From 8446e949634146017b091b6a7d19eb79e5f3c01c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Schneewei=C3=9F?= Date: Sat, 8 Oct 2022 17:00:35 +0200 Subject: [PATCH 1/2] Add the code for the "Manager" option; have both old and new option removed for the LM uri --- roles/splunk/tasks/configure_license.yml | 28 ++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/roles/splunk/tasks/configure_license.yml b/roles/splunk/tasks/configure_license.yml index 262a3939..df44bc6a 100644 --- a/roles/splunk/tasks/configure_license.yml +++ b/roles/splunk/tasks/configure_license.yml @@ -18,7 +18,7 @@ group: "{{ splunk_nix_group }}" become: yes when: - - splunk_license_group=="Enterprise" + - splunk_license_group=="Enterprise" or splunk_license_group=="Manager" - name: Copy license file copy: src: "{{ item }}" @@ -29,7 +29,31 @@ loop: "{{ splunk_license_file }}" become: yes when: - - splunk_license_group=="Enterprise" + - splunk_license_group=="Enterprise" or splunk_license_group=="Manager" + - name: Set pass4SymmKey on LM + ini_file: + path: "{{ splunk_home }}/etc/system/local/server.conf" + section: general + option: pass4SymmKey + value: "{{ pass4SymmKey }}" + owner: "{{ splunk_nix_user }}" + group: "{{ splunk_nix_group }}" + become: true + notify: restart splunk + when: + - splunk_license_group=="Manager" + - name: Remove master_uri when using local license + ini_file: + path: "{{ splunk_home }}/etc/system/local/server.conf" + section: license + option: "{{ item }}" + owner: "{{ splunk_nix_user }}" + group: "{{ splunk_nix_group }}" + state: absent + with_items: + - manager_uri + - master_uri + become: true - name: Remove master_uri when using local license ini_file: path: "{{ splunk_home }}/etc/system/local/server.conf" From 2876d32e28d5ac3fff9b7a454b5d2d162eda9820 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Schneewei=C3=9F?= Date: Mon, 10 Oct 2022 12:36:14 +0200 Subject: [PATCH 2/2] Update role for the license manager --- README.md | 2 +- playbooks/splunk_upgrade_full_stack.yml | 2 +- roles/splunk/defaults/main.yml | 1 + roles/splunk/tasks/configure_license.yml | 12 +++++++----- 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 25e5a57e..cfa25c12 100644 --- a/README.md +++ b/README.md @@ -141,7 +141,7 @@ Note: Any task with an **adhoc** prefix means that it can be used independently - **configure_idxc_manager.yml** - Configures a Splunk host to act as a manager node using `splunk_idxc_rf`, `splunk_idxc_sf`, `splunk_idxc_key`, and `splunk_idxc_label`. - **configure_idxc_member.yml** - Configures a Splunk host as an indexer cluster member using `splunk_uri_cm`, `splunk_idxc_rep_port`, and `splunk_idxc_key`. - **configure_idxc_sh.yml** - Configures a search head to join an existing indexer cluster using `splunk_uri_cm` and `splunk_idxc_key`. -- **configure_license.yml** - Configure the license group to the `splunk_license_group` variable defined. Default is `Trial`. Available values are "Trial, Free, Enterprise, Forwarder, Manager or Peer. If set to `Peer`, the `splunk_uri_lm` must be defined. Note: This could also be accomplished using configure_apps.yml with a git repository. +- **configure_license.yml** - Configure the license group to the `splunk_license_group` variable defined. Default is `Trial`. Available values are "Trial, Free, Enterprise, Forwarder or Peer. If set to `Peer`, the `splunk_uri_lm` and `splunk_lm_key` must be defined. To have a Splunk server defined as license manager, the host should be assigned to the licensemanager group and the `splunk_lm_key` must be defined. Note: This could also be accomplished using configure_apps.yml with a git repository. - **configure_os.yml** - Increases ulimits for the splunk user and disables Transparent Huge Pages (THP) per Splunk implementation best practices. - **configure_serverclass.yml** - Generates a new serverclass.conf file from the serverclass.conf.j2 template and installs it to $SPLUNK_HOME/etc/system/local/serverclass.conf. - **configure_shc_captain.yml** - Perform a `bootstrap shcluster-captain` using the server list provided in `splunk_shc_uri_list`. diff --git a/playbooks/splunk_upgrade_full_stack.yml b/playbooks/splunk_upgrade_full_stack.yml index dbb9fb9d..e165239f 100644 --- a/playbooks/splunk_upgrade_full_stack.yml +++ b/playbooks/splunk_upgrade_full_stack.yml @@ -11,7 +11,7 @@ deployment_task: check_splunk.yml - hosts: - - licensemaster + - licensemanager - shdeployer - deploymentserver become: yes diff --git a/roles/splunk/defaults/main.yml b/roles/splunk/defaults/main.yml index fc6f6139..c662ec48 100644 --- a/roles/splunk/defaults/main.yml +++ b/roles/splunk/defaults/main.yml @@ -24,6 +24,7 @@ clientName: undefined phoneHomeIntervalInSecs: undefined splunk_general_key: undefined # Configures a pass4SymmKey in server.conf under the general stanza splunk_ds_key: undefined # Configures a pass4SymmKey in server.conf for authenticating against a deployment server +splunk_lm_key: undefined # Configures a pass4SymmKey in server.conf for authenticating against a license manager splunk_admin_username: admin splunk_admin_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name' splunk_configure_secret: false # If set to true, you need to update files/splunk.secret diff --git a/roles/splunk/tasks/configure_license.yml b/roles/splunk/tasks/configure_license.yml index df44bc6a..4eb02bde 100644 --- a/roles/splunk/tasks/configure_license.yml +++ b/roles/splunk/tasks/configure_license.yml @@ -18,7 +18,7 @@ group: "{{ splunk_nix_group }}" become: yes when: - - splunk_license_group=="Enterprise" or splunk_license_group=="Manager" + - splunk_license_group=="Enterprise" - name: Copy license file copy: src: "{{ item }}" @@ -29,19 +29,20 @@ loop: "{{ splunk_license_file }}" become: yes when: - - splunk_license_group=="Enterprise" or splunk_license_group=="Manager" + - splunk_license_group=="Enterprise" - name: Set pass4SymmKey on LM ini_file: path: "{{ splunk_home }}/etc/system/local/server.conf" section: general option: pass4SymmKey - value: "{{ pass4SymmKey }}" + value: "{{ splunk_lm_key }}" owner: "{{ splunk_nix_user }}" group: "{{ splunk_nix_group }}" become: true notify: restart splunk when: - - splunk_license_group=="Manager" + - "'licensemanager' in group_names" + - splunk_lm_key != 'undefined' - name: Remove master_uri when using local license ini_file: path: "{{ splunk_home }}/etc/system/local/server.conf" @@ -95,7 +96,7 @@ path: "{{ splunk_home }}/etc/system/local/server.conf" section: general option: pass4SymmKey - value: "{{ pass4SymmKey }}" + value: "{{ splunk_lm_key }}" owner: "{{ splunk_nix_user }}" group: "{{ splunk_nix_group }}" become: yes @@ -103,3 +104,4 @@ when: - splunk_license_group=="Peer" - splunk_install_type=="full" + - splunk_lm_key != 'undefined'