-
Notifications
You must be signed in to change notification settings - Fork 186
/
Copy pathenable_admin_auth.yml
64 lines (59 loc) · 2.07 KB
/
enable_admin_auth.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
---
- name: Set admin access via seed
when: first_run | bool
block:
- name: "Hash the password"
command: "{{ splunk.exec }} hash-passwd {{ splunk.password }}"
register: hashed_pwd
changed_when: hashed_pwd.rc == 0
become: yes
become_user: "{{ splunk.user }}"
no_log: "{{ hide_password }}"
- name: "Generate user-seed.conf (Linux)"
ini_file:
owner: "{{ splunk.user }}"
group: "{{ splunk.group }}"
dest: "{{ splunk.home }}/etc/system/local/user-seed.conf"
section: user_info
option: "{{ item.opt }}"
value: "{{ item.val }}"
with_items:
- { opt: 'USERNAME', val: '{{ splunk.admin_user }}' }
- { opt: 'HASHED_PASSWORD', val: '{{ hashed_pwd.stdout }}' }
loop_control:
label: "{{ item.opt }}"
when: ansible_system is match("Linux")
become: yes
become_user: "{{ splunk.user }}"
no_log: "{{ hide_password }}"
- name: "Delete etc/passwd if exists (Windows)"
file:
path: "{{ splunk.home }}/etc/passwd"
state: absent
when: ansible_system is match("CYGWIN*|Win32NT")
- name: "Generate user-seed.conf (Windows)"
ini_file:
dest: "{{ splunk.home }}/etc/system/local/user-seed.conf"
section: user_info
option: "{{ item.opt }}"
value: "{{ item.val }}"
with_items:
- { opt: 'USERNAME', val: '{{ splunk.admin_user }}' }
- { opt: 'HASHED_PASSWORD', val: '{{ hashed_pwd.stdout }}' }
loop_control:
label: "{{ item.opt }}"
when: ansible_system is match("CYGWIN*|Win32NT")
no_log: "{{ hide_password }}"
- name: Establish declarative admin access
when:
- "'declarative_admin_password' in splunk and splunk.declarative_admin_password | bool"
- not first_run | bool
block:
- name: Apply admin password
command: "{{ splunk.exec }} cmd splunkd rest --noauth POST /services/admin/users/{{ splunk.admin_user }} 'password={{ splunk.password }}'"
register: declarative_pw
changed_when: False
become: yes
become_user: "{{ splunk.user }}"
no_log: "{{ hide_password }}"
- include_tasks: trigger_restart.yml