-
Notifications
You must be signed in to change notification settings - Fork 104
/
Copy pathmain.yml
94 lines (94 loc) · 8.56 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
---
# defaults file for splunk role
# Anything that is undefined here should be configured. I recommend setting the values in your group_vars under an all.yml file.
slack_channel: undefined
slack_token: undefined
splunk_home: auto_determined # This gets set by main.yml but we have to define it here or Ansible will complain that it is undefined
splunk_package_url: auto_determined # This gets set by main.yml but we have to define it here or Ansible will complain that it is undefined
splunk_package_path: ~/
splunk_package_version: 9.3.0 # The default version to install or update to. This can be set in `group_vars` or `host_vars`.
build_id: 51ccf43db5bd # The default build to install or update to. This can be set in `group_vars` or `host_vars`.
splunk_package_arch: "{{ splunk_package_version is version(9.4, '<') | ternary('Linux-x86_64', 'linux-amd64') }}"
splunk_package_url_full: "https://download.splunk.com/products/splunk/releases/{{ splunk_package_version }}/linux/splunk-{{ splunk_package_version }}-{{ build_id }}-{{ splunk_package_arch }}.tgz"
splunk_package_url_uf: "https://download.splunk.com/products/universalforwarder/releases/{{ splunk_package_version }}/linux/splunkforwarder-{{ splunk_package_version }}-{{ build_id }}-{{ splunk_package_arch }}.tgz"
splunk_download_local: true # This defines how the download process works. If `true` it will download to localhost and copy around to hosts from there. If `false` each host will download the package individually.
splunk_install_type: undefined # There are two ways to configure this. The easiest way is to nest hosts under either a "full" group or a "uf" group in your inventory and main.yml will handle it for you. Or, you can also set the value via a group_vars or host_vars file.
splunk_install_path: /opt # Base directory on the operating system to which splunk should be installed
least_privileged: false # Do not change. This get automatically set in `tasks/main.yml` based on the version and install type.
splunk_nix_user: splunk
splunk_nix_group: splunk
local_os_user: false # Whenther or not to force creation of a user using the `luseradd` or not.
local_os_group: false # Whether or not to force creation of a group using the `lgroupadd` or not.
splunk_uri_lm: undefined
splunk_license_file: [] # This can be a list of license files to copy to the host.
splunk_license_group: Trial # The default matches with the group splunk ships with. You can also set the value via a group_vars or host_vars file.
splunk_uri_cm: undefined
splunk_uri_ds: undefined # e.g. mydeploymentserver.mydomain.com:8089 ; Note that you must also configure the clientName var under either group_vars or host_vars for deploymentclient.conf to be configured
clientName: undefined
phoneHomeIntervalInSecs: undefined
splunk_general_key: undefined # Configures a pass4SymmKey in server.conf under the general stanza
splunk_ds_key: undefined # Configures a pass4SymmKey in server.conf for authenticating against a deployment server
splunk_admin_username: admin
splunk_admin_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name'
splunk_configure_secret: false # If set to true, you need to update files/splunk.secret
splunk_secret_file: splunk.secret # Used to specify your splunk.secret filename(s), files should be placed in the "files" folder of the role
# Although there are tasks for the following Splunk configurations in this role, they are not included in any tasks by default. You can add them to your install_splunk.yml if you would like to have Ansible manage any of these files
splunk_configure_authentication: false
ad_bind_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name'
splunk_authenticationconf: authentication.conf.j2
splunk_create_polkit: 0 # If set to 1 `enable boot-start` will create a polkit rules file allowing the 'splunk_nix_user' to restart the splunk service without authentication.
splunk_use_initd: false # If set to true, the system will use init.d. Default false
splunk_use_systemd: true # DO NOT EDIT. To use init.d, set `splunk_use_initd` to true.
splunk_force_kill: False
systemd_unit_full: Splunkd # You can change this in `host_vars` or `group_vars` to customize the service name.
systemd_unit_uf: SplunkForwarder # You can change this in `host_vars` or `group_vars` to customize the service name.
splunk_disable_mgmt_port: false # If set to true, will disable splunkd management port during installation
splunk_mgmt_uri: "{{ ansible_fqdn }}" # If the `ansible_fqdn` is not resolvable by other hosts, you can set it to something like `ansible_facts.default_ipv4.address` in `host_vars` or `group_vars` to use the IP address instead.
splunkd_port: 8089 # If changed, will overwrite the default port number used by splunkd
git_local_clone_path: ~/ # Base directory under which repositories for app deplyoment should be cloned to
git_server: undefined # e.g. ssh://git@mygithost:1234 - Note that this may be set in an all.yml group_var or inside the git_apps dictionary within host_vars
git_key: undefined # Path to SSH key for cloning repositories - Note that this may be set in an all.yml group_var or inside the git_apps dictionary within host_vars
git_project: undefined
git_version: master # Configure default version to clone, overridable inside the git_apps dictionary within host_vars
app_relative_path: # set a sub-path you want to sync within a repo. If the repo contains multiple apps in the root directory, just set this to a trailing slash.
splunk_app_deploy_path: undefined # Path under $SPLUNK_HOME/ to deploy apps to - Note that this may be set in group_vars, host_vars, playbook vars, or inside the git_apps dictionary within host_vars
splunk_auditd_configure: false # Whether or not to install auditd filtering rules for splunk launched executables
# IDXC Vars
splunk_idxc_key: mypass4symmkey
splunk_idxc_rf: 2
splunk_idxc_sf: 2
splunk_idxc_rep_port: 9887
splunk_idxc_label: myidxc
splunk_apply_cluster_bundle_retries: 3 # How many times to retry indexer cluster bundle apply if it fails
splunk_apply_cluster_bundle_delay: 60 # Delay in seconds between retries to apply indexer cluster bundle
splunk_apply_shcluster_bundle_retries: 3 # How many times to retry SHC bundle apply if it fails
splunk_apply_shcluster_bundle_delay: 60 # Delay in seconds between retries to apply SHC bundle
# SHC Vars
splunk_shc_key: mypass4symmkey
splunk_shc_label: myshc
splunk_shc_rf: 3
splunk_shc_rep_port: 8100
splunk_shc_target_group: shc
splunk_shc_deployer: "{{ groups['shdeployer'] | first }}" # If you manage multiple SHCs, configure the var value in group_vars
splunk_shc_uri_list: "{% for h in groups[splunk_shc_target_group] %}https://{{ hostvars[h].splunk_mgmt_uri }}:{{ splunkd_port }}{% if not loop.last %},{% endif %}{% endfor %}" # If you manage multiple SHCs, configure the var value in group_vars
start_splunk_handler_fired: false # Do not change; used to prevent unnecessary splunk restarts
# Linux and scripting related vars
add_crashlog_script: false # Set to true to install a script and cron job to automatically cleanup splunk crash logs older than 7 days
add_diag_script: false # Set to true to install a script and cron job to automatically cleanup splunk diag files older than 30 days
add_pstack_script: false # Set to true to install a pstack generation script for troubleshooting purposes in $SPLUNK_HOLME/genpstacks.sh
configure_dmesg: false
install_utilities: false # Set to true to install the list of packages defined in the linux_packages var after installing splunk
use_tuned_thp: false
# Firewall configs
configure_firewall: false # Whether or not to configure the firewall service on your machine, if set to true, opens firewall ports using UFW (default) or Firewalld depending on OS
splunk_firewall_service: splunk # The name of the Splunk firewall service to install for firewalld
# Firewall port presets - reference these in group_vars to assign them to splunk
splunkweb_port: {desc: "Splunk Web", protocol: "tcp", number: 8000}
splunkhec_port: {desc: "Splunk HEC", protocol: "tcp", number: 8088}
splunktcpin_port: {desc: "Splunk TCPIN", protocol: "tcp", number: 9997}
splunkapi_port: {desc: "Splunk API", protocol: "tcp", number: "{{ splunkd_port }}"}
splunkidxcrep_port: {desc: "Splunk Indexer Clustering Replication", protocol: "tcp", number: "{{ splunk_idxc_rep_port }}"}
splunkshcrep_port: {desc: "Splunk Search Head Clustering Replication", protocol: "tcp", number: "{{ splunk_shc_rep_port }}"}
splunk_firewall_ports: # List of ports to allow through local firewall in dict form
- "{{ splunkweb_port }}"
- "{{ splunkapi_port }}"