From 1711922d34155c205a7fdc8bfc711ea2901e895b Mon Sep 17 00:00:00 2001 From: jvega Date: Wed, 14 Feb 2024 10:47:54 -0800 Subject: [PATCH 1/4] added task to download splunk build using basic auth --- inventory/environ.py | 8 ++++++ roles/splunk_common/tasks/install_apps.yml | 4 +-- .../tasks/install_splunk_tgz.yml | 27 ++++++++++++++++++- 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/inventory/environ.py b/inventory/environ.py index 3e6b81cb..bc96c7d3 100755 --- a/inventory/environ.py +++ b/inventory/environ.py @@ -145,6 +145,7 @@ def getDefaultVars(): getJava(defaultVars) getSplunkBuild(defaultVars) getSplunkbaseToken(defaultVars) + getSplunkBuildAuth(defaultVars) getSplunkApps(defaultVars) getSplunkAppsLocal(defaultVars) getLaunchConf(defaultVars) @@ -357,6 +358,13 @@ def getSplunkbaseToken(vars_scope): splunkbase_token = re.search("(.*)", output, re.IGNORECASE) vars_scope["splunkbase_token"] = splunkbase_token.group(1) if splunkbase_token else None +def getSplunkBuildAuth(vars_scope): + """ + Load username and password to be used in basic auth when fetching splunk build or apps + """ + vars_scope["splunk"]["artifact_auth_user"] = os.environ.get("ARTIFACTORY_USER", vars_scope["splunk"].get("basic_auth_user")) + vars_scope["splunk"]["artifact_auth_pass"] = os.environ.get("ARTIFACTORY_TOKEN", vars_scope["splunk"].get("artifact_auth_pass")) + def getSplunkApps(vars_scope): """ Determine the set of Splunk apps to install as union of defaults.yml and environment variables diff --git a/roles/splunk_common/tasks/install_apps.yml b/roles/splunk_common/tasks/install_apps.yml index 89c1d20f..d2ee7f25 100644 --- a/roles/splunk_common/tasks/install_apps.yml +++ b/roles/splunk_common/tasks/install_apps.yml @@ -38,8 +38,8 @@ timeout: 120 validate_certs: no force: yes - url_username: "{{ lookup('env', 'ARTIFACTORY_USER') }}" - url_password: "{{ lookup('env', 'ARTIFACTORY_TOKEN') }}" + url_username: "{{ splunk.artifact_auth_user }}" + url_password: "{{ splunk.artifact_auth_pass }}" register: app_remote when: - app_url is match("^(https?|file)://.*") diff --git a/roles/splunk_common/tasks/install_splunk_tgz.yml b/roles/splunk_common/tasks/install_splunk_tgz.yml index 9ad9169b..609d655d 100644 --- a/roles/splunk_common/tasks/install_splunk_tgz.yml +++ b/roles/splunk_common/tasks/install_splunk_tgz.yml @@ -8,7 +8,32 @@ validate_certs: no timeout: 900 mode: 0666 - when: splunk.build_location is match("^(https?)://.*") + when: + - splunk.build_location is match("^(https?)://.*") + - splunk.artifact_auth_user is undefined or splunk.artifact_auth_user == "" + register: download_result + until: download_result is succeeded + retries: 5 + delay: "{{ retry_delay }}" + become: yes + become_user: "{{ privileged_user }}" + +- name: Download Splunk using basic auth + get_url: + url: "{{ splunk.build_location }}" + dest: "{{ splunk.opt }}" + owner: "{{ splunk.user }}" + group: "{{ splunk.group }}" + force_basic_auth: false + url_username: "{{ splunk.artifact_auth_user }}" + url_password: "{{ splunk.artifact_auth_pass }}" + validate_certs: no + timeout: 900 + mode: 0666 + when: + - splunk.build_location is match("^(https?)://.*") + - splunk.artifact_auth_user is defined + - splunk.artifact_auth_user != "" register: download_result until: download_result is succeeded retries: 5 From c022a774e21f281c0a8b7bfe83d3f5e66b815d0b Mon Sep 17 00:00:00 2001 From: jvega Date: Thu, 22 Feb 2024 10:20:58 -0800 Subject: [PATCH 2/4] using tar and chmod to speed up unarchive step --- roles/splunk_common/tasks/install_splunk_tgz.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/roles/splunk_common/tasks/install_splunk_tgz.yml b/roles/splunk_common/tasks/install_splunk_tgz.yml index 609d655d..ed838249 100644 --- a/roles/splunk_common/tasks/install_splunk_tgz.yml +++ b/roles/splunk_common/tasks/install_splunk_tgz.yml @@ -51,12 +51,7 @@ splunk_replaced_build_location: "{{ splunk.build_location | regex_replace('^file://(.*)$', '\\1') }}" - name: Install Splunk (Linux) from local build location - unarchive: - src: "{% if splunk.build_location is match('^(https?)://.*') %}{{ splunk_downloaded_build_location }}{% else %}{{ splunk_replaced_build_location }}{% endif %}" - dest: "{{ splunk.opt }}" - owner: "{{ splunk.user }}" - group: "{{ splunk.group }}" - remote_src: yes + shell: tar --no-same-owner --no-same-permissions -x --owner={{ splunk.user }} --group={{ splunk.group }} -f {% if splunk.build_location is match('^(https?)://.*') %}{{ splunk_downloaded_build_location }}{% else %}{{ splunk_replaced_build_location }}{% endif %} -C {{ splunk.opt }} && chown -R {{ splunk.user }}:{{ splunk.group }} /opt/splunk/* register: install_result until: install_result is succeeded retries: "{{ retry_num }}" From 01f02f2b7d0dfd131a1ded401f78a2e4d4f75d6f Mon Sep 17 00:00:00 2001 From: jvega Date: Mon, 11 Mar 2024 14:56:41 -0700 Subject: [PATCH 3/4] reduced unnecessary steps in Splunk setup --- roles/splunk_common/handlers/restart_splunk.yml | 13 ++++++++++++- roles/splunk_common/tasks/enable_splunkd_ssl.yml | 5 +++++ roles/splunk_common/tasks/main.yml | 8 ++------ roles/splunk_common/tasks/set_as_license_slave.yml | 12 ++++++++++++ .../tasks/search_head_clustering.yml | 13 ------------- 5 files changed, 31 insertions(+), 20 deletions(-) diff --git a/roles/splunk_common/handlers/restart_splunk.yml b/roles/splunk_common/handlers/restart_splunk.yml index a5841695..e9273c35 100644 --- a/roles/splunk_common/handlers/restart_splunk.yml +++ b/roles/splunk_common/handlers/restart_splunk.yml @@ -1,4 +1,11 @@ --- +- name: Check if Splunk is running + command: "{{ splunk.exec }} status" + become: yes + become_user: "{{ splunk.user }}" + register: check_result + ignore_errors: yes + - name: "Restart the splunkd service - Via CLI" command: "{{ splunk.exec }} restart --answer-yes --accept-license" become: yes @@ -7,7 +14,9 @@ until: task_result.rc == 0 retries: "{{ retry_num }}" delay: "{{ retry_delay }}" - when: not splunk.enable_service + when: + - not splunk.enable_service + - "'splunkd is running' in check_result.stdout" - name: "Restart the splunkd service - Via Linux systemd or init" service: @@ -26,3 +35,5 @@ - name: "Wait for splunkd management port" wait_for: port: "{{ splunk.svc_port }}" + when: + - "'splunkd is running' in check_result.stdout" diff --git a/roles/splunk_common/tasks/enable_splunkd_ssl.yml b/roles/splunk_common/tasks/enable_splunkd_ssl.yml index 543a139c..95684301 100644 --- a/roles/splunk_common/tasks/enable_splunkd_ssl.yml +++ b/roles/splunk_common/tasks/enable_splunkd_ssl.yml @@ -13,6 +13,11 @@ become_user: "{{ splunk.user }}" when: "'enable' in splunk.ssl" +- name: Set HTTPS as prefix after enabling it + set_fact: + cert_prefix: https + when: "'enable' in splunk.ssl" + - name: Set Splunkd CA ini_file: dest: "{{ splunk.home }}/etc/system/local/server.conf" diff --git a/roles/splunk_common/tasks/main.yml b/roles/splunk_common/tasks/main.yml index 5b993845..7fc83029 100644 --- a/roles/splunk_common/tasks/main.yml +++ b/roles/splunk_common/tasks/main.yml @@ -119,13 +119,9 @@ - include_tasks: enable_dsp.yml when: "'dsp' in splunk and 'enable' in splunk.dsp and splunk.dsp.enable" -- include_tasks: start_splunk.yml - -- include_tasks: set_certificate_prefix.yml - -- include_tasks: clean_user_seed.yml - - include_tasks: add_splunk_license.yml - include_tasks: disable_popups.yml when: "'disable_popups' in splunk and splunk.disable_popups | bool" + +- include_tasks: start_splunk.yml \ No newline at end of file diff --git a/roles/splunk_common/tasks/set_as_license_slave.yml b/roles/splunk_common/tasks/set_as_license_slave.yml index e9ac396e..df9e785a 100644 --- a/roles/splunk_common/tasks/set_as_license_slave.yml +++ b/roles/splunk_common/tasks/set_as_license_slave.yml @@ -20,3 +20,15 @@ - Restart the splunkd service ignore_errors: yes no_log: "{{ hide_password }}" + when: false + +- name: Set node as license peer - FAST + ini_file: + dest: "{{ splunk.home }}/etc/system/local/server.conf" + section: license + option: manager_uri + value: "https://lm1:8089" + owner: "{{ splunk.user }}" + group: "{{ splunk.group }}" + become: yes + become_user: "{{ splunk.user }}" diff --git a/roles/splunk_search_head/tasks/search_head_clustering.yml b/roles/splunk_search_head/tasks/search_head_clustering.yml index 0dea8555..6e5532bb 100644 --- a/roles/splunk_search_head/tasks/search_head_clustering.yml +++ b/roles/splunk_search_head/tasks/search_head_clustering.yml @@ -71,16 +71,3 @@ retries: "{{ shc_sync_retry_num }}" delay: "{{ retry_delay }}" no_log: "{{ hide_password }}" - -- name: Destructive sync search head - command: "{{ splunk.exec }} resync shcluster-replicated-config -auth {{ splunk.admin_user }}:{{ splunk.password }}" - become: yes - become_user: "{{ splunk.user }}" - when: not splunk_search_head_captain | bool - register: task_result - changed_when: task_result.rc == 0 - failed_when: task_result.rc !=0 and "this instance is the captain" not in task_result.stderr - until: task_result.rc == 0 or "this instance is the captain" in task_result.stderr - retries: "{{ shc_sync_retry_num }}" - delay: "{{ retry_delay }}" - no_log: "{{ hide_password }}" From 9f964a85ad89128721894f34d9834839af68f7b6 Mon Sep 17 00:00:00 2001 From: jvega Date: Mon, 11 Mar 2024 15:06:56 -0700 Subject: [PATCH 4/4] removing dead code --- .../splunk_common/tasks/set_as_license_slave.yml | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/roles/splunk_common/tasks/set_as_license_slave.yml b/roles/splunk_common/tasks/set_as_license_slave.yml index bd458c7a..626366a0 100644 --- a/roles/splunk_common/tasks/set_as_license_slave.yml +++ b/roles/splunk_common/tasks/set_as_license_slave.yml @@ -7,22 +7,6 @@ port: "{{ splunk.license_master_url | urlsplit('port') }}" no_log: "{{ hide_password }}" -- name: Set node as license slave - command: "{{ splunk.exec }} edit licenser-localslave -master_uri {{ splunk.license_master_url }} -auth '{{ splunk.admin_user }}:{{ splunk.password }}'" - become: yes - become_user: "{{ splunk.user }}" - register: linux_set_lic_slave - until: linux_set_lic_slave.rc == 0 - changed_when: linux_set_lic_slave.rc == 0 and "licenser-localslave object has been edited" in linux_set_lic_slave.stdout - failed_when: linux_set_lic_slave.rc !=0 and "does not support being a remote master" in linux_set_lic_slave.stderr - retries: "{{ retry_num }}" - delay: "{{ retry_delay }}" - notify: - - Restart the splunkd service - ignore_errors: yes - no_log: "{{ hide_password }}" - when: false - - name: Set node as license peer - FAST ini_file: dest: "{{ splunk.home }}/etc/system/local/server.conf"