Fix startup issues (#188)

* - Fixes Issue [#185](#185)
  * a startup issue was resolved for SplunkForwarder installations with an improved
    systemd unit file (fix below)
  * Adds Inspec tests to verify from SplunkForwarder starts (thanks, @jjm)
- Fixes Issue [#187](#187)
  * the systemd unit file is now relegated to the `splunk enable boot-start` command to manage
- Adds Inspec tests and sets the verifier in Test Kitchen for some test suites; some are still in serverspec
- Render the user-seed.conf with a file resource rather than a template
- The default recipe no longer includes the disable recipe; to disable splunk, add `recipe[chef-splunk::disabled]` to a run list explicitly
- Disabling splunk will no longer uninstall Splunk Enterprise nor the Splunk Universal Forwarder
- Adds `#SecretsHelper` to aid with secrets rotation and maintaining idempotency for handling Splunk's hashed secret values
- Improved guards to prevent `service[splunk]` restart/start when it should be disabled.

Signed-off-by: Dang H. Nguyen <dang.nguyen@disney.com>

* fix some chefspecs

Signed-off-by: Dang H. Nguyen <dang.nguyen@disney.com>

* updates test matrix in Github actions ci workflow
Signed-off-by: Dang H. Nguyen <dang.nguyen@disney.com>

* fixes this error condition when executing the `#splunk_login_successful?` helper method:
```
    Errno::ENOENT
    -------------
    No such file or directory - /opt/splunk/bin/splunk
```

Signed-off-by: Dang H. Nguyen <dang.nguyen@disney.com>

* fixes a typo: the question is "should_not" not "shuold_not"

Signed-off-by: Dang H. Nguyen <dang.nguyen@disney.com>

* - uses `#splunk_secret_inspect` in the search head clustering server.conf.erb
- updates inspec
- disables Splunk's file locking verification on startup during Test Kitchen runs

Signed-off-by: Dang H. Nguyen <dang.nguyen@disney.com>

* fixes inspec tests for uninstall_forwarder and server-cluster-master suites

Signed-off-by: Dang H. Nguyen <dang.nguyen@disney.com>

* fixes inspec tests

Signed-off-by: Dang H. Nguyen <dang.nguyen@disney.com>

.github/workflows/ci.yml

@@ -32,23 +32,20 @@ jobs:
     strategy:
       matrix:
         os:
-          - 'debian-9'
           - 'debian-10'
-          - 'centos-7'
           - 'centos-8'
-          - 'ubuntu-1804'
           - 'ubuntu-2004'
         suite:
           - 'client'
           - 'uninstall-forwarder'
           - 'client-inputs-outputs'
           - 'server-runas-root'
-          - 'server-runas-splunk'
           - 'server-cluster-master'
           - 'server-shdeployer'
           - 'server-shcluster-member'
           - 'disabled'
           - 'upgrade-server'
+          - 'upgrade-client'
           - 'server-resources'
           - 'client-resources'
       fail-fast: false

CHANGELOG.md

@@ -2,6 +2,20 @@
 
 This file is used to list changes made in each version of the splunk cookbook.
 
+## 6.4.0 (2020-10-17)
+- Fixes Issue [#185](https://github.com/chef-cookbooks/chef-splunk/issues/185)
+  * a startup issue was resolved for SplunkForwarder installations with an improved
+    systemd unit file (fix below)
+  * Adds Inspec tests to verify from SplunkForwarder starts (thanks, @jjm)
+- Fixes Issue [#187](https://github.com/chef-cookbooks/chef-splunk/issues/187)
+  * the systemd unit file is now relegated to the `splunk enable boot-start` command to manage
+- Adds Inspec tests and sets the verifier in Test Kitchen for some test suites; some are still in serverspec
+- Render the user-seed.conf with a file resource rather than a template
+- The default recipe no longer includes the disable recipe; to disable splunk, add `recipe[chef-splunk::disabled]` to a run list explicitly
+- Disabling splunk will no longer uninstall Splunk Enterprise nor the Splunk Universal Forwarder
+- Adds `#SecretsHelper` to aid with secrets rotation and maintaining idempotency for handling Splunk's hashed secret values
+- Improved guards to prevent `service[splunk]` restart/start when it should be disabled.
+
 ## 6.3.0 (2020-10-14)
 - Fixes Issue [#183](https://github.com/chef-cookbooks/chef-splunk/issues/183): make upgrades idempotent
 - it is no longer necessary to include `chef-splunk::upgrade` to a run list; Instead, set the following:

README.md

@@ -83,7 +83,7 @@ General attributes:
 * `node['splunk']['data_bag']`: Set this to the name of the data bag where your splunk auth
   and other secrets are stored (Default: `vault`)
 * `node['splunk']['disabled']`: Disable the splunk agent by setting
-  this to true (Default: false)
+  this to true (Default: false) and adding `recipe[chef-splunk::disabled]` to a node's run list
 * `node['splunk']['receiver_port']`: The port that the receiver
   (server) listens to. This is set to the Splunk Enterprise default, 9997.
 * `node['splunk']['mgmt_port']`: The port that splunkd service
@@ -579,9 +579,6 @@ node['splunk']['inputs_conf']['ports'] =
 
 ### default
 
-The default recipe will include the `disabled` recipe if
-`node['splunk']['disabled']` is true.
-
 It will include the `client` or `server` recipe depending on whether
 the `is_server` attribute is set.
 
@@ -594,8 +591,7 @@ through a wrapper cookbook.
 In some cases it may be required to disable Splunk on a particular
 node. For example, it may be sending too much data to Splunk and
 exceed the local license capacity. To use the `disabled` recipe, set
-the `node['splunk']['disabled']` attribute to true, and include the
-recipe on the required node, or just use the `default` recipe.
+the `node['splunk']['disabled']` attribute to `true`, and add `recipe[chef-splunk::disabled]` to a node's run list
 
 ### install_forwarder
 

attributes/default.rb

@@ -27,6 +27,8 @@
 default['splunk']['data_bag'] = 'vault'
 
 default['splunk']['setup_auth'] = true
+default['splunk']['service_name'] = 'splunk' # Splunk changes this to Splunkd or SplunkForwarder on systemd-managed servers
+default['splunk']['startup_script'] = '/etc/init.d/splunk' # Splunk changes this to Splunkd or SplunkForwarder on systemd-managed servers
 default['splunk']['user'] = {
   'username' => 'splunk',
   'comment' => 'Splunk Server',