diff --git a/README.md b/README.md index c7608a1..aad5b6b 100644 --- a/README.md +++ b/README.md @@ -151,6 +151,7 @@ Note: Any task with an **adhoc** prefix means that it can be used independently - **configure_shc_members.yml** - Initializes search head clustering on Splunk hosts that will be participating in a new search head cluster. Relies on the values of: `splunk_shc_key`, `splunk_shc_label`, `splunk_shc_deployer`, `splunk_shc_rf`, `splunk_shc_rep_port`, `splunkd_port`, `splunk_admin_username`, and `splunk_admin_password`. Be sure to review the default values for the role for these and configure them appropriately in your group_vars. - **configure_splunk_forwarder_meta.yml** - Configures a new indexed field called splunk_forwarder and sets its default value to the value of `ansible_hostname`. Note that you will need to install a fields.conf on your search head(s) if you wish to use this custom indexed field. - **configure_splunk_boot.yml** - Used during installation to automatically configure splunk boot-start to the desired state. This task can also be used to enable boot-start on an existing host that does not have it enabled, or to switch from init.d to systemd, or vice-versa. The desired boot-start method is determined using the boolean value of `splunk_use_initd` (true=initd, false=systemd). In addition it is also possible for splunk to create a polkit rule, if using systemd, that allows the `splunk_nix_user` to managed the splunk service without authentication. You may also set the `systemd_unit_full` or the `systemd_unit_uf` variables to customize the service name systemd will use. +- **configure_splunk_launch.yml** - Configures the splunk-launch.conf file with variables to persist values if their default changes. Configures the splunk user, home, service name, and DB path if defined. - **configure_splunk_secret.yml** - Configures a common splunk.secret file from the files/authentication/splunk.secret so that pre-hashed passwords can be securely deployed. Note that changing splunk.secret will require re-encryption of any passwords that were encrypted using the previous splunk.secret since Splunk will no longer be able to decrypt them successfully. - **configure_systemd.yml** - Updates Splunk's systemd file using best practices and tips from the community. Also allows Splunk to start successfully using systemd after an upgrade without the need to run `splunk ftr --accept-license`. - **configure_thp.yml** - Installs a new systemd service (disable-thp) that disables THP for RedHat|CentOS systems 6.0+. This task is automatically called by the configure_os.yml task. Optionally, you can set `use_tuned_thp` to configure THP via `tuned` instead of a service. Default is `false`. Mote: Make sure your host does not require a specific `tuned` profile before applying this one. diff --git a/roles/splunk/defaults/main.yml b/roles/splunk/defaults/main.yml index 804312b..1694c73 100644 --- a/roles/splunk/defaults/main.yml +++ b/roles/splunk/defaults/main.yml @@ -53,6 +53,7 @@ git_version: master # Configure default version to clone, overridable inside the app_relative_path: # set a sub-path you want to sync within a repo. If the repo contains multiple apps in the root directory, just set this to a trailing slash. splunk_app_deploy_path: undefined # Path under $SPLUNK_HOME/ to deploy apps to - Note that this may be set in group_vars, host_vars, playbook vars, or inside the git_apps dictionary within host_vars splunk_auditd_configure: false # Whether or not to install auditd filtering rules for splunk launched executables +splunk_db_path: undefined # Path which specifies the location of indexes on indexers and KVStores on other systems - defaults to $SPLUNK_HOME/var/lib/splunk # IDXC Vars splunk_idxc_key: mypass4symmkey splunk_idxc_rf: 2 diff --git a/roles/splunk/tasks/configure_splunk_launch.yml b/roles/splunk/tasks/configure_splunk_launch.yml new file mode 100644 index 0000000..744089e --- /dev/null +++ b/roles/splunk/tasks/configure_splunk_launch.yml @@ -0,0 +1,30 @@ +--- +- name: Configure Splunk Launch with user, home, and service values + community.general.ini_file: + path: "{{ splunk_home }}/etc/splunk-launch.conf" + section: null + option: "{{ item.key }}" + value: "{{ item.value }}" + owner: "{{ splunk_nix_user }}" + group: "{{ splunk_nix_group }}" + mode: 0644 + become: true + loop: + - key: SPLUNK_OS_USER + value: "{{ splunk_nix_user }}" + - key: SPLUNK_HOME + value: "{{ splunk_home }}" + - key: SPLUNK_SERVER_NAME + value: "{{ splunk_service }}" + +- name: Ensure splunk DB set correctly for IDX in splunk-launch + community.general.ini_file: + path: "{{ splunk_home }}/etc/splunk-launch.conf" + section: null + option: SPLUNK_DB + value: "{{ splunk_db_path }}" + owner: "{{ splunk_nix_user }}" + group: "{{ splunk_nix_group }}" + mode: 0644 + become: true + when: splunk_db_path is defined and splunk_db_path != "undefined" diff --git a/roles/splunk/tasks/install_splunk.yml b/roles/splunk/tasks/install_splunk.yml index b1b6398..e70deda 100644 --- a/roles/splunk/tasks/install_splunk.yml +++ b/roles/splunk/tasks/install_splunk.yml @@ -68,6 +68,9 @@ - name: Include accept license task include_tasks: splunk_license_accept.yml +- name: Configure Splunk launch before boot + include_tasks: configure_splunk_launch.yml + - name: Enable boot start include_tasks: configure_splunk_boot.yml