Comments (8)
derek126
commented on August 10, 2024
1
For those interested I added the following to the bottom of configure_shc_members.yml
- name: Integrate sh to indexer cluster
command: "{{ splunk_home }}/bin/splunk edit cluster-config -mode searchhead -master_uri {{ splunk_uri_cm }} -secret {{ splunk_shc_key }} -auth {{ splunk_auth }}"
become: true
become_user: "{{ splunk_nix_user }}"
register: shc_edit_result
changed_when: shc_edit_result.rc == 0
failed_when: shc_edit_result.rc != 0
notify: restart splunk
no_log: false
until: shc_edit_result.rc == 0
retries: 6
delay: 5
Works for me until an official solution or something.
from ansible-role-for-splunk.
peterchenadded
commented on August 10, 2024
Above is not idempotent, you just need to create an ini_file task that loops through the 3 properties and store in system/local/server.conf and notify : restart Splunk.
from ansible-role-for-splunk.
derek126
commented on August 10, 2024
We are using the role through Ansible galaxy pointing at this Git repo. Ideally it would be added to the role.
from ansible-role-for-splunk.
mason-splunk
commented on August 10, 2024
Presumably this would only be run once, when connecting the SH to the indexer cluster, so I'm not sure that idempotency is a concern. Using ini_file to loop through server.conf is also not idempotent because after the restart, splunk will replace the plaintext value of pass4SymmKey with a hash in server.conf. In the event that you are deploying a pre-hashed pass4SymmKey, then I would ask why you wouldn't just put the clustering config into a server.conf file and deploy it to the SH as app via configure_apps.yml.
from ansible-role-for-splunk.
mason-splunk
commented on August 10, 2024
configure_idxc_sh.yml has been added to the v1.6.1 release to support this functionality.
from ansible-role-for-splunk.
peterchenadded
commented on August 10, 2024
Hi @mason-splunk , it is idempotent if you have a task that can generically decrypt the encrypted value and compare it to the required value. If the values are different then it should update otherwise skip.
I've actually implemented this, with the Splunk show-decrypted command.
You can then use this anywhere where Splunk encrypts the passwords.
from ansible-role-for-splunk.
derek126
commented on August 10, 2024
There is a a bug in configure_idxc_sh.yml. It should be
---
- name: Configure search head to join indexer cluster
command: "{{ splunk_home }}/bin/splunk edit cluster-config -mode searchhead -master_uri {{ splunk_uri_cm }} -secret {{ splunk_idxc_key }} -auth {{ splunk_auth }}"
become: true
become_user: "{{ splunk_nix_user }}"
register: idxc_sh_join_result
changed_when: idxc_sh_join_result.rc == 0
failed_when: idxc_sh_join_result.rc != 0
notify: restart splunk
no_log: false
until: idxc_sh_join_result.rc == 0
retries: 6
delay: 5
Notice the .rc
from ansible-role-for-splunk.
mason-splunk
commented on August 10, 2024
@derek126 Good catch. Fixed in v1.6.2 release.
from ansible-role-for-splunk.
Related Issues (20)
- Unable to set pass4SymmKey on license manager
- Add support for multiple deployment tasks HOT 3
- splunk_nix_group not assigned as primary in install_splunk.yml HOT 1
- How to use ansible-role-for-splunk in your playbooks? HOT 3
- How to install a distributed deployment? HOT 4
- The installation of multiple hosts that are mixed Universal Forwarder and Full installation does not work and only full is performed. HOT 1
- Newest version published on Galaxy is 1.0.5
- Stuck on configure_license.yml HOT 9
- Issues Installing Universal Forwarder
- How to deploy apps without deleting local/ files HOT 3
- configure_dmc.yml failing with error HOT 1
- configure_idxc_sh and configure_idxc_member are hard coded for master_uri HOT 2
- Question about app deployment/sync HOT 2
- Setting a DS Key should change broker requireauth to true
- Splunk 9.1.1 on RHEL 9
- .bashrc Cannot find expected file ...literals.py
- Cluster deployment fails in configure_dmc.yml
- configure_shc_captain fails with no attribute
- configure_dmc.yml breaks Cluster Manager config if DMC runs on CM HOT 1
- configure_dmc.yml - multiple issues in "Configure systems as search peers to be monitored except indexers" task
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-role-for-splunk.