diff --git a/inventory/environ.py b/inventory/environ.py index e79f081e..b0f8d3aa 100755 --- a/inventory/environ.py +++ b/inventory/environ.py @@ -361,7 +361,7 @@ def getSplunkBuildAuth(vars_scope): """ Load username and password to be used in basic auth when fetching splunk build or apps """ - vars_scope["splunk"]["artifact_auth_user"] = os.environ.get("ARTIFACTORY_USER", vars_scope["splunk"].get("artifact_auth_user")) + vars_scope["splunk"]["artifact_auth_user"] = os.environ.get("ARTIFACTORY_USER", vars_scope["splunk"].get("basic_auth_user")) vars_scope["splunk"]["artifact_auth_pass"] = os.environ.get("ARTIFACTORY_TOKEN", vars_scope["splunk"].get("artifact_auth_pass")) def getSplunkApps(vars_scope): diff --git a/roles/splunk_common/handlers/restart_splunk.yml b/roles/splunk_common/handlers/restart_splunk.yml index 0e3e1cf5..16d0146f 100644 --- a/roles/splunk_common/handlers/restart_splunk.yml +++ b/roles/splunk_common/handlers/restart_splunk.yml @@ -1,4 +1,11 @@ --- +- name: Check if Splunk is running + command: "{{ splunk.exec }} status" + become: yes + become_user: "{{ splunk.user }}" + register: check_result + ignore_errors: yes + - name: "Restart the splunkd service - Via CLI" command: "{{ splunk.exec }} restart --answer-yes --accept-license" become: yes @@ -7,7 +14,9 @@ until: task_result.rc == 0 retries: "{{ retry_num }}" delay: "{{ retry_delay }}" - when: not splunk.enable_service + when: + - not splunk.enable_service + - "'splunkd is running' in check_result.stdout" - name: "Restart the splunkd service - Via Linux systemd or init" service: @@ -26,4 +35,6 @@ - name: "Wait for splunkd management port" wait_for: port: "{{ splunk.svc_port }}" - when: splunk.splunk_http_enabled|bool == true + when: + - "'splunkd is running' in check_result.stdout" + - splunk.splunk_http_enabled|bool == true \ No newline at end of file diff --git a/roles/splunk_common/tasks/enable_splunkd_ssl.yml b/roles/splunk_common/tasks/enable_splunkd_ssl.yml index 543a139c..95684301 100644 --- a/roles/splunk_common/tasks/enable_splunkd_ssl.yml +++ b/roles/splunk_common/tasks/enable_splunkd_ssl.yml @@ -13,6 +13,11 @@ become_user: "{{ splunk.user }}" when: "'enable' in splunk.ssl" +- name: Set HTTPS as prefix after enabling it + set_fact: + cert_prefix: https + when: "'enable' in splunk.ssl" + - name: Set Splunkd CA ini_file: dest: "{{ splunk.home }}/etc/system/local/server.conf" diff --git a/roles/splunk_common/tasks/install_splunk_tgz.yml b/roles/splunk_common/tasks/install_splunk_tgz.yml index 609d655d..ed838249 100644 --- a/roles/splunk_common/tasks/install_splunk_tgz.yml +++ b/roles/splunk_common/tasks/install_splunk_tgz.yml @@ -51,12 +51,7 @@ splunk_replaced_build_location: "{{ splunk.build_location | regex_replace('^file://(.*)$', '\\1') }}" - name: Install Splunk (Linux) from local build location - unarchive: - src: "{% if splunk.build_location is match('^(https?)://.*') %}{{ splunk_downloaded_build_location }}{% else %}{{ splunk_replaced_build_location }}{% endif %}" - dest: "{{ splunk.opt }}" - owner: "{{ splunk.user }}" - group: "{{ splunk.group }}" - remote_src: yes + shell: tar --no-same-owner --no-same-permissions -x --owner={{ splunk.user }} --group={{ splunk.group }} -f {% if splunk.build_location is match('^(https?)://.*') %}{{ splunk_downloaded_build_location }}{% else %}{{ splunk_replaced_build_location }}{% endif %} -C {{ splunk.opt }} && chown -R {{ splunk.user }}:{{ splunk.group }} /opt/splunk/* register: install_result until: install_result is succeeded retries: "{{ retry_num }}" diff --git a/roles/splunk_common/tasks/main.yml b/roles/splunk_common/tasks/main.yml index 37dd6d71..e50c1ce2 100644 --- a/roles/splunk_common/tasks/main.yml +++ b/roles/splunk_common/tasks/main.yml @@ -122,14 +122,9 @@ - include_tasks: enable_dsp.yml when: "'dsp' in splunk and 'enable' in splunk.dsp and splunk.dsp.enable" -- include_tasks: start_splunk.yml - -- include_tasks: set_certificate_prefix.yml - when: splunk.splunk_http_enabled|bool == true - -- include_tasks: clean_user_seed.yml - - include_tasks: add_splunk_license.yml - include_tasks: disable_popups.yml when: "'disable_popups' in splunk and splunk.disable_popups | bool" + +- include_tasks: start_splunk.yml \ No newline at end of file diff --git a/roles/splunk_common/tasks/set_as_license_slave.yml b/roles/splunk_common/tasks/set_as_license_slave.yml index 9e4c79cb..626366a0 100644 --- a/roles/splunk_common/tasks/set_as_license_slave.yml +++ b/roles/splunk_common/tasks/set_as_license_slave.yml @@ -7,17 +7,13 @@ port: "{{ splunk.license_master_url | urlsplit('port') }}" no_log: "{{ hide_password }}" -- name: Set node as license slave - command: "{{ splunk.exec }} edit licenser-localslave -master_uri {{ splunk.license_master_url }} -auth '{{ splunk.admin_user }}:{{ splunk.password }}'" +- name: Set node as license peer - FAST + ini_file: + dest: "{{ splunk.home }}/etc/system/local/server.conf" + section: license + option: manager_uri + value: "https://lm1:8089" + owner: "{{ splunk.user }}" + group: "{{ splunk.group }}" become: yes become_user: "{{ splunk.user }}" - register: linux_set_lic_slave - until: linux_set_lic_slave.rc == 0 - changed_when: linux_set_lic_slave.rc == 0 and "licenser-localslave object has been edited" in linux_set_lic_slave.stdout - failed_when: linux_set_lic_slave.rc !=0 and "does not support being a remote master" in linux_set_lic_slave.stderr - retries: "{{ retry_num }}" - delay: "{{ retry_delay }}" - notify: - - Restart the splunkd service - ignore_errors: yes - no_log: "{{ hide_password }}" diff --git a/roles/splunk_search_head/tasks/search_head_clustering.yml b/roles/splunk_search_head/tasks/search_head_clustering.yml index 49e0fee3..0278e106 100644 --- a/roles/splunk_search_head/tasks/search_head_clustering.yml +++ b/roles/splunk_search_head/tasks/search_head_clustering.yml @@ -75,16 +75,3 @@ retries: "{{ shc_sync_retry_num }}" delay: "{{ retry_delay }}" no_log: "{{ hide_password }}" - -- name: Destructive sync search head - command: "{{ splunk.exec }} resync shcluster-replicated-config -auth {{ splunk.admin_user }}:{{ splunk.password }}" - become: yes - become_user: "{{ splunk.user }}" - when: not splunk_search_head_captain | bool - register: task_result - changed_when: task_result.rc == 0 - failed_when: task_result.rc !=0 and "this instance is the captain" not in task_result.stderr - until: task_result.rc == 0 or "this instance is the captain" in task_result.stderr - retries: "{{ shc_sync_retry_num }}" - delay: "{{ retry_delay }}" - no_log: "{{ hide_password }}"