-
Notifications
You must be signed in to change notification settings - Fork 11
Splunk App Configuration
Ansible Playbook for Splunk helps deploying and managing apps.
Four types of apps can be deployed:
- Apps under etc/apps
- Apps under etc/deployment-apps
- Apps under etc/master-apps
- Apps under etc/shcluster/apps
Each app can be installed on any number of app directories and can also have it's own local customizations (local directory and metadata/local.meta)
To install apps, a variable file has to be created and a role per app has to be created, if the app is not already included. Also the role has to be inside the deploy_apps.yml
playbook.
App sources can be either from bundles (tar.gz, .spl) or a git repository.
Bundles are stored in the Splunk repository under apps/<appdir>/<appbundle>
(e.g. /var/lib/splunk_repository/apps/Splunk_TA_windows/splunk-add-on-for-microsoft-windows_480.tgz
)
Git repositories are installed directly from the installation target. Therefore the git command has to be installed and the repository has to be reachable.
A new app is added by using the add_apps.yml
playbook. See instructions below.
For an app to be deployed, place appropriate variables under group_vars. Typically you create a separate variable file for each app and use the appname as the filename. See samples under README/templates.
############################################
#
# Possible values for apps
#
############################################
<appname>
* Application Name (Path name)
[apps|deployment_apps|master_apps|shcluster_apps]:
* Installation destination
* Note: Underscore instead of dash needed due to YAML Syntax
install: <bool>
* Should the app be installed.
* Used to uninstall app
clean_install: <bool>
* Should the app directory be purged before (re-)installation
bundle: <filename>
* The file that contains the app (tar.gz/spl)
* File must reside unter splunk_repository.repository_root/<appname>/<filename>
git_repo: <url>
* The path to the git repository
git_version: <string>
* The git branch or tag
* Defaults to "HEAD" if unset
<appname>
...
To add a new Splunk App or Add-On, a new role has to be created. Also the role has to be added to the deploy-apps
playbook.
The easiest way to do this is to run the add_app.yml
playbook. The script will prompt for the App Name which corresponds to the directory name of the app. Due to limitations in yaml, a valid variable name for the app has to be set (alphanumeric characters and underscores are valid).
This variable name has to be then used as a reference inside the app configuration file (see spec).
Local configuration files (*.conf) and local permissions (metadata/local.meta) can be placed inside the role directories under files. Following directories exist under the template app:
files/master-apps
files/master-apps/local
files/master-apps/metadata
files/apps
files/apps/local
files/apps/metadata
files/shcluster
files/shcluster/apps
files/shcluster/apps/local
files/shcluster/apps/metadata
files/deployment-apps
files/deployment-apps/local
files/deployment-apps/metadata
Ansible Playbook for Splunk by Mika Borner CC BY-NC-SA 4.0