Skip to content

Installation

Jump to bottom
my2ndhead edited this page Jan 5, 2016 · 20 revisions

Installation Considerations

Multiple Splunk environments

Ansible allows the use of separate hosts files for different deployment stages (dev/test/prod etc.), the Ansible Playbook for Splunk does not support this. The reason for this is due to the complexity of group_vars used for Splunk environments.

Nevertheless, sharing of the Software Repository is supported

Ansible Tower

The Playbook fully supports Ansible Tower. Some steps slightly differ from the CLI version of Ansible.

Installation

  • Install Ansible or Ansible Tower
  • Download current release
  • Install Playbook e.g. under /etc/ansible/playbooks/ansible_playbook_splunk or /etc/ansible/playbooks/ansible_playbook_splunk_prod
  • Setup Repository (see next chapter)

Repository Setup

For storing Splunk software packages, Apps, Distributed Search Keys, etc. a repository directory has to be created.

Under the playbook's group_vars/all directory create the configuration for the repository by creating a splunk_repository file with following content:

---
#####################################################################################################################
# Repository Variables
#####################################################################################################################
splunk_repository:
  repository_root: /var/lib/splunk_repository
  repository_owner: splunk
  repository_group: splunk

The path and owner/group can be adjusted. The owner/group of the directory should be set to the user who runs the playbooks.

Creating the Repository

A playbook configure_repository.xml has been provided to automatically create the repository.

Note: The playbook should be run as root or a user who is allowed to create/set permissions of the repository directory.

An initial hosts file is provided to define the repository host and connect to it locally.

hosts:

[repository]
localhost       ansible_connection=local

Run the playbook from the Ansible Playbook for Splunk root directory:

# ansible-playbook -i hosts configure_repository.yml

PLAY [repository] ************************************************************* 

GATHERING FACTS *************************************************************** 
ok: [localhost]

TASK: [Create repository root directory] ************************************** 
ok: [localhost]

TASK: [Create repository apps directory] ************************************** 
ok: [localhost]

TASK: [Create repository packages directory] ********************************** 
ok: [localhost]

TASK: [Create distServerKeys directory] *************************************** 
ok: [localhost]

TASK: [Set repository owner/group] ******************************************** 
ok: [localhost]

TASK: [Set repository directory mode] ***************************************** 
ok: [localhost]

PLAY RECAP ******************************************************************** 
localhost                  : ok=7    changed=0    unreachable=0    failed=0

After the initial installation proceed to the Basic Configuration chapter.

Ansible Playbook for Splunk by Mika Borner CC BY-NC-SA 4.0

Clone this wiki locally