-
Notifications
You must be signed in to change notification settings - Fork 118
Expand file tree
/
Copy pathmain.yml
More file actions
69 lines (69 loc) · 5.21 KB
/
main.yml
File metadata and controls
69 lines (69 loc) · 5.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
---
# defaults file for splunk role
# Anything that is undefined here should be configured. I recommend setting the values in your group_vars under an all.yml file.
systemd_boot: false # Do NOT change the value of this. It automatically gets changed in main.yml if the role finds an existing systemd file configured for splunk.
slack_channel: undefined
slack_token: undefined
splunk_home: auto_determined # This gets set by main.yml but we have to define it here or Ansible will complain that it is undefined
splunk_package_url: auto_determined # This gets set by main.yml but we have to define it here or Ansible will complain that it is undefined
splunk_package_path: ~/
splunk_package_url_full: https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.1.2&product=splunk&filename=splunk-8.1.2-545206cc9f70-Linux-x86_64.tgz&wget=true
splunk_package_url_uf: https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.1.2&product=universalforwarder&filename=splunkforwarder-8.1.2-545206cc9f70-Linux-x86_64.tgz&wget=true
splunk_install_type: undefined # There are two ways to configure this. The easiest way is to nest hosts under either a "full" group or a "uf" group in your inventory and main.yml will handle it for you. Or, you can also set the value via a group_vars or host_vars file.
splunk_install_path: /opt # Base directory on the operating system to which splunk should be installed
splunk_nix_user: splunk
splunk_nix_group: splunk
splunk_uri_lm: undefined
splunk_uri_cm: undefined
splunk_uri_ds: undefined # e.g. mydeploymentserver.mydomain.com:8089 ; Note that you must also configure the clientName var under either group_vars or host_vars for deploymentclient.conf to be configured
clientName: undefined
splunk_admin_username: admin
splunk_admin_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name'
splunk_configure_secret: false # If set to true, you need to update files/splunk.secret
splunk_secret_file: undefined # Used to specify your splunk.secret filename(s), files should be placed in the "files" folder of the role
splunk_secret_text: undefined # Used to specify your splunk.secret via a text value
# Although there are tasks for the following Splunk configurations in this role, they are not included in any tasks by default. You can add them to your install_splunk.yml if you would like to have Ansible manage any of these files
splunk_configure_authentication: false
ad_bind_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name'
splunk_authenticationconf: authentication.conf.j2
splunk_use_initd: false # if set to false, the role will use systemd instead
git_local_clone_path: ~/ # Base directory under which repositories for app deplyoment should be cloned to
git_server: undefined # e.g. ssh://git@mygithost:1234 - Note that this may be set in an all.yml group_var or inside the git_apps dictionary within host_vars
git_key: undefined # Path to SSH key for cloning repositories - Note that this may be set in an all.yml group_var or inside the git_apps dictionary within host_vars
git_project: undefined
git_version: master # Configure default version to clone, overridable inside the git_apps dictionary within host_vars
splunk_app_deploy_path: undefined # Path under $SPLUNK_HOME/ to deploy apps to - Note that this may be set in group_vars, host_vars, playbook vars, or inside the git_apps dictionary within host_vars
splunk_apply_cluster_bundle_retries: 3 # How many times to retry indexer cluster bundle apply if it fails
splunk_apply_cluster_bundle_delay: 60 # Delay in seconds between retries to apply indexer cluster bundle
splunk_apply_shcluster_bundle_retries: 3 # How many times to retry SHC bundle apply if it fails
splunk_apply_shcluster_bundle_delay: 60 # Delay in seconds between retries to apply SHC bundle
# SHC Vars
splunk_shc_key: mypass4symmkey
splunk_shc_label: myshc
splunk_shc_rf: 3
splunk_shc_rep_port: 8100
splunk_shc_target_group: shc
splunkd_port: 8089
splunk_shc_deployer: "{{ groups['shdeployer'] | first }}" # If you manage multiple SHCs, configure the var value in group_vars
splunk_shc_uri_list: "{% for h in groups[splunk_shc_target_group] %}https://{{ hostvars[h].ansible_fqdn }}:{{ splunkd_port }}{% if not loop.last %},{% endif %}{% endfor %}" # If you manage multiple SHCs, configure the var value in group_vars
# Linux and scripting related vars
add_crashlog_script: false # Set to true to install a script and cron job to automatically cleanup splunk crash logs older than 7 days
add_diag_script: false # Set to true to install a script and cron job to automatically cleanup splunk diag files older than 30 days
add_pstack_script: false # Set to true to install a pstack generation script for troubleshooting purposes in $SPLUNK_HOLME/genpstacks.sh
install_utilities: false # Set to true to install the list of packages defined in the linux_packages var after installing splunk
linux_packages:
- nload
- iotop
- iftop
- sysstat
- telnet
- tcpdump
- htop
- atop
- lsof
- policycoreutils-python
- policycoreutils
- setroubleshoot
- nethogs
- gdb
- bind-utils