From 4452228e5a9d2e9b95268b1809c64d2a5aa322a3 Mon Sep 17 00:00:00 2001 From: zyphermonkey Date: Sat, 28 Jan 2023 12:06:46 +0000 Subject: [PATCH] fix(install_utilities): restore ability to set custom `linux_packages` list --- README.md | 2 +- .../production/group_vars/universalforwarder.yml | 14 ++++++++++++++ roles/splunk/vars/Amazon2.yml | 3 ++- roles/splunk/vars/Debian.yml | 3 ++- roles/splunk/vars/RedHat.yml | 3 ++- roles/splunk/vars/RedHat8.yml | 3 ++- roles/splunk/vars/Suse.yml | 5 +++-- 7 files changed, 26 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 25d194d0..629ebf8c 100644 --- a/README.md +++ b/README.md @@ -158,7 +158,7 @@ Note: Any task with an **adhoc** prefix means that it can be used independently If set to `false` the package will be downloaded and unarchived to each host individually. Immediately after unarchive the package will be removed from the host. - **install_apps.yml** - *Do not call install_apps.yml directly! Use configure_apps.yml* - Called by configure_apps.yml to perform app installation on the Splunk host. - **install_splunk.yml** - *Do not call install_splunk.yml directly! Use check_splunk.yml* - Called by check_splunk.yml to install/upgrade Splunk and Splunk Universal Forwarders, as well as perform any initial configurations. This task is called by check_splunk.yml when the check determines that Splunk is not currently installed. This task will create the splunk user and splunk group, configure the bash profile for the splunk user (by calling configure_bash.yml), configure THP and ulimits (by calling configure_os.ym), download and install the appropriate Splunk package (by calling download_and_unarchive.yml), configure a common splunk.secret (by calling configure_splunk_secret.yml, if configure_secret is defined), create a deploymentclient.conf file with the splunk_ds_uri and clientName (by calling configure_deploymentclient.yml, if clientName is defined), install a user-seed.conf with a prehashed admin password (if used_seed is defined), and will then call the post_install.yml task. See post_install.yml entry for details on post-installation tasks. -- **install_utilities.yml** - Installs Linux packages that are useful for troubleshooting Splunk-related issues when `install_utilities: true` and `linux_packages` is defined with a list of packages to install. +- **install_utilities.yml** - Installs Linux packages that are useful for troubleshooting Splunk-related issues when `install_utilities: true` and `linux_packages` is defined with a list of packages to install. Due to variable precedence you can't customize `linux_packages` in group/host vars. If you want to customize the list set `linux_packages_custom` in your group/host vars and it will be used instead of `linux_packages_default` defined in `var/*.yml`. - **configure_dmesg.yml** - Some distros restrict access to read `dmesg` for non-root users. This allows the `splunk` user to run the `dmesg` command. Defaults to `false`. - **main.yml** - This is the main task that will always be called when executing this role. This task sets the appropriate variables for full vs uf packages, sends a Slack notification about the play if the slack_token and slack_channel are defined, checks the current boot-start configuration to determine if it's in the expected state, and then includes the task from the role to execute against, as defined by the value of the deployment_task variable. The deployment_task variable should be defined in your playbook(s). Refer to the included example playbooks to see this in action. - **post_install.yml** - Executes post-installation tasks. Performs a touch on the .ui_login file which disables the first-time login prompt to change your password, ensures that `splunk_home` is owned by the correct user and group, and optionally configures three scripts to: cleanup crash logs and old diags (by calling add_crashlog_script.yml and add_diag_script.yml, respectively), and a pstack generation shell script for troubleshooting purposes (by calling add_pstack_script.yml). This task will install various Linux troubleshooting utilities (by calling install_utilities.yml) when `install_utilities: true`. diff --git a/environments/production/group_vars/universalforwarder.yml b/environments/production/group_vars/universalforwarder.yml index 22bc9bdf..7e9dc85f 100644 --- a/environments/production/group_vars/universalforwarder.yml +++ b/environments/production/group_vars/universalforwarder.yml @@ -4,3 +4,17 @@ splunk_uri_ds: my-ds:8089 splunk_app_deploy_path: etc/apps # subdirectory in splunk_home that apps from git should be installed to by Ansible git_apps: - name: config_base +linux_packages_custom: # Custom linux_packages list for UF's. + - nload + - iotop + - iftop + - sysstat + - tcpdump + - htop + - atop + - lsof + - policycoreutils-python + - policycoreutils + - nethogs + - gdb + - bind-utils diff --git a/roles/splunk/vars/Amazon2.yml b/roles/splunk/vars/Amazon2.yml index 9686d81f..55f1674d 100644 --- a/roles/splunk/vars/Amazon2.yml +++ b/roles/splunk/vars/Amazon2.yml @@ -1,6 +1,6 @@ global_bashrc: /etc/bashrc chk_config_cmd: chkconfig --add disable-thp -linux_packages: +linux_packages_default: - sysstat - telnet - tcpdump @@ -10,3 +10,4 @@ linux_packages: - policycoreutils - gdb - bind-utils +linux_packages: "{{ linux_packages_custom | default(linux_packages_default) }}" diff --git a/roles/splunk/vars/Debian.yml b/roles/splunk/vars/Debian.yml index d9fcf32d..20791312 100644 --- a/roles/splunk/vars/Debian.yml +++ b/roles/splunk/vars/Debian.yml @@ -1,6 +1,6 @@ --- global_bashrc: /etc/bash.bashrc -linux_packages: +linux_packages_default: - nload - iotop - iftop @@ -14,5 +14,6 @@ linux_packages: - nethogs - gdb - dnsutils +linux_packages: "{{ linux_packages_custom | default(linux_packages_default) }}" firewall_service: ufw logrotate_file: /etc/logrotate.d/rsyslog diff --git a/roles/splunk/vars/RedHat.yml b/roles/splunk/vars/RedHat.yml index 73b911dd..630f7cec 100644 --- a/roles/splunk/vars/RedHat.yml +++ b/roles/splunk/vars/RedHat.yml @@ -1,7 +1,7 @@ --- global_bashrc: /etc/bashrc chk_config_cmd: chkconfig --add disable-thp -linux_packages: +linux_packages_default: - nload - iotop - iftop @@ -17,5 +17,6 @@ linux_packages: - nethogs - gdb - bind-utils +linux_packages: "{{ linux_packages_custom | default(linux_packages_default) }}" firewall_service: firewalld logrotate_file: /etc/logrotate.d/syslog diff --git a/roles/splunk/vars/RedHat8.yml b/roles/splunk/vars/RedHat8.yml index 941406f4..b5f3ecd6 100644 --- a/roles/splunk/vars/RedHat8.yml +++ b/roles/splunk/vars/RedHat8.yml @@ -1,7 +1,7 @@ --- global_bashrc: /etc/bashrc chk_config_cmd: chkconfig --add disable-thp -linux_packages: +linux_packages_default: - nload - iotop - iftop @@ -17,4 +17,5 @@ linux_packages: - nethogs - gdb - bind-utils +linux_packages: "{{ linux_packages_custom | default(linux_packages_default) }}" firewall_service: firewalld diff --git a/roles/splunk/vars/Suse.yml b/roles/splunk/vars/Suse.yml index 79df4fd4..6d41b106 100644 --- a/roles/splunk/vars/Suse.yml +++ b/roles/splunk/vars/Suse.yml @@ -1,6 +1,6 @@ --- global_bashrc: /etc/bash.bashrc -linux_packages: +linux_packages_default: - nload - iotop - iftop @@ -14,4 +14,5 @@ linux_packages: - policycoreutils - nethogs - gdb - - bind-utils \ No newline at end of file + - bind-utils +linux_packages: "{{ linux_packages_custom | default(linux_packages_default) }}"