diff --git a/.gitignore b/.gitignore index 4a15a257..2d8d4118 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ test*.xml **/*.xml .pytest_cache version.txt +env diff --git a/default.yml b/default.yml new file mode 100644 index 00000000..dfbaca51 --- /dev/null +++ b/default.yml @@ -0,0 +1,78 @@ +hide_password: false +retry_delay: 3 +retry_num: 60 +wait_for_splunk_retry_num: 60 +shc_sync_retry_num: 60 +splunk_home_ownership_enforcement: true + +config: + baked: default.yml + defaults_dir: /tmp/defaults + env: + headers: null + var: SPLUNK_DEFAULTS_URL + verify: true + host: + headers: null + url: null + verify: true + max_delay: 60 + max_retries: 3 + max_timeout: 1200 + +splunk: + role: splunk_standalone + enable_tcp_mode: false + upgrade: false + build_location: /tmp/splunk.tgz + apps_location: null + license_uri: null + admin_user: admin + app_paths: + default: /opt/splunk/etc/apps + deployment: /opt/splunk/etc/deployment-apps + httpinput: /opt/splunk/etc/apps/splunk_httpinput + idxc: /opt/splunk/etc/master-apps + shc: /opt/splunk/etc/shcluster/apps + enable_service: false + exec: /opt/splunk/bin/splunk + group: splunk + hec: + enable: True + ssl: True + port: 8088 + token: 4a8a737d-5452-426c-a6f7-106dca4e813f + home: /opt/splunk + http_enableSSL: 0 + http_enableSSL_cert: null + http_enableSSL_privKey: null + http_enableSSL_privKey_password: null + http_port: 8000 + idxc: + enable: false + label: idxc_label + replication_factor: 3 + replication_port: 9887 + search_factor: 3 + secret: dmwHG97SpM+GzeGPUELwr7xXowSAVmLW + ignore_license: false + license_download_dest: /tmp/splunk.lic + opt: /opt + password: helloworld + pid: /opt/splunk/var/run/splunk/splunkd.pid + s2s_enable: true + s2s_port: 9997 + search_head_captain_url: null + secret: null + splunk_http_enabled: True + shc: + enable: false + label: shc_label + replication_factor: 3 + replication_port: 9887 + secret: EpcUlTUHMSOhdjRZb3QqPYf9Lf7L991c + smartstore: null + svc_port: 8089 + tar_dir: splunk + user: splunk + wildcard_license: false diff --git a/inventory/environ.py b/inventory/environ.py index 66d68271..8976487d 100755 --- a/inventory/environ.py +++ b/inventory/environ.py @@ -108,6 +108,7 @@ def getDefaultVars(): environment variables to return a consolidated inventory object """ defaultVars = loadDefaults() + defaultVars["splunk"]["role"] = os.environ.get('SPLUNK_ROLE', defaultVars["splunk"].get("role") or "splunk_standalone") overrideEnvironmentVars(defaultVars) getAnsibleContext(defaultVars) getASan(defaultVars) @@ -124,7 +125,6 @@ def getDefaultVars(): getSplunkdSSL(defaultVars) getDistributedTopology(defaultVars) getLicenses(defaultVars) - defaultVars["splunk"]["role"] = os.environ.get('SPLUNK_ROLE', defaultVars["splunk"].get("role") or "splunk_standalone") # Determine DMC settings defaultVars["dmc_forwarder_monitoring"] = os.environ.get('DMC_FORWARDER_MONITORING', False) defaultVars["dmc_asset_interval"] = os.environ.get('DMC_ASSET_INTERVAL', '3,18,33,48 * * * *') @@ -574,6 +574,7 @@ def overrideEnvironmentVars(vars_scope): vars_scope["cert_prefix"] = os.environ.get("SPLUNK_CERT_PREFIX", vars_scope.get("cert_prefix", "https")) vars_scope["splunk"]["root_endpoint"] = os.environ.get('SPLUNK_ROOT_ENDPOINT', vars_scope["splunk"]["root_endpoint"]) vars_scope["splunk"]["svc_port"] = os.environ.get('SPLUNK_SVC_PORT', vars_scope["splunk"]["svc_port"]) + vars_scope["splunk"]["splunk_http_enabled"] = os.environ.get('ENABLE_TCP_MODE', vars_scope["splunk"]["enable_tcp_mode"]) vars_scope["splunk"]["s2s"]["port"] = int(os.environ.get('SPLUNK_S2S_PORT', vars_scope["splunk"]["s2s"]["port"])) vars_scope["splunk"]["enable_service"] = os.environ.get('SPLUNK_ENABLE_SERVICE', vars_scope["splunk"]["enable_service"]) vars_scope["splunk"]["service_name"] = os.environ.get('SPLUNK_SERVICE_NAME', vars_scope["splunk"]["service_name"]) @@ -582,6 +583,8 @@ def overrideEnvironmentVars(vars_scope): vars_scope["splunk"]["kvstore"]["port"] = os.environ.get('SPLUNK_KVSTORE_PORT', vars_scope["splunk"]["kvstore"]["port"]) vars_scope["splunk"]["connection_timeout"] = int(os.environ.get('SPLUNK_CONNECTION_TIMEOUT', vars_scope["splunk"]["connection_timeout"])) + if vars_scope["splunk"]["splunk_http_enabled"] == "false" and "forwarder" not in vars_scope["splunk"]["role"].lower(): + vars_scope["splunk"]["splunk_http_enabled"] = "true" # Set set_search_peers to False to disable peering to indexers when creating multisite topology if os.environ.get("SPLUNK_SET_SEARCH_PEERS", "").lower() == "false": vars_scope["splunk"]["set_search_peers"] = False diff --git a/inventory/splunk_defaults_linux.yml b/inventory/splunk_defaults_linux.yml index 94880299..3ee52e22 100644 --- a/inventory/splunk_defaults_linux.yml +++ b/inventory/splunk_defaults_linux.yml @@ -23,6 +23,7 @@ config: verify: True splunk: + enable_tcp_mode: False build_location: allow_upgrade: True tar_dir: "splunk" @@ -31,6 +32,7 @@ splunk: user: "splunk" group: "splunk" exec: !!python/object/apply:os.path.join [*home, "bin", "splunk"] + uds_socket_path_url: "%2Fopt%2Fsplunkforwarder%2Fvar%2Frun%2Fsplunk%2Fcli.socket" pid: !!python/object/apply:os.path.join [*home, "var", "run", "splunk", "splunkd.pid"] admin_user: "admin" root_endpoint: diff --git a/inventory/splunk_defaults_windows.yml b/inventory/splunk_defaults_windows.yml index 222e9134..b006c49f 100644 --- a/inventory/splunk_defaults_windows.yml +++ b/inventory/splunk_defaults_windows.yml @@ -23,6 +23,7 @@ config: verify: True splunk: + enable_tcp_mode: False build_location: allow_upgrade: True tar_dir: "splunk" diff --git a/inventory/splunkforwarder_defaults_linux.yml b/inventory/splunkforwarder_defaults_linux.yml index 101c5179..bf570675 100644 --- a/inventory/splunkforwarder_defaults_linux.yml +++ b/inventory/splunkforwarder_defaults_linux.yml @@ -24,6 +24,7 @@ config: splunk: build_location: + enable_tcp_mode: False allow_upgrade: True tar_dir: "splunkforwarder" opt: &opt "/opt" diff --git a/inventory/splunkforwarder_defaults_windows.yml b/inventory/splunkforwarder_defaults_windows.yml index 17be88b6..5d606c96 100644 --- a/inventory/splunkforwarder_defaults_windows.yml +++ b/inventory/splunkforwarder_defaults_windows.yml @@ -24,6 +24,7 @@ config: splunk: build_location: + enable_tcp_mode: False allow_upgrade: True tar_dir: "splunkforwarder" opt: &opt "/opt" diff --git a/library/splunk_api.py b/library/splunk_api.py new file mode 100644 index 00000000..a0dbaddb --- /dev/null +++ b/library/splunk_api.py @@ -0,0 +1,116 @@ +#!/usr/bin/python + +from ansible.module_utils.basic import AnsibleModule +import os +import requests +import requests_unixsocket +import json + +UDS_SOCKET_PATH = "/opt/splunkforwarder/var/run/splunk/cli.socket" +UDS_SOCKET_PATH_URL = "%2Fopt%2Fsplunkforwarder%2Fvar%2Frun%2Fsplunk%2Fcli.socket" + +def supports_uds(): + return os.path.exists(UDS_SOCKET_PATH) + +def api_call_tcp(cert_prefix_mode, method, endpoint, username, password, svc_port, payload=None, headers=None, verify=False, status_code=None, timeout=None): + if not cert_prefix_mode or cert_prefix_mode not in ['http', 'https']: + cert_prefix_mode = 'https' + if not svc_port: + svc_port = 8089 + url = "{}://127.0.0.1:{}{}".format(cert_prefix_mode, svc_port, endpoint) + if headers is None: + headers = {} + headers['Content-Type'] = 'application/json' + auth = (username, password) + + session = requests.Session() + # Disable SSL verification for the session + session.verify = False + + response = None + excep_str = "No Exception" + try: + response = session.request(method, url, headers=headers, auth=auth, data=json.dumps(payload), verify=verify, timeout=timeout) + if status_code is not None and response.status_code not in status_code: + raise ValueError("API call for {} and data as {} failed with status code {}: {}".format(url, payload, response.status_code, response.text)) + except Exception as e: + excep_str = "{}".format(e) + cwd = os.getcwd() + return response, excep_str + +def api_call_uds(method, endpoint, username, password, svc_port, payload=None, headers=None, verify=False, status_code=None, timeout=None): + url = "http+unix://{}{}".format(UDS_SOCKET_PATH_URL,endpoint) + if headers is None: + headers = {} + headers['Content-Type'] = 'application/json' + auth = (username, password) + + session = requests_unixsocket.Session() + # Disable SSL verification for the session + session.verify = False + + excep_str = "No Exception" + response = None + try: + response = session.request(method, url, headers=headers, auth=auth, data=json.dumps(payload), verify=verify, timeout=timeout) + if status_code is not None and response.status_code not in status_code: + raise ValueError("API call for {} and data as {} failed with status code {}: {}".format(url, payload, response.status_code, response.text)) + except Exception as e: + excep_str = "{}".format(e) + return response, excep_str + +def main(): + module_args = dict( + method=dict(type='str', required=True), + url=dict(type='str', required=True), + username=dict(type='str', required=True), + password=dict(type='str', required=True, no_log=True), + cert_prefix_mode=dict(type='str', required=False), + body=dict(type='dict', required=False), + headers=dict(type='dict', required=False), + verify=dict(type='bool', required=False), + status_code=dict(type='list', required=False), + timeout=dict(type='int', required=False), + svc_port=dict(type='int', required=False) + ) + + module = AnsibleModule( + argument_spec=module_args, + supports_check_mode=True + ) + + if module.check_mode: + module.exit_json(changed=False) + + method = module.params['method'] + endpoint = module.params['url'] + username = module.params['username'] + password = module.params['password'] + cert_prefix_mode = module.params.get('cert_prefix_mode', 'http') + payload = module.params.get('body', None) + headers = module.params.get('headers', None) + verify = module.params.get('verify', False) + status_code = module.params.get('status_code', None) + timeout = module.params.get('timeout', None) + svc_port = module.params.get('svc_port', 8089) + + s = "{}{}{}{}{}{}{}{}{}".format(method, endpoint, username, password, svc_port, payload, headers, verify, status_code, timeout) + if supports_uds(): + response, excep_str = api_call_uds(method, endpoint, username, password, svc_port, payload, headers, verify, status_code, timeout) + else: + response, excep_str = api_call_tcp(cert_prefix_mode, method, endpoint, username, password, svc_port, payload, headers, verify, status_code, timeout) + + if response is not None and ((status_code and response.status_code in status_code) or (status_code is None and response.status_code >= 200 and response.status_code < 300)): + try: + content = response.json() + except: + content = response.text + module.exit_json(changed=True, status = response.status_code ,json=content,excep_str=excep_str) + else: + if response is None: + module.fail_json(msg="{};;; failed with NO RESPONSE and EXCEP_STR as {}".format(s, excep_str)) + else: + module.fail_json(msg="{};;; failed with status code {}: {}".format(s, response.status_code, response.text)) + +if __name__ == '__main__': + main() diff --git a/roles/splunk_cluster_master/tasks/generate_ess_bundle.yml b/roles/splunk_cluster_master/tasks/generate_ess_bundle.yml index 518d07a6..eecede6b 100644 --- a/roles/splunk_cluster_master/tasks/generate_ess_bundle.yml +++ b/roles/splunk_cluster_master/tasks/generate_ess_bundle.yml @@ -12,16 +12,7 @@ mode: 0777 - name: Get ESS version - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/apps/local/SplunkEnterpriseSecuritySuite?output_mode=json" - method: GET - user: "{{ splunk.admin_user }}" - password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false - status_code: 200 - timeout: 10 - use_proxy: no + command: "/opt/splunk/bin/splunk display app -auth {{ splunk.admin_user }}:{{ splunk.password }} SplunkEnterpriseSecuritySuite" register: ess_info no_log: "{{ hide_password }}" diff --git a/roles/splunk_cluster_master/tasks/setup_multisite.yml b/roles/splunk_cluster_master/tasks/setup_multisite.yml index 4a65dc38..d7d30200 100644 --- a/roles/splunk_cluster_master/tasks/setup_multisite.yml +++ b/roles/splunk_cluster_master/tasks/setup_multisite.yml @@ -3,6 +3,7 @@ vars: splunk_instance_address: "{{ splunk.multisite_master }}" +# UPDATE - name: Convert Extrenal Cluster Master Name into Internal URI set_fact: multisite_master_uri: "{{ cert_prefix }}://{{ splunk.multisite_master }}:{{ splunk.svc_port }}" diff --git a/roles/splunk_common/handlers/restart_splunk.yml b/roles/splunk_common/handlers/restart_splunk.yml index a5841695..0e3e1cf5 100644 --- a/roles/splunk_common/handlers/restart_splunk.yml +++ b/roles/splunk_common/handlers/restart_splunk.yml @@ -26,3 +26,4 @@ - name: "Wait for splunkd management port" wait_for: port: "{{ splunk.svc_port }}" + when: splunk.splunk_http_enabled|bool == true diff --git a/roles/splunk_common/tasks/check_for_required_restarts.yml b/roles/splunk_common/tasks/check_for_required_restarts.yml index 1f861c16..5321484a 100644 --- a/roles/splunk_common/tasks/check_for_required_restarts.yml +++ b/roles/splunk_common/tasks/check_for_required_restarts.yml @@ -1,20 +1,21 @@ --- - name: Check for required restarts - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/messages/restart_required?output_mode=json" + splunk_api: method: GET - user: "{{ splunk.admin_user }}" + endpoint: /services/messages/restart_required?output_mode=json + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" + cert_prefix: "{{ cert_prefix }}" validate_certs: false - status_code: 200,404 + status_code: "200,404" timeout: 10 - use_proxy: no + notify: + - Restart the splunkd service register: restart_required - changed_when: restart_required.status == 200 - until: restart_required is succeeded + changed_when: restart_required.content + until: restart_required.content retries: 5 delay: "{{ retry_delay }}" no_log: "{{ hide_password }}" - notify: - - Restart the splunkd service + ignore_errors: yes diff --git a/roles/splunk_common/tasks/configure_uds.yml b/roles/splunk_common/tasks/configure_uds.yml new file mode 100644 index 00000000..25571c9f --- /dev/null +++ b/roles/splunk_common/tasks/configure_uds.yml @@ -0,0 +1,8 @@ +- name: Deploy UDS configuration + copy: + src: ../../../roles/splunk_universal_forwader/uds_inputs.conf + dest: "{{ splunk.home }}/etc/apps/your_app/local/uds_inputs.conf" + owner: "{{ splunk.user }}" + group: "{{ splunk.group }}" + mode: 0644 + notify: restart splunk \ No newline at end of file diff --git a/roles/splunk_common/tasks/disable_popups.yml b/roles/splunk_common/tasks/disable_popups.yml index 2af06a97..79db2fdd 100644 --- a/roles/splunk_common/tasks/disable_popups.yml +++ b/roles/splunk_common/tasks/disable_popups.yml @@ -1,31 +1,29 @@ --- - name: GET OptInVersion - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general?output_mode=json" + splunk_api: method: GET - user: "{{ splunk.admin_user }}" + endpoint: "/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general?output_mode=json" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" validate_certs: false - status_code: 200 + status_code: [200] timeout: 10 return_content: yes - use_proxy: no register: telemetry no_log: "{{ hide_password }}" - name: Disable Popups - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/{{ item.key }}" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "{{ item.key }}" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" body: "{{ item.value }}" validate_certs: false status_code: 200,201,409 - use_proxy: no with_items: - - { key: "servicesNS/admin/user-prefs/data/user-prefs/general", value: "hideInstrumentationOptInModal=1¬ification_python_3_impact=false&showWhatsNew=0" } - - { key: "servicesNS/nobody/splunk_instrumentation/admin/telemetry/general", value: "showOptInModal=0&optInVersionAcknowledged={{ telemetry['json']['entry'][0]['content']['optInVersion'] }}" } - - { key: "servicesNS/admin/search/data/ui/ui-tour/search-tour", value: "tourPage=search&viewed=1" } + - { key: "/servicesNS/admin/user-prefs/data/user-prefs/general", value: "hideInstrumentationOptInModal=1¬ification_python_3_impact=false&showWhatsNew=0" } + - { key: "/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general", value: "showOptInModal=0&optInVersionAcknowledged={{ telemetry['json']['entry'][0]['content']['optInVersion'] }}" } + - { key: "/servicesNS/admin/search/data/ui/ui-tour/search-tour", value: "tourPage=search&viewed=1" } diff --git a/roles/splunk_common/tasks/enable_dfs.yml b/roles/splunk_common/tasks/enable_dfs.yml index 0f5179d1..eb9acdff 100644 --- a/roles/splunk_common/tasks/enable_dfs.yml +++ b/roles/splunk_common/tasks/enable_dfs.yml @@ -1,87 +1,79 @@ --- - name: Enable DFS feature in server.conf - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/system/configs/conf-server/dfs" + splunk_api: + endpoint: system/configs/conf-server/dfs method: POST + validate_certs: false user: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false + svc_port: "{{ splunk.svc_port }}" body: disabled: "false" port: "{{ splunk.dfs.port }}" spark_master_host: "{{ splunk.dfs.spark_master_host }}" spark_master_webui_port: "{{ splunk.dfs.spark_master_webui_port }}" - body_format: "form-urlencoded" - status_code: 200 - timeout: 10 - use_proxy: no register: dfs_enable_result changed_when: dfs_enable_result.status == 200 - name: Update DFS settings in limits.conf - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/system/configs/conf-limits/dfs" + splunk_api: + endpoint: /servicesNS/nobody/system/configs/conf-limits/dfs method: POST - user: "{{ splunk.admin_user }}" - password: "{{ splunk.password }}" - force_basic_auth: yes validate_certs: false + svc_port: "{{ splunk.svc_port }}" body: dfc_num_slots: "{{ splunk.dfs.dfc_num_slots }}" dfw_num_slots: "{{ splunk.dfs.dfw_num_slots }}" dfw_num_slots_enabled: "{{ splunk.dfs.dfw_num_slots_enabled }}" - body_format: "form-urlencoded" - status_code: 200 + status_codes: "200" timeout: 10 + username: "{{ splunk.admin_user }}" + password: "{{ splunk.password }}" use_proxy: no register: dfs_limits_result changed_when: dfs_limits_result.status == 200 - name: Update search settings in limits.conf - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/system/configs/conf-limits/search" + splunk_api: + endpoint: system/configs/conf-limits/search method: POST user: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" validate_certs: false body: phased_execution: "true" max_searches_per_process: "1" - body_format: "form-urlencoded" - status_code: 200 - timeout: 10 - use_proxy: no register: search_limits_result - changed_when: search_limits_result.status == 200 + changed_when: search_limits_result.changed + failed_when: search_limits_result.failed + when: splunk is defined - name: Check for search_optimization::dfs_job_extractor in limits.conf" - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/system/configs/conf-limits/search_optimization%3a%3adfs_job_extractor" - method: GET + splunk_api: + endpoint: servicesNS/nobody/system/configs/conf-limits/search_optimization%3a%3adfs_job_extractor + method: POST user: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" validate_certs: false - use_proxy: no register: check_dfs_job_extractor_result failed_when: False changed_when: False - name: Create search_optimization::dfs_job_extractor in limits.conf - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/system/configs/conf-limits" + splunk_api: + endpoint: servicesNS/nobody/system/configs/conf-limits method: POST user: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" + svc_port: "{{ splunk.svc_port }}" force_basic_auth: yes validate_certs: false body: name: "search_optimization::dfs_job_extractor" enabled: "true" commands: "stats,join,sort,head,tail,reverse,dedup,rename,fields,union,from,eval" - body_format: "form-urlencoded" status_code: 201 timeout: 10 use_proxy: no @@ -90,18 +82,18 @@ when: check_dfs_job_extractor_result.status != 200 - name: Update search_optimization::dfs_job_extractor in limits.conf - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/system/configs/conf-limits/search_optimization%3a%3adfs_job_extractor" + splunk_api: + endpoint: servicesNS/nobody/system/configs/conf-limits/search_optimization%3a%3adfs_job_extractor method: POST user: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" + svc_port: "{{ splunk.svc_port }}" force_basic_auth: yes validate_certs: false body: enabled: "true" commands: "stats,join,sort,head,tail,reverse,dedup,rename,fields,union,from,eval" - body_format: "form-urlencoded" - status_code: 200 + status_code: [200] timeout: 10 use_proxy: no register: update_dfs_job_extractor_result diff --git a/roles/splunk_common/tasks/enable_forwarder_monitoring.yml b/roles/splunk_common/tasks/enable_forwarder_monitoring.yml index 41dd34b1..ed96e271 100644 --- a/roles/splunk_common/tasks/enable_forwarder_monitoring.yml +++ b/roles/splunk_common/tasks/enable_forwarder_monitoring.yml @@ -1,50 +1,50 @@ --- - name: Establish DMC forwarder monitor API set_fact: - dmc_forwarder_assets_url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/splunk_monitoring_console/saved/searches/DMC+Forwarder+-+Build+Asset+Table" + dmc_forwarder_assets_url: "/servicesNS/nobody/splunk_monitoring_console/saved/searches/DMC+Forwarder+-+Build+Asset+Table" - name: Retrieve forwarder assets query - uri: - url: "{{ dmc_forwarder_assets_url }}?output_mode=json" + splunk_api: method: GET - user: "{{ splunk.admin_user }}" + endpoint: "{{ dmc_forwarder_assets_url }}?output_mode=json" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false - status_code: 200,201 - timeout: 10 - use_proxy: no + svc_port: "{{ splunk.svc_port }}" + body: + body_format: "form-urlencoded" + status_code: [200,201] + timeout: 10 register: dmc_forwarder_build_assets no_log: "{{ hide_password }}" +# Is Use of Proxy Important - name: Configure forwarder assets search - uri: - url: "{{ dmc_forwarder_assets_url }}" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "{{ dmc_forwarder_assets_url }}" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" body: - search: "{{ dmc_forwarder_build_assets.json['entry'][0]['content']['search'] }}" + search: "{{ dmc_forwarder_build_assets.content['entry'][0]['content']['search'] }}" request.ui_dispatch_app: splunk_monitoring_console cron_schedule: "{{ dmc_asset_interval }}" alert.track: 0 disabled: 0 body_format: "form-urlencoded" - validate_certs: false - status_code: 200,201 + status_code: [200,201] timeout: 10 - use_proxy: no no_log: "{{ hide_password }}" - name: Build forwarder assets - uri: - url: "{{ dmc_forwarder_assets_url }}/dispatch" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "{{ dmc_forwarder_assets_url }}/dispatch" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false - status_code: 200,201 - use_proxy: no + svc_port: "{{ splunk.svc_port }}" + body: + body_format: "form-urlencoded" + status_code: [200, 201] + timeout: 10 no_log: "{{ hide_password }}" diff --git a/roles/splunk_common/tasks/extract_app.yml b/roles/splunk_common/tasks/extract_app.yml index 023d506a..b16f5257 100644 --- a/roles/splunk_common/tasks/extract_app.yml +++ b/roles/splunk_common/tasks/extract_app.yml @@ -1,21 +1,19 @@ --- - name: Install Splunkbase app - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/apps/local" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: /services/apps/local + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false + svc_port: "{{ splunk.svc_port }}" body: name: "{{ app_filepath }}" update: "true" filename: "true" auth: "{{ splunkbase_token }}" body_format: "form-urlencoded" - status_code: [ 200, 201 ] + status_code: 200,201 timeout: 300 - use_proxy: no when: - app_filepath is defined - "'splunkbase.splunk.com' in app_filepath" diff --git a/roles/splunk_common/tasks/install_apps.yml b/roles/splunk_common/tasks/install_apps.yml index d2ee7f25..0fed4865 100644 --- a/roles/splunk_common/tasks/install_apps.yml +++ b/roles/splunk_common/tasks/install_apps.yml @@ -1,23 +1,22 @@ --- - name: Install Splunkbase app - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/apps/local" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: /services/apps/local + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false + svc_port: "{{ splunk.svc_port }}" body: - name: "{{ app_url }}" + name: "{{ app_filepath }}" update: "true" filename: "true" auth: "{{ splunkbase_token }}" body_format: "form-urlencoded" - status_code: [ 200, 201 ] + status_code: 200,201 timeout: 300 - use_proxy: no when: - - "'splunkbase.splunk.com' in app_url" + - app_filepath is defined + - "'splunkbase.splunk.com' in app_filepath" - splunkbase_token is defined - splunkbase_token != None no_log: "{{ hide_password }}" @@ -72,29 +71,27 @@ notify: - Restart the splunkd service - - name: Install app via REST - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/apps/local" - method: POST - user: "{{ splunk.admin_user }}" - password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false - body: - name: "{{ app_filepath }}" - update: "true" - filename: "true" - body_format: "form-urlencoded" - status_code: [ 200, 201 ] - timeout: 90 - use_proxy: no - register: post_apps_local - until: post_apps_local is succeeded - retries: 5 - delay: "{{ retry_delay }}" - changed_when: post_apps_local.status == 201 - when: - - "'itsi' not in app_contents.stdout_lines" - - "'DA-ITSI-ContentLibrary' not in app_contents.stdout_lines" - - app_remote is changed or app_local.stat.exists - no_log: "{{ hide_password }}" +- name: Install app via REST + splunk_api: + method: POST + endpoint: "/services/apps/local" + username: "{{ splunk.admin_user }}" + password: "{{ splunk.password }}" + svc_port: "{{ splunk.svc_port }}" + body: + name: "{{ app_filepath }}" + update: "true" + filename: "true" + body_format: "form-urlencoded" + status_code: 200,201 + timeout: 90 + register: post_apps_local + until: post_apps_local is succeeded + retries: 5 + delay: "{{ retry_delay }}" + changed_when: post_apps_local.status == 201 + when: + - "'itsi' not in app_contents.stdout_lines" + - "'DA-ITSI-ContentLibrary' not in app_contents.stdout_lines" + - app_remote is changed or app_local.stat.exists + no_log: "{{ hide_password }}" diff --git a/roles/splunk_common/tasks/licenses/enable_forwarder_license.yml b/roles/splunk_common/tasks/licenses/enable_forwarder_license.yml index 29224b90..78cb0b66 100644 --- a/roles/splunk_common/tasks/licenses/enable_forwarder_license.yml +++ b/roles/splunk_common/tasks/licenses/enable_forwarder_license.yml @@ -1,31 +1,27 @@ --- - name: Check current license group - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/licenser/groups/Forwarder?output_mode=json" + splunk_api: method: GET - user: "{{ splunk.admin_user }}" + endpoint: "/services/licenser/groups/Forwarder?output_mode=json" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false - status_code: 200,404 + svc_port: "{{ splunk.svc_port }}" + status_code: '200,404' timeout: 10 - use_proxy: no register: check_fwd_lic changed_when: false no_log: "{{ hide_password }}" - name: Activate forwarder license - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/licenser/groups/Forwarder?output_mode=json" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "/services/licenser/groups/Forwarder?output_mode=json" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false + svc_port: "{{ splunk.svc_port }}" body: is_active: 1 body_format: "form-urlencoded" - status_code: 200 + status_code: [200] timeout: 10 - use_proxy: no - when: not check_fwd_lic.json.entry[0].content.is_active + when: not check_fwd_lic.content.json.entry[0].content.is_active diff --git a/roles/splunk_common/tasks/licenses/enable_free_license.yml b/roles/splunk_common/tasks/licenses/enable_free_license.yml index 9216f34e..bd2d2d01 100644 --- a/roles/splunk_common/tasks/licenses/enable_free_license.yml +++ b/roles/splunk_common/tasks/licenses/enable_free_license.yml @@ -1,13 +1,13 @@ --- - name: Check current license group - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/licenser/groups/Free?output_mode=json" + splunk_api: method: GET - user: "{{ splunk.admin_user }}" + endpoint: "/services/licenser/groups/Free?output_mode=json" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false - status_code: 200,404 + svc_port: "{{ splunk.svc_port }}" + body_format: "form-urlencoded" + status_code: "200,404" timeout: 10 use_proxy: no register: check_free_lic @@ -15,17 +15,16 @@ no_log: "{{ hide_password }}" - name: Activate free license - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/licenser/groups/Free?output_mode=json" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "/services/licenser/groups/Free?output_mode=json" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false + svc_port: "{{ splunk.svc_port }}" body: is_active: 1 body_format: "form-urlencoded" - status_code: 200 + status_code: [200] timeout: 10 use_proxy: no when: not check_free_lic.json.entry[0].content.is_active diff --git a/roles/splunk_common/tasks/main.yml b/roles/splunk_common/tasks/main.yml index 5b993845..b337ff63 100644 --- a/roles/splunk_common/tasks/main.yml +++ b/roles/splunk_common/tasks/main.yml @@ -50,6 +50,8 @@ - include_tasks: enable_admin_auth.yml +- include_tasks: set_mgmt_mode.yml + - include_tasks: set_launch_conf.yml when: - "'launch' in splunk and splunk.launch" @@ -122,6 +124,7 @@ - include_tasks: start_splunk.yml - include_tasks: set_certificate_prefix.yml + when: splunk.splunk_http_enabled|bool == true - include_tasks: clean_user_seed.yml diff --git a/roles/splunk_common/tasks/peer_cluster_master.yml b/roles/splunk_common/tasks/peer_cluster_master.yml index 8e2b70ba..4e2d50ac 100644 --- a/roles/splunk_common/tasks/peer_cluster_master.yml +++ b/roles/splunk_common/tasks/peer_cluster_master.yml @@ -3,11 +3,29 @@ vars: splunk_instance_address: "{{ splunk.cluster_master_url }}" +# Do I need to upate this line? # http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/SHCandindexercluster#Integrate_with_a_single-site_indexer_cluster -- name: Peer cluster master +- name: Peer cluster master TCP command: "{{ splunk.exec }} edit cluster-config -mode searchhead -master_uri {{ cert_prefix }}://{{ splunk.cluster_master_url }}:{{ splunk.svc_port }} -replication_port {{ splunk.idxc.replication_port }} -secret '{{ splunk.idxc.pass4SymmKey }}' -auth '{{ splunk.admin_user }}:{{ splunk.password }}'" become: yes become_user: "{{ splunk.user }}" + when: splunk.splunk_http_enabled|bool == true + register: peer_cluster_master + until: peer_cluster_master.rc == 0 or "Cannot edit this searchhead" in peer_cluster_master.stderr + changed_when: peer_cluster_master.rc == 0 + failed_when: peer_cluster_master.rc != 0 and "Cannot edit this searchhead" not in peer_cluster_master.stderr + retries: "{{ retry_num }}" + delay: "{{ retry_delay }}" + ignore_errors: yes + notify: + - Restart the splunkd service + no_log: "{{ hide_password }}" + +- name: Peer cluster master UDS + command: "{{ splunk.exec }} edit cluster-config -mode searchhead -master_uri http+unix://{{ splunk.uds_socket_path_url }} -replication_port {{ splunk.idxc.replication_port }} -secret '{{ splunk.idxc.pass4SymmKey }}' -auth '{{ splunk.admin_user }}:{{ splunk.password }}'" + become: yes + become_user: "{{ splunk.user }}" + when: splunk.splunk_http_enabled|bool == false register: peer_cluster_master until: peer_cluster_master.rc == 0 or "Cannot edit this searchhead" in peer_cluster_master.stderr changed_when: peer_cluster_master.rc == 0 diff --git a/roles/splunk_common/tasks/peer_indexers.yml b/roles/splunk_common/tasks/peer_indexers.yml index 0a1880d3..a7160a3b 100644 --- a/roles/splunk_common/tasks/peer_indexers.yml +++ b/roles/splunk_common/tasks/peer_indexers.yml @@ -3,6 +3,7 @@ vars: splunk_instance_address: "{{ idx }}" +# INFRA-38882: Do I need to update this task as well? - name: "Add {{ idx }} as search peer" command: "{{ splunk.exec }} add search-server {{ cert_prefix }}://{{ idx }}:{{ splunk.svc_port }} -auth {{ splunk.admin_user }}:{{ splunk.password }} -remoteUsername {{ splunk.admin_user }} -remotePassword {{ splunk.password }}" become: yes diff --git a/roles/splunk_common/tasks/premium_apps/configure_ess.yml b/roles/splunk_common/tasks/premium_apps/configure_ess.yml index 2f14cac3..368aee52 100644 --- a/roles/splunk_common/tasks/premium_apps/configure_ess.yml +++ b/roles/splunk_common/tasks/premium_apps/configure_ess.yml @@ -5,16 +5,14 @@ become_user: "{{ splunk.user }}" - name: Get ESS version - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/apps/local/SplunkEnterpriseSecuritySuite?output_mode=json" + splunk_api: + endpoint: apps/local/SplunkEnterpriseSecuritySuite method: GET - user: "{{ splunk.admin_user }}" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" validate_certs: false - status_code: 200 timeout: 10 - use_proxy: no register: ess_info no_log: "{{ hide_password }}" diff --git a/roles/splunk_common/tasks/premium_apps/configure_itsi.yml b/roles/splunk_common/tasks/premium_apps/configure_itsi.yml index af8a256f..5a4c62e7 100644 --- a/roles/splunk_common/tasks/premium_apps/configure_itsi.yml +++ b/roles/splunk_common/tasks/premium_apps/configure_itsi.yml @@ -1,18 +1,17 @@ ---- - name: Create ITSI admin role - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/itsi/authorization/roles" - method: POST - user: "{{ splunk.admin_user }}" - password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false - body: "name=itsi_admin&imported_roles=itoa_user&imported_roles=itoa_analyst&imported_roles=itoa_admin" - headers: - Content-Type: "application/x-www-form-urlencoded" - status_code: [201, 409] - timeout: 10 - use_proxy: no + splunk_api: + endpoint: "servicesNS/nobody/itsi/authorization/roles" + method: "POST" + svc_port: "{{ splunk.svc_port }}" + body: + name: "itsi_admin" + imported_roles: + - "itoa_user" + - "itoa_analyst" + - "itoa_admin" + status_codes: + - 201 + - 409 register: setup_itsi_role retries: "{{ retry_num }}" delay: "{{ retry_delay }}" @@ -23,19 +22,17 @@ - Restart the splunkd service - name: Create ITSI admin user - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/itsi/authentication/users/admin" - method: POST - user: "{{ splunk.admin_user }}" - password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false - body: "roles=itsi_admin&roles=admin" - headers: - Content-Type: "application/x-www-form-urlencoded" - status_code: [200, 409] - timeout: 10 - use_proxy: no + splunk_api: + endpoint: "servicesNS/nobody/itsi/authentication/users/admin" + method: "POST" + svc_port: "{{ splunk.svc_port }}" + body: + roles: + - "itsi_admin" + - "admin" + status_codes: + - 200 + - 409 register: setup_itsi_user retries: "{{ retry_num }}" delay: "{{ retry_delay }}" diff --git a/roles/splunk_common/tasks/set_as_deployment_client.yml b/roles/splunk_common/tasks/set_as_deployment_client.yml index 895f0318..4e64d12d 100644 --- a/roles/splunk_common/tasks/set_as_deployment_client.yml +++ b/roles/splunk_common/tasks/set_as_deployment_client.yml @@ -6,6 +6,7 @@ vars: splunk_instance_address: "{{ splunk.deployment_server }}" +# INFRA-38882: Do I need to update this task as well? or does the splunk_exec handle it? - name: Set node as deployment client command: "{{ splunk.exec }} set deploy-poll {{ splunk.deployment_server }}:{{ splunk.svc_port }} -auth '{{ splunk.admin_user }}:{{ splunk.password }}'" become: yes diff --git a/roles/splunk_common/tasks/set_as_hec_receiver.yml b/roles/splunk_common/tasks/set_as_hec_receiver.yml index b2683737..c3d69ad5 100644 --- a/roles/splunk_common/tasks/set_as_hec_receiver.yml +++ b/roles/splunk_common/tasks/set_as_hec_receiver.yml @@ -1,40 +1,46 @@ --- # TODO: Remove all secondary conditionals on deprecation of splunk.hec_* variables +- name: Check UDS info + command: cat "{{ splunk.home }}/etc/system/local/server.conf" + register: uds_conf + +- debug: msg="{{ uds_conf.stdout }}" + +- name: Check UDS info - 2 + command: ls -ltra "{{ splunk.home }}/var/run/splunk/" + register: uds_conf_2 + +- debug: msg="{{ uds_conf_2.stdout }}" + - name: Setup global HEC - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/data/inputs/http/http" + splunk_api: + url: "/services/data/inputs/http/http" method: POST - user: "{{ splunk.admin_user }}" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false + svc_port: "{{ splunk.svc_port }}" body: disabled: "{% if ('hec' in splunk and 'enable' in splunk.hec and splunk.hec.enable | bool) or ('hec_disabled' in splunk and not splunk.hec_disabled | bool) %}0{% else %}1{% endif %}" enableSSL: "{% if ('hec' in splunk and 'ssl' in splunk.hec and splunk.hec.ssl | bool) or ('hec_enableSSL' in splunk and splunk.hec_enableSSL | bool) %}1{% else %}0{% endif %}" port: "{% if 'hec' in splunk and 'port' in splunk.hec and splunk.hec.port %}{{ splunk.hec.port }}{% elif 'hec_port' in splunk and splunk.hec_port %}{{ splunk.hec_port }}{% else %}8088{% endif %}" serverCert: "{% if 'hec' in splunk and 'cert' in splunk.hec and splunk.hec.cert %}{{ splunk.hec.cert }}{% endif %}" sslPassword: "{% if 'hec' in splunk and 'password' in splunk.hec and splunk.hec.password %}{{ splunk.hec.password }}{% endif %}" - body_format: "form-urlencoded" - status_code: 200 - timeout: 60 - use_proxy: no - no_log: "{{ hide_password }}" + # body_format: "form-urlencoded" + ignore_errors: yes + register: sample - name: Get existing HEC token - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/data/inputs/http/splunk_hec_token?output_mode=json" + splunk_api: + url: "/services/data/inputs/http/splunk_hec_token?output_mode=json" method: GET - user: "{{ splunk.admin_user }}" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false - status_code: 200,404 - timeout: 60 - use_proxy: no + svc_port: "{{ splunk.svc_port }}" + status_code: [200, 404] + svc_port: "{{ splunk.svc_port }}" register: hec_token when: ('hec' in splunk and 'token' in splunk.hec) or ('hec_token' in splunk) - no_log: "{{ hide_password }}" # The REST API does not support modifying tokens in-place, so we'll need to delete/re-create - name: Remove existing HEC token @@ -51,26 +57,25 @@ register: delete_hec_token changed_when: delete_hec_token.status == 200 when: + #- "splunk.splunk_http_enabled" - hec_token is defined and hec_token.status == 200 - ('hec' in splunk and 'token' in splunk.hec and hec_token.json['entry'][0]['content']['token'] != splunk.hec.token) or ('hec_token' in splunk and hec_token.json['entry'][0]['content']['token'] != splunk.hec_token) no_log: "{{ hide_password }}" - name: Update HEC token configuration - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/data/inputs/http" + splunk_api: + url: "/services/data/inputs/http" method: POST - user: "{{ splunk.admin_user }}" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false + svc_port: "{{ splunk.svc_port }}" body: name: "splunk_hec_token" token: "{% if 'hec' in splunk and 'token' in splunk.hec and splunk.hec.token %}{{ splunk.hec.token }}{% else %}{{ splunk.hec_token }}{% endif %}" - body_format: "form-urlencoded" - status_code: 201,409 - timeout: 60 - use_proxy: no + # body_format: "form-urlencoded" + status_code: [201,409] register: create_hec_token changed_when: create_hec_token.status == 201 - when: ('hec' in splunk and 'token' in splunk.hec and splunk.hec.token) or ('hec_token' in splunk and splunk.hec_token) - no_log: "{{ hide_password }}" + when: + - hec_token is defined and hec_token.status == 200 + - ('hec' in splunk and 'token' in splunk.hec and splunk.hec.token) or ('hec_token' in splunk and splunk.hec_token) diff --git a/roles/splunk_common/tasks/set_certificate_prefix.yml b/roles/splunk_common/tasks/set_certificate_prefix.yml index 7f7391d1..c1a28b7b 100644 --- a/roles/splunk_common/tasks/set_certificate_prefix.yml +++ b/roles/splunk_common/tasks/set_certificate_prefix.yml @@ -8,12 +8,14 @@ timeout: 10 use_proxy: no register: ssl_enabled + when: splunk.splunk_http_enabled|bool == true ignore_errors: true delay: "{{ retry_delay }}" retries: "{{ retry_num }}" failed_when: 'ssl_enabled.status == -1 and "SSL: WRONG_VERSION_NUMBER" not in ssl_enabled.msg' until: 'ssl_enabled.status == 200 or ssl_enabled.status == 404 or "SSL: WRONG_VERSION_NUMBER" in ssl_enabled.msg' +# UPDATE INFRA-38882: Where is this task getting called do we need to rewrire it? # If the https call failed, we will revert to http and continue REST with normal error handling - name: "Set url prefix for future REST calls" set_fact: diff --git a/roles/splunk_common/tasks/set_mgmt_mode.yml b/roles/splunk_common/tasks/set_mgmt_mode.yml new file mode 100644 index 00000000..1ef8a1d4 --- /dev/null +++ b/roles/splunk_common/tasks/set_mgmt_mode.yml @@ -0,0 +1,20 @@ +--- +- name: Set Mgmt Mode UDS + ini_file: + dest: "{{ splunk.home }}/etc/system/local/server.conf" + option: "mgmtMode" + section: "httpServer" + value: "auto" + owner: "{{ splunk.user }}" + group: "{{ splunk.group }}" + when: splunk.role == "splunk_universal_forwarder" and splunk.splunk_http_enabled|bool == false + +- name: Set Mgmt Mode TCP + ini_file: + dest: "{{ splunk.home }}/etc/system/local/server.conf" + option: "mgmtMode" + section: "httpServer" + value: "tcp" + owner: "{{ splunk.user }}" + group: "{{ splunk.group }}" + when: splunk.role == "splunk_universal_forwarder" and splunk.splunk_http_enabled|bool == true diff --git a/roles/splunk_common/tasks/start_splunk.yml b/roles/splunk_common/tasks/start_splunk.yml index f5197612..0508961f 100644 --- a/roles/splunk_common/tasks/start_splunk.yml +++ b/roles/splunk_common/tasks/start_splunk.yml @@ -53,6 +53,7 @@ - name: "Wait for splunkd management port" wait_for: port: "{{ splunk.svc_port }}" + when: splunk.splunk_http_enabled|bool == true - name: Flush restart handlers meta: flush_handlers diff --git a/roles/splunk_common/tasks/wait_for_splunk_instance.yml b/roles/splunk_common/tasks/wait_for_splunk_instance.yml index 17fcf95a..0733c29d 100644 --- a/roles/splunk_common/tasks/wait_for_splunk_instance.yml +++ b/roles/splunk_common/tasks/wait_for_splunk_instance.yml @@ -1,8 +1,9 @@ --- - name: Check Splunk instance is running - uri: - url: "{{ scheme | default(cert_prefix) }}://{{ splunk_instance_address }}:{{ port | default(splunk.svc_port) }}" + splunk_api: + url: "" method: GET + port: "{{ port | default(splunk.svc_port) }}" validate_certs: false use_proxy: no register: task_response @@ -12,3 +13,4 @@ delay: "{{ retry_delay }}" ignore_errors: true no_log: "{{ hide_password }}" +# INFRA-38882 diff --git a/roles/splunk_common/tasks/wait_for_splunk_process.yml b/roles/splunk_common/tasks/wait_for_splunk_process.yml index d328635c..6f3e53c6 100644 --- a/roles/splunk_common/tasks/wait_for_splunk_process.yml +++ b/roles/splunk_common/tasks/wait_for_splunk_process.yml @@ -9,4 +9,5 @@ wait_for: host: 127.0.0.1 port: "{{ splunk.svc_port }}" - timeout: 900 + timeout: 180 + when: splunk.splunk_http_enabled|bool == true diff --git a/roles/splunk_deployer/tasks/bundle_push_to_search_heads.yml b/roles/splunk_deployer/tasks/bundle_push_to_search_heads.yml index b4533d7f..f4fd331d 100644 --- a/roles/splunk_deployer/tasks/bundle_push_to_search_heads.yml +++ b/roles/splunk_deployer/tasks/bundle_push_to_search_heads.yml @@ -15,3 +15,4 @@ - debug: msg: "WARNING: Applying shcluster bundle failed - proceeding anyways..." when: shcluster_bundle.rc != 0 +#INFRA-38882 Do we need to update or is it already handled through exec \ No newline at end of file diff --git a/roles/splunk_deployer/tasks/main.yml b/roles/splunk_deployer/tasks/main.yml index baf1ba7e..64ac2384 100644 --- a/roles/splunk_deployer/tasks/main.yml +++ b/roles/splunk_deployer/tasks/main.yml @@ -20,17 +20,16 @@ # https://docs.splunk.com/Documentation/Splunk/latest/DistSearch/PropagateSHCconfigurationchanges#Set_the_deployer_push_mode - name: Set deployer push mode - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/system/configs/conf-app/shclustering" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "/servicesNS/nobody/system/configs/conf-app/shclustering" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false + svc_port: "{{ splunk.svc_port }}" body: deployer_push_mode: "{{ splunk.shc.deployer_push_mode }}" body_format: "form-urlencoded" - status_code: 200 + status_code: [200] timeout: 10 use_proxy: no when: "'deployer_push_mode' in splunk.shc and splunk.shc.deployer_push_mode" diff --git a/roles/splunk_indexer/tasks/indexer_clustering.yml b/roles/splunk_indexer/tasks/indexer_clustering.yml index 8f92e482..4f5811ac 100644 --- a/roles/splunk_indexer/tasks/indexer_clustering.yml +++ b/roles/splunk_indexer/tasks/indexer_clustering.yml @@ -16,3 +16,4 @@ notify: - Restart the splunkd service no_log: "{{ hide_password }}" +#INFRA-38882: Update \ No newline at end of file diff --git a/roles/splunk_indexer/tasks/setup_multisite.yml b/roles/splunk_indexer/tasks/setup_multisite.yml index 014e5ae2..8f371bfa 100644 --- a/roles/splunk_indexer/tasks/setup_multisite.yml +++ b/roles/splunk_indexer/tasks/setup_multisite.yml @@ -19,3 +19,5 @@ notify: - Restart the splunkd service no_log: "{{ hide_password }}" + +#INFRA-38882: Update \ No newline at end of file diff --git a/roles/splunk_monitor/tasks/adding_peers.yml b/roles/splunk_monitor/tasks/adding_peers.yml index 257cdc63..94cb5f8d 100644 --- a/roles/splunk_monitor/tasks/adding_peers.yml +++ b/roles/splunk_monitor/tasks/adding_peers.yml @@ -1,18 +1,18 @@ --- - name: Fetch distsearch server info - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/search/configs/conf-distsearch/distributedSearch?output_mode=json" + splunk_api: method: GET - user: "{{ splunk.admin_user }}" + endpoint: "/servicesNS/nobody/search/configs/conf-distsearch/distributedSearch?output_mode=json" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false - status_code: 200 + svc_port: "{{ splunk.svc_port }}" + body_format: "json" + status_code: [200] return_content: yes - body_format: json + timeout: 10 use_proxy: no register: distsearch_server_info - + no_log: "{{ hide_password }}" - name: Initialize lists set_fact: current_group_list: [] @@ -33,6 +33,7 @@ set_fact: updated_group_list: "{{ updated_group_list }} + [ '{{ cert_prefix }}://{{ item }}:{{ splunk.svc_port }}' ]" with_items: "{{ group_list }}" + #INFRA-38882: Update Task? - name: Non-existent peers list set_fact: @@ -75,3 +76,4 @@ - Restart the splunkd service no_log: "{{ hide_password }}" with_items: "{{ group_list }}" +#INFRA-38882: Update exec? diff --git a/roles/splunk_monitor/tasks/initialize_dmc.yml b/roles/splunk_monitor/tasks/initialize_dmc.yml index 19edbbfa..2b2b3cf3 100644 --- a/roles/splunk_monitor/tasks/initialize_dmc.yml +++ b/roles/splunk_monitor/tasks/initialize_dmc.yml @@ -1,68 +1,64 @@ --- - name: dmc_asset_build_full - GET - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/splunk_monitoring_console/saved/searches/DMC%20Asset%20-%20Build%20Full?output_mode=json" + splunk_api: method: GET - user: "{{ splunk.admin_user }}" + endpoint: "/servicesNS/nobody/splunk_monitoring_console/saved/searches/DMC%20Asset%20-%20Build%20Full?output_mode=json" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false - status_code: 200 - return_content: yes + svc_port: "{{ splunk.svc_port }}" + body_format: "form-urlencoded" + status_code: [200] + return_content: true use_proxy: no register: dmc_asset_build_full - name: dmc_asset_build_full - POST - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/splunk_monitoring_console/saved/searches/DMC%20Asset%20-%20Build%20Full/dispatch" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "/servicesNS/nobody/splunk_monitoring_console/saved/searches/DMC%20Asset%20-%20Build%20Full/dispatch" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" body: trigger_actions: true dispatch.auto_cancel: "{{ dmc_asset_build_full.json['entry'][0]['content']['dispatch.auto_cancel'] }}" dispatch.buckets: "{{ dmc_asset_build_full.json['entry'][0]['content']['dispatch.buckets'] }}" dispatch.enablePreview: true body_format: "form-urlencoded" - validate_certs: false - status_code: 200,201,409 - use_proxy: no + status_code: "200,201,409" - name: UI - GET - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/splunk_monitoring_console/data/ui/nav/default.distributed?output_mode=json" + splunk_api: method: GET - user: "{{ splunk.admin_user }}" + endpoint: "/servicesNS/nobody/splunk_monitoring_console/data/ui/nav/default.distributed?output_mode=json" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false - status_code: 200 - return_content: yes + svc_port: "{{ splunk.svc_port }}" + body_format: "form-urlencoded" + status_code: [200] + return_content: true use_proxy: no register: settings - name: UI - POST - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/splunk_monitoring_console/data/ui/nav/default" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "/servicesNS/nobody/splunk_monitoring_console/data/ui/nav/default" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" body: eai:data: "{{ settings.json['entry'][0]['content']['eai:data'] }}" body_format: "form-urlencoded" - validate_certs: false - status_code: 200,201,409 - use_proxy: no + status_code: "200,201,409" - name: DMC Conf - POST - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/splunk_monitoring_console/configs/conf-splunk_monitoring_console_assets/settings" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "/servicesNS/nobody/splunk_monitoring_console/configs/conf-splunk_monitoring_console_assets/settings" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" body: configuredPeers: "{{ configured_peers }}" disabled: "{{ settings.json['entry'][0]['content']['disabled'] }}" @@ -70,18 +66,15 @@ eai:appName: "{{ settings.json['entry'][0]['content']['eai:appName'] }}" eai:userName: "{{ settings.json['entry'][0]['content']['eai:userName'] }}" body_format: "form-urlencoded" - validate_certs: false - status_code: 200,201,409 - use_proxy: no + status_code: "200,201,409" - name: DMC Settings - POST - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/system/apps/local/splunk_monitoring_console" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "/servicesNS/nobody/system/apps/local/splunk_monitoring_console" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" body: "author=Splunk&check_for_updates=1&configured=1&label=Monitoring+Console&version={{ settings.json['generator']['version'] }}&visible=1" - validate_certs: false - status_code: 200,201,409 - use_proxy: no + body_format: "form" + status_code: "200,201,409" diff --git a/roles/splunk_monitor/tasks/main.yml b/roles/splunk_monitor/tasks/main.yml index ace0056e..f611707f 100644 --- a/roles/splunk_monitor/tasks/main.yml +++ b/roles/splunk_monitor/tasks/main.yml @@ -5,17 +5,15 @@ meta: flush_handlers - name: Fetch server info - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/server/info/server-info?output_mode=json" + splunk_api: method: GET - user: "{{ splunk.admin_user }}" + endpoint: "/services/server/info/server-info?output_mode=json" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false - status_code: 200 + svc_port: "{{ splunk.svc_port }}" + status_code: [200] timeout: 10 return_content: yes - use_proxy: no register: server_info no_log: "{{ hide_password }}" @@ -24,14 +22,14 @@ cluster_master_peers: [] - name: Fetch clusterMaster peers - uri: - url: "{{ cert_prefix }}://{{ splunk.cluster_master_url }}:{{ splunk.svc_port }}/services/cluster/master/peers?output_mode=json&count=0" + splunk_api: method: GET - user: "{{ splunk.admin_user }}" + endpoint: "/services/cluster/master/peers?output_mode=json&count=0" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" validate_certs: false - status_code: 200 + status_code: [200] timeout: 10 return_content: yes use_proxy: no @@ -48,14 +46,14 @@ when: splunk_indexer_cluster or splunk.multisite_master is defined - name: Fetch distributed peers when cm is defined - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/search/distributed/peers?output_mode=json&count=0" + splunk_api: method: GET - user: "{{ splunk.admin_user }}" + endpoint: "/services/search/distributed/peers?output_mode=json&count=0" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" validate_certs: false - status_code: 200 + status_code: [200] timeout: 10 return_content: yes use_proxy: no @@ -69,14 +67,14 @@ delay: "{{ retry_delay }}" - name: Fetch distributed peers - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/search/distributed/peers?output_mode=json&count=0" + splunk_api: method: GET - user: "{{ splunk.admin_user }}" + endpoint: "/services/search/distributed/peers?output_mode=json&count=0" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" validate_certs: false - status_code: 200 + status_code: [200] timeout: 10 return_content: yes use_proxy: no diff --git a/roles/splunk_monitor/tasks/post_calls.yml b/roles/splunk_monitor/tasks/post_calls.yml index 73baa383..855e2a2c 100644 --- a/roles/splunk_monitor/tasks/post_calls.yml +++ b/roles/splunk_monitor/tasks/post_calls.yml @@ -10,15 +10,16 @@ dmc_group_shc_deployer: "default=false&name=dmc_group_shc_deployer" - name: POST Requests - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/search/distributed/groups" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "/services/search/distributed/groups" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" body: "{{ item }}" - validate_certs: false - status_code: 201,409 + body_format: "form-urlencoded" + status_code: "201,409" + timeout: 10 use_proxy: no register: distributed_groups loop: @@ -31,15 +32,16 @@ - "{{ dmc_group_shc_deployer }}" - name: Edit DMC Group Requests - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/search/distributed/groups/{{ item }}/edit" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "/services/search/distributed/groups/{{ item }}/edit" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" body: "{{ item }}" - validate_certs: false - status_code: 201,409 + body_format: "form-urlencoded" + status_code: "201,409" + timeout: 10 use_proxy: no loop: - "{{ dmc_group_cluster_master }}" @@ -52,30 +54,32 @@ when: distributed_groups.results[0].status == 409 - name: Cluster Label POST Requests - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/search/distributed/groups" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "/services/search/distributed/groups" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" body: "member={{ item.name }}&default=false&name=dmc_indexerclustergroup_{{ item.cluster_label }}" - validate_certs: false - status_code: 201,409 + body_format: "form-urlencoded" + status_code: "201,409" + timeout: 10 use_proxy: no loop: "{{ cluster_label_list_of_dicts }}" register: cluster_label when: cluster_label_list_of_dicts is defined and item.cluster_label | length > 0 - name: Edit Cluster Label POST Requests - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/search/distributed/groups" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "/services/search/distributed/groups" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes + svc_port: "{{ splunk.svc_port }}" body: "member={{ item.name }}&default=false&name=dmc_indexerclustergroup_{{ item.cluster_label }}/edit" - validate_certs: false - status_code: 201,409 + body_format: "form-urlencoded" + status_code: "201,409" + timeout: 10 use_proxy: no loop: "{{ cluster_label_list_of_dicts }}" - when: cluster_label_list_of_dicts is defined and item.cluster_label | length > 0 and cluster_label.results[0].status == 409 \ No newline at end of file + when: cluster_label_list_of_dicts is defined and item.cluster_label | length > 0 and cluster_label.results[0].status == 409 diff --git a/roles/splunk_monitor/tasks/setup_multisite.yml b/roles/splunk_monitor/tasks/setup_multisite.yml index f9f67dfd..154939ce 100644 --- a/roles/splunk_monitor/tasks/setup_multisite.yml +++ b/roles/splunk_monitor/tasks/setup_multisite.yml @@ -6,7 +6,7 @@ - name: Convert Extrenal Cluster Master Name into Internal URI set_fact: multisite_master_uri: "{{ cert_prefix }}://{{ splunk.multisite_master }}:{{ splunk.svc_port }}" - +#INFRA-38882: Update - name: Setup SH - Multisite command: "{{ splunk.exec }} edit cluster-config -mode searchhead -master_uri {{ multisite_master_uri }} -auth {{ splunk.admin_user }}:{{ splunk.password }} -secret {{ splunk.idxc.pass4SymmKey }}" become: yes diff --git a/roles/splunk_search_head/tasks/search_head_clustering.yml b/roles/splunk_search_head/tasks/search_head_clustering.yml index 0dea8555..49e0fee3 100644 --- a/roles/splunk_search_head/tasks/search_head_clustering.yml +++ b/roles/splunk_search_head/tasks/search_head_clustering.yml @@ -2,7 +2,7 @@ - include_tasks: ../../../roles/splunk_common/tasks/wait_for_splunk_instance.yml vars: splunk_instance_address: "{{ splunk.deployer_url }}" - +#INFRA-38882: Update exec command? - name: Initialize SHC cluster config command: "{{ splunk.exec }} init shcluster-config -auth '{{ splunk.admin_user }}:{{ splunk.password }}' -mgmt_uri '{{ cert_prefix }}://{{ splunk.hostname }}:{{ splunk.svc_port }}' -replication_port {{ splunk.shc.replication_port }} -replication_factor {{ splunk.shc.replication_factor }} -conf_deploy_fetch_url '{{ cert_prefix }}://{{ splunk.deployer_url }}:{{ splunk.svc_port }}' -secret '{{ splunk.shc.pass4SymmKey }}' -shcluster_label '{{ splunk.shc.label }}'" become: yes @@ -17,20 +17,22 @@ no_log: "{{ hide_password }}" - name: Set desired preferred captaincy - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/servicesNS/nobody/system/configs/conf-server/shclustering" + splunk_api: method: POST - user: "{{ splunk.admin_user }}" + endpoint: "/servicesNS/nobody/system/configs/conf-server/shclustering" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - force_basic_auth: yes - validate_certs: false + svc_port: "{{ splunk.svc_port }}" body: preferred_captain: "{{ splunk_search_head_captain | bool | lower }}" body_format: "form-urlencoded" + status_code: "200,409" timeout: 10 use_proxy: no notify: - Restart the splunkd service + register: preferred_captaincy_result + changed_when: false no_log: "{{ hide_password }}" when: - splunk_search_head_captain is defined and splunk.preferred_captaincy | bool @@ -44,6 +46,7 @@ vars: splunk_instance_address: "{{ splunk.deployer_url }}" +#INFRA-38882: Update exec command? - name: Boostrap SHC captain command: "{{ splunk.exec }} bootstrap shcluster-captain -servers_list '{% for host in groups['splunk_search_head'] %}{{ cert_prefix }}://{{ host }}:{{ splunk.svc_port }}{% if not loop.last %},{% endif %}{% endfor %}' -auth '{{ splunk.admin_user }}:{{ splunk.password }}'" become: yes @@ -59,6 +62,7 @@ - Restart the splunkd service no_log: "{{ hide_password }}" +#INFRA-38882: Update exec command? - name: Add new member to SHC command: "{{ splunk.exec }} add shcluster-member -current_member_uri {{ cert_prefix }}://{{ splunk.search_head_captain_url }}:{{ splunk.svc_port }} -auth {{ splunk.admin_user }}:{{ splunk.password }}" become: yes diff --git a/roles/splunk_search_head/tasks/setup_multisite.yml b/roles/splunk_search_head/tasks/setup_multisite.yml index 9610c0eb..6375f55c 100644 --- a/roles/splunk_search_head/tasks/setup_multisite.yml +++ b/roles/splunk_search_head/tasks/setup_multisite.yml @@ -2,7 +2,8 @@ - include_tasks: ../../../roles/splunk_common/tasks/wait_for_splunk_instance.yml vars: splunk_instance_address: "{{ splunk.multisite_master }}" - + +#INFRA-38882: Update exec command? - name: Convert Extrenal Cluster Master Name into Internal URI set_fact: multisite_master_uri: "{{ cert_prefix }}://{{ splunk.multisite_master }}:{{ splunk.svc_port }}" diff --git a/roles/splunk_universal_forwarder/tasks/set_mgmt_mode.yml b/roles/splunk_universal_forwarder/tasks/set_mgmt_mode.yml new file mode 100644 index 00000000..fccad701 --- /dev/null +++ b/roles/splunk_universal_forwarder/tasks/set_mgmt_mode.yml @@ -0,0 +1,8 @@ +--- +- name: Set Mgmt Mode + ini_file: + dest: "{{ splunk.home }}/etc/system/local/server.conf" + option: "mgmtMode" + value: "auto" + owner: "{{ splunk.user }}" + group: "{{ splunk.group }}" diff --git a/test-playbook.yml b/test-playbook.yml new file mode 100644 index 00000000..6bcf78d4 --- /dev/null +++ b/test-playbook.yml @@ -0,0 +1,17 @@ +--- +- name: Run default Splunk provisioning + hosts: localhost + gather_facts: true + strategy: free + environment: "{{ ansible_environment | default({}) }}" + tasks: + - name: Get existing HEC token + splunk_api: + url: "/services/data/inputs/http/splunk_hec_token?output_mode=json" + method: GET + user: "{{ splunk.admin_user }}" + password: "{{ splunk.password }}" + status_code: [200, 404] + register: hec_token + when: ('hec' in splunk and 'token' in splunk.hec) or ('hec_token' in splunk) + no_log: "{{ hide_password }}" \ No newline at end of file diff --git a/tests/requirements.txt b/tests/requirements.txt index fd3839ed..2ce6653e 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -4,9 +4,8 @@ pylint mock docker requests -molecule==3.0.8 coverage caniusepython3 -ansible==7.0.0 -ansible-lint>=4.2.0 +ansible +ansible-lint testinfra diff --git a/tests/small/test_environ.py b/tests/small/test_environ.py index 6396be61..78632a5f 100644 --- a/tests/small/test_environ.py +++ b/tests/small/test_environ.py @@ -905,6 +905,7 @@ def test_overrideEnvironmentVars(default_yml, os_env, key, value): "user": "splunk", "group": "splunk", "root_endpoint": None, + "enable_tcp_mode": True, "svc_port": 8089, "s2s": {"port": 9997}, "appserver": {"port": 8065},