Configure Splunk Launch explicitly to prevent future clobbering

README.md

@@ -151,6 +151,7 @@ Note: Any task with an **adhoc** prefix means that it can be used independently
 - **configure_shc_members.yml** - Initializes search head clustering on Splunk hosts that will be participating in a new search head cluster. Relies on the values of: `splunk_shc_key`, `splunk_shc_label`, `splunk_shc_deployer`, `splunk_shc_rf`, `splunk_shc_rep_port`, `splunkd_port`, `splunk_admin_username`, and `splunk_admin_password`. Be sure to review the default values for the role for these and configure them appropriately in your group_vars.
 - **configure_splunk_forwarder_meta.yml** - Configures a new indexed field called splunk_forwarder and sets its default value to the value of `ansible_hostname`. Note that you will need to install a fields.conf on your search head(s) if you wish to use this custom indexed field.
 - **configure_splunk_boot.yml** - Used during installation to automatically configure splunk boot-start to the desired state. This task can also be used to enable boot-start on an existing host that does not have it enabled, or to switch from init.d to systemd, or vice-versa. The desired boot-start method is determined using the boolean value of `splunk_use_initd` (true=initd, false=systemd). In addition it is also possible for splunk to create a polkit rule, if using systemd, that allows the `splunk_nix_user` to managed the splunk service without authentication. You may also set the `systemd_unit_full` or the `systemd_unit_uf` variables to customize the service name systemd will use.
+- **configure_splunk_launch.yml** - Configures the splunk-launch.conf file with variables to persist values if their default changes. Configures the splunk user, home, service name, and DB path if defined.
 - **configure_splunk_secret.yml** - Configures a common splunk.secret file from the files/authentication/splunk.secret so that pre-hashed passwords can be securely deployed. Note that changing splunk.secret will require re-encryption of any passwords that were encrypted using the previous splunk.secret since Splunk will no longer be able to decrypt them successfully.
 - **configure_systemd.yml** - Updates Splunk's systemd file using best practices and tips from the community. Also allows Splunk to start successfully using systemd after an upgrade without the need to run `splunk ftr --accept-license`.
 - **configure_thp.yml** - Installs a new systemd service (disable-thp) that disables THP for RedHat|CentOS systems 6.0+. This task is automatically called by the configure_os.yml task. Optionally, you can set `use_tuned_thp` to configure THP via `tuned` instead of a service. Default is `false`. Mote: Make sure your host does not require a specific `tuned` profile before applying this one.

roles/splunk/defaults/main.yml

@@ -53,6 +53,7 @@ git_version: master # Configure default version to clone, overridable inside the
 app_relative_path: # set a sub-path you want to sync within a repo. If the repo contains multiple apps in the root directory, just set this to a trailing slash.
 splunk_app_deploy_path: undefined # Path under $SPLUNK_HOME/ to deploy apps to - Note that this may be set in group_vars, host_vars, playbook vars, or inside the git_apps dictionary within host_vars
 splunk_auditd_configure: false  # Whether or not to install auditd filtering rules for splunk launched executables
+splunk_db_path: undefined # Path which specifies the location of indexes on indexers and KVStores on other systems - defaults to $SPLUNK_HOME/var/lib/splunk
 # IDXC Vars
 splunk_idxc_key: mypass4symmkey
 splunk_idxc_rf: 2

roles/splunk/tasks/configure_splunk_launch.yml

@@ -0,0 +1,30 @@
+---
+- name: Configure Splunk Launch with user, home, and service values
+  community.general.ini_file:
+    path: "{{ splunk_home }}/etc/splunk-launch.conf"
+    section: null
+    option: "{{ item.key }}"
+    value: "{{ item.value }}"
+    owner: "{{ splunk_nix_user }}"
+    group: "{{ splunk_nix_group }}"
+    mode: 0644
+  become: true
+  loop:
+    - key: SPLUNK_OS_USER
+      value: "{{ splunk_nix_user }}"
+    - key: SPLUNK_HOME
+      value: "{{ splunk_home }}"
+    - key: SPLUNK_SERVER_NAME
+      value: "{{ splunk_service }}"
+
+- name: Ensure splunk DB set correctly for IDX in splunk-launch
+  community.general.ini_file:
+    path: "{{ splunk_home }}/etc/splunk-launch.conf"
+    section: null
+    option: SPLUNK_DB
+    value: "{{ splunk_db_path }}"
+    owner: "{{ splunk_nix_user }}"
+    group: "{{ splunk_nix_group }}"
+    mode: 0644
+  become: true
+  when: splunk_db_path is defined and splunk_db_path != "undefined"

roles/splunk/tasks/install_splunk.yml

@@ -68,6 +68,9 @@
 - name: Include accept license task
   include_tasks: splunk_license_accept.yml
 
+- name: Configure Splunk launch before boot
+  include_tasks: configure_splunk_launch.yml
+
 - name: Enable boot start
   include_tasks: configure_splunk_boot.yml