Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enable_forwarding.yml runs before splunk is started but add_forward_server.yml needs it started #790

Open
tod-uma opened this issue Mar 7, 2024 · 0 comments
Open

enable_forwarding.yml runs before splunk is started but add_forward_server.yml needs it started #790

tod-uma opened this issue Mar 7, 2024 · 0 comments

Comments

@tod-uma
Copy link
Contributor

tod-uma commented Mar 7, 2024

I am trying to set up a universal forwarder where I have two forward_servers defined. The scripts are failing because they now try to do this before splunk is started.

in roles/splunk_common_tasks/main.yml line 111:

# Generate outputs.conf before splunk starts to prevent data being indexed locally
- include_tasks: enable_forwarding.yml 
  when:
    # Indexers should never forward 
    - splunk.role != "splunk_indexer"
    -  (splunk.role != "splunk_standalone" and splunk.role != "splunk_search_head") or
        (splunk_indexer_cluster | bool or splunk_forward_servers is defined)

then in roles/splunk_common/tasks/enable_forwarding.yml line 68:

# set up forward servers set by get_facts                                                      
- name: Add forward_servers                                                                    
  include_tasks: ../../../roles/splunk_common/tasks/add_forward_server.yml                     
  vars:                                                                                        
    forward_servers: "{{ splunk_forward_servers }}"                                            
  when:                                                                                        
    - not splunk_indexer_cluster | bool                                                        
    - splunk_forward_servers is defined

and finally in roles/splunk_common/tasks/add_forward_server.yml line 2:

- name: "Enable forwarding to {{ forward_servers }}"                                           
  command: "{{ splunk.exec }} add forward-server {{ item }}:{{ splunk.s2s.port if splunk.s2s.port is defined else splunk.s2s_port }} -auth {{ splunk.admin_user }}:{{ splunk.password }} --accept-license --answer-yes --no-prompt" 
  become: yes                                                                                  
  become_user: "{{ splunk.user }}"                                                             
  with_items: "{{ forward_servers }}"                                                          
  register: forward_status                                                                     
  when: '("s2s" not in splunk and "s2s_port" in splunk) or ("s2s" in splunk and ("ssl" not in splunk.s2s or ("ssl" in splunk.s2s and not splunk.s2s.ssl))) | bool'
  changed_when:                                                                 
    - "'Added forwarding to: ' in forward_status.stdout"                                       
    - "'forwarded-server already present' not in forward_status.stderr"                        
  failed_when:                                                                                 
    - forward_status.rc != 0                                                                   
    - "'forwarded-server already present' not in forward_status.stderr"                        
  no_log: "{{ hide_password }}"

I can try to submit a PR to fix it, but I want to know what direction to go before I make it. Should I move the add_forward_server to after splunk starts so that we can continue to use the splunk binary to add the forward servers, or should I change it to edit the outputs.conf directly?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tod-uma