }}" 68 | method: "GET" 69 | body_format: form-urlencoded 70 | body: 71 | output_mode: "json" 72 | return_content: yes 73 | force_basic_auth: yes 74 | validate_certs: no 75 | register: splunk_rest_output_local 76 | vars: 77 | splunk_rest_json_output_local: "{{ splunk_rest_output_local.content|to_json|from_json }}" 78 | check_mode: no 79 | until: "splunk_rest_json_output_local.entry[0].content.status == 'Down'" 80 | # Wait 30 minutes to complete this step 81 | retries: 30 82 | delay: 60 83 | delegate_to: "{{ splunk_idxc_cm }}" 84 | 85 | - name: call upgrade 86 | tags: 87 | - splunk 88 | - splunk_software 89 | - splunk_upgrade 90 | - splunk_upgrade_idxc_rolling 91 | include_tasks: upgrade.yml 92 | 93 | # There is not 'loop until' with include_tasks. So, we need to code the rest call directly here. 94 | - name: check for peer to be up 95 | tags: 96 | - splunk 97 | - splunk_software 98 | - splunk_rest 99 | - splunk_upgrade 100 | - splunk_upgrade_idxc_rolling 101 | uri: 102 | url: "https://localhost:8089//services/cluster/master/peers/{{ idxc_peerid|first }}" 103 | user: admin 104 | password: "{{ splunk_admin_password }}" 105 | method: "GET" 106 | body_format: form-urlencoded 107 | body: 108 | output_mode: "json" 109 | return_content: yes 110 | force_basic_auth: yes 111 | validate_certs: no 112 | register: splunk_rest_output_local 113 | vars: 114 | splunk_rest_json_output_local: "{{ splunk_rest_output_local.content|to_json|from_json }}" 115 | check_mode: no 116 | until: "splunk_rest_json_output_local.entry[0].content.status == 'Up'" 117 | # Wait 10 minutes to complete this step 118 | retries: 40 119 | delay: 15 120 | delegate_to: "{{ splunk_idxc_cm }}" -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/upgrade_shc_rolling_begin.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: check search head cluster state 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_rest 8 | - splunk_upgrade 9 | - splunk_upgrade_shc_rolling 10 | include_tasks: splunk_rest.yml 11 | vars: 12 | splunk_rest_endpoint: /services/shcluster/status?advanced=1 13 | when: inventory_hostname == splunk_shc_host_list|first 14 | 15 | - name: set state variables 16 | tags: 17 | - splunk 18 | - splunk_software 19 | - splunk_upgrade 20 | - splunk_upgrade_shc_rolling 21 | set_fact: 22 | shc_rolling_restart_flag: "{{ splunk_rest_json_output.entry[0].content.captain.rolling_restart_flag|bool }}" 23 | shc_rolling_upgrade_flag: "{{ splunk_rest_json_output.entry[0].content.captain.rolling_upgrade_flag|bool }}" 24 | shc_service_ready_flag: "{{ splunk_rest_json_output.entry[0].content.captain.service_ready_flag|bool }}" 25 | vars: 26 | splunk_rest_json_output: "{{ splunk_rest_output.content|to_json|from_json }}" 27 | when: inventory_hostname == splunk_shc_host_list|first 28 | 29 | - name: fail if search head cluster service_ready_flag not ok 30 | tags: 31 | - splunk 32 | - splunk_software 33 | - splunk_upgrade 34 | - splunk_upgrade_shc_rolling 35 | fail: 36 | msg: "Search Head Cluster is not healthy!" 37 | when: 38 | - inventory_hostname == splunk_shc_host_list|first 39 | - shc_service_ready_flag == false or shc_rolling_restart_flag == true 40 | 41 | - name: check KV store cluster state 42 | tags: 43 | - splunk 44 | - splunk_software 45 | - splunk_rest 46 | - splunk_upgrade 47 | - splunk_upgrade_shc_rolling 48 | include_tasks: splunk_rest.yml 49 | vars: 50 | splunk_rest_endpoint: /services/kvstore/status 51 | when: inventory_hostname == splunk_shc_host_list|first 52 | 53 | - name: set state variables 54 | tags: 55 | - splunk 56 | - splunk_software 57 | - splunk_upgrade 58 | - splunk_upgrade_shc_rolling 59 | set_fact: 60 | kv_stre_status: "{{ splunk_rest_json_output.entry[0].content.current.status }}" 61 | vars: 62 | splunk_rest_json_output: "{{ splunk_rest_output.content|to_json|from_json }}" 63 | when: inventory_hostname == splunk_shc_host_list|first 64 | 65 | - name: fail if KV store cluster status not 'ready' 66 | tags: 67 | - splunk 68 | - splunk_software 69 | - splunk_upgrade 70 | - splunk_upgrade_shc_rolling 71 | fail: 72 | msg: "KV Store Cluster is not healthy!" 73 | when: 74 | - inventory_hostname == splunk_shc_host_list|first 75 | - kv_stre_status != 'ready' 76 | 77 | - name: init rolling upgrade 78 | tags: 79 | - splunk 80 | - splunk_software 81 | - splunk_rest 82 | - splunk_upgrade 83 | - splunk_upgrade_shc_rolling 84 | include_tasks: splunk_rest.yml 85 | vars: 86 | splunk_rest_endpoint: /services/shcluster/captain/control/control/upgrade-init 87 | http_method: POST 88 | when: 89 | - inventory_hostname == splunk_shc_host_list|first 90 | - shc_rolling_upgrade_flag == false 91 | 92 | - name: init output 93 | tags: 94 | - splunk 95 | - splunk_software 96 | - splunk_upgrade 97 | - splunk_upgrade_shc_rolling 98 | debug: 99 | msg: "{{ splunk_rest_json_output.messages[0].text }}" 100 | when: 101 | - inventory_hostname == splunk_shc_host_list|first 102 | - shc_rolling_upgrade_flag == false 103 | changed_when: shc_rolling_upgrade_flag == false 104 | 105 | - name: init output 106 | tags: 107 | - splunk 108 | - splunk_software 109 | - splunk_upgrade 110 | - splunk_upgrade_shc_rolling 111 | debug: 112 | msg: "Cluster is already in searchable rolling upgrade mode." 113 | when: 114 | - inventory_hostname == splunk_shc_host_list|first 115 | - shc_rolling_upgrade_flag == true -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/upgrade_shc_rolling_check.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: call check_splunk_version 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_upgrade 8 | - splunk_upgrade_shc_rolling 9 | include_tasks: check_splunk_version.yml 10 | vars: 11 | inform_on_already_upgraded: true 12 | 13 | - name: call rolling upgrade for peer 14 | tags: 15 | - splunk 16 | - splunk_software 17 | - splunk_upgrade 18 | - splunk_upgrade_shc_rolling 19 | include_tasks: upgrade_shc_rolling_upgrade.yml 20 | when: splunk_installed_version != splunk_target_version -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/upgrade_shc_rolling_end.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: check cluster state 4 | tags: 5 | - splunk 6 | - splunk_software 7 | - splunk_rest 8 | - splunk_upgrade 9 | - splunk_upgrade_shc_rolling 10 | include_tasks: splunk_rest.yml 11 | vars: 12 | splunk_rest_endpoint: /services/shcluster/status?advanced=1 13 | when: inventory_hostname == splunk_shc_host_list|first 14 | 15 | - name: set state variables 16 | tags: 17 | - splunk 18 | - splunk_software 19 | - splunk_upgrade 20 | - splunk_upgrade_shc_rolling 21 | set_fact: 22 | shc_rolling_restart_flag: "{{ splunk_rest_json_output.entry[0].content.captain.rolling_restart_flag|bool }}" 23 | shc_rolling_upgrade_flag: "{{ splunk_rest_json_output.entry[0].content.captain.rolling_upgrade_flag|bool }}" 24 | shc_service_ready_flag: "{{ splunk_rest_json_output.entry[0].content.captain.service_ready_flag|bool }}" 25 | vars: 26 | splunk_rest_json_output: "{{ splunk_rest_output.content|to_json|from_json }}" 27 | when: inventory_hostname == splunk_shc_host_list|first 28 | 29 | - name: finalize rolling upgrade 30 | tags: 31 | - splunk 32 | - splunk_software 33 | - splunk_rest 34 | - splunk_upgrade 35 | - splunk_upgrade_shc_rolling 36 | include_tasks: splunk_rest.yml 37 | vars: 38 | splunk_rest_endpoint: /services/shcluster/captain/control/control/upgrade-finalize 39 | http_method: POST 40 | when: 41 | - inventory_hostname == splunk_shc_host_list|first 42 | - shc_rolling_upgrade_flag == true 43 | 44 | - name: finalize output 45 | tags: 46 | - splunk 47 | - splunk_software 48 | - splunk_upgrade 49 | - splunk_upgrade_shc_rolling 50 | debug: 51 | msg: "{{ splunk_rest_json_output.messages[0].text }}" 52 | when: 53 | - inventory_hostname == splunk_shc_host_list|first 54 | - shc_rolling_upgrade_flag == true 55 | changed_when: shc_rolling_upgrade_flag == true 56 | 57 | - name: finalize output 58 | tags: 59 | - splunk 60 | - splunk_software 61 | - splunk_upgrade 62 | - splunk_upgrade_shc_rolling 63 | debug: 64 | msg: "Cluster searchable rolling was already finalized." 65 | when: 66 | - inventory_hostname == splunk_shc_host_list|first 67 | - shc_rolling_upgrade_flag == false -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/upgrade_software.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # playbook for upgrading splunk 3 | 4 | - name: call check_splunk_version 5 | tags: 6 | - splunk 7 | - splunk_software 8 | - splunk_upgrade 9 | include_tasks: check_splunk_version.yml 10 | vars: 11 | inform_on_already_upgraded: true 12 | 13 | - name: call upgrade 14 | tags: 15 | - splunk 16 | - splunk_software 17 | - splunk_upgrade 18 | include_tasks: upgrade.yml 19 | when: splunk_installed_version != splunk_target_version -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/upload_and_extract.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: upload and unarchive splunk archive from ansible host 4 | tags: 5 | - splunk 6 | - splunk_software 7 | unarchive: 8 | src: "{{splunk_archive.0}}" 9 | dest: "{{ splunk_install_dir }}/" 10 | owner: "{{ splunk_user }}" 11 | group: "{{ splunk_group }}" 12 | extra_opts: 13 | - "--dereference" 14 | when: splunk_download is not defined or 15 | (splunk_install_app == "splunk" and splunk_download.splunk|default(false) == false) or 16 | (splunk_install_app == "splunkforwarder" and splunk_download.splunkforwarder|default(false) == false) 17 | 18 | - name: define splunk archive download url 19 | tags: 20 | - splunk 21 | - splunk_software 22 | set_fact: 23 | splunk_url: 'https://d7wz6hmoaavd0.cloudfront.net/products/{%- if splunk_install_app == "splunk" -%}splunk{%- else -%}universalforwarder{%- endif -%}/releases/{{splunk_target_version}}/linux/{{splunk_archive.0|basename}}' 24 | when: splunk_download is defined and 25 | (splunk_install_app == "splunk" and splunk_download.splunk|default(false) == true or 26 | splunk_install_app == "splunkforwarder" and splunk_download.splunkforwarder|default(false) == true) 27 | 28 | - name: download the splunk archive from splunk.com 29 | tags: 30 | - splunk 31 | - splunk_software 32 | get_url: 33 | url: "{{ splunk_url }}" 34 | dest: "/tmp/splunk.tar.gz" 35 | timeout: 60 36 | owner: "{{ splunk_user }}" 37 | group: "{{ splunk_group }}" 38 | force: yes 39 | when: splunk_download is defined and 40 | (splunk_install_app == "splunk" and splunk_download.splunk|default(false) == true or 41 | splunk_install_app == "splunkforwarder" and splunk_download.splunkforwarder|default(false) == true) 42 | 43 | - name: extract splunk archive 44 | tags: 45 | - splunk 46 | - splunk_software 47 | unarchive: 48 | src: "/tmp/splunk.tar.gz" 49 | dest: "{{ splunk_install_dir }}" 50 | owner: "{{ splunk_user }}" 51 | group: "{{ splunk_group }}" 52 | remote_src: yes 53 | extra_opts: 54 | - "--dereference" 55 | when: splunk_download is defined and 56 | (splunk_install_app == "splunk" and splunk_download.splunk|default(false) == true or 57 | splunk_install_app == "splunkforwarder" and splunk_download.splunkforwarder|default(false) == true) 58 | 59 | # This is needed when having splunk_home linked to another directory 60 | - name: set owner {{ splunk_user }}:{{ splunk_group }} for {{ splunk_home }} 61 | tags: 62 | - splunk 63 | - splunk_software 64 | file: 65 | path: "{{ splunk_home }}/." 66 | owner: "{{ splunk_user }}" 67 | group: "{{ splunk_group }}" 68 | mode: '0755' 69 | 70 | - name: remove splunk install archive 71 | tags: 72 | - splunk 73 | - splunk_software 74 | file: 75 | path: "/tmp/splunk.tar.gz" 76 | state: absent 77 | when: splunk_download is defined and 78 | (splunk_install_app == "splunk" and splunk_download.splunk|default(false) == true or 79 | splunk_install_app == "splunkforwarder" and splunk_download.splunkforwarder|default(false) == true) 80 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/tasks/users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook install the apps required in a server 3 | 4 | - name: add splunk group 5 | tags: 6 | - splunk 7 | - splunk_software 8 | - splunk_group 9 | group: 10 | name: "{{ splunk_group }}" 11 | state: present 12 | when: splunk_group_create|default(true) == true 13 | 14 | - name: add splunk user 15 | tags: 16 | - splunk 17 | - splunk_software 18 | - splunk_user 19 | user: 20 | name: "{{ splunk_user }}" 21 | group: "{{ splunk_group }}" 22 | comment: "Splunk User" 23 | shell: /bin/bash 24 | create_home: yes 25 | state: present 26 | when: splunk_user_create|default(true) == true 27 | 28 | - name: Adding splunk aliases 29 | tags: 30 | - splunk 31 | - splunk_software 32 | template: 33 | src: home/splunk/bashrc.splunk.j2 34 | dest: "~{{ splunk_user }}/.bashrc.splunk" 35 | owner: "{{ splunk_user }}" 36 | group: "{{ splunk_group }}" 37 | mode: 0644 38 | 39 | - name: insert/update bashrc for splunk stuff 40 | tags: 41 | - splunk 42 | - splunk_software 43 | blockinfile: 44 | path: "~{{ splunk_user }}/.bashrc" 45 | marker: "#" 46 | insertafter: "export PATH" 47 | content: | 48 | if [ -f ~/.bashrc.splunk ]; then 49 | . ~/.bashrc.splunk 50 | fi 51 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/templates/etc/polkit-1/localauthority/50-local.d/splunk.pkla.j2: -------------------------------------------------------------------------------- 1 | [{{ splunk_service_name }} service] 2 | Identity=unix-user:{{ splunk_user }} 3 | Action=org.freedesktop.systemd1.manage-units 4 | ResultAny=yes 5 | ResultInactive=yes 6 | ResultActive=yes 7 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/templates/etc/polkit-1/rules.d/10-splunk.rules.j2: -------------------------------------------------------------------------------- 1 | polkit.addRule(function(action, subject) { 2 | if (action.id == "org.freedesktop.systemd1.manage-units" && subject.user == "{{ splunk_user }}") { 3 | if (action.lookup("unit") == "{{ splunk_service_name }}.service") { 4 | var verb = action.lookup("verb"); 5 | if (verb == "start" || verb == "stop" || verb == "restart") { 6 | return polkit.Result.YES; 7 | } 8 | } 9 | } 10 | }); 11 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/templates/etc/security/limits.d/splunk.conf.j2: -------------------------------------------------------------------------------- 1 | # Splunk user ulimits settings 2 | {{splunk_user}} hard core 0 3 | {{splunk_user}} hard maxlogins 10 4 | {{splunk_user}} soft nofile 65535 5 | {{splunk_user}} hard nofile 65535 6 | {{splunk_user}} soft nproc 20480 7 | {{splunk_user}} hard nproc 20480 8 | {{splunk_user}} soft nfile unlimited 9 | {{splunk_user}} hard nfile unlimited 10 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/templates/etc/sudoers.d/splunk.j2: -------------------------------------------------------------------------------- 1 | {{splunk_user}} ALL=(ALL) NOPASSWD: /bin/systemctl stop {{splunk_service_name}}, /bin/systemctl start {{splunk_service_name}}, /bin/systemctl restart {{splunk_service_name}}, /bin/systemctl status {{splunk_service_name}} 2 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/templates/etc/systemd/system/splunk.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description = Splunk Enterprise SYSTEMD Service 3 | After = network.target remote-fs.target syslog.target auditd.service sshd.service 4 | Wants = network.target remote-fs.target syslog.target auditd.service sshd.service 5 | 6 | [Service] 7 | Type = forking 8 | RemainAfterExit = False 9 | StandardOutput = journal 10 | StandardError = journal 11 | Restart = always 12 | User = {{ splunk_user }} 13 | Group = {{ splunk_group }} 14 | LimitCORE = 0 15 | LimitFSIZE = infinity 16 | LimitDATA = infinity 17 | LimitNPROC = 20480 18 | LimitNOFILE = 65536 19 | TimeoutSec = 300 20 | RestartSec = 15 21 | ExecStart = {{ splunk_home }}/bin/splunk start --accept-license --answer-yes --no-prompt 22 | ExecStop = {{ splunk_home }}/bin/splunk stop 23 | ExecReload = {{ splunk_home }}/bin/splunk restart 24 | PIDFile = {{ splunk_home }}/var/run/splunk/splunkd.pid 25 | 26 | [Install] 27 | WantedBy = multi-user.target 28 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/templates/etc/systemd/system/splunkforwarder.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description = Splunk Universal Forwarder SYSTEMD Service 3 | After = network.target remote-fs.target syslog.target auditd.service sshd.service 4 | Wants = network.target remote-fs.target syslog.target auditd.service sshd.service 5 | 6 | [Service] 7 | Type = forking 8 | RemainAfterExit = False 9 | StandardOutput = journal 10 | StandardError = journal 11 | Restart = always 12 | User = {{ splunk_user }} 13 | Group = {{ splunk_group }} 14 | LimitCORE = 0 15 | LimitFSIZE = infinity 16 | LimitDATA = infinity 17 | LimitNPROC = 20480 18 | LimitNOFILE = 65536 19 | TimeoutSec = 300 20 | RestartSec = 15 21 | ExecStart = {{ splunk_home }}/bin/splunk start --accept-license --answer-yes --no-prompt 22 | ExecStop = {{ splunk_home }}/bin/splunk stop 23 | ExecReload = {{ splunk_home }}/bin/splunk restart 24 | PIDFile = {{ splunk_home }}/var/run/splunk/splunkd.pid 25 | 26 | [Install] 27 | WantedBy = multi-user.target 28 | -------------------------------------------------------------------------------- /ansible/roles/splunk_software/templates/home/splunk/bashrc.splunk.j2: -------------------------------------------------------------------------------- 1 | # Append PATH 2 | export SPLUNK_HOME={{ splunk_home }} 3 | export PATH=$PATH:$SPLUNK_HOME/bin 4 | 5 | # Functions 6 | cdmanager() 7 | { 8 | # Check if there is a manager-apps dir 9 | if [ -d $SPLUNK_HOME/etc/manager-apps ]; 10 | then 11 | cd $SPLUNK_HOME/etc/manager-apps 12 | else 13 | cd $SPLUNK_HOME/etc/master-apps 14 | fi 15 | } 16 | 17 | # Aliases 18 | alias cs="cd $SPLUNK_HOME" 19 | alias ce="cd $SPLUNK_HOME/etc" 20 | alias ca="cd $SPLUNK_HOME/etc/apps" 21 | alias cm=cdmanager 22 | alias ch="cd $SPLUNK_HOME/etc/shcluster/apps" 23 | alias cdd="cd $SPLUNK_HOME/etc/deployment-apps" 24 | alias cdl="cd $SPLUNK_HOME/var/log/splunk" 25 | alias tl="tail -f $SPLUNK_HOME/var/log/splunk/splunkd.log" 26 | 27 | # Source the SplunkEnv profile 28 | . $SPLUNK_HOME/bin/setSplunkEnv 29 | 30 | # Prevent broken SSL libs for non splunk commands 31 | unset LD_LIBRARY_PATH 32 | -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variables for this role 3 | 4 | splunk_install_app: splunkforwarder 5 | splunk_service_name: splunk 6 | -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: 3 | - role: splunk_common 4 | -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook for this role 3 | 4 | - name: start role tasks 5 | tags: 6 | - splunk 7 | - universal_forwarder 8 | debug: 9 | msg: "role '{{ role_name }}' start" 10 | 11 | - name: apply baseconfig app org_all_deploymentclient 12 | tags: 13 | - splunk 14 | - splunk_baseconfig 15 | - universal_forwarder 16 | - org_all_deploymentclient 17 | include_role: 18 | name: baseconfig_app 19 | vars: 20 | app_name: 'org_all_deploymentclient' 21 | app_path: '{{splunk_home}}/etc/apps' 22 | when: splunk_deployment_server|default()|length > 0 and inventory_hostname not in groups.role_deployment_server 23 | 24 | - name: apply baseconfig app org_all_forwarder_outputs 25 | tags: 26 | - splunk 27 | - splunk_baseconfig 28 | - universal_forwarder 29 | - org_all_forwarder_outputs 30 | include_role: 31 | name: baseconfig_app 32 | vars: 33 | app_name: 'org_all_forwarder_outputs' 34 | app_path: '{{splunk_home}}/etc/apps' 35 | when: splunk_deployment_server|default()|length == 0 36 | -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder_windows/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Variables for this role 3 | 4 | splunk_install_dir: 'C:\Program Files' 5 | splunk_install_app: splunkforwarder 6 | splunk_service_name: 'SplunkForwarder Service' 7 | splunk_home: '{{splunk_install_dir}}/SplunkUniversalForwarder' 8 | app_path: '{{splunk_home}}/etc/apps' 9 | splunk_user: splunk 10 | splunk_group: splunk 11 | app_dest_name: "{{app_name|replace('org_', splunk_app_prefix+'_')}}" 12 | -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder_windows/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart splunk 2 | tags: 3 | - splunk 4 | - universal_forwarder_windows 5 | win_service: 6 | name: "{{splunk_service_name}}" 7 | state: restarted 8 | -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder_windows/tasks/config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook configures the windows universal forwarder 3 | 4 | - name: find path to baseconfig app 5 | tags: 6 | - splunk 7 | - splunk_baseconfig 8 | - universal_forwarder_windows 9 | - org_all_deploymentclient 10 | become: no 11 | find: 12 | path: "{{ splunk_baseconfig }}/" 13 | pattern: "org_all_deploymentclient" 14 | file_type: directory 15 | recurse: yes 16 | register: baseapp_dir 17 | ignore_errors: True 18 | delegate_to: localhost 19 | 20 | - name: apply baseconfig app org_all_deploymentclient 21 | tags: 22 | - splunk 23 | - splunk_baseconfig 24 | - universal_forwarder_windows 25 | - org_all_deploymentclient 26 | win_copy: 27 | src: "{{ baseapp_dir.files.0.path }}/" 28 | dest: "{{ app_path }}/{{ app_dest_name }}" 29 | vars: 30 | app_name: 'org_all_deploymentclient' 31 | app_path: '{{splunk_home}}/etc/apps' 32 | notify: restart splunk 33 | 34 | - name: "(org_all_deploymentclient) setting deployment server" 35 | tags: 36 | - splunk 37 | - splunk_baseconfig 38 | - universal_forwarder_windows 39 | - org_all_deploymentclient 40 | win_lineinfile: 41 | path: "{{ app_path }}/{{ app_dest_name }}/local/deploymentclient.conf" 42 | regexp: '^targetUri =' 43 | line: 'targetUri = {{splunk_deployment_server|first}}:8089' 44 | vars: 45 | app_name: 'org_all_deploymentclient' 46 | app_path: '{{splunk_home}}/etc/apps' 47 | notify: restart splunk 48 | -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder_windows/tasks/enable_rdp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook installs the windows universal forwarder 3 | 4 | - name: Firewall rule to allow RDP on TCP port 3389 5 | tags: 6 | - splunk 7 | - universal_forwarder_windows 8 | - enable_rdp 9 | win_firewall_rule: 10 | name: Remote Desktop 11 | localport: 3389 12 | action: allow 13 | direction: in 14 | protocol: tcp 15 | profiles: private 16 | state: present 17 | enabled: yes 18 | 19 | - name: enable remote desktop service 20 | tags: 21 | - splunk 22 | - universal_forwarder_windows 23 | - enable_rdp 24 | win_regedit: 25 | path: 'HKLM:\System\CurrentControlSet\Control\Terminal Server' 26 | name: fDenyTSConnections 27 | data: 28 | type: dword 29 | -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder_windows/tasks/hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook updates the windows hosts file 3 | 4 | - name: update hosts entries 5 | tags: 6 | - universal_forwarder_windows 7 | - hosts 8 | win_hosts: 9 | state: present 10 | canonical_name: "{{ item }}" 11 | ip_address: "{{ hostvars[item].ip_addr }}" 12 | with_items: "{{ hostvars|list }}" 13 | -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder_windows/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Main playbook for this role 3 | 4 | - name: start role tasks 5 | tags: 6 | - splunk 7 | - universal_forwarder_windows 8 | debug: 9 | msg: "role '{{ role_name }}' start" 10 | 11 | - name: update hosts file 12 | tags: 13 | - universal_forwarder_windows 14 | - hosts 15 | include_tasks: hosts.yml 16 | 17 | - name: enable remote desktop 18 | tags: 19 | - universal_forwarder_windows 20 | - enable_rdp 21 | include_tasks: enable_rdp.yml 22 | 23 | - name: "check for splunk fresh install" 24 | tags: 25 | - splunk 26 | - splunk_software 27 | - splunk_install 28 | - universal_forwarder_windows 29 | win_stat: 30 | path: "{{ splunk_home }}" 31 | register: splunk_stat 32 | 33 | - name: checking if splunk is installed 34 | tags: 35 | - splunk 36 | - splunk_software 37 | - splunk_install 38 | - universal_forwarder_windows 39 | win_stat: 40 | path: "{{ splunk_home }}/bin" 41 | register: splunk_path 42 | 43 | - name: splunk is installed here 44 | tags: 45 | - splunk 46 | - splunk_software 47 | - splunk_install 48 | - universal_forwarder_windows 49 | debug: 50 | msg: 'splunk is already installed under {{ splunk_home }}/bin/splunk' 51 | when: splunk_path.stat.exists 52 | 53 | - name: "install the splunk software" 54 | tags: 55 | - splunk 56 | - splunk_software 57 | - splunk_install 58 | - universal_forwarder_windows 59 | include_tasks: install.yml 60 | when: splunk_path.stat.exists == false 61 | 62 | - name: "config the splunk software" 63 | tags: 64 | - splunk 65 | - splunk_software 66 | - splunk_baseconfig 67 | - universal_forwarder_windows 68 | include_tasks: config.yml 69 | 70 | #- name: create staging dir 71 | # file: 72 | # path: '{{splunk_save_baseconfig_apps_dir}}/stage' 73 | # state: directory 74 | # delegate_to: localhost 75 | 76 | #- name: stage baseconfig app org_all_deploymentclient 77 | # tags: 78 | # - splunk 79 | # - splunk_baseconfig 80 | # - universal_forwarder 81 | # - org_all_deploymentclient 82 | # include_role: 83 | # name: baseconfig_app 84 | # vars: 85 | # app_name: 'org_all_deploymentclient' 86 | # app_path: '{{splunk_save_baseconfig_apps_dirs}}/stage' 87 | # delegate_to: localhost 88 | -------------------------------------------------------------------------------- /ansible/run_splunk_command.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Usage: run_splunk_command.yml --limit -e "splunk_command='show shcluster-status'" 4 | 5 | - name: run Splunk command 6 | hosts: role_cluster_manager,role_deployer,role_deployment_server,role_heavy_forwarder,role_indexer,role_license_manager,role_monitoring_console,role_search_head,role_universal_forwarder 7 | become: yes 8 | become_user: root 9 | 10 | tasks: 11 | 12 | - name: call splunk_command from role splunk_common 13 | include_role: 14 | name: splunk_software 15 | tasks_from: splunk_command 16 | -------------------------------------------------------------------------------- /ansible/setup_common.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook configures common settings 3 | 4 | - name: apply common configurations 5 | hosts: all:!role_universal_forwarder_windows 6 | become: yes 7 | become_user: root 8 | roles: 9 | - common 10 | -------------------------------------------------------------------------------- /ansible/setup_other_roles.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook configures other roles 3 | 4 | - name: setup ldap server role 5 | hosts: role_ldap_server 6 | become: yes 7 | become_user: root 8 | roles: 9 | - ldap_server 10 | 11 | -------------------------------------------------------------------------------- /ansible/setup_splunk_conf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook add/updates splunk config file settings 3 | 4 | - name: run splunk_conf role 5 | hosts: all:!role_universal_forwarder_windows 6 | become: yes 7 | become_user: root 8 | 9 | tasks: 10 | - name: call splunk_conf role 11 | include_role: 12 | name: splunk_conf 13 | when: 14 | - splunk_conf is defined 15 | - splunk_conf is mapping -------------------------------------------------------------------------------- /ansible/setup_splunk_roles.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook configures the splunk roles 3 | 4 | - name: setup deployment server role 5 | hosts: role_deployment_server 6 | become: yes 7 | become_user: root 8 | roles: 9 | - deployment_server 10 | 11 | - name: setup license manager role 12 | hosts: role_license_manager 13 | become: yes 14 | become_user: root 15 | roles: 16 | - license_manager 17 | 18 | - name: setup cluster manager role 19 | hosts: role_cluster_manager 20 | become: yes 21 | become_user: root 22 | roles: 23 | - cluster_manager 24 | 25 | - name: setup indexer role 26 | hosts: role_indexer 27 | become: yes 28 | become_user: root 29 | roles: 30 | - indexer 31 | 32 | - name: setup deployer role 33 | hosts: role_deployer 34 | become: yes 35 | become_user: root 36 | roles: 37 | - deployer 38 | 39 | - name: setup search head role 40 | hosts: role_search_head 41 | serial: 1 42 | become: yes 43 | become_user: root 44 | roles: 45 | - search_head 46 | 47 | - name: setup monitoring console role 48 | hosts: role_monitoring_console 49 | become: yes 50 | become_user: root 51 | roles: 52 | - monitoring_console 53 | 54 | - name: setup heavy forwarder role 55 | hosts: role_heavy_forwarder 56 | become: yes 57 | become_user: root 58 | roles: 59 | - heavy_forwarder 60 | 61 | - name: setup universal forwarder role 62 | hosts: role_universal_forwarder 63 | become: yes 64 | become_user: root 65 | roles: 66 | - universal_forwarder 67 | 68 | - name: setup universal forwarder role for windows 69 | hosts: role_universal_forwarder_windows 70 | roles: 71 | - universal_forwarder_windows 72 | -------------------------------------------------------------------------------- /ansible/start_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: start splunk 4 | hosts: role_cluster_manager,role_deployer,role_deployment_server,role_heavy_forwarder,role_indexer,role_license_manager,role_monitoring_console,role_search_head,role_universal_forwarder 5 | become: yes 6 | become_user: root 7 | 8 | tasks: 9 | 10 | - name: call start splunk from role splunk_common 11 | include_role: 12 | name: splunk_software 13 | tasks_from: start_splunk 14 | -------------------------------------------------------------------------------- /ansible/stop_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: stop splunk 4 | hosts: role_cluster_manager,role_deployer,role_deployment_server,role_heavy_forwarder,role_indexer,role_license_manager,role_monitoring_console,role_search_head,role_universal_forwarder 5 | become: yes 6 | become_user: root 7 | 8 | tasks: 9 | 10 | - name: call stop splunk from role splunk_common 11 | include_role: 12 | name: splunk_software 13 | tasks_from: stop_splunk 14 | -------------------------------------------------------------------------------- /ansible/test_ansible_prereqs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook test the needed capabilities for ansible 3 | 4 | - name: Test user switching and file creation in /tmp 5 | hosts: all 6 | become: no 7 | 8 | vars: 9 | splunk_user: splunk 10 | splunk_group: splunk 11 | 12 | tasks: 13 | 14 | - name: call check_ansible_requirements role common 15 | include_role: 16 | name: common 17 | tasks_from: check_ansible_requirements.yml 18 | 19 | - name: "touch file for the ansible {{ansible_user}}" 20 | file: 21 | path: /tmp/user.conf 22 | state: touch 23 | 24 | - name: "remove file for the ansible {{ansible_user}}" 25 | file: 26 | path: /tmp/user.conf 27 | state: absent 28 | 29 | - name: "touch file for technical user root" 30 | file: 31 | path: /tmp/root.conf 32 | state: touch 33 | become: yes 34 | become_user: root 35 | 36 | - name: "remove file for technical user root" 37 | file: 38 | path: /tmp/root.conf 39 | state: absent 40 | become: yes 41 | become_user: root 42 | 43 | - name: Determine available groups 44 | getent: 45 | database: group 46 | 47 | - name: Determine available users 48 | getent: 49 | database: passwd 50 | 51 | - name: "touch file for splunk user {{splunk_user}}" 52 | file: 53 | path: /tmp/splunk.conf 54 | state: touch 55 | owner: '{{splunk_user}}' 56 | group: '{{splunk_group}}' 57 | become: yes 58 | become_user: "{{splunk_user}}" 59 | when: 60 | - splunk_group in ansible_facts.getent_group 61 | - splunk_user in ansible_facts.getent_passwd 62 | 63 | - name: "remove file for splunk user {{splunk_user}}" 64 | file: 65 | path: /tmp/splunk.conf 66 | state: absent 67 | become: yes 68 | become_user: "{{splunk_user}}" 69 | when: 70 | - splunk_group in ansible_facts.getent_group 71 | - splunk_user in ansible_facts.getent_passwd 72 | 73 | - name: call check_policykit role splunk_common 74 | include_role: 75 | name: splunk_common 76 | tasks_from: check_policykit.yml 77 | -------------------------------------------------------------------------------- /ansible/update_hosts_file.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # update the hosts entires on all hosts 3 | 4 | - name: add hosts to /etc/hosts (Linux) 5 | hosts: all,!role_universal_forwarder_windows 6 | 7 | tasks: 8 | 9 | - name: call hosts from role common 10 | include_role: 11 | name: common 12 | tasks_from: hosts 13 | 14 | - name: add hosts to /etc/hosts (Windows) 15 | hosts: role_universal_forwarder_windows 16 | 17 | tasks: 18 | 19 | - name: call restart splunk from role splunk_software 20 | include_role: 21 | name: universal_forwarder_windows 22 | tasks_from: hosts 23 | -------------------------------------------------------------------------------- /ansible/update_splunk_certs_inputs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # add a splunk web certs if not existing 3 | 4 | - name: add splunk web certs 5 | hosts: role_indexer 6 | roles: 7 | - splunk_common 8 | become: yes 9 | become_user: root 10 | 11 | tasks: 12 | 13 | - name: install certs for inputs ssl 14 | include_role: 15 | name: baseconfig_app 16 | tasks_from: splunk_ssl_inputs_certs 17 | when: splunk_ssl.inputs.enable == true and splunk_ssl.inputs.own_certs == true 18 | -------------------------------------------------------------------------------- /ansible/update_splunk_certs_web.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # add a splunk web certs if not existing 3 | 4 | - name: add splunk web certs 5 | hosts: all,!role_indexer,!role_universal_forwarder,!role_universal_forwarder_windows 6 | roles: 7 | - splunk_common 8 | become: yes 9 | become_user: root 10 | 11 | tasks: 12 | 13 | - name: install certs for web ssl 14 | include_role: 15 | name: baseconfig_app 16 | tasks_from: splunk_ssl_web_certs 17 | when: splunk_ssl.web.enable == true and splunk_ssl.web.own_certs == true 18 | -------------------------------------------------------------------------------- /ansible/upgrade_splunk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook upgrades the splunk software 3 | 4 | - name: upgrade splunk software 5 | hosts: role_cluster_manager,role_deployer,role_deployment_server,role_heavy_forwarder,role_indexer,role_license_manager,role_monitoring_console,role_search_head,role_universal_forwarder 6 | become: yes 7 | become_user: root 8 | 9 | tasks: 10 | 11 | - name: call upgrade splunk from role splunk_software 12 | include_role: 13 | name: splunk_software 14 | tasks_from: upgrade_software 15 | -------------------------------------------------------------------------------- /ansible/upgrade_splunk_idxc_rolling.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook does a rolling upgrade of indexer cluster members 3 | 4 | - name: begin tasks 5 | hosts: idxcluster_*:&role_cluster_manager 6 | become: yes 7 | become_user: root 8 | 9 | tasks: 10 | 11 | - name: call upgrade_idxc_rolling_begin 12 | include_role: 13 | name: splunk_software 14 | tasks_from: upgrade_idxc_rolling_begin 15 | 16 | - name: upgrade indexer 17 | hosts: idxcluster_*:&role_indexer 18 | serial: 1 19 | become: yes 20 | become_user: root 21 | 22 | tasks: 23 | 24 | - name: call upgrade_idxc_rolling_check 25 | include_role: 26 | name: splunk_software 27 | tasks_from: upgrade_idxc_rolling_check 28 | 29 | - name: end tasks 30 | hosts: idxcluster_*:&role_cluster_manager 31 | become: yes 32 | become_user: root 33 | 34 | tasks: 35 | 36 | - name: call upgrade_idxc_rolling_end 37 | include_role: 38 | name: splunk_software 39 | tasks_from: upgrade_idxc_rolling_end 40 | -------------------------------------------------------------------------------- /ansible/upgrade_splunk_shc_rolling.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This playbook does a rolling upgrade of a search head cluster 3 | 4 | - name: begin tasks 5 | hosts: shcluster_*:&role_search_head 6 | become: yes 7 | become_user: root 8 | 9 | tasks: 10 | 11 | - name: call upgrade_shc_rolling_begin 12 | include_role: 13 | name: splunk_software 14 | tasks_from: upgrade_shc_rolling_begin 15 | 16 | - name: upgrade search head 17 | hosts: shcluster_*:&role_search_head 18 | serial: 1 19 | become: yes 20 | become_user: root 21 | 22 | tasks: 23 | 24 | - name: call upgrade_shc_rolling_check 25 | include_role: 26 | name: splunk_software 27 | tasks_from: upgrade_shc_rolling_check 28 | 29 | - name: end tasks 30 | hosts: shcluster_*:&role_search_head 31 | become: yes 32 | become_user: root 33 | 34 | tasks: 35 | 36 | - name: call upgrade_shc_rolling_end 37 | include_role: 38 | name: splunk_software 39 | tasks_from: upgrade_shc_rolling_end 40 | -------------------------------------------------------------------------------- /defaults/aws.yml: -------------------------------------------------------------------------------- 1 | # Default values for aws EC2 instances 2 | 3 | aws: 4 | # Access ID and Key are read from environment variables, if not spcified 5 | # Access ID: AWS_ACCESS_KEY_ID 6 | # Access Key: AWS_SECRET_ACCESS_KEY 7 | #access_key_id: 8 | #secret_access_key: 9 | region: 'eu-central-1' 10 | ssh_username: 'ec2-user' 11 | instance_type: 't2.micro' 12 | ami: 'ami-0badcc5b522737046' # Redhat 8 (eu-central-1) 13 | keypair_name: 'aws_key' 14 | ssh_private_key_path: '~/.ssh/aws_key.pem' 15 | security_groups: ['Splunk_Basic'] 16 | -------------------------------------------------------------------------------- /defaults/general.yml: -------------------------------------------------------------------------------- 1 | # Default values for general settings 2 | 3 | general: 4 | # Force a certain language in the created links in index.html 5 | url_locale: en-GB -------------------------------------------------------------------------------- /defaults/os.yml: -------------------------------------------------------------------------------- 1 | # Default values for os setting 2 | 3 | os: 4 | # Do not set a default time zone, will default to the one from the ansible host 5 | # time_zone: "Europe/Zurich" 6 | # set_hostname: true 7 | update_hosts_file: true 8 | disable_selinux: true 9 | disable_apparmor: true 10 | # Needed for the Unix TA 11 | # packages: 12 | # - sysstat 13 | # - lsof 14 | # - net-tools -------------------------------------------------------------------------------- /defaults/splunk_apps.yml: -------------------------------------------------------------------------------- 1 | # Default values for the splunk base_config apps 2 | 3 | splunk_apps: 4 | splunk_save_baseconfig_apps_dir: apps 5 | splunk_save_baseconfig_apps: false 6 | splunk_save_serverclass: false 7 | splunk_apps_dir: "../app_repo" -------------------------------------------------------------------------------- /defaults/splunk_defaults.yml: -------------------------------------------------------------------------------- 1 | # Default values for Splunk Enterprise 2 | 3 | splunk_defaults: 4 | splunk_env_name: splk 5 | splunk_version: latest 6 | splunk_admin_password: splunklab 7 | # Give a path to a license file. Must be located in splunk_software_dir 8 | #splunk_license_file: Splunk_Enterprise.lic 9 | # Share the same splunk.secret file for all installations. 10 | splunk_secret_share: 11 | # for Splunk Enterprise 12 | splunk: false 13 | # for Splunk Universal Forwarders 14 | splunkforwarder: false 15 | # use the same for both install types 16 | equal: false 17 | 18 | # If you deploy to a cloud like AWS you may want to set the serverName variable 19 | # and/or default-hostname to the inventory name 20 | #splunk_set_servername: true 21 | #splunk_set_default_hostname: true 22 | 23 | # Turn of loginpage info, if not needed 24 | #splunk_loginpage_print_hostname: false 25 | #splunk_loginpage_print_userpw: false 26 | #splunk_loginpage_print_roles: false 27 | 28 | splunk_indexes_default_paths: true 29 | splunk_indexes: 30 | test: 31 | test_metrics: 32 | datatype: metric 33 | 34 | splunk_ssl: 35 | web: 36 | enable: false 37 | own_certs: false 38 | config: 39 | enableSplunkWebSSL: true 40 | # For web private keys the cert filename must match 41 | # the systems name given in the splunk_hosts section. 42 | # Example: cm -> cm.pem 43 | #privKeyPath: etc/auth/{{splunk_env_name}}/custom_privkey.web.pem 44 | #serverCert: etc/auth/{{splunk_env_name}}/custom_cacert.pem 45 | inputs: 46 | enable: false 47 | own_certs: false 48 | config: 49 | # If own certs are provided, they must match the filename given here 50 | #rootCA: "$SPLUNK_HOME/etc/auth/{{splunk_env_name}}/custom_cacert.pem" 51 | #serverCert: "$SPLUNK_HOME/etc/auth/{{splunk_env_name}}/custom_inputs_server.pem" 52 | rootCA: "$SPLUNK_HOME/etc/auth/cacert.pem" 53 | serverCert: "$SPLUNK_HOME/etc/auth/server.pem" 54 | sslPassword: "password" 55 | outputs: 56 | enable: false 57 | own_certs: false 58 | config: 59 | # If own certs are provided, they must match the filename given here 60 | #sslRootCAPath: "custom_cacert.pem" 61 | #sslCertPath: "custom_outputs_server.pem" 62 | sslRootCAPath: "$SPLUNK_HOME/etc/auth/cacert.pem" 63 | sslCertPath: "$SPLUNK_HOME/etc/auth/server.pem" 64 | sslPassword: "password" 65 | 66 | # Do not change those values, there are currently no other options available 67 | splunk_outputs: all 68 | splunk_search_peers: all -------------------------------------------------------------------------------- /defaults/splunk_dirs.yml: -------------------------------------------------------------------------------- 1 | # Default values for directorie settings 2 | 3 | splunk_dirs: 4 | splunk_baseconfig_dir: "../Software" 5 | splunk_software_dir: "../Software" 6 | splunk_auth_dir: "../auth" -------------------------------------------------------------------------------- /defaults/splunk_idxclusters.yml: -------------------------------------------------------------------------------- 1 | # Default values for Indexer Cluster settings 2 | 3 | splunk_idxclusters: 4 | - idxc_name: idxc 5 | idxc_password: splunkidxc 6 | idxc_replication_port: 9887 7 | idxc_site_rf: 'origin:2, total:3' 8 | idxc_site_sf: 'origin:2, total:3' 9 | # Enable indexer discovery 10 | #idxc_discovery_password: idxdisco -------------------------------------------------------------------------------- /defaults/splunk_shclusters.yml: -------------------------------------------------------------------------------- 1 | # Default values for Search Head Cluster settings 2 | 3 | # Search Head Cluster settings 4 | splunk_shclusters: 5 | - shc_name: shc 6 | shc_site: site0 7 | shc_password: splunkshc 8 | shc_replication_port: 9887 -------------------------------------------------------------------------------- /defaults/splunk_systemd.yml: -------------------------------------------------------------------------------- 1 | # Default values for systemd service file settings 2 | 3 | splunk_systemd: 4 | splunk_systemd_services: 5 | splunk: 6 | Service: 7 | #LimitCORE: 0 8 | LimitFSIZE: infinity 9 | LimitDATA: infinity 10 | LimitNPROC: 20480 11 | LimitNOFILE: 65536 12 | TasksMax: 20480 13 | #KillMode: mixed 14 | #KillSignal: SIGINT 15 | #TimeoutStopSec: 10min 16 | #splunkforwarder: 17 | #Service: 18 | #TimeoutStopSec: 10min -------------------------------------------------------------------------------- /defaults/virtualbox.yml: -------------------------------------------------------------------------------- 1 | # Default values for virtualbox hosts 2 | 3 | virtualbox: 4 | start_ip: 192.168.60.100 5 | box: "almalinux/8" 6 | memory: 512 7 | cpus: 1 8 | # Install vbox guest additions 9 | install_vbox_additions: false # true/false 10 | # You need to install vagrant plugin vagrant-vbguest to mount folders 11 | #synced_folder: 12 | # - source: "../../Documents/Splunk/Software" 13 | # target: "/Splunk_Software" 14 | -------------------------------------------------------------------------------- /docs/Setup_Windows_Box.md: -------------------------------------------------------------------------------- 1 | # Setup Windows Vagrant image 2 | 3 | ## Install and configure Windows in VirtualBox 4 | 5 | Create a VirtualBox machine and install Windows 10 in it. Here we call it `Windows 10 (Vagrant Template)`. Follow the next steps to configure it for Vagrant use. 6 | 7 | ## Ansible on Windows runs over WinRM 8 | 9 | Configure WinRM on the staging Windows host 10 | 11 | Run this in the PowerShell as Administrator: 12 | 13 | ``` 14 | Enable-PSRemoting -SkipNetworkProfileCheck -Force 15 | Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force 16 | ``` 17 | 18 | Set some WinRM settings in cmd.exe as Administrator: 19 | 20 | ``` 21 | winrm set winrm/config @{MaxTimeoutms="1800000"} 22 | winrm set winrm/config/service @{AllowUnencrypted="true"} 23 | winrm set winrm/config/service/auth @{Basic="true"} 24 | ``` 25 | 26 | ## Create the windows virtualBox image 27 | 28 | Package the image 29 | 30 | ``` 31 | vagrant package --base "Windows 10 (Vagrant Template)" --output /var/tmp/windows.box --vagrantfile Vagrant/SplunkPlatformAutomator/template/Vagrantfile_windows 32 | ``` 33 | 34 | Add the new Windows image to vagrant 35 | ``` 36 | vagrant box add /var/tmp/windows.box --name windows/10 --box-version 20190505.01 37 | ``` 38 | -------------------------------------------------------------------------------- /examples/4idxc2site_sh.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # splunk_config.yml 3 | plugin: splunk-platform-automator 4 | 5 | virtualbox: 6 | # box: "centos/7" # Default 7 | # box: "ubuntu/xenial64" 8 | 9 | # Splunk default settings 10 | splunk_defaults: 11 | # splunk_env_name: splk 12 | # splunk_version: '8.2.3' 13 | # splunk_architecture: amd64 14 | # splunk_admin_password: 'splunklab' 15 | # splunk_license_file: Splunk_Enterprise.lic 16 | # splunk_indexes: 17 | # test1: 18 | # test2_metrics: 19 | # datatype: metric 20 | 21 | # Indexer Cluster settings 22 | splunk_idxclusters: 23 | - idxc_name: idxc1 24 | idxc_password: splunkidxc 25 | idxc_replication_port: 9887 26 | idxc_site_rf: 'origin:2, total:3' 27 | idxc_site_sf: 'origin:1, total:2' 28 | 29 | # Splunk hosts with its settings 30 | splunk_hosts: 31 | # Cluster Manager 32 | - name: cm 33 | roles: 34 | - cluster_manager 35 | - monitoring_console 36 | - deployment_server 37 | #- license_manager 38 | idxcluster: idxc1 39 | site: site0 40 | 41 | # Cluster Indexers (site1) 42 | - iter: 43 | prefix: idx 44 | numbers: 1..2 45 | #postfix: _server 46 | roles: 47 | - indexer 48 | idxcluster: idxc1 49 | site: site1 50 | 51 | # Cluster Indexers (site2) 52 | - iter: 53 | prefix: idx 54 | numbers: 3..4 55 | #postfix: _server 56 | roles: 57 | - indexer 58 | idxcluster: idxc1 59 | site: site2 60 | 61 | # Single Search Head 62 | - name: sh 63 | roles: 64 | - search_head 65 | idxcluster: idxc1 66 | -------------------------------------------------------------------------------- /examples/cm1_2idxc1site_cm2_2idxc1site_ds_3shc_smc_uf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # splunk_config.yml 3 | plugin: splunk-platform-automator 4 | 5 | virtualbox: 6 | # box: "centos/7" # Default 7 | # box: "ubuntu/xenial64" 8 | 9 | # Splunk default settings 10 | splunk_defaults: 11 | # splunk_env_name: splk 12 | # splunk_version: '8.2.3' 13 | # splunk_architecture: amd64 14 | # splunk_admin_password: 'splunklab' 15 | # splunk_license_file: Splunk_Enterprise.lic 16 | # splunk_indexes: 17 | # test1: 18 | # test2_metrics: 19 | # datatype: metric 20 | 21 | # Indexer Cluster settings 22 | splunk_idxclusters: 23 | - idxc_name: idxc1 24 | idxc_password: splunkidxc 25 | idxc_replication_port: 9887 26 | idxc_site_rf: 'origin:2, total:2' 27 | idxc_site_sf: 'origin:1, total:1' 28 | 29 | - idxc_name: idxc2 30 | idxc_password: splunkidxc2 31 | idxc_replication_port: 9887 32 | idxc_site_rf: 'origin:2, total:2' 33 | idxc_site_sf: 'origin:1, total:1' 34 | 35 | # Search Head Cluster settings 36 | splunk_shclusters: 37 | - shc_name: shc1 38 | shc_site: site0 # No site affinity 39 | shc_password: splunkshc 40 | shc_replication_port: 9887 41 | 42 | # Splunk hosts with its settings 43 | splunk_hosts: 44 | # Cluster Manager 45 | - name: cm1 46 | roles: 47 | - cluster_manager 48 | #- license_manager 49 | idxcluster: idxc1 50 | site: site0 51 | 52 | # Cluster Indexers (site1) 53 | - iter: 54 | prefix: idx1 55 | numbers: 1..2 56 | roles: 57 | - indexer 58 | idxcluster: idxc1 59 | site: site1 60 | 61 | # Cluster Manager 62 | - name: cm2 63 | roles: 64 | - cluster_manager 65 | idxcluster: idxc2 66 | site: site0 67 | 68 | # Cluster Indexers (site2) 69 | - iter: 70 | prefix: idx2 71 | numbers: 1..2 72 | roles: 73 | - indexer 74 | idxcluster: idxc2 75 | site: site1 76 | 77 | # Deployment Server 78 | - name: ds 79 | roles: 80 | - deployment_server 81 | - deployer 82 | shcluster: shc1 83 | 84 | # Search Heads 85 | - iter: 86 | prefix: sh 87 | numbers: 1..3 88 | roles: 89 | - search_head 90 | shcluster: shc1 91 | 92 | # Monitoring Console 93 | - name: smc 94 | roles: 95 | - monitoring_console 96 | 97 | # Universal Forwarder 98 | - name: uf 99 | roles: 100 | - universal_forwarder 101 | -------------------------------------------------------------------------------- /examples/cm_2idxc1site_3shc_uf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # splunk_config.yml 3 | plugin: splunk-platform-automator 4 | 5 | virtualbox: 6 | # box: "centos/7" # Default 7 | # box: "ubuntu/xenial64" 8 | 9 | # Splunk default settings 10 | splunk_defaults: 11 | # splunk_env_name: splk 12 | # splunk_version: '8.2.3' 13 | # splunk_architecture: amd64 14 | # splunk_admin_password: 'splunklab' 15 | # splunk_license_file: Splunk_Enterprise.lic 16 | # splunk_indexes: 17 | # test1: 18 | # test2_metrics: 19 | # datatype: metric 20 | 21 | # Indexer Cluster settings 22 | splunk_idxclusters: 23 | - idxc_name: idxc1 24 | idxc_password: splunkidxc 25 | idxc_replication_port: 9887 26 | idxc_site_rf: 'origin:2, total:2' 27 | idxc_site_sf: 'origin:2, total:2' 28 | 29 | # Search Head Cluster settings 30 | splunk_shclusters: 31 | - shc_name: shc1 32 | shc_site: site0 33 | shc_password: splunkshc 34 | shc_replication_port: 9887 35 | 36 | # Splunk hosts with its settings 37 | splunk_hosts: 38 | # Cluster Manager 39 | - name: cm 40 | roles: 41 | - deployment_server 42 | - deployer 43 | - cluster_manager 44 | - monitoring_console 45 | #- license_manager 46 | idxcluster: idxc1 47 | shcluster: shc1 48 | site: site0 49 | 50 | # Cluster Indexers (site1) 51 | - iter: 52 | prefix: idx 53 | numbers: 1..2 54 | roles: 55 | - indexer 56 | idxcluster: idxc1 57 | site: site1 58 | 59 | # Search Heads 60 | - iter: 61 | prefix: sh 62 | numbers: 1..3 63 | roles: 64 | - search_head 65 | shcluster: shc1 66 | 67 | # Universal Forwarder 68 | - name: uf 69 | roles: 70 | - universal_forwarder 71 | -------------------------------------------------------------------------------- /examples/cm_2idxc_sh_uf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # splunk_config.yml 3 | plugin: splunk-platform-automator 4 | 5 | virtualbox: 6 | # box: "centos/7" # Default 7 | # box: "ubuntu/xenial64" 8 | 9 | # Splunk default settings 10 | splunk_defaults: 11 | # splunk_env_name: splk 12 | # splunk_version: '8.2.3' 13 | # splunk_architecture: amd64 14 | # splunk_admin_password: 'splunklab' 15 | # splunk_license_file: Splunk_Enterprise.lic 16 | # splunk_indexes: 17 | # test1: 18 | # test2_metrics: 19 | # datatype: metric 20 | 21 | # Indexer Cluster settings 22 | splunk_idxclusters: 23 | - idxc_name: idxc1 24 | idxc_password: splunkidxc 25 | idxc_replication_port: 9887 26 | idxc_rf: 2 27 | idxc_sf: 2 28 | 29 | # Splunk hosts with its settings 30 | splunk_hosts: 31 | # Cluster Manager 32 | - name: cm 33 | roles: 34 | - cluster_manager 35 | - deployment_server 36 | - monitoring_console 37 | #- license_manager 38 | idxcluster: idxc1 39 | 40 | # Cluster Indexers 41 | - iter: 42 | prefix: idx 43 | numbers: 1..2 44 | roles: 45 | - indexer 46 | idxcluster: idxc1 47 | 48 | # Single Search Head 49 | - name: sh 50 | roles: 51 | - search_head 52 | 53 | # Universal Forwarder 54 | - name: uf 55 | roles: 56 | - universal_forwarder 57 | -------------------------------------------------------------------------------- /examples/cm_4idxc2site_3shc_ds_uf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # splunk_config.yml 3 | plugin: splunk-platform-automator 4 | 5 | virtualbox: 6 | # box: "centos/7" # Default 7 | # box: "ubuntu/xenial64" 8 | 9 | # Splunk default settings 10 | splunk_defaults: 11 | # splunk_env_name: splk 12 | # splunk_version: '8.2.3' 13 | # splunk_architecture: amd64 14 | # splunk_admin_password: 'splunklab' 15 | # splunk_license_file: Splunk_Enterprise.lic 16 | # splunk_indexes: 17 | # test1: 18 | # test2_metrics: 19 | # datatype: metric 20 | 21 | # Indexer Cluster settings 22 | splunk_idxclusters: 23 | - idxc_name: idxc1 24 | idxc_password: splunkidxc 25 | idxc_replication_port: 9887 26 | idxc_site_rf: 'origin:2, total:3' 27 | idxc_site_sf: 'origin:1, total:2' 28 | 29 | # Search Head Cluster settings 30 | splunk_shclusters: 31 | - shc_name: shc1 32 | shc_site: site0 33 | shc_password: splunkshc 34 | shc_replication_port: 9887 35 | 36 | # Splunk hosts with its settings 37 | splunk_hosts: 38 | # Deployment Server 39 | - name: ds 40 | roles: 41 | - deployment_server 42 | - deployer 43 | shcluster: shc1 44 | 45 | # Cluster Manager 46 | - name: cm 47 | roles: 48 | - cluster_manager 49 | - monitoring_console 50 | #- license_manager 51 | idxcluster: idxc1 52 | site: site0 53 | 54 | # Cluster Indexers (site1) 55 | - iter: 56 | prefix: idx 57 | numbers: 1..2 58 | roles: 59 | - indexer 60 | idxcluster: idxc1 61 | site: site1 62 | 63 | # Cluster Indexers (site2) 64 | - iter: 65 | prefix: idx 66 | numbers: 3..4 67 | roles: 68 | - indexer 69 | idxcluster: idxc1 70 | site: site2 71 | 72 | # Search Heads 73 | - iter: 74 | prefix: sh 75 | numbers: 1..3 76 | roles: 77 | - search_head 78 | shcluster: shc1 79 | 80 | # Universal Forwarder 81 | - name: uf 82 | roles: 83 | - universal_forwarder 84 | -------------------------------------------------------------------------------- /examples/cm_4idxc2site_3shc_ds_uf_SmartStore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # splunk_config.yml 3 | plugin: splunk-platform-automator 4 | 5 | os: 6 | set_hostname: true 7 | 8 | aws: 9 | keypair_name: 'aws_key' 10 | #region: 'eu-central-1' 11 | ami: 'ami-0badcc5b522737046' # Redhat 8 (may need to disable selinux) 12 | #ssh_username: 'ec2-user' 13 | instance_type: 't2.micro' 14 | #instance_type: 'c5.2xlarge' 15 | ssh_private_key_path: '~/.ssh/aws_key.pem' 16 | security_groups: ['Splunk_Basic'] 17 | # AWS Storage 18 | block_device_mapping: 19 | - # do not remove this, it is part of the format 20 | DeviceName: "/dev/sda1" # Redhat 8 21 | Ebs.VolumeSize: 50 # Size in GB 22 | #Ebs.DeleteOnTermination: true # Default 23 | #Ebs.VolumeType: "GP2" # General performance - you might want something faster 24 | 25 | # Splunk default settings 26 | splunk_defaults: 27 | # splunk_env_name: splk 28 | # splunk_version: '8.2.3' 29 | # splunk_architecture: amd64 30 | splunk_download: 31 | splunk: true 32 | splunkforwarder: true 33 | # splunk_admin_password: 'splunklab' 34 | # splunk_license_file: Splunk_Enterprise.lic 35 | # splunk_indexes: 36 | # test1: 37 | # test2_metrics: 38 | # datatype: metric 39 | 40 | # Define Indexer Volumes (filesystem must exist) 41 | splunk_indexer_volumes: 42 | hot: 43 | s2volume: 44 | # Create a bucket in AWS and name it here. Make sure the EC2 instances have permission to write to this bucket. 45 | path: "s3:///" 46 | storageType: remote 47 | 48 | splunk_volume_defaults: 49 | VolumeDataSize_Free_MB: 800 # Will calculate maxVolumeDataSizeMB as 'fs_free - VolumeDataSize_Free_MB' 50 | # Define the volumes to be used for the indexes 51 | homePath: hot 52 | coldPath: hot 53 | remotePath: s2volume 54 | 55 | splunk_set_servername: true 56 | splunk_set_default_hostname: true 57 | splunk_loginpage_print_userpw: false 58 | # splunk_loginpage_print_roles: false 59 | 60 | splunk_ssl: 61 | web: 62 | enable: true 63 | inputs: 64 | enable: true 65 | outputs: 66 | enable: true 67 | 68 | # Indexer Cluster settings 69 | splunk_idxclusters: 70 | - idxc_name: idxc1 71 | idxc_password: splunkidxc 72 | idxc_replication_port: 9887 73 | idxc_site_rf: 'origin:2, total:3' 74 | idxc_site_sf: 'origin:2, total:3' 75 | idxc_rf: 2 76 | idxc_sf: 2 77 | 78 | # Search Head Cluster settings 79 | splunk_shclusters: 80 | - shc_name: shc1 81 | shc_site: site0 82 | shc_password: splunkshc 83 | shc_replication_port: 9887 84 | 85 | # Splunk hosts with its settings 86 | splunk_hosts: 87 | 88 | # Deployment Server 89 | - name: ds 90 | roles: 91 | - deployment_server 92 | - deployer 93 | shcluster: shc1 94 | 95 | # Cluster Manager 96 | - name: cm 97 | roles: 98 | - cluster_manager 99 | - monitoring_console 100 | #- license_manager 101 | idxcluster: idxc1 102 | site: site0 103 | 104 | # Cluster Indexers (site1) 105 | - iter: 106 | prefix: idx 107 | numbers: 1..2 108 | roles: 109 | - indexer 110 | idxcluster: idxc1 111 | site: site1 112 | 113 | # Cluster Indexers (site2) 114 | - iter: 115 | prefix: idx 116 | numbers: 3..4 117 | roles: 118 | - indexer 119 | idxcluster: idxc1 120 | site: site2 121 | 122 | # Search Heads 123 | - iter: 124 | prefix: sh 125 | numbers: 1..3 126 | roles: 127 | - search_head 128 | shcluster: shc1 129 | 130 | # Universal Forwarder 131 | - name: uf 132 | roles: 133 | - universal_forwarder -------------------------------------------------------------------------------- /examples/ds_cm_2idxc1site_sh_hf_uf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # splunk_config.yml 3 | plugin: splunk-platform-automator 4 | 5 | virtualbox: 6 | # box: "centos/7" # Default 7 | # box: "ubuntu/xenial64" 8 | 9 | # Splunk default settings 10 | splunk_defaults: 11 | # splunk_env_name: splk 12 | # splunk_version: '8.2.3' 13 | # splunk_architecture: amd64 14 | # splunk_admin_password: 'splunklab' 15 | # splunk_license_file: Splunk_Enterprise.lic 16 | # splunk_indexes: 17 | # test1: 18 | # test2_metrics: 19 | # datatype: metric 20 | 21 | # Indexer Cluster settings 22 | splunk_idxclusters: 23 | - idxc_name: idxc1 24 | idxc_password: splunkidxc1 25 | idxc_replication_port: 9887 26 | idxc_site_rf: 'origin:2, total:2' 27 | idxc_site_sf: 'origin:1, total:1' 28 | 29 | # Splunk hosts with its settings 30 | splunk_hosts: 31 | 32 | # Deployment Server 33 | - name: ds 34 | roles: 35 | - deployment_server 36 | 37 | # Cluster Manager 38 | - name: cm 39 | roles: 40 | - cluster_manager 41 | - monitoring_console 42 | #- license_manager 43 | idxcluster: idxc1 44 | site: site0 45 | 46 | # Cluster Indexers 47 | - list: 48 | - idx1 49 | - idx2 50 | roles: 51 | - indexer 52 | # Name the indexer cluster to be a member of 53 | idxcluster: idxc1 54 | site: site1 55 | 56 | # Search Head 57 | - name: sh 58 | roles: 59 | - search_head 60 | 61 | # Search Head 62 | - name: hf 63 | roles: 64 | - heavy_forwarder 65 | 66 | # Universal Forwarder 67 | - name: uf 68 | roles: 69 | - universal_forwarder 70 | -------------------------------------------------------------------------------- /examples/idx_3shc_uf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # splunk_config.yml 3 | plugin: splunk-platform-automator 4 | 5 | virtualbox: 6 | # box: "centos/7" # Default 7 | # box: "ubuntu/xenial64" 8 | 9 | # Splunk default settings 10 | splunk_defaults: 11 | # splunk_env_name: splk 12 | # splunk_version: '8.2.3' 13 | # splunk_architecture: amd64 14 | # splunk_admin_password: 'splunklab' 15 | # splunk_license_file: Splunk_Enterprise.lic 16 | # splunk_indexes: 17 | # test1: 18 | # test2_metrics: 19 | # datatype: metric 20 | 21 | # Search Head Cluster settings 22 | splunk_shclusters: 23 | - shc_name: shc1 24 | shc_site: site0 25 | shc_password: splunkshc 26 | shc_replication_port: 9887 27 | 28 | # Splunk hosts with its settings 29 | splunk_hosts: 30 | # Deployer 31 | - name: dpl 32 | roles: 33 | - deployer 34 | - deployment_server 35 | - monitoring_console 36 | # - license_manager 37 | shcluster: shc1 38 | 39 | # Single Indexer 40 | - name: idx 41 | roles: 42 | - indexer 43 | 44 | # Search Heads 45 | - iter: 46 | prefix: sh 47 | numbers: 1..3 48 | roles: 49 | - search_head 50 | shcluster: shc1 51 | 52 | # Universal Forwarder 53 | - name: uf 54 | roles: 55 | - universal_forwarder 56 | -------------------------------------------------------------------------------- /examples/idx_sh_uf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # splunk_config.yml 3 | plugin: splunk-platform-automator 4 | 5 | virtualbox: 6 | # box: "centos/7" # Default 7 | # box: "ubuntu/xenial64" 8 | 9 | # Splunk default settings 10 | splunk_defaults: 11 | # splunk_env_name: splk 12 | # splunk_version: '8.2.3' 13 | # splunk_architecture: amd64 14 | # splunk_admin_password: 'splunklab' 15 | # splunk_license_file: Splunk_Enterprise.lic 16 | # splunk_indexes: 17 | # test1: 18 | # test2_metrics: 19 | # datatype: metric 20 | 21 | # Splunk hosts with its settings 22 | splunk_hosts: 23 | # Indexer 24 | - name: idx 25 | roles: 26 | - indexer 27 | 28 | # Search Head 29 | - name: sh 30 | roles: 31 | - search_head 32 | 33 | # Universal Forwarder 34 | - name: uf 35 | roles: 36 | - universal_forwarder 37 | -------------------------------------------------------------------------------- /examples/idx_sh_uf_SmartStore.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # splunk_config.yml 3 | plugin: splunk-platform-automator 4 | 5 | os: 6 | set_hostname: true 7 | 8 | #virtualbox: 9 | aws: 10 | keypair_name: 'aws_key' 11 | #region: 'eu-central-1' 12 | ami: 'ami-0badcc5b522737046' # Redhat 8 13 | ssh_username: 'ec2-user' 14 | instance_type: 't2.micro' 15 | #instance_type: 'c5.2xlarge' 16 | ssh_private_key_path: '~/.ssh/aws_key.pem' 17 | security_groups: ['Splunk_Basic'] 18 | # AWS Storage 19 | block_device_mapping: 20 | - # do not remove this, it is part of the format 21 | DeviceName: "/dev/sda1" # Redhat 8 22 | Ebs.VolumeSize: 50 # Size in GB 23 | #Ebs.DeleteOnTermination: true 24 | #Ebs.VolumeType: "GP2" # General performance - you might want something faster 25 | 26 | # Splunk default settings 27 | splunk_defaults: 28 | # splunk_env_name: splk 29 | # splunk_version: '8.2.3' 30 | # splunk_architecture: amd64 31 | splunk_download: 32 | splunk: true 33 | splunkforwarder: true 34 | # splunk_admin_password: 'splunklab' 35 | # splunk_license_file: Splunk_Enterprise.lic 36 | # splunk_indexes: 37 | # test1: 38 | # test2_metrics: 39 | # datatype: metric 40 | 41 | # Define Indexer Volumes (filesystem must exist) 42 | splunk_indexer_volumes: 43 | hot: 44 | s2volume: 45 | path: "s3:///" 46 | storageType: remote 47 | # TSIDX compression with Splunk 9.0+ 48 | #remote.s3.tsidx_compression: true 49 | 50 | splunk_volume_defaults: 51 | VolumeDataSize_Free_MB: 800 # Will calculate maxVolumeDataSizeMB as 'fs_free - VolumeDataSize_Free_MB' 52 | # Define the volumes to be used for the indexes 53 | homePath: hot 54 | coldPath: hot 55 | remotePath: s2volume 56 | 57 | splunk_set_servername: true 58 | splunk_set_default_hostname: true 59 | splunk_loginpage_print_userpw: false 60 | # splunk_loginpage_print_roles: false 61 | 62 | splunk_ssl: 63 | web: 64 | enable: true 65 | inputs: 66 | enable: true 67 | outputs: 68 | enable: true 69 | 70 | # Splunk hosts with its settings 71 | splunk_hosts: 72 | 73 | # Indexer 74 | - name: idx 75 | roles: 76 | - indexer 77 | aws: 78 | # IAM Role with S3 access permissions to assign to the indexer 79 | # Must be created beforehand 80 | iam_instance_profile_name: Splunk_S3-Access 81 | 82 | # Search Head 83 | - name: sh 84 | roles: 85 | - search_head 86 | 87 | # Universal Forwarder 88 | - name: uf 89 | roles: 90 | - universal_forwarder -------------------------------------------------------------------------------- /examples/single_node.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # splunk_config.yml 3 | plugin: splunk-platform-automator 4 | 5 | virtualbox: 6 | # box: "centos/7" # Default 7 | # box: "ubuntu/xenial64" 8 | 9 | # Splunk default settings 10 | splunk_defaults: 11 | # splunk_env_name: splk 12 | # splunk_version: '8.2.3' 13 | # splunk_architecture: amd64 14 | # splunk_admin_password: 'splunklab' 15 | # splunk_license_file: Splunk_Enterprise.lic 16 | # splunk_indexes: 17 | # test1: 18 | # test2_metrics: 19 | # datatype: metric 20 | 21 | # Splunk hosts with its settings 22 | splunk_hosts: 23 | # Indexer and Search Head on single node 24 | - name: shidx 25 | roles: 26 | - indexer 27 | - search_head 28 | 29 | # Universal Forwarder 30 | # - name: uf 31 | # roles: 32 | # - universal_forwarder 33 | -------------------------------------------------------------------------------- /examples/splunk_config_aws.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # splunk_config.yml 3 | plugin: splunk-platform-automator 4 | 5 | # General settings 6 | general: 7 | # url_locale: en-GB 8 | 9 | os: 10 | # time_zone: "Europe/Zurich" 11 | # Set hostname to ansible_inventory name 12 | set_hostname: true 13 | 14 | aws: 15 | #access_key_id: '' # defaults to ENV['AWS_ACCESS_KEY_ID'] 16 | #secret_access_key: '' # ENV['AWS_SECRET_ACCESS_KEY'] 17 | keypair_name: 'aws_key' 18 | #region: 'eu-central-1' 19 | #ami: 'ami-e3381508' # Ubuntu 16.04 20 | #ssh_username: 'ubuntu' # ami-e3381508 21 | ami: 'ami-c86c3f23' # Redhat 7.5 22 | ssh_username: 'ec2-user' # ami-c86c3f23 23 | #instance_type: 't2.micro' 24 | ssh_private_key_path: '~/.ssh/aws_key.pem' 25 | security_groups: ['Splunk_Basic'] 26 | # AWS Storage 27 | block_device_mapping: 28 | - # do not remove this, it is part of the format 29 | DeviceName: "/dev/sda1" 30 | Ebs.VolumeSize: 50 # Size in GB 31 | #Ebs.DeleteOnTermination: true 32 | #Ebs.VolumeType: "GP2" # General performance - you might want something faster 33 | - # do not remove this, it is part of the format 34 | DeviceName: "/dev/sdg" # Additional Disk 35 | Ebs.VolumeSize: 20 # Size in GB 36 | - # do not remove this, it is part of the format 37 | DeviceName: "/dev/sdh" # Additional Disk 38 | Ebs.VolumeSize: 30 # Size in GB 39 | 40 | # Splunk default settings 41 | splunk_defaults: 42 | # splunk_env_name: splk 43 | # splunk_version: '8.2.3' 44 | 45 | splunk_download: 46 | splunk: true 47 | splunkforwarder: true 48 | # splunk_admin_password: 'splunklab' 49 | # splunk_license_file: Splunk_Enterprise.lic 50 | # splunk_indexes: 51 | # test1: 52 | # test2_metrics: 53 | # datatype: metric 54 | splunk_set_servername: true 55 | splunk_set_default_hostname: true 56 | splunk_loginpage_print_userpw: false 57 | # splunk_loginpage_print_roles: false 58 | 59 | # Enable ssl by default to secure internet facing connections. 60 | splunk_ssl: 61 | web: 62 | enable: true 63 | inputs: 64 | enable: true 65 | outputs: 66 | enable: true 67 | 68 | # Splunk hosts with its settings 69 | splunk_hosts: 70 | # Indexer 71 | - name: idx 72 | roles: 73 | - indexer 74 | 75 | # Search Head 76 | - name: sh 77 | roles: 78 | - search_head 79 | 80 | # Universal Forwarder 81 | - name: uf 82 | roles: 83 | - universal_forwarder 84 | -------------------------------------------------------------------------------- /examples/splunk_config_winuf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # splunk_config.yml 3 | plugin: splunk-platform-automator 4 | 5 | ###################################################################### 6 | # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 7 | # 8 | # This is not working out of the box and needs manual preparation 9 | # of a Windows Virtual Box image. This is not documented yet. 10 | # 11 | # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 12 | ###################################################################### 13 | 14 | virtualbox: 15 | # box: "centos/7" # Default 16 | # box: "ubuntu/xenial64" 17 | 18 | # Splunk default settings 19 | splunk_defaults: 20 | # splunk_env_name: splk 21 | # splunk_version: '8.2.3' 22 | # splunk_architecture: amd64 23 | # splunk_admin_password: 'splunklab' 24 | # splunk_license_file: Splunk_Enterprise.lic 25 | # splunk_indexes: 26 | # test1: 27 | # test2_metrics: 28 | # datatype: metric 29 | 30 | # Splunk hosts with its settings 31 | splunk_hosts: 32 | # Indexer and Search Head on single node 33 | - name: shidx 34 | roles: 35 | - indexer 36 | - search_head 37 | - deployment_server 38 | 39 | # Universal Forwarder 40 | - name: winuf 41 | roles: 42 | - universal_forwarder_windows 43 | virtualbox: 44 | box: "windows10/20181113" 45 | cpus: 1 46 | memory: 2048 47 | -------------------------------------------------------------------------------- /examples/two_envs_each_cm_2idxc1site_ds_sh_uf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # splunk_config.yml 3 | plugin: splunk-platform-automator 4 | 5 | virtualbox: 6 | # box: "centos/7" # Default 7 | # box: "ubuntu/xenial64" 8 | 9 | # Splunk default settings 10 | splunk_defaults: 11 | # splunk_license_file: Splunk_Enterprise.lic 12 | 13 | # Splunk general settings 14 | splunk_environments: 15 | - splunk_env_name: splk1 16 | # splunk_version: '8.2.3' 17 | # splunk_architecture: amd64 18 | # splunk_admin_password: 'splunklab' 19 | # splunk_indexes: 20 | # test1: 21 | # test2_metrics: 22 | # datatype: metric 23 | 24 | - splunk_env_name: splk2 25 | # splunk_version: '8.2.3' 26 | # splunk_architecture: amd64 27 | # splunk_admin_password: 'splunklab' 28 | # splunk_indexes: 29 | # test1: 30 | # test2_metrics: 31 | # datatype: metric 32 | 33 | # Indexer Cluster settings 34 | splunk_idxclusters: 35 | - idxc_name: idxc1 36 | idxc_password: splunkidxc1 37 | idxc_replication_port: 9887 38 | idxc_site_rf: 'origin:2, total:2' 39 | idxc_site_sf: 'origin:1, total:1' 40 | 41 | - idxc_name: idxc2 42 | idxc_password: splunkidxc2 43 | idxc_replication_port: 9887 44 | idxc_site_rf: 'origin:2, total:2' 45 | idxc_site_sf: 'origin:1, total:1' 46 | 47 | # Splunk hosts with its settings 48 | splunk_hosts: 49 | # First Environment 50 | # ================== 51 | 52 | # Deployment Server 53 | - name: ds1 54 | splunk_env: splk1 55 | roles: 56 | - deployment_server 57 | 58 | # Cluster Manager 59 | - name: cm1 60 | splunk_env: splk1 61 | roles: 62 | - cluster_manager 63 | - monitoring_console 64 | #- license_manager 65 | idxcluster: idxc1 66 | site: site0 67 | 68 | # Cluster Indexers (site1) 69 | - iter: 70 | prefix: idx1 71 | numbers: 1..2 72 | splunk_env: splk1 73 | roles: 74 | - indexer 75 | idxcluster: idxc1 76 | site: site1 77 | 78 | # Single Search Head 79 | - name: sh1 80 | splunk_env: splk1 81 | roles: 82 | - search_head 83 | 84 | # Universal Forwarder 85 | - name: uf1 86 | splunk_env: splk1 87 | roles: 88 | - universal_forwarder 89 | 90 | # Second Environment 91 | # ================== 92 | 93 | # Deployment Server 94 | - name: ds2 95 | splunk_env: splk2 96 | roles: 97 | - deployment_server 98 | 99 | # Cluster Manager 100 | - name: cm2 101 | splunk_env: splk2 102 | roles: 103 | - cluster_manager 104 | - monitoring_console 105 | #- license_manager 106 | idxcluster: idxc2 107 | site: site0 108 | 109 | # Cluster Indexers (site1) 110 | - iter: 111 | prefix: idx2 112 | numbers: 1..2 113 | splunk_env: splk2 114 | roles: 115 | - indexer 116 | idxcluster: idxc2 117 | site: site1 118 | 119 | # Single Search Head 120 | - name: sh2 121 | splunk_env: splk2 122 | roles: 123 | - search_head 124 | 125 | # Universal Forwarder 126 | - name: uf2 127 | splunk_env: splk2 128 | roles: 129 | - universal_forwarder 130 | -------------------------------------------------------------------------------- /pic/splunk-platform-automator_overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-platform-automator/27ae2b302fab00e5fe9858c15d5dad28e739458a/pic/splunk-platform-automator_overview.png -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | ansible >= 3.4.0 # this is ansible-core 2.10.0 2 | jmespath # required for json_query calls 3 | lxml # required for license file checks 4 | boto3 # required for ec2 (aws) plugin 5 | -------------------------------------------------------------------------------- /template/Vagrantfile_windows: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | # All Vagrant configuration is done below. The "2" in Vagrant.configure 5 | # configures the configuration version (we support older styles for 6 | # backwards compatibility). Please don't change it unless you know what 7 | # you're doing. 8 | Vagrant.configure(2) do |config| 9 | config.vm.guest = :windows 10 | config.vm.communicator = "winrm" 11 | config.vm.boot_timeout = 600 12 | config.vm.graceful_halt_timeout = 600 13 | 14 | # Create a forwarded port mapping which allows access to a specific port 15 | # within the machine from a port on the host machine. In the example below, 16 | # accessing "localhost:8080" will access port 80 on the guest machine. 17 | # config.vm.network "forwarded_port", guest: 80, host: 8080 18 | config.vm.network :forwarded_port, guest: 3389, host: 3389, id: "rdp", auto_correct: true 19 | config.vm.network :forwarded_port, guest: 5985, host: 5985, id: "winrm", auto_correct: true 20 | 21 | # config.vm.provider "virtualbox" do |vb| 22 | # # Customize the name of VM in VirtualBox manager UI: 23 | # vb.name = "yourcompany-yourbox" 24 | # end 25 | end 26 | --------------------------------------------------------------------------------