项目作者: a-l-h

项目描述 :
Ansible Playbook for Splunk Universal Forwarder
高级语言:
项目地址: git://github.com/a-l-h/ansible-playbook-splunk-universal-forwarder.git


Ansible Playbook for Splunk Universal Forwarder" class="reference-link"> Ansible Playbook for Splunk Universal Forwarder

Use this Ansible Playbook to deploy Splunk Universal Forwarder on Red Hat servers following Splunk best practices:

  • The only App configured locally is the Deployment Client App
  • Every other configuration is managed from the Deployment Server
  • Any unmanageable configuration file is removed from /etc/system/local
  • As it is not needed in most scenarios, admin password is randomized

Tree view

  1. 📦 ansible-playbook-splunk-universal-forwarder
  2. 📂 roles
  3. 📂 controller
  4. 📂 defaults
  5. 📜 main.yml
  6. 📂 tasks
  7. 📜 main.yml
  8. 📂 forwarders
  9. 📂 defaults
  10. 📜 main.yml
  11. 📂 tasks
  12. 📜 main.yml
  13. 📜 deploy-splunk_uf.yml
  14. 📜 README.md

Playbook main steps

On Ansible controller

  • Download Splunk UF latest version
  • Check MD5 hash

On target servers

  • Proceed if target is a 64-bit server
  • Proceed if target is a Red Hat server
User/Group
  • Add splunk group
  • Add splunk user
Install / Upgrade Splunk UF
  • Stop Splunk UF if needed
  • Unpack Splunk UF TGZ file
  • Create Deployment Client base App
  • Remove any unneeded configuration file from /etc/system/local
  • Transfer /opt/splunkforwarder ownership to splunk user
  • Set Splunk UF user bash profile
  • Start Splunk UF, accept license and set a random admin password
  • Set OS to start Splunk UF at boot time

Use the playbook

  1. Clone repository from your Ansible controller
  1. git clone https://github.com/a-l-h/ansible-playbook-splunk-universal-forwarder.git
  1. Adjust variables as needed from each role’s defaults/main.yml file

controller

variable default value
controller_become_method sudo

forwarders

variable default value
splunk_uf_install_dir /opt
splunk_uf_user splunk
splunk_uf_user_group splunk
splunk_uf_become_method sudo
company_acronym org
splunk_ds_fqdn org.deploymentserver.fqdn
splunk_ds_port 8089
  1. Add target Red Hat servers to your Ansible inventory
  1. [servers]
  2. <target servers>
  1. Launch playbook
  1. ansible-playbook -i <inventory> ansible-playbook-splunk-universal-forwarder/deploy-splunk_uf.yml -v
  1. Push your own Apps from the Deployment Server
  • An App that outputs data to your Splunk Indexer(s) (outputs.conf)
  • Apps that handle data inputs (inputs.conf)
  • An App that disables Splunk UF management port because it is not used