Merge pull request #100 from splunk/updates09142021

Mason Morales · web-flow · commit 02e702a11fa2 · 2021-09-14T13:49:00.000-07:00
Multiple updates
diff --git a/README.md b/README.md
@@ -136,6 +136,9 @@ Note: Any task with an **adhoc** prefix means that it can be used independently
 - **configure_bash.yml** - Configures bashrc and bash_profile files for the splunk user. Please note that the templates included with this role will overwrite any existing files for the splunk user (if they exist). The templates will define a custom PS1 at the bash prompt, configure the $SPLUNK_HOME environment variable so that you can issue "splunk <command>" without specifying the full path to the Splunk binary, and will enable auto-completion of Splunk CLI commands in bash.
 - **configure_deploymentclient.yml** - Generates a new deploymentclient.conf file from the deploymentclient.conf.j2 template and installs it to $SPLUNK_HOME/etc/system/local/deploymentclient.conf. This task is included automatically during new installations when values have been configured for the `clientName` and `splunk_uri_ds` variables.
 - **configure_facl.yml** - Configure file system access control lists (FACLs) to allow the splunk user to read /var/log files and add the splunk user's group to /etc/audit/auditd.conf to read /var/log/audit/ directory. This allows the splunk user to read privileged files from a non-privileged system account. Note: This task is performed automatically during new installations when splunk is installed as a non-root user.
+- **configure_idxc_manager.yml** - Configures a Splunk host to act as a manager node using `splunk_idxc_rf`, `splunk_idxc_sf`, `splunk_idxc_key`, and `splunk_idxc_label`.
+- **configure_idxc_member.yml** - Configures a Splunk host as an indexer cluster member using `splunk_uri_cm`, `splunk_idxc_rep_port`, and `splunk_idxc_key`.
+- **configure_idxc_sh.yml** - Configures a search head to join an existing indexer cluster using `splunk_uri_cm` and `splunk_idxc_key`.
 - **configure_license.yml** - Configure the license master URI in server.conf for full Splunk installations when `splunk_uri_lm` has been defined. Note: This could also be accomplished using configure_apps.yml with a git repository.
 - **configure_os.yml** - Increases ulimits for the splunk user and disables Transparent Huge Pages (THP) per Splunk implementation best practices.
 - **configure_serverclass.yml** - Generates a new serverclass.conf file from the serverclass.conf.j2 template and installs it to $SPLUNK_HOME/etc/system/local/serverclass.conf.
diff --git a/configure_idxc_sh.yml b/configure_idxc_sh.yml
@@ -0,0 +1,13 @@
+---
+- name: Configure search head to join indexer cluster
+  command: "{{ splunk_home }}/bin/splunk edit cluster-config -mode searchhead -master_uri {{ splunk_uri_cm }} -secret {{ splunk_idxc_key }} -auth {{ splunk_auth }}"
+  become: true
+  become_user: "{{ splunk_nix_user }}"
+  register: idxc_sh_join_result
+  changed_when: idxc_sh_join_result == 0
+  failed_when: idxc_sh_join_result != 0
+  notify: restart splunk
+  no_log: true
+  until: idxc_sh_join_result == 0
+  retries: 6
+  delay: 5
diff --git a/roles/splunk/defaults/main.yml b/roles/splunk/defaults/main.yml
@@ -18,6 +18,7 @@ splunk_uri_cm: undefined
 splunk_uri_ds: undefined # e.g. mydeploymentserver.mydomain.com:8089 ; Note that you must also configure the clientName var under either group_vars or host_vars for deploymentclient.conf to be configured
 clientName: undefined
 phoneHomeIntervalInSecs: undefined
+splunk_general_key: undefined # Configures a pass4SymmKey in server.conf under the general stanza
 splunk_ds_key: undefined # Configures a pass4SymmKey in server.conf for authenticating against a deployment server
 splunk_admin_username: admin
 splunk_admin_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name'
diff --git a/roles/splunk/files/splunk_ulimits.conf b/roles/splunk/files/splunk_ulimits.conf
diff --git a/roles/splunk/tasks/adhoc_fix_server_certificate.yml b/roles/splunk/tasks/adhoc_fix_server_certificate.yml
@@ -7,6 +7,6 @@
   become_user: "{{ splunk_nix_user }}"
   loop:
     - "rm {{ splunk_home }}/etc/auth/server.pem"
-    - "{{ splunk_home }}/bin/splunk createssl server-cert -d /opt/splunk/etc/auth -n server.pem"
+    - "{{ splunk_home }}/bin/splunk createssl server-cert -d {{ splunk_home }}/etc/auth -n server.pem"
   notify:
     - restart splunk
diff --git a/roles/splunk/tasks/configure_license.yml b/roles/splunk/tasks/configure_license.yml
@@ -1,5 +1,5 @@
 ---
-- name: Set license master_uri
+- name: Set license master_uri in server.conf
   ini_file:
     path: "{{ splunk_home }}/etc/system/local/server.conf"
     section: license
@@ -13,3 +13,18 @@
   when:
     - "'full' in group_names"
     - splunk_uri_lm != 'undefined'
+
+- name: Set pass4SymmKey in the general stanza of server.conf
+  ini_file:
+    path: "{{ splunk_home }}/etc/system/local/server.conf"
+    section: general
+    option: pass4SymmKey
+    value: "{{ splunk_general_key }}"
+    owner: "{{ splunk_nix_user }}"
+    group: "{{ splunk_nix_group }}"
+    mode: 0644
+  become: true
+  notify: restart splunk
+  when:
+    - "'full' in group_names"
+    - splunk_general_key != 'undefined'
diff --git a/roles/splunk/tasks/configure_os.yml b/roles/splunk/tasks/configure_os.yml
@@ -4,8 +4,8 @@
   include_vars: "{{ ansible_os_family }}.yml"
 
 - name: Set ulimits for splunk
-  copy:
-    src: splunk_ulimits.conf
+  template:
+    src: splunk_ulimits.conf.j2
     dest: /etc/security/limits.d/splunk_ulimits.conf
     owner: root
     group: root
diff --git a/roles/splunk/templates/splunk_ulimits.conf.j2 b/roles/splunk/templates/splunk_ulimits.conf.j2
@@ -0,0 +1,4 @@
+{{ splunk_nix_user }}   soft   nofile  655350
+{{ splunk_nix_user }}   hard   nofile  819200
+{{ splunk_nix_user }}   soft   nproc   32768
+{{ splunk_nix_user }}   hard   nproc   51200
