diff --git a/README.md b/README.md index 7f6c0ccd..8324f96e 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Splunk module for Puppet +# Puppet Module For Splunk [![Build Status](https://travis-ci.org/voxpupuli/puppet-splunk.png?branch=master)](https://travis-ci.org/voxpupuli/puppet-splunk) [![Code Coverage](https://coveralls.io/repos/github/voxpupuli/puppet-splunk/badge.svg?branch=master)](https://coveralls.io/github/voxpupuli/puppet-splunk) @@ -24,10 +24,10 @@ ## Overview -This module provides a method to deploy Splunk Server or Splunk Universal Forwarder -with common configurations and ensure the services maintain a running -state. It provides types/providers to interact with the various Splunk/Forwarder -configuration files. +This module provides a method to deploy Splunk Enterprise or Splunk Universal +Forwarder with common configurations and ensure the services maintain a running +state. It provides types/providers to interact with the various +Splunk/Forwarder configuration files. ## Module Description @@ -44,8 +44,10 @@ or apt to install these components if they're self-hosted. * Installs the Splunk/Forwarder package and manages their config files. It does not purge them by default. -* The module will set up both Splunk and Splunkforwarder to run as the 'root' - user on POSIX platforms. +* The module will set up both Splunk Enterprise and Splunk Forwarder to run as + the 'root' user on POSIX platforms. +* By default, enables Splunk Enterprise and Splunk Forwarder boot-start, and + uses the vendor-generated service file to manage the splunk service. ### Setup Requirements @@ -125,11 +127,12 @@ Puppet Server in the modulepath the module is ready to deploy. ## Usage -If a user is installing Splunk with packages provided from their modulepath, -this is the most basic way of installing Splunk Server with default settings: +If a user is installing Splunk Enterprise with packages provided from their +modulepath, this is the most basic way of installing Splunk Server with default +settings: ```puppet -include ::splunk +include ::splunk::enterprise ``` This is the most basic way of installing the Splunk Universal Forwarder with @@ -143,8 +146,8 @@ class { '::splunk::params': include ::splunk::forwarder ``` -Once both Splunk and Splunk Universal Forwarder have been deployed on their -respective nodes, the Forwarder is ready to start sending logs. +Once both Splunk Enterprise and Splunk Universal Forwarder have been deployed +on their respective nodes, the Forwarder is ready to start sending logs. In order to start sending some log data, users can take advantage of the `Splunkforwarder_input` type. Here is a basic example of adding an input to @@ -163,10 +166,12 @@ This virtual resource will get collected by the `::splunk::forwarder` class if it is tagged with `splunk_forwarder` and will add the appropriate setting to the inputs.conf file and refresh the service. -### Upgrade splunk/splunkforwarder packages +### Upgrade splunk and splunkforwarder packages This module has the ability to install *and* upgrade the splunk and splunkforwarder packages. All you have to do is declare `package_ensure => 'latest'` when calling the `::splunk` or `::splunk::forwarder` classes. +Upgrades from 7.0.X to >= 7.0.X are not tested. + #### Upgrade Example The following code will install the 6.6.8 version of the splunk forwarder. Then @@ -200,7 +205,7 @@ class { '::splunk::forwarder': ### Types -* `splunk_config`: This is a meta resource used to configur defaults for all the +* `splunk_config`: This is a meta resource used to configure defaults for all the splunkforwarder and splunk types. This type should not be declared directly as it is declared in `splunk::params` and used internally by the types and providers. @@ -274,7 +279,8 @@ title and should explicitly declare it with the `section` attribute. #### `version` -*Optional* Specifies the version of Splunk Enterprise that the module should install. +*Optional* Specifies the version of Splunk Enterprise and Splunk Forwarder that +the module should install. #### `build` @@ -299,15 +305,24 @@ both splunk and splunk::forwarder. *Optional* The fqdn or IP address of the Splunk server. Used for setting up the default TCP output and input. -### Class: ::splunk Parameters +#### `forwarder_installdir` -#### `package_source` +*Optional* Directory in which to install and manage Splunk Forwarder -The source URL for the splunk installation media (typically an RPM, MSI, -etc). If a $src_root parameter is set in splunk::params, this will be -automatically supplied. Otherwise it is required. The URL can be of any -protocol supported by the nanliu/staging module. On Windows, this can be -a UNC path to the MSI. +#### `enterprise_installdir` + +*Optional* Directory in which to install and mange Splunk Enterprise + +#### `boot_start` + +*Optional* Enable splunk boot-start mode. Provision a service file. + +### Class: ::splunk::enterprise Parameters + +#### `version` + +Specifies the version of Splunk Enterprise the module should install and +manage. Defaults to the value set in splunk::params. #### `package_name` @@ -316,177 +331,370 @@ The name of the package(s) Puppet will use to install Splunk. #### `package_ensure` Ensure parameter which will get passed to the Splunk package resource. -Default to the value in splunk::params +Defaults to the value in splunk::params. -#### `logging_port` +#### `staging_dir` -The port to receive TCP logs on. Default to the port specified in +Root of the archive path to host the Splunk package. Defaults to the value in splunk::params. +#### `enterprise_package_src` + +The source URL for the splunk installation media (typically an RPM, MSI, +etc). If a `$src_root` parameter is set in splunk::params, this will be +automatically supplied. Otherwise it is required. The URL can be of any +protocol supported by the nanliu/staging module. On Windows, this can be +a UNC path to the MSI. Defaults to the value in splunk::params. + +#### `package_provider` + +The package management system used to host the Splunk packages. Defaults to the +value in splunk::params. + +#### `manage_package_source` + +Whether or not to use the supplied `enterprise_package_src` param. Defaults to +true. + +#### `package_source` + +*Optional* The source URL for the splunk installation media (typically an RPM, +MSI, etc). If `enterprise_package_src` parameter is set in splunk::params and +`manage_package_source` is true, this will be automatically supplied. Otherwise +it is required. The URL can be of any protocol supported by the nanliu/staging +module. On Windows, this can be a UNC path to the MSI. Defaults to undef. + +#### `install_options` + +This variable is passed to the package resources' *install_options* parameter. +Defaults to the value in ::splunk::params. + #### `splunk_user` -The user to run Splunk as. Default to the value set in splunk::params. +The user to run Splunk as. Defaults to the value set in splunk::params. + +#### `enterprise_homedir` + +Specifies the Splunk Enterprise home directory. Defaults to the value set in +splunk::params. + +#### `enterprise_confdir` + +Specifies the Splunk Enterprise configuration directory. Defaults to the value +set in splunk::params. + +#### `service_name` + +The name of the Splunk Enterprise service. Defaults to the value set in +splunk::params. + +#### `service_file` + +The path to the Splunk Enterprise service file. Defaults to the value set in +splunk::params. + +#### `boot_start` + +Whether or not to enable splunk boot-start, which generates a service file to +manage the Splunk Enterprise service. Defaults to the value set in +splunk::params. + +#### `use_default_config` + +Whether or not the module should manage a default set of Splunk Enterprise +configuration parameters. Defaults to true. + +#### `input_default_host` + +Part of the default config. Sets the `splunk_input` default host. Defaults to +`facts['fqdn']`. + +#### `input_connection_host` + +Part of the default config. Sets the `splunk_input` connection host. Defaults +to dns. + +#### `splunkd_listen` + +The address on which splunkd should listen. Defaults to 127.0.0.1. + +#### `logging_port` + +The port to receive TCP logs on. Defaults to the port specified in +splunk::params. #### `splunkd_port` -The management port for Splunk. Default to the value set in splunk::params. +The management port for Splunk. Defaults to the value set in splunk::params. #### `web_port` -The port on which to service the Splunk Web interface. Default to 8000. +The port on which to service the Splunk Web interface. Defaults to 8000. #### `purge_inputs` -*Optional* If set to true, inputs.conf will be purged of configuration that is -no longer managed by the splunk_input type. Default to false. +If set to true, inputs.conf will be purged of configuration that is +no longer managed by the `splunk_input` type. Defaults to false. #### `purge_outputs` -*Optional* If set to true, outputs.conf will be purged of configuration that is -no longer managed by the splunk_output type. Default to false. +If set to true, outputs.conf will be purged of configuration that is +no longer managed by the `splunk_output` type. Defaults to false. #### `purge_authentication` -*Optional* If set to true, authentication.conf will be purged of configuration -that is no longer managed by the splunk_authentication type. Default to false. +If set to true, authentication.conf will be purged of configuration +that is no longer managed by the `splunk_authentication` type. Defaults to false. #### `purge_authorize` -*Optional* If set to true, authorize.conf will be purged of configuration that -is no longer managed by the splunk_authorize type. Default to false. +If set to true, authorize.conf will be purged of configuration that +is no longer managed by the `splunk_authorize` type. Defaults to false. #### `purge_distsearch` -*Optional* If set to true, distsearch.conf will be purged of configuration that -is no longer managed by the splunk_distsearch type. Default to false. +If set to true, distsearch.conf will be purged of configuration that +is no longer managed by the `splunk_distsearch` type. Defaults to false. #### `purge_indexes` -*Optional* If set to true, indexes.conf will be purged of configuration that is -no longer managed by the splunk_indexes type. Default to false. +If set to true, indexes.conf will be purged of configuration that is +no longer managed by the `splunk_indexes` type. Defaults to false. #### `purge_limits` -*Optional* If set to true, limits.conf will be purged of configuration that is -no longer managed by the splunk_limits type. Default to false. +If set to true, limits.conf will be purged of configuration that is +no longer managed by the `splunk_limits` type. Defaults to false. #### `purge_props` -*Optional* If set to true, props.conf will be purged of configuration that is -no longer managed by the splunk_props type. Default to false. +If set to true, props.conf will be purged of configuration that is +no longer managed by the `splunk_props` type. Defaults to false. #### `purge_server` -*Optional* If set to true, server.conf will be purged of configuration that is -no longer managed by the splunk_server type. Default to false. +If set to true, server.conf will be purged of configuration that is +no longer managed by the `splunk_server` type. Defaults to false. #### `purge_transforms` -*Optional* If set to true, transforms.conf will be purged of configuration that -is no longer managed by the splunk_transforms type. Default to false. +If set to true, transforms.conf will be purged of configuration that +is no longer managed by the `splunk_transforms` type. Defaults to false. #### `purge_web` -*Optional* If set to true, web.conf will be purged of configuration that is no -longer managed by the splunk_web type. Default to false. +If set to true, web.conf will be purged of configuration that is no +longer managed by the `splunk_web type`. Defaults to false. + +#### `manage_password` + +If set to true, Manage the contents of splunk.secret and passwd. Defaults to +the value set in splunk::params. + +#### `password_config_file` + +Which file to put the password in i.e. in linux it would be +/opt/splunk/etc/passwd. Defaults to the value set in splunk::params. + +#### `password_content` + +The hashed password username/details for the user. Defaults to the value set +in splunk::params. + +#### `secret_file` + +Which file we should put the secret in. Defaults to the value set in +splunk::params. + +#### `secret` + +The secret used to salt the splunk password. Defaults to the value set in +splunk::params. ### Class ::splunk::forwarder Parameters #### `server` -*Optional* The fqdn or IP address of the Splunk server. Default to the value in ::splunk::params. +The fqdn or IP address of the Splunk server. Defaults to the value in ::splunk::params. -#### `package_source` +#### `version` -The source URL for the splunk installation media (typically an RPM, MSI, -etc). If a $src_root parameter is set in splunk::params, this will be -automatically supplied. Otherwise it is required. The URL can be of any -protocol supported by the nanliu/staging module. On Windows, this can be -a UNC path to the MSI. +Specifies the version of Splunk Forwarder the module should install and +manage. Defaults to the value set in splunk::params. #### `package_name` -The name of the package(s) Puppet will use to install Splunk Universal Forwarder. +The name of the package(s) Puppet will use to install Splunk Forwarder. +Defaults to the value set in splunk::params. #### `package_ensure` Ensure parameter which will get passed to the Splunk package resource. -Default to the value in ::splunk::params +Defaults to the value in ::splunk::params. -#### `logging_port` +#### `staging_subdir` + +Root of the archive path to host the Splunk package. Defaults to the value in +splunk::params. -*Optional* The port on which to send and listen for logs. Default to the value -in ::splunk::params. +#### `path_delimiter` -#### `splunkd_port` +The path separator used in the archived path of the Splunk package. Defaults to +the value in splunk::params. -The management port for Splunk. Default to the value set in splunk::params. +#### `forwarder_package_src` + +The source URL for the splunk installation media (typically an RPM, MSI, +etc). If a `$src_root` parameter is set in splunk::params, this will be +automatically supplied. Otherwise it is required. The URL can be of any +protocol supported by the nanliu/staging module. On Windows, this can be +a UNC path to the MSI. Defaults to the value in splunk::params. + +#### `package_provider` + +The package management system used to host the Splunk packages. Defaults to the +value in splunk::params. + +#### `manage_package_source` + +Whether or not to use the supplied `forwarder_package_src` param. Defaults to +true. + +#### `package_source` + +*Optional* The source URL for the splunk installation media (typically an RPM, +MSI, etc). If `enterprise_package_src` parameter is set in splunk::params and +`manage_package_source` is true, this will be automatically supplied. Otherwise +it is required. The URL can be of any protocol supported by the nanliu/staging +module. On Windows, this can be a UNC path to the MSI. Defaults to undef. #### `install_options` This variable is passed to the package resources' *install_options* parameter. -Default to the value in ::splunk::params. +Defaults to the value in ::splunk::params. #### `splunk_user` -The user to run Splunk as. Default to the value set in splunk::params. +The user to run Splunk as. Defaults to the value set in splunk::params. + +#### `forwarder_homedir` + +Specifies the Splunk Forwarder home directory. Defaults to the value set in +splunk::params. + +#### `forwarder_confdir` + +Specifies the Splunk Forwarder configuration directory. Defaults to the value +set in splunk::params. + +#### `service_name` + +The name of the Splunk Forwarder service. Defaults to the value set in +splunk::params. + +#### `service_file` + +The path to the Splunk Forwarder service file. Defaults to the value set in +splunk::params. + +#### `boot_start` + +Whether or not to enable splunk boot-start, which generates a service file to +manage the Splunk Forwarder service. Defaults to the value set in +splunk::params. + +#### `use_default_config` + +Whether or not the module should manage a default set of Splunk Forwarder +configuration parameters. Defaults to true. #### `splunkd_listen` The address on which splunkd should listen. Defaults to 127.0.0.1. +#### `splunkd_port` + +The management port for Splunk. Defaults to the value set in splunk::params. + +#### `logging_port` + +The port on which to send and listen for logs. Defaults to the value +in splunk::params. + #### `purge_inputs` *Optional* If set to true, inputs.conf will be purged of configuration that is -no longer managed by the splunkforwarder_input type. Default to false. +no longer managed by the `splunkforwarder_input` type. Defaults to false. #### `purge_outputs` *Optional* If set to true, outputs.conf will be purged of configuration that is -no longer managed by the splunk_output type. Default to false. +no longer managed by the `splunk_output` type. Defaults to false. #### `purge_props` *Optional* If set to true, props.conf will be purged of configuration that is -no longer managed by the splunk_props type. Default to false. +no longer managed by the `splunk_props` type. Defaults to false. #### `purge_transforms` *Optional* If set to true, transforms.conf will be purged of configuration that is -no longer managed by the splunk_transforms type. Default to false. +no longer managed by the `splunk_transforms` type. Defaults to false. #### `purge_web` *Optional* If set to true, web.conf will be purged of configuration that is -no longer managed by the splunk_web type. Default to false. +no longer managed by the `splunk_web` type. Defaults to false. -#### `pkg_provider` +#### `forwarder_input` -*Optional* This will override the default package provider for the package -resource. Default to undef. +Used to override the default `forwarder_input` type defined in splunk::params. -#### `forwarder_confdir` +#### `forwarder_output` -The root directory where Splunk Universal Forwarder is installed. Default to -the value in ::splunk::params. +Used to override the default `forwarder_output` type defined in splunk::params. -#### `forwarder_input` +#### `manage_password` -Used to override the default forwarder_input type defined in ::splunk::params. +If set to true, Manage the contents of splunk.secret and passwd. Defaults to +the value set in splunk::params. -#### `forwarder_output` +#### `password_config_file` + +Which file to put the password in i.e. in linux it would be +/opt/splunkforwarder/etc/passwd. Defaults to the value set in splunk::params. -Used to override the default forwarder_output type defined in ::splunk::params. +#### `password_content` -#### `create_password` +The hashed password username/details for the user. Defaults to the value set +in splunk::params. -Not yet implemented. +#### `secret_file` + +Which file we should put the secret in. Defaults to the value set in +splunk::params. + +#### `secret` + +The secret used to salt the splunk password. Defaults to the value set in +splunk::params. + +#### `addons` + +Manage splunk addons, see `splunk::addons`. Defaults to an empty Hash. ## Limitations - Currently tested manually on Centos 7, but we will eventually add automated testing and are targeting compatibility with other platforms. -- Tested with Puppet 4.x +- Tested with Puppet 5.x +- New installations of splunk up to version 7.2.X are supported, but upgrades + from 7.0.X to >= 7.0.X are not fully tested +- Enabling boot-start will fail if the unit file already exists. Splunk does + not remove unit files during uninstallation, so you may be required to + manually remove existing unit files before re installing and enabling + boot-start. + ## Development diff --git a/lib/puppet/provider/ini_setting/splunk.rb b/lib/puppet/provider/ini_setting/splunk.rb index 4dda791c..04c802fe 100644 --- a/lib/puppet/provider/ini_setting/splunk.rb +++ b/lib/puppet/provider/ini_setting/splunk.rb @@ -12,7 +12,7 @@ class << self end def self.file_path - raise Puppet::Error, 'file_path must be set with splunk_config type before provider can be used' if @file_path.nil? + raise Puppet::Error, 'file_path must be set with splunkenterprise_config or splunkforwarder_config type before provider can be used' if @file_path.nil? raise Puppet::Error, 'Child provider class does not support a file_name method' unless respond_to?(:file_name) @file_path end diff --git a/manifests/addon.pp b/manifests/addon.pp index a509c274..d4f11a42 100644 --- a/manifests/addon.pp +++ b/manifests/addon.pp @@ -32,30 +32,37 @@ # } # } # - define splunk::addon ( - $splunk_home = '/opt/splunkforwarder', - $package_manage = true, - Optional[String] $package_name = undef, - $inputs = {}, + Optional[Stdlib::Absolutepath] $splunk_home = undef, + Boolean $package_manage = true, + Optional[String[1]] $package_name = undef, + Hash $inputs = {}, ) { + include 'splunk::params' + + if $splunk_home { + $_splunk_home = $splunk_home + } + else { + $_splunk_home = $splunk::params::forwarder_homedir + } if $package_manage { package { $package_name: ensure => installed, - before => File["${splunk_home}/etc/apps/${name}/local"], + before => File["${_splunk_home}/etc/apps/${name}/local"], } } - file { "${splunk_home}/etc/apps/${name}/local": + file { "${_splunk_home}/etc/apps/${name}/local": ensure => directory, } if $inputs { concat { "splunk::addon::inputs_${name}": - path => "${splunk_home}/etc/apps/${name}/local/inputs.conf", - require => File["${splunk_home}/etc/apps/${name}/local"], + path => "${_splunk_home}/etc/apps/${name}/local/inputs.conf", + require => File["${_splunk_home}/etc/apps/${name}/local"], } create_resources('splunk::addon::input', $inputs, {'addon' => $name }) diff --git a/manifests/addon/input.pp b/manifests/addon/input.pp index 8619a7b2..9d4e0e6d 100644 --- a/manifests/addon/input.pp +++ b/manifests/addon/input.pp @@ -1,5 +1,5 @@ -# Private defined type callled by splunk::addon - +# Private defined type called by splunk::addon +# define splunk::addon::input ( $addon, $attributes={}, diff --git a/manifests/enterprise.pp b/manifests/enterprise.pp new file mode 100644 index 00000000..ad6e8dd9 --- /dev/null +++ b/manifests/enterprise.pp @@ -0,0 +1,280 @@ +# Class splunk::enterprise +# +# @param version +# +# Specifies the version of Splunk Enterprise the module should install and +# manage. Defaults to the value set in splunk::params. +# +# @param package_name +# +# The name of the package(s) Puppet will use to install Splunk. +# +# @param package_ensure +# +# Ensure parameter which will get passed to the Splunk package resource. +# Defaults to the value in splunk::params. +# +# @param staging_dir +# +# Root of the archive path to host the Splunk package. Defaults to the value in +# splunk::params. +# +# @param path_delimiter +# +# The path separator used in the archived path of the Splunk package. Defaults to +# the value in splunk::params. +# +# @param enterprise_package_src +# +# The source URL for the splunk installation media (typically an RPM, MSI, +# etc). If a `$src_root` parameter is set in splunk::params, this will be +# automatically supplied. Otherwise it is required. The URL can be of any +# protocol supported by the nanliu/staging module. On Windows, this can be +# a UNC path to the MSI. Defaults to the value in splunk::params. +# +# @param package_provider +# +# The package management system used to host the Splunk packages. Defaults to the +# value in splunk::params. +# +# @param manage_package_source +# +# Whether or not to use the supplied `enterprise_package_src` param. Defaults to +# true. +# +# @param package_source +# +# *Optional* The source URL for the splunk installation media (typically an RPM, +# MSI, etc). If `enterprise_package_src` parameter is set in splunk::params and +# `manage_package_source` is true, this will be automatically supplied. Otherwise +# it is required. The URL can be of any protocol supported by the nanliu/staging +# module. On Windows, this can be a UNC path to the MSI. Defaults to undef. +# +# @param install_options +# +# This variable is passed to the package resources' *install_options* parameter. +# Defaults to the value in ::splunk::params. +# +# @param splunk_user +# +# The user to run Splunk as. Defaults to the value set in splunk::params. +# +# @param enterprise_homedir +# +# Specifies the Splunk Enterprise home directory. Defaults to the value set in +# splunk::params. +# +# @param enterprise_confdir +# +# Specifies the Splunk Enterprise configuration directory. Defaults to the value +# set in splunk::params. +# +# @param service_name +# +# The name of the Splunk Enterprise service. Defaults to the value set in +# splunk::params. +# +# @param service_file +# +# The path to the Splunk Enterprise service file. Defaults to the value set in +# splunk::params. +# +# @param boot_start +# +# Whether or not to enable splunk boot-start, which generates a service file to +# manage the Splunk Enterprise service. Defaults to the value set in +# splunk::params. +# +# @param use_default_config +# +# Whether or not the module should manage a default set of Splunk Enterprise +# configuration parameters. Defaults to true. +# +# @param input_default_host +# +# Part of the default config. Sets the `splunk_input` default host. Defaults to +# `facts['fqdn']`. +# +# @param input_connection_host +# +# Part of the default config. Sets the `splunk_input` connection host. Defaults +# to dns. +# +# @param splunkd_listen +# +# The address on which splunkd should listen. Defaults to 127.0.0.1. +# +# @param logging_port +# +# The port to receive TCP logs on. Defaults to the port specified in +# splunk::params. +# +# @param splunkd_port +# +# The management port for Splunk. Defaults to the value set in splunk::params. +# +# @param web_port +# +# The port on which to service the Splunk Web interface. Defaults to 8000. +# +# @param purge_inputs +# +# If set to true, inputs.conf will be purged of configuration that is +# no longer managed by the `splunk_input` type. Defaults to false. +# +# @param purge_outputs +# +# If set to true, outputs.conf will be purged of configuration that is +# no longer managed by the `splunk_output` type. Defaults to false. +# +# @param purge_authentication +# +# If set to true, authentication.conf will be purged of configuration +# that is no longer managed by the `splunk_authentication` type. Defaults to false. +# +# @param purge_authorize +# +# If set to true, authorize.conf will be purged of configuration that +# is no longer managed by the `splunk_authorize` type. Defaults to false. +# +# @param purge_distsearch +# +# If set to true, distsearch.conf will be purged of configuration that +# is no longer managed by the `splunk_distsearch` type. Defaults to false. +# +# @param purge_indexes +# +# If set to true, indexes.conf will be purged of configuration that is +# no longer managed by the `splunk_indexes` type. Defaults to false. +# +# @param purge_limits +# +# If set to true, limits.conf will be purged of configuration that is +# no longer managed by the `splunk_limits` type. Defaults to false. +# +# @param purge_props +# +# If set to true, props.conf will be purged of configuration that is +# no longer managed by the `splunk_props` type. Defaults to false. +# +# @param purge_server +# +# If set to true, server.conf will be purged of configuration that is +# no longer managed by the `splunk_server` type. Defaults to false. +# +# @param purge_transforms +# +# If set to true, transforms.conf will be purged of configuration that +# is no longer managed by the `splunk_transforms` type. Defaults to false. +# +# @param purge_web +# +# If set to true, web.conf will be purged of configuration that is no +# longer managed by the `splunk_web type`. Defaults to false. +# +# @param manage_password +# +# If set to true, Manage the contents of splunk.secret and passwd. Defaults to +# the value set in splunk::params. +# +# @param password_config_file +# +# Which file to put the password in i.e. in linux it would be +# /opt/splunk/etc/passwd. Defaults to the value set in splunk::params. +# +# @param password_content +# +# The hashed password username/details for the user. Defaults to the value set +# in splunk::params. +# +# @param secret_file +# +# Which file we should put the secret in. Defaults to the value set in +# splunk::params. +# +# @param secret +# +# The secret used to salt the splunk password. Defaults to the value set in +# splunk::params. +# +# +class splunk::enterprise ( + String[1] $version = $splunk::params::version, + String[1] $package_name = $splunk::params::enterprise_package_name, + String[1] $package_ensure = $splunk::params::enterprise_package_ensure, + String[1] $staging_dir = $splunk::params::staging_dir, + String[1] $path_delimiter = $splunk::params::path_delimiter, + String[1] $enterprise_package_src = $splunk::params::enterprise_package_src, + Optional[String[1]] $package_provider = $splunk::params::package_provider, + Boolean $manage_package_source = true, + Optional[String[1]] $package_source = undef, + Array[String[1]] $install_options = $splunk::params::enterprise_install_options, + String[1] $splunk_user = $splunk::params::splunk_user, + Stdlib::Absolutepath $enterprise_homedir = $splunk::params::enterprise_homedir, + Stdlib::Absolutepath $enterprise_confdir = $splunk::params::enterprise_confdir, + String[1] $service_name = $splunk::params::enterprise_service, + Stdlib::Absolutepath $service_file = $splunk::params::enterprise_service_file, + Boolean $boot_start = $splunk::params::boot_start, + Boolean $use_default_config = true, + String[1] $input_default_host = $facts['fqdn'], + String[1] $input_connection_host = 'dns', + Stdlib::IP::Address $splunkd_listen = '127.0.0.1', + Stdlib::Port $splunkd_port = $splunk::params::splunkd_port, + Stdlib::Port $logging_port = $splunk::params::logging_port, + Stdlib::Port $web_httpport = 8000, + Boolean $purge_alert_actions = false, + Boolean $purge_authentication = false, + Boolean $purge_authorize = false, + Boolean $purge_deploymentclient = false, + Boolean $purge_distsearch = false, + Boolean $purge_indexes = false, + Boolean $purge_inputs = false, + Boolean $purge_limits = false, + Boolean $purge_outputs = false, + Boolean $purge_props = false, + Boolean $purge_server = false, + Boolean $purge_serverclass = false, + Boolean $purge_transforms = false, + Boolean $purge_uiprefs = false, + Boolean $purge_web = false, + Boolean $manage_password = $splunk::params::manage_password, + Stdlib::Absolutepath $password_config_file = $splunk::params::enterprise_password_config_file, + String[1] $password_content = $splunk::params::password_content, + Stdlib::Absolutepath $secret_file = $splunk::params::enterprise_secret_file, + String[1] $secret = $splunk::params::secret, + +) inherits splunk { + + if (defined(Class['splunk::forwarder'])) { + fail('Splunk Universal Forwarder provides a subset of Splunk Enterprise capabilities, and has potentially conflicting resources when included with Splunk Enterprise on the same node. Do not include splunk::forwarder on the same node as splunk::enterprise. Configure Splunk Enterprise to meet your forwarding needs.' + ) + } + + contain 'splunk::enterprise::install' + contain 'splunk::enterprise::config' + contain 'splunk::enterprise::service' + + Class['splunk::enterprise::install'] + -> Class['splunk::enterprise::config'] + ~> Class['splunk::enterprise::service'] + + # Purge resources if option set + Splunk_config['splunk'] { + purge_alert_actions => $purge_alert_actions, + purge_authentication => $purge_authentication, + purge_authorize => $purge_authorize, + purge_deploymentclient => $purge_deploymentclient, + purge_distsearch => $purge_distsearch, + purge_indexes => $purge_indexes, + purge_inputs => $purge_inputs, + purge_limits => $purge_limits, + purge_outputs => $purge_outputs, + purge_props => $purge_props, + purge_server => $purge_server, + purge_serverclass => $purge_serverclass, + purge_transforms => $purge_transforms, + purge_uiprefs => $purge_uiprefs, + purge_web => $purge_web + } + +} diff --git a/manifests/enterprise/config.pp b/manifests/enterprise/config.pp new file mode 100644 index 00000000..967c6278 --- /dev/null +++ b/manifests/enterprise/config.pp @@ -0,0 +1,105 @@ +# Class splunk::enterprise::config +# +class splunk::enterprise::config( +){ + + if $splunk::enterprise::manage_password { + file { $splunk::enterprise::password_config_file: + ensure => file, + owner => $splunk::enterprise::splunk_user, + group => $splunk::enterprise::splunk_user, + content => $splunk::enterprise::password_content, + } + + file { $splunk::enterprise::secret_file: + ensure => file, + owner => $splunk::enterprise::splunk_user, + group => $splunk::enterprise::splunk_user, + content => $splunk::enterprise::secret, + } + } + + # Remove init.d file if the service provider is systemd + if $facts['service_provider'] == 'systemd' and versioncmp($splunk::enterprise::version, '7.2.2') >= 0 { + file { '/etc/init.d/splunk': + ensure => 'absent', + } + } + + if $facts['virtual'] == 'docker' { + ini_setting { 'OPTIMISTIC_ABOUT_FILE_LOCKING': + ensure => present, + section => '', + setting => 'OPTIMISTIC_ABOUT_FILE_LOCKING', + value => '1', + path => "${splunk::enterprise::enterprise_homedir}/etc/splunk-launch.conf", + } + } + + file { ["${splunk::enterprise::enterprise_homedir}/etc/system/local/alert_actions.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/local/authentication.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/local/authorize.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/local/deploymentclient.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/local/distsearch.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/local/indexes.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/local/inputs.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/local/limits.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/local/outputs.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/local/props.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/local/server.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/local/serverclass.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/local/transforms.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/local/ui-prefs.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/local/web.conf", + "${splunk::enterprise::enterprise_homedir}/etc/system/metadata/local.meta"]: + ensure => file, + tag => 'splunk_enterprise', + owner => $splunk::enterprise::splunk_user, + group => $splunk::enterprise::splunk_user, + mode => '0600', + } + + if $splunk::enterprise::use_default_config { + splunk_input { 'default_host': + section => 'default', + setting => 'host', + value => $splunk::enterprise::input_default_host, + tag => 'splunk_server', + } + splunk_input { 'default_splunktcp': + section => "splunktcp://:${splunk::enterprise::logging_port}", + setting => 'connection_host', + value => $splunk::enterprise::input_connection_host, + tag => 'splunk_server', + } + splunk_web { 'splunk_server_splunkd_port': + section => 'settings', + setting => 'mgmtHostPort', + value => "${splunk::enterprise::splunkd_listen}:${splunk::enterprise::splunkd_port}", + tag => 'splunk_server', + } + splunk_web { 'splunk_server_web_port': + section => 'settings', + setting => 'httpport', + value => $splunk::enterprise::web_httpport, + tag => 'splunk_server', + } + } + + File <| tag == 'splunk_enterprise' |> -> Splunk_alert_actions<||> ~> Class['splunk::enterprise::service'] + File <| tag == 'splunk_enterprise' |> -> Splunk_authentication<||> ~> Class['splunk::enterprise::service'] + File <| tag == 'splunk_enterprise' |> -> Splunk_authorize<||> ~> Class['splunk::enterprise::service'] + File <| tag == 'splunk_enterprise' |> -> Splunk_deploymentclient<||> ~> Class['splunk::enterprise::service'] + File <| tag == 'splunk_enterprise' |> -> Splunk_distsearch<||> ~> Class['splunk::enterprise::service'] + File <| tag == 'splunk_enterprise' |> -> Splunk_indexes<||> ~> Class['splunk::enterprise::service'] + File <| tag == 'splunk_enterprise' |> -> Splunk_input<||> ~> Class['splunk::enterprise::service'] + File <| tag == 'splunk_enterprise' |> -> Splunk_limits<||> ~> Class['splunk::enterprise::service'] + File <| tag == 'splunk_enterprise' |> -> Splunk_output<||> ~> Class['splunk::enterprise::service'] + File <| tag == 'splunk_enterprise' |> -> Splunk_props<||> ~> Class['splunk::enterprise::service'] + File <| tag == 'splunk_enterprise' |> -> Splunk_server<||> ~> Class['splunk::enterprise::service'] + File <| tag == 'splunk_enterprise' |> -> Splunk_serverclass<||> ~> Class['splunk::enterprise::service'] + File <| tag == 'splunk_enterprise' |> -> Splunk_transforms<||> ~> Class['splunk::enterprise::service'] + File <| tag == 'splunk_enterprise' |> -> Splunk_uiprefs<||> ~> Class['splunk::enterprise::service'] + File <| tag == 'splunk_enterprise' |> -> Splunk_web<||> ~> Class['splunk::enterprise::service'] + +} diff --git a/manifests/enterprise/install.pp b/manifests/enterprise/install.pp new file mode 100644 index 00000000..17e308fd --- /dev/null +++ b/manifests/enterprise/install.pp @@ -0,0 +1,44 @@ +# Class splunk::enterprise::install +# +class splunk::enterprise::install { + + if $facts['kernel'] == 'Linux' or $facts['kernel'] == 'SunOS' { + include splunk::enterprise::install::nix + } + + $_package_source = $splunk::enterprise::manage_package_source ? { + true => $splunk::enterprise::enterprise_package_src, + false => $splunk::enterprise::package_source + } + + if $splunk::enterprise::package_provider and !($splunk::enterprise::package_provider in ['apt','chocolatey','yum']) { + $_src_package_filename = basename($_package_source) + $_package_path_parts = [$splunk::enterprise::staging_dir, $_src_package_filename] + $_staged_package = join($_package_path_parts, $splunk::enterprise::path_delimiter) + + archive { $_staged_package: + source => $_package_source, + extract => false, + before => Package[$splunk::enterprise::enterprise_package_name], + } + } else { + $_staged_package = undef + } + + Package { + source => $splunk::enterprise::package_provider ? { + 'chocolatey' => undef, + default => $splunk::enterprise::manage_package_source ? { + true => pick($_staged_package, $_package_source), + false => $_package_source, + } + }, + } + + package { $splunk::enterprise::enterprise_package_name: + ensure => $splunk::enterprise::enterprise_package_ensure, + provider => $splunk::enterprise::package_provider, + install_options => $splunk::enterprise::install_options, + } + +} diff --git a/manifests/enterprise/install/nix.pp b/manifests/enterprise/install/nix.pp new file mode 100644 index 00000000..76202114 --- /dev/null +++ b/manifests/enterprise/install/nix.pp @@ -0,0 +1,37 @@ +# Class splunk::enterprise::install::nix +# +class splunk::enterprise::install::nix inherits splunk::enterprise::install { + + if $facts['kernel'] == 'SunOS' { + $_responsefile = "${splunk::enterprise::staging_dir}/response.txt" + $_adminfile = '/var/sadm/install/admin/splunk-noask' + + file { 'splunk_adminfile': + ensure => file, + path => $_adminfile, + owner => 'root', + group => 'root', + source => 'puppet:///modules/splunk/splunk-noask', + } + + file { 'splunk_pkg_response_file': + ensure => file, + owner => 'root', + group => 'root', + path => $_responsefile, + content => "BASEDIR=/opt\n", + } + + # Collect any Splunk packages and give them an admin and response file. + Package[$splunk::enterprise::enterprise_package_name] { + adminfile => $_adminfile, + responsefile => $_responsefile, + } + } + + # Required for splunk 7.2.4.2 + if versioncmp($splunk::enterprise::version, '7.2.4.2') >= 0 { + ensure_packages(['net-tools'], {'ensure' => 'present'}) + } + +} diff --git a/manifests/enterprise/service.pp b/manifests/enterprise/service.pp new file mode 100644 index 00000000..d8c40b18 --- /dev/null +++ b/manifests/enterprise/service.pp @@ -0,0 +1,19 @@ +# Class splunk::enterprise::service +# +class splunk::enterprise::service { + + # This is a module that supports multiple platforms. For some platforms + # there is non-generic configuration that needs to be declared in addition + # to the agnostic resources declared here. + if $facts['kernel'] in ['Linux','SunOS'] { + include splunk::enterprise::service::nix + } + + service { $splunk::enterprise::service_name: + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, + } + +} diff --git a/manifests/enterprise/service/nix.pp b/manifests/enterprise/service/nix.pp new file mode 100644 index 00000000..edb0a9e7 --- /dev/null +++ b/manifests/enterprise/service/nix.pp @@ -0,0 +1,68 @@ +# Class splunk::enterprise::service::nix +# +class splunk::enterprise::service::nix inherits splunk::enterprise::service { + + if $splunk::enterprise::boot_start { + # Ensure splunk services *not* managed by the system service file are + # gracefully shut down prior to enabling boot-start. Should the service + # file be enabled while binary-managed splunk services are running, you + # will no longer be able to control the binary-managed services + # (start/stop/restart). + exec { 'stop_splunk': + command => "${splunk::enterprise::enterprise_homedir}/bin/splunk stop", + user => $splunk::enterprise::splunk_user, + creates => $splunk::enterprise::enterprise_service_file, + timeout => 0, + notify => Exec['enable_splunk'], + } + # This will fail if the unit file already exists. Splunk does not remove + # unit files during uninstallation, so you may be required to manually + # remove existing unit files before re-installing and enabling boot-start. + exec { 'enable_splunk': + command => "${splunk::enterprise::enterprise_homedir}/bin/splunk enable boot-start -user ${splunk::enterprise::splunk_user} --accept-license --answer-yes --no-prompt", + refreshonly => true, + before => Service[$splunk::enterprise::service_name], + require => Exec['stop_splunk'], + } + } + # Commands to license, disable, and start Splunk Enterprise + # + else { + # Accept the license when disabling splunk in case system service files are + # present before installing splunk. The splunk package does not remove the + # service files when uninstalled. + exec { 'disable_splunk': + command => "${splunk::enterprise::enterprise_homedir}/bin/splunk disable boot-start -user ${splunk::enterprise::splunk_user} --accept-license --answer-yes --no-prompt", + onlyif => "/usr/bin/test -f ${splunk::enterprise::enterprise_service_file}", + } + # This will start splunkd and splunkweb in legacy mode assuming + # appServerPorts is set to 0. + exec { 'license_splunk': + command => "${splunk::enterprise::enterprise_homedir}/bin/splunk start --accept-license --answer-yes --no-prompt", + user => $splunk::enterprise::splunk_user, + creates => "${splunk::enterprise::enterprise_homedir}/etc/auth/splunk.secret", + timeout => 0, + before => Service[$splunk::enterprise::service_name], + require => Exec['disable_splunk'], + } + + if $facts['kernel'] == 'Linux' { + Service[$splunk::enterprise::service_name] { + provider => 'base', + } + } + else { + Service[$splunk::enterprise::service_name] { + provider => 'init', + } + } + Service[$splunk::enterprise::service_name] { + restart => "/usr/sbin/runuser -l ${splunk::enterprise::splunk_user} -c '${splunk::enterprise::enterprise_homedir}/bin/splunk restart'", + start => "/usr/sbin/runuser -l ${splunk::enterprise::splunk_user} -c '${splunk::enterprise::enterprise_homedir}/bin/splunk start'", + stop => "/usr/sbin/runuser -l ${splunk::enterprise::splunk_user} -c '${splunk::enterprise::enterprise_homedir}/bin/splunk stop'", + status => "/usr/sbin/runuser -l ${splunk::enterprise::splunk_user} -c '${splunk::enterprise::enterprise_homedir}/bin/splunk status'", + pattern => "splunkd -p ${splunk::enterprise::splunkd_port} (restart|start)", + } + } + +} diff --git a/manifests/forwarder.pp b/manifests/forwarder.pp index 50bc5f67..a111cc5a 100644 --- a/manifests/forwarder.pp +++ b/manifests/forwarder.pp @@ -1,153 +1,226 @@ -# Class: splunk -# -# This class deploys the Splunk Universal Forwarder on Linux, Windows, Solaris -# platforms. -# -# Parameters: -# -# [*server*] -# The address of a server to send logs to. -# -# [*manage_package_source*] -# By default, this class will handle downloading the Splunk module you need -# but you can set this to false if you do not want that behaviour -# -# [*package_source*] -# The source URL for the splunk installation media (typically an RPM, MSI, -# etc). If a $src_root parameter is set in splunk::params, this will be -# automatically supplied. Otherwise it is required. The URL can be of any -# protocol supported by the nanliu/staging module. On Windows, this can -# be a UNC path to the MSI. -# -# [*package_name*] -# The name of the package(s) as they will exist or be detected on the host. -# -# [*logging_port*] -# The port to send splunktcp logs to. -# -# [*splunkd_port*] -# The splunkd port. Used as a default for both splunk and splunk::forwarder. -# -# [*install_options*] -# The splunkd forwarder installation options. Only applicable for Windows. -# -# [*splunkd_listen*] -# The address on which splunkd should listen. Defaults to localhost only. -# -# [*purge_inputs*] -# If set to true, will remove any inputs.conf configuration not supplied by -# Puppet from the target system. Defaults to false. -# -# [*purge_outputs*] -# If set to true, will remove any outputs.conf configuration not supplied by -# Puppet from the target system. Defaults to false. -# -# [*forwarder_output*] -# Hash of output configs. If undefined will not populate the outputs.conf file. -# -# [*forwarder_input*] -# Hash of input configs. If undefined will not populate the inputs.conf file. -# -# Actions: -# -# Declares parameters to be consumed by other classes in the splunk module. -# -# Requires: nothing -# -class splunk::forwarder ( - String $server = $splunk::params::server, - Boolean $manage_package_source = true, - Optional[String] $package_source = undef, - String $package_name = $splunk::params::forwarder_pkg_name, - String $package_ensure = $splunk::params::forwarder_pkg_ensure, - Stdlib::Port $logging_port = $splunk::params::logging_port, - Stdlib::Port $splunkd_port = $splunk::params::splunkd_port, - Optional[Array] $install_options = $splunk::params::forwarder_install_options, - String $splunk_user = $splunk::params::splunk_user, - Stdlib::Host $splunkd_listen = '127.0.0.1', - Boolean $purge_deploymentclient = false, - Boolean $purge_inputs = false, - Boolean $purge_outputs = false, - Boolean $purge_props = false, - Boolean $purge_transforms = false, - Boolean $purge_web = false, - Optional[String] $pkg_provider = $splunk::params::pkg_provider, - String $forwarder_confdir = $splunk::params::forwarder_confdir, - Hash $forwarder_output = $splunk::params::forwarder_output, - Hash $forwarder_input = $splunk::params::forwarder_input, - Boolean $create_password = $splunk::params::create_password, - Hash $addons = {}, -) inherits splunk::params { - - $virtual_service = $splunk::params::forwarder_service - $staging_subdir = $splunk::params::staging_subdir - - $path_delimiter = $splunk::params::path_delimiter - - $_package_source = $manage_package_source ? { - true => $splunk::params::forwarder_pkg_src, - false => $package_source, - } - - #no need for staging the source if we have yum or apt - if $pkg_provider != undef and $pkg_provider != 'yum' and $pkg_provider != 'apt' and $pkg_provider != 'chocolatey' { - include ::archive::staging - - $src_pkg_filename = basename($_package_source) - $pkg_path_parts = [$archive::path, $staging_subdir, $src_pkg_filename] - $staged_package = join($pkg_path_parts, $path_delimiter) - - archive { $staged_package: - source => $_package_source, - extract => false, - before => Package[$package_name], - } - } else { - $staged_package = undef - } - - Package { - source => $pkg_provider ? { - 'chocolatey' => undef, - default => $manage_package_source ? { - true => pick($staged_package, $_package_source), - false => $_package_source, - } - }, - } +# Class splunk::forwarder +# +# @param server +# +# The fqdn or IP address of the Splunk server. Defaults to the value in ::splunk::params. +# +# @param version` +# +# Specifies the version of Splunk Forwarder the module should install and +# manage. Defaults to the value set in splunk::params. +# +# @param package_name +# +# The name of the package(s) Puppet will use to install Splunk Forwarder. +# Defaults to the value set in splunk::params. +# +# @param package_ensure +# +# Ensure parameter which will get passed to the Splunk package resource. +# Defaults to the value in ::splunk::params. +# +# @param staging_dir +# +# Root of the archive path to host the Splunk package. Defaults to the value in +# splunk::params. +# +# @param path_delimiter +# +# The path separator used in the archived path of the Splunk package. Defaults to +# the value in splunk::params. +# +# @param forwarder_package_src +# +# The source URL for the splunk installation media (typically an RPM, MSI, +# etc). If a `$src_root` parameter is set in splunk::params, this will be +# automatically supplied. Otherwise it is required. The URL can be of any +# protocol supported by the nanliu/staging module. On Windows, this can be +# a UNC path to the MSI. Defaults to the value in splunk::params. +# +# @param package_provider +# +# The package management system used to host the Splunk packages. Defaults to the +# value in splunk::params. +# +# @param manage_package_source +# +# Whether or not to use the supplied `forwarder_package_src` param. Defaults to +# true. +# +# @param package_source +# +# *Optional* The source URL for the splunk installation media (typically an RPM, +# MSI, etc). If `enterprise_package_src` parameter is set in splunk::params and +# `manage_package_source` is true, this will be automatically supplied. Otherwise +# it is required. The URL can be of any protocol supported by the nanliu/staging +# module. On Windows, this can be a UNC path to the MSI. Defaults to undef. +# +# @param install_options +# +# This variable is passed to the package resources' *install_options* parameter. +# Defaults to the value in ::splunk::params. +# +# @param splunk_user +# +# The user to run Splunk as. Defaults to the value set in splunk::params. +# +# @param forwarder_homedir +# +# Specifies the Splunk Forwarder home directory. Defaults to the value set in +# splunk::params. +# +# @param forwarder_confdir +# +# Specifies the Splunk Forwarder configuration directory. Defaults to the value +# set in splunk::params. +# +# @param service_name +# +# The name of the Splunk Forwarder service. Defaults to the value set in +# splunk::params. +# +# @param service_file +# +# The path to the Splunk Forwarder service file. Defaults to the value set in +# splunk::params. +# +# @param boot_start +# +# Whether or not to enable splunk boot-start, which generates a service file to +# manage the Splunk Forwarder service. Defaults to the value set in +# splunk::params. +# +# @param use_default_config +# +# Whether or not the module should manage a default set of Splunk Forwarder +# configuration parameters. Defaults to true. +# +# @param splunkd_listen +# +# The address on which splunkd should listen. Defaults to 127.0.0.1. +# +# @param splunkd_port +# +# The management port for Splunk. Defaults to the value set in splunk::params. +# +# @param logging_port +# +# The port on which to send and listen for logs. Defaults to the value +# in splunk::params. +# +# @param purge_inputs +# +# *Optional* If set to true, inputs.conf will be purged of configuration that is +# no longer managed by the `splunkforwarder_input` type. Defaults to false. +# +# @param purge_outputs +# +# *Optional* If set to true, outputs.conf will be purged of configuration that is +# no longer managed by the `splunk_output` type. Defaults to false. +# +# @param purge_props +# +# *Optional* If set to true, props.conf will be purged of configuration that is +# no longer managed by the `splunk_props` type. Defaults to false. +# +# @param purge_transforms +# +# *Optional* If set to true, transforms.conf will be purged of configuration that is +# no longer managed by the `splunk_transforms` type. Defaults to false. +# +# @param purge_web +# +# *Optional* If set to true, web.conf will be purged of configuration that is +# no longer managed by the `splunk_web` type. Defaults to false. +# +# @param forwarder_input +# +# Used to override the default `forwarder_input` type defined in splunk::params. +# +# @param forwarder_output +# +# Used to override the default `forwarder_output` type defined in splunk::params. +# +# @param manage_password +# +# If set to true, Manage the contents of splunk.secret and passwd. Defaults to +# the value set in splunk::params. +# +# @param password_config_file +# +# Which file to put the password in i.e. in linux it would be +# /opt/splunkforwarder/etc/passwd. Defaults to the value set in splunk::params. +# +# @param password_content +# +# The hashed password username/details for the user. Defaults to the value set +# in splunk::params. +# +# @param secret_file +# +# Which file we should put the secret in. Defaults to the value set in +# splunk::params. +# +# @param secret +# +# The secret used to salt the splunk password. Defaults to the value set in +# splunk::params. +# +# @param addons +# +# Manage a splunk addons, see `splunk::addons`. Defaults to an empty Hash. +# +# +class splunk::forwarder( + String[1] $server = $splunk::params::server, + String[1] $version = $splunk::params::version, + String[1] $package_name = $splunk::params::forwarder_package_name, + String[1] $package_ensure = $splunk::params::forwarder_package_ensure, + String[1] $staging_dir = $splunk::params::staging_dir, + String[1] $path_delimiter = $splunk::params::path_delimiter, + String[1] $forwarder_package_src = $splunk::params::forwarder_package_src, + Optional[String[1]] $package_provider = $splunk::params::package_provider, + Boolean $manage_package_source = true, + Optional[String[1]] $package_source = undef, + Array[String[1]] $install_options = $splunk::params::forwarder_install_options, + String[1] $splunk_user = $splunk::params::splunk_user, + Stdlib::Absolutepath $forwarder_homedir = $splunk::params::forwarder_homedir, + Stdlib::Absolutepath $forwarder_confdir = $splunk::params::forwarder_confdir, + String[1] $service_name = $splunk::params::forwarder_service, + Stdlib::Absolutepath $service_file = $splunk::params::forwarder_service_file, + Boolean $boot_start = $splunk::params::boot_start, + Boolean $use_default_config = true, + Stdlib::IP::Address $splunkd_listen = '127.0.0.1', + Stdlib::Port $splunkd_port = $splunk::params::splunkd_port, + Stdlib::Port $logging_port = $splunk::params::logging_port, + Boolean $purge_deploymentclient = false, + Boolean $purge_outputs = false, + Boolean $purge_inputs = false, + Boolean $purge_props = false, + Boolean $purge_transforms = false, + Boolean $purge_web = false, + Hash $forwarder_output = $splunk::params::forwarder_output, + Hash $forwarder_input = $splunk::params::forwarder_input, + Boolean $manage_password = $splunk::params::manage_password, + Stdlib::Absolutepath $password_config_file = $splunk::params::forwarder_password_config_file, + String[1] $password_content = $splunk::params::password_content, + Stdlib::Absolutepath $secret_file = $splunk::params::forwarder_secret_file, + String[1] $secret = $splunk::params::secret, + Hash $addons = {}, +) inherits splunk { - package { $package_name: - ensure => $package_ensure, - provider => $pkg_provider, - before => Service[$virtual_service], - install_options => $install_options, - tag => 'splunk_forwarder', + if (defined(Class['splunk::enterprise'])) { + fail('Splunk Universal Forwarder provides a subset of Splunk Enterprise capabilities, and has potentially conflicting resources when included with Splunk Enterprise on the same node. Do not include splunk::forwarder on the same node as splunk::enterprise. Configure Splunk Enterprise to meet your forwarding needs.' + ) } - # Declare addons - create_resources('splunk::addon', $addons) + contain 'splunk::forwarder::install' + contain 'splunk::forwarder::config' + contain 'splunk::forwarder::service' - # Ensure that the service restarts upon changes to addons - Package[$package_name] -> Splunk::Addon <||> ~> Service[$virtual_service] - - # Declare inputs and outputs specific to the forwarder profile - $tag_resources = { tag => 'splunk_forwarder' } - if $forwarder_input { - create_resources( 'splunkforwarder_input',$forwarder_input, $tag_resources) - } - if $forwarder_output { - create_resources( 'splunkforwarder_output',$forwarder_output, $tag_resources) - } - # this is default - splunkforwarder_web { 'forwarder_splunkd_port': - section => 'settings', - setting => 'mgmtHostPort', - value => "${splunkd_listen}:${splunkd_port}", - tag => 'splunk_forwarder', - } - - # If the purge parameters have been set, remove all unmanaged entries from - # the respective config files. + Class['splunk::forwarder::install'] + -> Class['splunk::forwarder::config'] + ~> Class['splunk::forwarder::service'] Splunk_config['splunk'] { forwarder_confdir => $forwarder_confdir, @@ -159,90 +232,4 @@ purge_forwarder_web => $purge_web, } - # This is a module that supports multiple platforms. For some platforms - # there is non-generic configuration that needs to be declared in addition - # to the agnostic resources declared here. - case $::kernel { - 'Linux': { - class { '::splunk::platform::posix': - splunk_user => $splunk_user, - } - } - 'SunOS': { include ::splunk::platform::solaris } - default: { } # no special configuration needed - } - - # Realize resources shared between server and forwarder profiles, and set up - # dependency chains. - include ::splunk::virtual - - realize Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_forwarder' |> - -> Exec <| tag == 'splunk_forwarder' |> - -> Service[$virtual_service] - - Package[$package_name] -> Splunkforwarder_deploymentclient<||> ~> Service[$virtual_service] - Package[$package_name] -> Splunkforwarder_output<||> ~> Service[$virtual_service] - Package[$package_name] -> Splunkforwarder_input<||> ~> Service[$virtual_service] - Package[$package_name] -> Splunkforwarder_props<||> ~> Service[$virtual_service] - Package[$package_name] -> Splunkforwarder_transforms<||> ~> Service[$virtual_service] - Package[$package_name] -> Splunkforwarder_web<||> ~> Service[$virtual_service] - Package[$package_name] -> Splunkforwarder_limits<||> ~> Service[$virtual_service] - Package[$package_name] -> Splunkforwarder_server<||> ~> Service[$virtual_service] - - File { - owner => $splunk_user, - group => $splunk_user, - mode => $facts['kernel'] ? { - 'windows' => undef, - default => '0600', - } - } - - file { "${forwarder_confdir}/system/local/deploymentclient.conf": - ensure => file, - tag => 'splunk_forwarder', - } - - file { "${forwarder_confdir}/system/local/inputs.conf": - ensure => file, - tag => 'splunk_forwarder', - } - - file { "${forwarder_confdir}/system/local/outputs.conf": - ensure => file, - tag => 'splunk_forwarder', - } - - file { "${forwarder_confdir}/system/local/web.conf": - ensure => file, - tag => 'splunk_forwarder', - } - - file { "${forwarder_confdir}/system/local/limits.conf": - ensure => file, - tag => 'splunk_forwarder', - } - - file { "${forwarder_confdir}/system/local/server.conf": - ensure => file, - tag => 'splunk_forwarder', - } - - # Validate: if both Splunk and Splunk Universal Forwarder are installed on - # the same system, then they must use different admin ports. - if (defined(Class['splunk']) and defined(Class['splunk::forwarder'])) { - $s_port = $splunk::splunkd_port - $f_port = $splunk::forwarder::splunkd_port - if $s_port == $f_port { - fail(regsubst("Both splunk and splunk::forwarder are included, but both - are configured to use the same splunkd port (${s_port}). Please either - include only one of splunk, splunk::forwarder, or else configure them - to use non-conflicting splunkd ports.", '\s\s+', ' ', 'G') - ) - } - } - } diff --git a/manifests/forwarder/config.pp b/manifests/forwarder/config.pp new file mode 100644 index 00000000..f3818d5d --- /dev/null +++ b/manifests/forwarder/config.pp @@ -0,0 +1,87 @@ +# Class splunk::forwarder::config +# +class splunk::forwarder::config { + + if $splunk::forwarder::manage_password { + file { $splunk::forwarder::password_config_file: + ensure => file, + owner => $splunk::forwarder::splunk_user, + group => $splunk::forwarder::splunk_user, + content => $splunk::forwarder::password_content, + } + + file { $splunk::forwarder::secret_file: + ensure => file, + owner => $splunk::forwarder::splunk_user, + group => $splunk::forwarder::splunk_user, + content => $splunk::forwarder::secret, + } + } + + # Remove init.d file if the service provider is systemd + if $facts['service_provider'] == 'systemd' and versioncmp($splunk::forwarder::version, '7.2.2') >= 0 { + file { '/etc/init.d/splunk': + ensure => 'absent', + } + } + + + $_forwarder_file_mode = $facts['kernel'] ? { + 'windows' => undef, + default => '0600', + } + + file { ["${splunk::forwarder::forwarder_homedir}/etc/system/local/deploymentclient.conf", + "${splunk::forwarder::forwarder_homedir}/etc/system/local/outputs.conf", + "${splunk::forwarder::forwarder_homedir}/etc/system/local/inputs.conf", + "${splunk::forwarder::forwarder_homedir}/etc/system/local/props.conf", + "${splunk::forwarder::forwarder_homedir}/etc/system/local/transforms.conf", + "${splunk::forwarder::forwarder_homedir}/etc/system/local/web.conf", + "${splunk::forwarder::forwarder_homedir}/etc/system/local/limits.conf", + "${splunk::forwarder::forwarder_homedir}/etc/system/local/server.conf"]: + ensure => file, + tag => 'splunk_forwarder', + owner => $splunk::forwarder::splunk_user, + group => $splunk::forwarder::splunk_user, + mode => $_forwarder_file_mode, + } + + if $splunk::forwarder::use_default_config { + splunkforwarder_web { 'forwarder_splunkd_port': + section => 'settings', + setting => 'mgmtHostPort', + value => "${splunk::forwarder::splunkd_listen}:${splunk::forwarder::splunkd_port}", + tag => 'splunk_forwarder', + } + + $splunk::forwarder::forwarder_input.each | String $name, Hash $options| { + splunkforwarder_input { $name: + section => $options['section'], + setting => $options['setting'], + value => $options['value'], + tag => 'splunk_forwarder', + } + } + $splunk::forwarder::forwarder_output.each | String $name, Hash $options| { + splunkforwarder_output { $name: + section => $options['section'], + setting => $options['setting'], + value => $options['value'], + tag => 'splunk_forwarder', + } + } + } + + # Declare addons + create_resources('splunk::addon', $splunk::forwarder::addons) + + File <| tag == 'splunk_forwarder' |> -> Splunkforwarder_deploymentclient<||> ~> Class['splunk::forwarder::service'] + File <| tag == 'splunk_forwarder' |> -> Splunkforwarder_input<||> ~> Class['splunk::forwarder::service'] + File <| tag == 'splunk_forwarder' |> -> Splunkforwarder_output<||> ~> Class['splunk::forwarder::service'] + File <| tag == 'splunk_forwarder' |> -> Splunkforwarder_props<||> ~> Class['splunk::forwarder::service'] + File <| tag == 'splunk_forwarder' |> -> Splunkforwarder_transforms<||> ~> Class['splunk::forwarder::service'] + File <| tag == 'splunk_forwarder' |> -> Splunkforwarder_web<||> ~> Class['splunk::forwarder::service'] + File <| tag == 'splunk_forwarder' |> -> Splunkforwarder_limits<||> ~> Class['splunk::forwarder::service'] + File <| tag == 'splunk_forwarder' |> -> Splunkforwarder_server<||> ~> Class['splunk::forwarder::service'] + +} diff --git a/manifests/forwarder/install.pp b/manifests/forwarder/install.pp new file mode 100644 index 00000000..d94184c1 --- /dev/null +++ b/manifests/forwarder/install.pp @@ -0,0 +1,67 @@ +# Class splunk::forwarder::install +# +class splunk::forwarder::install { + + $_package_source = $splunk::forwarder::manage_package_source ? { + true => $splunk::forwarder::forwarder_package_src, + false => $splunk::forwarder::package_source + } + + if $splunk::forwarder::package_provider and !($splunk::forwarder::package_provider in ['apt','chocolatey','yum']) { + $_src_package_filename = basename($_package_source) + $_package_path_parts = [$splunk::forwarder::staging_dir, $_src_package_filename] + $_staged_package = join($_package_path_parts, $splunk::forwarder::path_delimiter) + + archive { $_staged_package: + source => $_package_source, + extract => false, + before => Package[$splunk::forwarder::forwarder_package_name], + } + } else { + $_staged_package = undef + } + + Package { + source => $splunk::forwarder::package_provider ? { + 'chocolatey' => undef, + default => $splunk::forwarder::manage_package_source ? { + true => pick($_staged_package, $_package_source), + false => $_package_source, + } + }, + } + + if $facts['kernel'] == 'SunOS' { + $_responsefile = "${splunk::forwarder::staging_dir}/response.txt" + $_adminfile = '/var/sadm/install/admin/splunk-noask' + + file { 'splunk_adminfile': + ensure => file, + path => $_adminfile, + owner => 'root', + group => 'root', + source => 'puppet:///modules/splunk/splunk-noask', + } + + file { 'splunk_pkg_response_file': + ensure => file, + owner => 'root', + group => 'root', + path => $_responsefile, + content => "BASEDIR=/opt\n", + } + + # Collect any Splunk packages and give them an admin and response file. + Package { + adminfile => $_adminfile, + responsefile => $_responsefile, + } + } + + package { $splunk::forwarder::forwarder_package_name: + ensure => $splunk::forwarder::forwarder_package_ensure, + provider => $splunk::forwarder::package_provider, + install_options => $splunk::forwarder::install_options, + } + +} diff --git a/manifests/forwarder/service.pp b/manifests/forwarder/service.pp new file mode 100644 index 00000000..4d5180eb --- /dev/null +++ b/manifests/forwarder/service.pp @@ -0,0 +1,19 @@ +# Class splunk::forwarder::service +# +class splunk::forwarder::service { + + # This is a module that supports multiple platforms. For some platforms + # there is non-generic configuration that needs to be declared in addition + # to the agnostic resources declared here. + if $facts['kernel'] in ['Linux', 'SunOS'] { + include splunk::forwarder::service::nix + } + + service { $splunk::forwarder::service_name: + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, + } + +} diff --git a/manifests/forwarder/service/nix.pp b/manifests/forwarder/service/nix.pp new file mode 100644 index 00000000..1f2856fb --- /dev/null +++ b/manifests/forwarder/service/nix.pp @@ -0,0 +1,68 @@ +# Class splunk::forwarder::service::nix +# +class splunk::forwarder::service::nix inherits splunk::forwarder::service { + + if $splunk::forwarder::boot_start { + # Ensure splunk services *not* managed by the system service file are + # gracefully shut down prior to enabling boot-start. Should the service + # file be enabled while binary-managed splunk services are running, you + # will no longer be able to control the binary-managed services + # (start/stop/restart). + exec { 'stop_splunkforwarder': + command => "${splunk::forwarder::forwarder_homedir}/bin/splunk stop", + user => $splunk::forwarder::splunk_user, + creates => $splunk::forwarder::forwarder_service_file, + timeout => 0, + notify => Exec['enable_splunkforwarder'], + } + # This will fail if the unit file already exists. Splunk does not remove + # unit files during uninstallation, so you may be required to manually + # remove existing unit files before re-installing and enabling boot-start. + exec { 'enable_splunkforwarder': + command => "${splunk::forwarder::forwarder_homedir}/bin/splunk enable boot-start -user ${splunk::forwarder::splunk_user} --accept-license --answer-yes --no-prompt", + tag => 'splunk_forwarder', + refreshonly => true, + before => Service[$splunk::forwarder::service_name], + require => Exec['stop_splunkforwarder'], + } + } + # Commands to license and disable the SplunkUniversalForwarder + # + else { + # Accept the license when disabling splunk in case system service files are + # present before installing splunk. The splunk package does not remove the + # service files when uninstalled. + exec { 'disable_splunkforwarder': + command => "${splunk::forwarder::forwarder_homedir}/bin/splunk disable boot-start -user ${splunk::forwarder::splunk_user} --accept-license --answer-yes --no-prompt", + onlyif => "/usr/bin/test -f ${splunk::forwarder::forwarder_service_file}", + } + exec { 'license_splunkforwarder': + command => "${splunk::forwarder::forwarder_homedir}/bin/splunk ftr --accept-license --answer-yes --no-prompt", + user => $splunk::forwarder::splunk_user, + onlyif => "/usr/bin/test -f ${splunk::forwarder::forwarder_homedir}/ftr", + timeout => 0, + before => Service[$splunk::forwarder::service_name], + require => Exec['disable_splunkforwarder'], + } + + if $facts['kernel'] == 'Linux' { + Service[$splunk::forwarder::service_name] { + provider => 'base', + } + } + else { + Service[$splunk::forwarder::service_name] { + provider => 'init', + } + } + + Service[$splunk::forwarder::service_name] { + restart => "/usr/sbin/runuser -l ${splunk::forwarder::splunk_user} -c '${splunk::forwarder::forwarder_homedir}/bin/splunk restart'", + start => "/usr/sbin/runuser -l ${splunk::forwarder::splunk_user} -c '${splunk::forwarder::forwarder_homedir}/bin/splunk start'", + stop => "/usr/sbin/runuser -l ${splunk::forwarder::splunk_user} -c '${splunk::forwarder::forwarder_homedir}/bin/splunk stop'", + status => "/usr/sbin/runuser -l ${splunk::forwarder::splunk_user} -c '${splunk::forwarder::forwarder_homedir}/bin/splunk status'", + pattern => "splunkd -p ${splunk::forwarder::splunkd_port} (restart|start)", + } + } + +} diff --git a/manifests/init.pp b/manifests/init.pp index 30a604c1..81dd2999 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,384 +1,6 @@ -# Class: splunk -# -# This class deploys Splunk on Linux, Windows, Solaris platforms. -# -# Parameters: -# -# [*manage_package_source*] -# By default, this class will handle downloading the Splunk module you need -# but you can set this to false if you do not want that behaviour -# -# [*package_source*] -# The source URL for the splunk installation media (typically an RPM, MSI, -# etc). If a $src_root parameter is set in splunk::params, this will be -# automatically supplied. Otherwise it is required. The URL can be of any -# protocol supported by the puppet/archive module. On Windows, this can -# be a UNC path to the MSI. -# -# [*package_name*] -# The name of the package(s) as they will exist or be detected on the host. -# -# [*package_ensure] -# ensurance of the package -# -# [*logging_port*] -# The port to recieve splunktcp logs on. -# -# [*splunkd_port*] -# The splunkd port. Used as a default for both splunk and splunk::forwarder. -# -# [*splunkd_listen*] -# The address on which splunkd should listen. Defaults to localhost only. -# -# [*web_port*] -# The port on which to serve the Splunk Web interface. -# -# [*purge_inputs*] -# If set to true, will remove any inputs.conf configuration not supplied by -# Puppet from the target system. Defaults to false. -# -# [*purge_outputs*] -# If set to true, will remove any outputs.conf configuration not supplied by -# Puppet from the target system. Defaults to false. -# -# Actions: -# -# Declares parameters to be consumed by other classes in the splunk module. -# -# Requires: nothing +# Class splunk # class splunk ( - Boolean $manage_package_source = true, - Optional[String] $package_source = undef, - String $package_name = $splunk::params::server_pkg_name, - String $package_ensure = $splunk::params::server_pkg_ensure, - Variant[Array[String],String] $server_service = $splunk::params::server_service, - Stdlib::Port $logging_port = $splunk::params::logging_port, - Stdlib::Port $splunkd_port = $splunk::params::splunkd_port, - String $splunk_user = $splunk::params::splunk_user, - Optional[String] $pkg_provider = $splunk::params::pkg_provider, - Stdlib::Host $splunkd_listen = '127.0.0.1', - Stdlib::Port $web_port = 8000, - Boolean $purge_alert_actions = false, - Boolean $purge_authentication = false, - Boolean $purge_authorize = false, - Boolean $purge_deploymentclient = false, - Boolean $purge_distsearch = false, - Boolean $purge_indexes = false, - Boolean $purge_inputs = false, - Boolean $purge_limits = false, - Boolean $purge_outputs = false, - Boolean $purge_props = false, - Boolean $purge_server = false, - Boolean $purge_serverclass = false, - Boolean $purge_transforms = false, - Boolean $purge_uiprefs = false, - Boolean $purge_web = false, ) inherits splunk::params { - $virtual_service = $server_service - $staging_subdir = $splunk::params::staging_subdir - - $path_delimiter = $splunk::params::path_delimiter - - $_package_source = $manage_package_source ? { - true => $splunk::params::server_pkg_src, - false => $package_source - } - - if $pkg_provider != undef and $pkg_provider != 'yum' and $pkg_provider != 'apt' and $pkg_provider != 'chocolatey' { - include ::archive::staging - $src_pkg_filename = basename($_package_source) - $pkg_path_parts = [$archive::path, $staging_subdir, $src_pkg_filename] - $staged_package = join($pkg_path_parts, $path_delimiter) - - archive { $staged_package: - source => $_package_source, - extract => false, - before => Package[$package_name], - } - } else { - $staged_package = undef - } - - Package { - source => $pkg_provider ? { - 'chocolatey' => undef, - default => $manage_package_source ? { - true => pick($staged_package, $_package_source), - false => $_package_source, - } - }, - } - - package { $package_name: - ensure => $package_ensure, - provider => $pkg_provider, - before => Service[$virtual_service], - tag => 'splunk_server', - } - - if $facts['virtual'] == 'docker' { - ini_setting { 'OPTIMISTIC_ABOUT_FILE_LOCKING': - ensure => present, - section => '', - setting => 'OPTIMISTIC_ABOUT_FILE_LOCKING', - value => '1', - path => '/opt/splunk/etc/splunk-launch.conf', - } - - Package[$package_name] - -> Ini_setting['OPTIMISTIC_ABOUT_FILE_LOCKING'] - -> Exec <| tag == 'splunk_server' |> - } - - - splunk_input { 'default_host': - section => 'default', - setting => 'host', - value => $::clientcert, - tag => 'splunk_server', - } - splunk_input { 'default_splunktcp': - section => "splunktcp://:${logging_port}", - setting => 'connection_host', - value => 'dns', - tag => 'splunk_server', - } - splunk_web { 'splunk_server_splunkd_port': - section => 'settings', - setting => 'mgmtHostPort', - value => "${splunkd_listen}:${splunkd_port}", - tag => 'splunk_server', - } - - splunk_web { 'splunk_server_web_port': - section => 'settings', - setting => 'httpport', - value => $web_port, - tag => 'splunk_server', - } - - - # Purge resources if option set - Splunk_config['splunk'] { - purge_alert_actions => $purge_alert_actions, - purge_authentication => $purge_authentication, - purge_authorize => $purge_authorize, - purge_deploymentclient => $purge_deploymentclient, - purge_distsearch => $purge_distsearch, - purge_indexes => $purge_indexes, - purge_inputs => $purge_inputs, - purge_limits => $purge_limits, - purge_outputs => $purge_outputs, - purge_props => $purge_props, - purge_server => $purge_server, - purge_serverclass => $purge_serverclass, - purge_transforms => $purge_transforms, - purge_uiprefs => $purge_uiprefs, - purge_web => $purge_web - } - # This is a module that supports multiple platforms. For some platforms - # there is non-generic configuration that needs to be declared in addition - # to the agnostic resources declared here. - case $::kernel { - 'Linux': { - class { '::splunk::platform::posix': - splunkd_port => $splunkd_port, - splunk_user => $splunk_user, - server_service => $server_service, - } - } - 'SunOS': { include ::splunk::platform::solaris } - default: { } # no special configuration needed - } - - # Realize resources shared between server and forwarder profiles, and set up - # dependency chains. - include ::splunk::virtual - - # This realize() call is because the collectors don't seem to work well with - # arrays. They'll set the dependencies but not realize all Service resources - realize(Service[$virtual_service]) - - Package[$package_name] - -> Exec <| tag == 'splunk_server' |> - -> File <| tag == 'splunk_server' |> - -> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_alert_actions <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_authentication <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_authorize <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_deploymentclient <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_distsearch <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_indexes <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_input <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_limits <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_output <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_props <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_server <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_serverclass <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_transforms <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_uiprefs <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - Package[$package_name] - -> File <| tag == 'splunk_server' |> - -> Splunk_web <| tag == 'splunk_server' |> - ~> Service[$virtual_service] - - File { - owner => $splunk_user, - group => $splunk_user, - mode => '0600', - } - - file { '/opt/splunk/etc/system/local/alert_actions.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/local/authentication.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/local/authorize.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/local/deploymentclient.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/local/distsearch.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/local/indexes.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/local/inputs.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/local/limits.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/local/outputs.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/local/props.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/local/server.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/local/serverclass.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/local/transforms.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/local/ui-prefs.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/local/web.conf': - ensure => file, - tag => 'splunk_server', - } - - file { '/opt/splunk/etc/system/metadata/local.meta': - ensure => file, - tag => 'splunk_server', - } - - # Validate: if both Splunk and Splunk Universal Forwarder are installed on - # the same system, then they must use different admin ports. - if (defined(Class['splunk']) and defined(Class['splunk::forwarder'])) { - $s_port = $splunk::splunkd_port - $f_port = $splunk::forwarder::splunkd_port - if $s_port == $f_port { - fail(regsubst("Both splunk and splunk::forwarder are included, but both - are configured to use the same splunkd port (${s_port}). Please either - include only one of splunk, splunk::forwarder, or else configure them - to use non-conflicting splunkd ports.", '\s\s+', ' ', 'G') - ) - } - } - } diff --git a/manifests/params.pp b/manifests/params.pp index ea9f966d..f5698ee4 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -6,30 +6,32 @@ # no resources to the graph. Rather, it only sets values for parameters to be # consumed by child classes. # -# Parameters: -# -# [*version*] +# @param version # The version of Splunk to install. This will be in the form x.y.z; e.g. # "4.3.2". # -# [*build*] +# @param build # Splunk packages are typically named based on the platform, architecture, # version, and build. Puppet can determine the platform information # automatically but a build number must be supplied in order to correctly # construct the path to the packages. A build number will be six digits; # e.g. "123586". # -# [*splunkd_port*] +# @param splunkd_port # The splunkd port. Used as a default for both splunk and splunk::forwarder. # -# [*logging_port*] +# @param logging_port # The port on which to send logs, and listen for logs. Used as a default for # splunk and splunk::forwarder. # -# [*splunk_user*] +# @param server +# Optional fqdn or IP of the Splunk Enterprise server. Used for setting up +# the default TCP output and input. +# +# @param splunk_user # The user that splunk runs as. # -# [*src_root*] +# @param src_root # The root URL at which to find the splunk packages. The sane-default logic # assumes that the packages are located under this URL in the same way that # they are placed on download.splunk.com. The URL can be any protocol that @@ -57,22 +59,35 @@ # └── products/ # ├── universalforwarder/ # │ └── releases/ -# | └── 7.0.0/ +# | └── 7.2.4.2/ # | ├── linux/ -# | | ├── splunkforwarder-7.0.0-c8a78efdd40f-linux-2.6-amd64.deb -# | | ├── splunkforwarder-7.0.0-c8a78efdd40f-linux-2.6-intel.deb -# | | └── splunkforwarder-7.0.0-c8a78efdd40f-linux-2.6-x86_64.rpm +# | | ├── splunkforwarder-7.2.4.2-fb30470262e3-linux-2.6-amd64.deb +# | | ├── splunkforwarder-7.2.4.2-fb30470262e3-linux-2.6-intel.deb +# | | └── splunkforwarder-7.2.4.2-fb30470262e3-linux-2.6-x86_64.rpm # | ├── solaris/ # | └── windows/ -# | └── splunkforwarder-7.0.0-c8a78efdd40f-x64-release.msi +# | └── splunkforwarder-7.2.4.2-fb30470262e3-x64-release.msi # └── splunk/ # └── releases/ -# └── 7.0.0/ +# └── 7.2.4.2/ # └── linux/ -# ├── splunk-7.0.0-c8a78efdd40f-linux-2.6-amd64.deb -# ├── splunk-7.0.0-c8a78efdd40f-linux-2.6-intel.deb -# └── splunk-7.0.0-c8a78efdd40f-linux-2.6-x86_64.rpm +# ├── splunk-7.2.4.2-fb30470262e3-linux-2.6-amd64.deb +# ├── splunk-7.2.4.2-fb30470262e3-linux-2.6-intel.deb +# └── splunk-7.2.4.2-fb30470262e3-linux-2.6-x86_64.rpm +# +# @param boot_start +# Enable Splunk to start at boot, create a system service file. +# +# WARNING: Toggling boot_start `false` to `true` will cause a restart of the +# splunk Enterprise and Forwarder services. # +# Defaults to true +# +# @param forwarder_installdir +# Optional directory in which to install and manage Splunk Forwarder +# +# @param enterprise_installdir +# Optional directory in which to install and manage Splunk Enterprise # # Actions: # @@ -81,74 +96,104 @@ # Requires: nothing # class splunk::params ( - String $version = '7.0.0', - String $build = 'c8a78efdd40f', - String $src_root = 'https://download.splunk.com', - Stdlib::Port $splunkd_port = 8089, - Stdlib::Port $logging_port = 9997, - String $server = 'splunk', - Optional[String] $forwarder_installdir = undef, - Optional[String] $server_installdir = undef, - String $splunk_user = $facts['os']['family'] ? { + String[1] $version = '7.2.4.2', + String[1] $build = 'fb30470262e3', + String[1] $src_root = 'https://download.splunk.com', + Stdlib::Port $splunkd_port = 8089, + Stdlib::Port $logging_port = 9997, + String[1] $server = 'splunk', + Optional[String[1]] $forwarder_installdir = undef, + Optional[String[1]] $enterprise_installdir = undef, + Boolean $boot_start = true, + String[1] $splunk_user = $facts['os']['family'] ? { 'Windows' => 'Administrator', default => 'root' - } + }, ) { # Based on the small number of inputs above, we can construct sane defaults # for pretty much everything else. - # Settings common to everything - $staging_subdir = 'splunk' - #password setting settings - default changeme + # To generate password_content, change the password on enterprise or + # forwarder, then distribute the contents of the splunk.secret and passwd + # files accross all nodes. + # By default the parameters provided are for admin/changeme password. + $manage_password = false $secret = 'hhy9DOGqli4.aZWCuGvz8stcqT2/OSJUZuyWHKc4wnJtQ6IZu2bfjeElgYmGHN9RWIT3zs5hRJcX1wGerpMNObWhFue78jZMALs3c3Mzc6CzM98/yGYdfcvWMo1HRdKn82LVeBJI5dNznlZWfzg6xdywWbeUVQZcOZtODi10hdxSJ4I3wmCv0nmkSWMVOEKHxti6QLgjfuj/MOoh8.2pM0/CqF5u6ORAzqFZ8Qf3c27uVEahy7ShxSv2K4K41z' $password_content = ':admin:$6$pIE/xAyP9mvBaewv$4GYFxC0SqonT6/x8qGcZXVCRLUVKODj9drDjdu/JJQ/Iw0Gg.aTkFzCjNAbaK4zcCHbphFz1g1HK18Z2bI92M0::Administrator:admin:changeme@example.com::' - if $::osfamily == 'Windows' { - $forwarder_dir = pick($forwarder_installdir, 'C:\\Program Files\\SplunkUniversalForwarder') - $server_dir = pick($server_installdir, 'C:/Program Files/Splunk') + $staging_dir = "${facts['archive_windir']}\\splunk" + $enterprise_homedir = pick($enterprise_installdir, 'C:/Program Files/Splunk') + $forwarder_homedir = pick($forwarder_installdir, 'C:\\Program Files\\SplunkUniversalForwarder') } else { - $forwarder_dir = pick($forwarder_installdir, '/opt/splunkforwarder') - $server_dir = pick($server_installdir, '/opt/splunk') + $staging_dir = '/opt/staging/splunk' + $enterprise_homedir = pick($enterprise_installdir, '/opt/splunk') + $forwarder_homedir = pick($forwarder_installdir, '/opt/splunkforwarder') } # Settings common to a kernel case $::kernel { 'Linux': { - $path_delimiter = '/' - $forwarder_src_subdir = 'linux' - $forwarder_service = [ 'splunk' ] - $password_config_file = "${forwarder_dir}/etc/passwd" - $secret_file = "${forwarder_dir}/etc/splunk.secret" - $forwarder_confdir = "${forwarder_dir}/etc" - $server_src_subdir = 'linux' - $server_service = [ 'splunk', 'splunkd', 'splunkweb' ] - $server_confdir = "${server_dir}/etc" - $forwarder_install_options = undef + $path_delimiter = '/' + $forwarder_src_subdir = 'linux' + $forwarder_password_config_file = "${forwarder_homedir}/etc/passwd" + $enterprise_password_config_file = "${enterprise_homedir}/etc/passwd" + $forwarder_secret_file = "${forwarder_homedir}/etc/splunk.secret" + $enterprise_secret_file = "${enterprise_homedir}/etc/splunk.secret" + $forwarder_confdir = "${forwarder_homedir}/etc" + $enterprise_src_subdir = 'linux' + $enterprise_confdir = "${enterprise_homedir}/etc" + $forwarder_install_options = [] + $enterprise_install_options = [] + # Systemd not supported until Splunk 7.2.2 + if $facts['service_provider'] == 'systemd' and versioncmp($version, '7.2.2') >= 0 { + $enterprise_service = 'Splunkd' + $forwarder_service = 'SplunkForwarder' + $enterprise_service_file = '/etc/systemd/system/multi-user.target.wants/Splunkd.service' + $forwarder_service_file = '/etc/systemd/system/multi-user.target.wants/SplunkForwarder.service' + } + else { + $enterprise_service = 'splunk' + $forwarder_service = 'splunk' + $enterprise_service_file = '/etc/init.d/splunk' + $forwarder_service_file = '/etc/init.d/splunk' + } } 'SunOS': { - $path_delimiter = '/' - $forwarder_src_subdir = 'solaris' - $forwarder_service = [ 'splunk' ] - $password_config_file = "${forwarder_dir}/etc/passwd" - $secret_file = "${forwarder_dir}/etc/splunk.secret" - $forwarder_confdir = "${forwarder_dir}/etc" - $server_src_subdir = 'solaris' - $server_service = [ 'splunk', 'splunkd', 'splunkweb' ] - $server_confdir = "${server_dir}/etc" - $forwarder_install_options = undef + $path_delimiter = '/' + $forwarder_src_subdir = 'solaris' + $password_config_file = "${forwarder_homedir}/etc/passwd" + $secret_file = "${forwarder_homedir}/etc/splunk.secret" + $forwarder_confdir = "${forwarder_homedir}/etc" + $enterprise_src_subdir = 'solaris' + $enterprise_confdir = "${enterprise_homedir}/etc" + $forwarder_install_options = [] + $enterprise_install_options = [] + # Systemd not supported until Splunk 7.2.2 + if $facts['service_provider'] == 'systemd' and versioncmp($version, '7.2.2') >= 0 { + $enterprise_service = 'Splunkd' + $forwarder_service = 'SplunkForwarder' + $enterprise_service_file = '/etc/systemd/system/multi-user.target.wants/Splunkd.service' + $forwarder_service_file = '/etc/systemd/system/multi-user.target.wants/SplunkForwarder.service' + } + else { + $enterprise_service = 'splunk' + $forwarder_service = 'splunk' + $enterprise_service_file = '/etc/init.d/splunk' + $forwarder_service_file = '/etc/init.d/splunk' + } } 'Windows': { - $path_delimiter = '\\' - $forwarder_src_subdir = 'windows' - $password_config_file = 'C:/Program Files/SplunkUniversalForwarder/etc/passwd' - $secret_file = 'C:/Program Files/SplunkUniversalForwarder/etc/splunk.secret' - $forwarder_service = [ 'SplunkForwarder' ] # UNKNOWN - $forwarder_confdir = "${forwarder_dir}/etc" - $server_src_subdir = 'windows' - $server_service = [ 'Splunkd', 'SplunkWeb' ] # UNKNOWN - $server_confdir = "${server_dir}/etc" + $path_delimiter = '\\' + $forwarder_src_subdir = 'windows' + $password_config_file = 'C:/Program Files/SplunkUniversalForwarder/etc/passwd' + $secret_file = 'C:/Program Files/SplunkUniversalForwarder/etc/splunk.secret' + $forwarder_service = 'SplunkForwarder' # UNKNOWN + $forwarder_confdir = "${forwarder_homedir}/etc" + $enterprise_src_subdir = 'windows' + $enterprise_service = 'splunkd' # UNKNOWN + $enterprise_confdir = "${enterprise_homedir}/etc" $forwarder_install_options = [ 'AGREETOLICENSE=Yes', 'LAUNCHSPLUNK=0', @@ -159,9 +204,9 @@ 'WINEVENTLOG_FWD_ENABLE=1', 'WINEVENTLOG_SET_ENABLE=1', 'ENABLEADMON=1', - { 'INSTALLDIR' => $forwarder_dir }, + { 'INSTALLDIR' => $forwarder_homedir }, ] - $server_install_options = [ + $enterprise_install_options = [ 'LAUNCHSPLUNK=1', 'WINEVENTLOG_APP_ENABLE=1', 'WINEVENTLOG_SEC_ENABLE=1', @@ -198,72 +243,71 @@ } # Settings common to an OS family case $::osfamily { - 'RedHat': { $pkg_provider = 'rpm' } - 'Debian': { $pkg_provider = 'dpkg' } - 'Solaris': { $pkg_provider = 'sun' } - default: { $pkg_provider = undef } # Don't define a $pkg_provider + 'RedHat': { $package_provider = 'rpm' } + 'Debian': { $package_provider = 'dpkg' } + 'Solaris': { $package_provider = 'sun' } + default: { $package_provider = undef } # Don't define a $package_provider } # Settings specific to an architecture as well as an OS family case "${::osfamily} ${::architecture}" { 'RedHat i386': { - $package_suffix = "${version}-${build}.i386.rpm" - $forwarder_pkg_name = 'splunkforwarder' - $server_pkg_name = 'splunk' + $package_suffix = "${version}-${build}.i386.rpm" + $forwarder_package_name = 'splunkforwarder' + $enterprise_package_name = 'splunk' } 'RedHat x86_64': { - $package_suffix = "${version}-${build}-linux-2.6-x86_64.rpm" - $forwarder_pkg_name = 'splunkforwarder' - $server_pkg_name = 'splunk' + $package_suffix = "${version}-${build}-linux-2.6-x86_64.rpm" + $forwarder_package_name = 'splunkforwarder' + $enterprise_package_name = 'splunk' } 'Debian i386': { - $package_suffix = "${version}-${build}-linux-2.6-intel.deb" - $forwarder_pkg_name = 'splunkforwarder' - $server_pkg_name = 'splunk' + $package_suffix = "${version}-${build}-linux-2.6-intel.deb" + $forwarder_package_name = 'splunkforwarder' + $enterprise_package_name = 'splunk' } 'Debian amd64': { - $package_suffix = "${version}-${build}-linux-2.6-amd64.deb" - $forwarder_pkg_name = 'splunkforwarder' - $server_pkg_name = 'splunk' + $package_suffix = "${version}-${build}-linux-2.6-amd64.deb" + $forwarder_package_name = 'splunkforwarder' + $enterprise_package_name = 'splunk' } /^(W|w)indows (x86|i386)$/: { - $package_suffix = "${version}-${build}-x86-release.msi" - $forwarder_pkg_name = 'UniversalForwarder' - $server_pkg_name = 'Splunk' + $package_suffix = "${version}-${build}-x86-release.msi" + $forwarder_package_name = 'UniversalForwarder' + $enterprise_package_name = 'Splunk' } /^(W|w)indows (x64|x86_64)$/: { - $package_suffix = "${version}-${build}-x64-release.msi" - $forwarder_pkg_name = 'UniversalForwarder' - $server_pkg_name = 'Splunk' + $package_suffix = "${version}-${build}-x64-release.msi" + $forwarder_package_name = 'UniversalForwarder' + $enterprise_package_name = 'Splunk' } 'Solaris i86pc': { - $package_suffix = "${version}-${build}-solaris-10-intel.pkg" - $forwarder_pkg_name = 'splunkforwarder' - $server_pkg_name = 'splunk' + $package_suffix = "${version}-${build}-solaris-10-intel.pkg" + $forwarder_package_name = 'splunkforwarder' + $enterprise_package_name = 'splunk' } 'Solaris sun4v': { - $package_suffix = "${version}-${build}-solaris-8-sparc.pkg" - $forwarder_pkg_name = 'splunkforwarder' - $server_pkg_name = 'splunk' + $package_suffix = "${version}-${build}-solaris-8-sparc.pkg" + $forwarder_package_name = 'splunkforwarder' + $enterprise_package_name = 'splunk' } default: { fail("unsupported osfamily/arch ${::osfamily}/${::architecture}") } } - $forwarder_src_pkg = "splunkforwarder-${package_suffix}" - $server_src_pkg = "splunk-${package_suffix}" + $forwarder_src_package = "splunkforwarder-${package_suffix}" + $enterprise_src_package = "splunk-${package_suffix}" - $server_pkg_ensure = 'installed' - $server_pkg_src = "${src_root}/products/splunk/releases/${version}/${server_src_subdir}/${server_src_pkg}" - $forwarder_pkg_src = "${src_root}/products/universalforwarder/releases/${version}/${forwarder_src_subdir}/${forwarder_src_pkg}" - $create_password = true + $enterprise_package_ensure = 'installed' + $enterprise_package_src = "${src_root}/products/splunk/releases/${version}/${enterprise_src_subdir}/${enterprise_src_package}" + $forwarder_package_ensure = 'installed' + $forwarder_package_src = "${src_root}/products/universalforwarder/releases/${version}/${forwarder_src_subdir}/${forwarder_src_package}" - $forwarder_pkg_ensure = 'installed' # A meta resource so providers know where splunk is installed: splunk_config { 'splunk': - forwarder_installdir => $forwarder_dir, + forwarder_installdir => $forwarder_homedir, forwarder_confdir => $forwarder_confdir, - server_installdir => $server_dir, - server_confdir => $server_confdir, + server_installdir => $enterprise_homedir, + server_confdir => $enterprise_confdir, } } diff --git a/manifests/password.pp b/manifests/password.pp deleted file mode 100644 index dee7beba..00000000 --- a/manifests/password.pp +++ /dev/null @@ -1,57 +0,0 @@ -# Class: splunk -# -# This class distributes a password for the admin user that would enable the splunk admins to -# manage several systems at once -# To find the right variables for splunkforwarder, manually create a splunkforwarder, change the password and -# distribute the contents of the splunk.secret and passwd files accross nodes. -# By default the parameters provided are for admin/changeme password. -# -# Parameters: -# -# [*server*] - -# [*password_config_file*] -# which file to put the password in i.e. in linux it would be /opt/splunkforwarder/etc/passwd -# -# [*secret_file*] -# which file we should put the secret in -# -# [*passord_content*] -# the hashed password username/details for the user -# -# [*service_password*] -# are we passwording splunkforwarder or splunk - currently tested with splunkforwarder only -# -# [*license*] -# which service we should expect the licesnse to be accepted for -# -# sponsored by balgroup -class splunk::password( - $password_config_file = $splunk::params::password_config_file, - $secret_file = $splunk::params::secret_file, - $secret = $splunk::params::secret, - $password_content = $splunk::params::password_content, - $service_password = 'splunk_forwarder', - $virtual_service = $splunk::params::forwarder_service, - $license = 'license_splunkforwarder', - $package_name = $splunk::params::forwarder_pkg_name, -) inherits splunk::params { - if ! defined(Class['splunk::forwarder']) and ! defined(Class['splunk']){ - fail('You must include the splunk forwarder or splunk class before changing the password defined resources') - } - - file { $password_config_file: - ensure => file, - content => $password_content, - require => Package[$package_name], - notify => Service[$virtual_service], - tag => 'splunk_password', - } - - file { $secret_file: - ensure => file, - content => $secret, - require => Package[$package_name], - notify => Service[$virtual_service], - } -} diff --git a/manifests/platform/posix.pp b/manifests/platform/posix.pp deleted file mode 100644 index 29de679a..00000000 --- a/manifests/platform/posix.pp +++ /dev/null @@ -1,88 +0,0 @@ -# Class: splunk::platform::posix -# -# This class declares virtual resources and collects existing virtual -# resources for adjustment appropriate to deployment on a Posix host. -# It extends functionality of either splunk, splunk::forwarder, or -# both. -# -# Parameters: none -# -# Actions: -# -# Declares, tags, and modifies virtual resources realized by other classes -# in the splunk module. -# -# Requires: nothing -# -class splunk::platform::posix ( - $splunkd_port = undef, - $splunk_user = $splunk::params::splunk_user, - $server_service = undef, -) inherits splunk::virtual { - - include ::splunk::params - # Many of the resources declared here are virtual. They will be realized by - # the appropriate including class if required. - - # Commands to run to enable the SplunkUniversalForwarder - @exec { 'license_splunkforwarder': - path => "${splunk::params::forwarder_dir}/bin", - command => 'splunk ftr --accept-license --answer-yes --no-prompt', - user => $splunk_user, - onlyif => "/usr/bin/test -f ${splunk::params::forwarder_dir}/ftr", - timeout => 0, - tag => 'splunk_forwarder', - notify => Service['splunk'], - } - @exec { 'enable_splunkforwarder': - - # The path parameter can't be set because the boot-start silently fails on systemd service providers - command => "${splunk::params::forwarder_dir}/bin/splunk enable boot-start -user ${splunk_user}", - creates => '/etc/init.d/splunk', - require => Exec['license_splunkforwarder'], - tag => 'splunk_forwarder', - notify => Service['splunk'], - } - - # Commands to run to enable full Splunk - @exec { 'license_splunk': - path => "${splunk::params::server_dir}/bin", - command => 'splunk start --accept-license --answer-yes --no-prompt', - user => $splunk_user, - creates => '/opt/splunk/etc/auth/splunk.secret', - timeout => 0, - tag => 'splunk_server', - } - @exec { 'enable_splunk': - # The path parameter can't be set because the boot-start silently fails on systemd service providers - command => "${splunk::params::server_dir}/bin/splunk enable boot-start -user ${splunk_user}", - creates => '/etc/init.d/splunk', - require => Exec['license_splunk'], - tag => 'splunk_server', - before => Service['splunk'], - } - - # Modify virtual service definitions specific to the Linux platform. These - # are virtual resources declared in the splunk::virtual class, which we - # inherit. - if 'splunkd' in $server_service { - Service['splunkd'] { - provider => 'base', - restart => '/opt/splunk/bin/splunk restart splunkd', - start => '/opt/splunk/bin/splunk start splunkd', - stop => '/opt/splunk/bin/splunk stop splunkd', - pattern => "splunkd -p ${splunkd_port} (restart|start)", - require => Service['splunk'], - } - } - if 'splunkweb' in $server_service { - Service['splunkweb'] { - provider => 'base', - restart => '/opt/splunk/bin/splunk restart splunkweb', - start => '/opt/splunk/bin/splunk start splunkweb', - stop => '/opt/splunk/bin/splunk stop splunkweb', - pattern => 'python -O /opt/splunk/lib/python.*/splunk/.*/root.py.*', - require => Service['splunk'], - } - } -} diff --git a/manifests/platform/solaris.pp b/manifests/platform/solaris.pp deleted file mode 100644 index cec56f42..00000000 --- a/manifests/platform/solaris.pp +++ /dev/null @@ -1,53 +0,0 @@ -# Class: splunk::platform::solaris -# -# This class extends splunk::platform::posix with Solaris-specific resources -# required for deploying Splunk to a solaris host. -# -# Parameters: none -# -# Actions: -# -# Declares, tags, and modifies virtual resources realized by other classes -# in the splunk module. -# -# Requires: nothing -# -class splunk::platform::solaris inherits splunk::virtual { - include ::archive - include ::splunk::params - include ::splunk::platform::posix - - $path = $archive::path - $subdir = $splunk::params::staging_subdir - $responsefile = "${path}/${subdir}/response.txt" - $adminfile = '/var/sadm/install/admin/splunk-noask' - - file { 'splunk_adminfile': - ensure => file, - path => $adminfile, - owner => 'root', - group => 'root', - source => 'puppet:///modules/splunk/splunk-noask', - } - - file { 'splunk_pkg_response_file': - ensure => file, - owner => 'root', - group => 'root', - path => $responsefile, - content => "BASEDIR=/opt\n", - } - - # Collect any Splunk packages and give them an admin and response file. - Package <| tag == 'splunk_forwarder' or tag == 'splunk_server' |> { - adminfile => $adminfile, - responsefile => $responsefile, - } - - # This is a virtual resource declared in the splunk::virtual class. We need - # to override it since the default service provider on Solaris is not init. - Service['splunk'] { - provider => 'init', - } - -} diff --git a/manifests/virtual.pp b/manifests/virtual.pp deleted file mode 100644 index d0c86766..00000000 --- a/manifests/virtual.pp +++ /dev/null @@ -1,31 +0,0 @@ -# Class: splunk::virtual -# -# This class serves to house virtual resources which could be realized in -# splunk, splunk::forwarder, or both. The resources are generated based on -# parameters set in splunk::params. -# -# Parameters: none -# -# Actions: -# -# Declares and tags virtual resources to be realized by other classes in the -# splunk module. -# -# Requires: nothing -# -class splunk::virtual { - include ::splunk::params - - $virtual_services = unique(flatten([ - $splunk::params::server_service, - $splunk::params::forwarder_service, - ])) - - @service { $virtual_services: - ensure => running, - enable => true, - hasstatus => true, - hasrestart => true, - } - -} diff --git a/metadata.json b/metadata.json index 1579ff34..97730c9f 100644 --- a/metadata.json +++ b/metadata.json @@ -66,7 +66,7 @@ "dependencies": [ { "name": "puppetlabs-stdlib", - "version_requirement": ">= 4.13.1 < 6.0.0" + "version_requirement": ">= 4.25.0 < 6.0.0" }, { "name": "puppetlabs-inifile", diff --git a/spec/acceptance/splunk_spec.rb b/spec/acceptance/splunk_enterprise_spec.rb similarity index 73% rename from spec/acceptance/splunk_spec.rb rename to spec/acceptance/splunk_enterprise_spec.rb index 2708eb75..db83ebb4 100644 --- a/spec/acceptance/splunk_spec.rb +++ b/spec/acceptance/splunk_enterprise_spec.rb @@ -1,11 +1,11 @@ require 'spec_helper_acceptance' -describe 'splunk class' do +describe 'splunk enterprise class' do context 'default parameters' do # Using puppet_apply as a helper it 'works idempotently with no errors' do pp = <<-EOS - class { '::splunk': } + class { '::splunk::enterprise': } EOS # Run it twice and test for idempotency @@ -17,7 +17,14 @@ class { '::splunk': } it { is_expected.to be_installed } end - describe service('splunk') do + init = shell('/bin/readlink /sbin/init', acceptable_exit_codes: [0, 1]).stdout + service_name = if init.include? 'systemd' + 'Splunkd' + else + 'splunk' + end + + describe service(service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end diff --git a/spec/acceptance/splunk_forwarder_spec.rb b/spec/acceptance/splunk_forwarder_spec.rb index bc366fb5..f7a55652 100644 --- a/spec/acceptance/splunk_forwarder_spec.rb +++ b/spec/acceptance/splunk_forwarder_spec.rb @@ -21,7 +21,14 @@ class { '::splunk::forwarder': it { is_expected.to be_installed } end - describe service('splunk') do + init = shell('/bin/readlink /sbin/init', acceptable_exit_codes: [0, 1]).stdout + service_name = if init.include? 'systemd' + 'SplunkForwarder' + else + 'splunk' + end + + describe service(service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end diff --git a/spec/classes/enterprise_spec.rb b/spec/classes/enterprise_spec.rb new file mode 100644 index 00000000..0f9bd94b --- /dev/null +++ b/spec/classes/enterprise_spec.rb @@ -0,0 +1,243 @@ +require 'spec_helper' + +shared_examples_for 'splunk enterprise nix defaults' do + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('splunk') } + it { is_expected.to contain_class('splunk::params') } + it { is_expected.to contain_class('splunk::enterprise') } + it { is_expected.to contain_class('splunk::enterprise::install') } + it { is_expected.to contain_class('splunk::enterprise::install::nix') } + it { is_expected.to contain_class('splunk::enterprise::config') } + it { is_expected.to contain_class('splunk::enterprise::service') } + it { is_expected.to contain_class('splunk::enterprise::service::nix') } + it { is_expected.to contain_splunk_config('splunk') } + it { is_expected.to contain_package('splunk').with(ensure: 'installed') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/alert_actions.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/authentication.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/authorize.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/deploymentclient.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/distsearch.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/indexes.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/inputs.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/limits.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/outputs.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/props.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/server.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/serverclass.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/transforms.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/ui-prefs.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/local/web.conf') } + it { is_expected.to contain_file('/opt/splunk/etc/system/metadata/local.meta') } + it { is_expected.to contain_splunk_input('default_host') } + it { is_expected.to contain_splunk_input('default_splunktcp').with(section: 'splunktcp://:9997', value: 'dns') } + it { is_expected.to contain_splunk_web('splunk_server_splunkd_port').with(value: '127.0.0.1:8089') } + it { is_expected.to contain_splunk_web('splunk_server_web_port').with(value: '8000') } + it { is_expected.not_to contain_file('/opt/splunk/etc/splunk.secret') } + it { is_expected.not_to contain_file('/opt/splunk/etc/passwd') } +end + +describe 'splunk::enterprise' do + context 'supported operating systems' do + on_supported_os.each do |os, facts| + if os.start_with?('windows') + # Splunk Server not used supported on windows + else + context "on #{os}" do + let(:facts) do + facts + end + + context 'splunk when including forwarder and enterprise' do + let(:pre_condition) do + 'include splunk::forwarder' + end + + it { expect { is_expected.to contain_class('splunk::enterprise') }.to raise_error(Puppet::Error, %r{Do not include splunk::forwarder on the same node as splunk::enterprise}) } + end + + context 'when manage_password = true' do + if facts[:kernel] == 'Linux' || facts[:kernel] == 'SunOS' + let(:params) { { 'manage_password' => true } } + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_file('/opt/splunk/etc/splunk.secret') } + it { is_expected.to contain_file('/opt/splunk/etc/passwd') } + end + end + + context 'when package_provider = yum' do + if facts[:kernel] == 'Linux' || facts[:kernel] == 'SunOS' + let(:params) { { 'package_provider' => 'yum' } } + + it { is_expected.to contain_package('splunk').with(provider: 'yum') } + end + end + + context 'with $boot_start = true (defaults)' do + if facts[:kernel] == 'Linux' || facts[:kernel] == 'SunOS' + + context 'with $facts[service_provider] == init and $splunk::params::version >= 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'init') + end + let(:pre_condition) do + "class { 'splunk::params': version => '7.2.4.2' }" + end + + it_behaves_like 'splunk enterprise nix defaults' + it { is_expected.to contain_package('net-tools').with(ensure: 'present') } + it { is_expected.to contain_class('splunk::enterprise').with(service_name: 'splunk') } + it { is_expected.not_to contain_file('/etc/init.d/splunk').with(ensure: 'absent') } + it { is_expected.to contain_exec('stop_splunk').with(command: '/opt/splunk/bin/splunk stop') } + it { is_expected.to contain_exec('enable_splunk').with(command: '/opt/splunk/bin/splunk enable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.not_to contain_exec('disable_splunk') } + it { is_expected.not_to contain_exec('license_splunk') } + it { is_expected.to contain_service('splunk').with(ensure: 'running', enable: true, status: nil, restart: nil, start: nil, stop: nil) } + end + + context 'with $facts[service_provider] == init and $splunk::params::version < 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'init') + end + let(:pre_condition) do + "class { 'splunk::params': version => '6.0.0' }" + end + + it_behaves_like 'splunk enterprise nix defaults' + it { is_expected.not_to contain_package('net-tools').with(ensure: 'present') } + it { is_expected.to contain_class('splunk::enterprise').with(service_name: 'splunk') } + it { is_expected.not_to contain_file('/etc/init.d/splunk').with(ensure: 'absent') } + it { is_expected.to contain_exec('stop_splunk').with(command: '/opt/splunk/bin/splunk stop') } + it { is_expected.to contain_exec('enable_splunk').with(command: '/opt/splunk/bin/splunk enable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.not_to contain_exec('disable_splunk') } + it { is_expected.not_to contain_exec('license_splunk') } + it { is_expected.to contain_service('splunk').with(ensure: 'running', enable: true, status: nil, restart: nil, start: nil, stop: nil) } + end + + context 'with $facts[service_provider] == systemd and $splunk::params::version >= 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'systemd') + end + let(:pre_condition) do + "class { 'splunk::params': version => '7.2.4.2' }" + end + + it_behaves_like 'splunk enterprise nix defaults' + it { is_expected.to contain_package('net-tools').with(ensure: 'present') } + it { is_expected.to contain_class('splunk::enterprise').with(service_name: 'Splunkd') } + it { is_expected.to contain_file('/etc/init.d/splunk').with(ensure: 'absent') } + it { is_expected.to contain_exec('stop_splunk').with(command: '/opt/splunk/bin/splunk stop') } + it { is_expected.to contain_exec('enable_splunk').with(command: '/opt/splunk/bin/splunk enable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.not_to contain_exec('disable_splunk') } + it { is_expected.not_to contain_exec('license_splunk') } + it { is_expected.to contain_service('Splunkd').with(ensure: 'running', enable: true, status: nil, restart: nil, start: nil, stop: nil) } + end + + context 'with $facts[service_provider] == systemd and $splunk::params::version < 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'systemd') + end + let(:pre_condition) do + "class { 'splunk::params': version => '6.0.0' }" + end + + it_behaves_like 'splunk enterprise nix defaults' + it { is_expected.not_to contain_package('net-tools').with(ensure: 'present') } + it { is_expected.to contain_class('splunk::enterprise').with(service_name: 'splunk') } + it { is_expected.not_to contain_file('/etc/init.d/splunk').with(ensure: 'absent') } + it { is_expected.to contain_exec('stop_splunk').with(command: '/opt/splunk/bin/splunk stop') } + it { is_expected.to contain_exec('enable_splunk').with(command: '/opt/splunk/bin/splunk enable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.not_to contain_exec('disable_splunk') } + it { is_expected.not_to contain_exec('license_splunk') } + it { is_expected.to contain_service('splunk').with(ensure: 'running', enable: true, status: nil, restart: nil, start: nil, stop: nil) } + end + + end + end + + context 'with $boot_start = false' do + if facts[:kernel] == 'Linux' || facts[:kernel] == 'SunOS' + + context 'with $facts[service_provider] == init and $splunk::params::version >= 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'init') + end + let(:pre_condition) do + "class { 'splunk::params': version => '7.2.4.2', boot_start => false }" + end + + it_behaves_like 'splunk enterprise nix defaults' + it { is_expected.to contain_package('net-tools').with(ensure: 'present') } + it { is_expected.to contain_class('splunk::enterprise').with(service_name: 'splunk') } + it { is_expected.not_to contain_file('/etc/init.d/splunk').with(ensure: 'absent') } + it { is_expected.not_to contain_exec('stop_splunk') } + it { is_expected.not_to contain_exec('enable_splunk') } + it { is_expected.to contain_exec('disable_splunk').with(command: '/opt/splunk/bin/splunk disable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_exec('license_splunk').with(command: '/opt/splunk/bin/splunk start --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_service('splunk').with(restart: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk restart'", start: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk start'", stop: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk stop'", status: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk status'") } + end + + context 'with $facts[service_provider] == init and $splunk::params::version < 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'init') + end + let(:pre_condition) do + "class { 'splunk::params': version => '6.0.0', boot_start => false }" + end + + it_behaves_like 'splunk enterprise nix defaults' + it { is_expected.not_to contain_package('net-tools').with(ensure: 'present') } + it { is_expected.to contain_class('splunk::enterprise').with(service_name: 'splunk') } + it { is_expected.not_to contain_file('/etc/init.d/splunk').with(ensure: 'absent') } + it { is_expected.not_to contain_exec('stop_splunk') } + it { is_expected.not_to contain_exec('enable_splunk') } + it { is_expected.to contain_exec('disable_splunk').with(command: '/opt/splunk/bin/splunk disable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_exec('license_splunk').with(command: '/opt/splunk/bin/splunk start --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_service('splunk').with(restart: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk restart'", start: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk start'", stop: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk stop'", status: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk status'") } + end + + context 'with $facts[service_provider] == systemd and $splunk::params::version >= 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'systemd') + end + let(:pre_condition) do + "class { 'splunk::params': version => '7.2.4.2', boot_start => false }" + end + + it_behaves_like 'splunk enterprise nix defaults' + it { is_expected.to contain_package('net-tools').with(ensure: 'present') } + it { is_expected.to contain_class('splunk::enterprise').with(service_name: 'Splunkd') } + it { is_expected.to contain_file('/etc/init.d/splunk').with(ensure: 'absent') } + it { is_expected.not_to contain_exec('stop_splunk') } + it { is_expected.not_to contain_exec('enable_splunk') } + it { is_expected.to contain_exec('disable_splunk').with(command: '/opt/splunk/bin/splunk disable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_exec('license_splunk').with(command: '/opt/splunk/bin/splunk start --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_service('Splunkd').with(restart: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk restart'", start: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk start'", stop: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk stop'", status: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk status'") } + end + + context 'with $facts[service_provider] == systemd and $splunk::params::version < 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'systemd') + end + let(:pre_condition) do + "class { 'splunk::params': version => '6.0.0', boot_start => false }" + end + + it_behaves_like 'splunk enterprise nix defaults' + it { is_expected.not_to contain_package('net-tools').with(ensure: 'present') } + it { is_expected.to contain_class('splunk::enterprise').with(service_name: 'splunk') } + it { is_expected.not_to contain_file('/etc/init.d/splunk').with(ensure: 'absent') } + it { is_expected.not_to contain_exec('stop_splunk') } + it { is_expected.not_to contain_exec('enable_splunk') } + it { is_expected.to contain_exec('disable_splunk').with(command: '/opt/splunk/bin/splunk disable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_exec('license_splunk').with(command: '/opt/splunk/bin/splunk start --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_service('splunk').with(restart: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk restart'", start: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk start'", stop: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk stop'", status: "/usr/sbin/runuser -l root -c '/opt/splunk/bin/splunk status'") } + end + + end + end + end + end + end + end +end diff --git a/spec/classes/forwarder_spec.rb b/spec/classes/forwarder_spec.rb index cd116172..0861e2c2 100644 --- a/spec/classes/forwarder_spec.rb +++ b/spec/classes/forwarder_spec.rb @@ -1,37 +1,222 @@ require 'spec_helper' +shared_examples_for 'splunk forwarder' do + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('splunk') } + it { is_expected.to contain_class('splunk::params') } + it { is_expected.to contain_class('splunk::forwarder') } + it { is_expected.to contain_class('splunk::forwarder::install') } + it { is_expected.to contain_class('splunk::forwarder::config') } + it { is_expected.to contain_class('splunk::forwarder::service') } + it { is_expected.to contain_splunk_config('splunk') } + it { is_expected.to contain_package('splunkforwarder').with(ensure: 'installed') } + it { is_expected.to contain_file('/opt/splunkforwarder/etc/system/local/deploymentclient.conf') } + it { is_expected.to contain_file('/opt/splunkforwarder/etc/system/local/outputs.conf') } + it { is_expected.to contain_file('/opt/splunkforwarder/etc/system/local/inputs.conf') } + it { is_expected.to contain_file('/opt/splunkforwarder/etc/system/local/limits.conf') } + it { is_expected.to contain_file('/opt/splunkforwarder/etc/system/local/props.conf') } + it { is_expected.to contain_file('/opt/splunkforwarder/etc/system/local/transforms.conf') } + it { is_expected.to contain_file('/opt/splunkforwarder/etc/system/local/web.conf') } + it { is_expected.to contain_file('/opt/splunkforwarder/etc/system/local/limits.conf') } + it { is_expected.to contain_file('/opt/splunkforwarder/etc/system/local/server.conf') } + it { is_expected.to contain_splunkforwarder_web('forwarder_splunkd_port').with(value: '127.0.0.1:8089') } + it { is_expected.not_to contain_file('/opt/splunkforwarder/etc/splunk.secret') } + it { is_expected.not_to contain_file('/opt/splunkforwarder/etc/passwd') } +end + describe 'splunk::forwarder' do - on_supported_os.each do |os, os_facts| - context "on #{os}" do - let(:facts) { os_facts } + context 'supported operating systems' do + on_supported_os.each do |os, facts| + if os.start_with?('windows') + # Splunk Server not used supported on windows + else + context "on #{os}" do + let(:facts) do + facts + end - context 'with defaults' do - it { is_expected.to compile.with_all_deps } - end + context 'splunk when including forwarder and enterprise' do + let(:pre_condition) do + 'include splunk::enterprise' + end - context 'with forwarder_output set to undef' do - let(:params) { { 'forwarder_output' => :undef } } + it { expect { is_expected.to contain_class('splunk::forwarder') }.to raise_error(Puppet::Error, %r{Do not include splunk::forwarder on the same node as splunk::enterprise}) } + end - it { is_expected.to compile.with_all_deps } - end + context 'when manage_password = true' do + if facts[:kernel] == 'Linux' || facts[:kernel] == 'SunOS' + let(:params) { { 'manage_password' => true } } - context 'with forwarder_input set to undef' do - let(:params) { { 'forwarder_input' => :undef } } + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_file('/opt/splunkforwarder/etc/splunk.secret') } + it { is_expected.to contain_file('/opt/splunkforwarder/etc/passwd') } + end + end - it { is_expected.to compile.with_all_deps } - end + context 'when package_provider = yum' do + if facts[:kernel] == 'Linux' || facts[:kernel] == 'SunOS' + let(:params) { { 'package_provider' => 'yum' } } - context 'with pkg_provider set to yum and manage_package_source set to false' do - let(:params) do - { - 'pkg_provider' => 'yum', - 'package_name' => 'splunk_forwarder_X', - 'manage_package_source' => false - } - end + it { is_expected.to contain_package('splunkforwarder').with(provider: 'yum') } + end + end + + context 'with $boot_start = true (defaults)' do + if facts[:kernel] == 'Linux' || facts[:kernel] == 'SunOS' + + context 'with $facts[service_provider] == init and $splunk::params::version >= 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'init') + end + let(:pre_condition) do + "class { 'splunk::params': version => '7.2.2' }" + end + + it_behaves_like 'splunk forwarder' + it { is_expected.to contain_class('splunk::forwarder::service::nix') } + it { is_expected.to contain_class('splunk::forwarder').with(service_name: 'splunk') } + it { is_expected.to contain_exec('stop_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk stop') } + it { is_expected.to contain_exec('enable_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk enable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.not_to contain_exec('disable_splunkforwarder') } + it { is_expected.not_to contain_exec('license_splunkforwarder') } + it { is_expected.to contain_service('splunk').with(ensure: 'running', enable: true, status: nil, restart: nil, start: nil, stop: nil) } + end + + context 'with $facts[service_provider] == init and $splunk::params::version < 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'init') + end + let(:pre_condition) do + "class { 'splunk::params': version => '6.0.0' }" + end + + it_behaves_like 'splunk forwarder' + it { is_expected.to contain_class('splunk::forwarder::service::nix') } + it { is_expected.to contain_class('splunk::forwarder').with(service_name: 'splunk') } + it { is_expected.to contain_exec('stop_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk stop') } + it { is_expected.to contain_exec('enable_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk enable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.not_to contain_exec('disable_splunkforwarder') } + it { is_expected.not_to contain_exec('license_splunkforwarder') } + it { is_expected.to contain_service('splunk').with(ensure: 'running', enable: true, status: nil, restart: nil, start: nil, stop: nil) } + end + + context 'with $facts[service_provider] == systemd and $splunk::params::version >= 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'systemd') + end + let(:pre_condition) do + "class { 'splunk::params': version => '7.2.2' }" + end + + it_behaves_like 'splunk forwarder' + it { is_expected.to contain_class('splunk::forwarder::service::nix') } + it { is_expected.to contain_class('splunk::forwarder').with(service_name: 'SplunkForwarder') } + it { is_expected.to contain_exec('stop_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk stop') } + it { is_expected.to contain_exec('enable_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk enable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.not_to contain_exec('disable_splunkforwarder') } + it { is_expected.not_to contain_exec('license_splunkforwarder') } + it { is_expected.to contain_service('SplunkForwarder').with(ensure: 'running', enable: true, status: nil, restart: nil, start: nil, stop: nil) } + end - it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_package('splunk_forwarder_X').with_provider('yum').without_source } + context 'with $facts[service_provider] == systemd and $splunk::params::version < 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'systemd') + end + let(:pre_condition) do + "class { 'splunk::params': version => '6.0.0' }" + end + + it_behaves_like 'splunk forwarder' + it { is_expected.to contain_class('splunk::forwarder::service::nix') } + it { is_expected.to contain_class('splunk::forwarder').with(service_name: 'splunk') } + it { is_expected.to contain_exec('stop_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk stop') } + it { is_expected.to contain_exec('enable_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk enable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.not_to contain_exec('disable_splunkforwarder') } + it { is_expected.not_to contain_exec('license_splunkforwarder') } + it { is_expected.to contain_service('splunk').with(ensure: 'running', enable: true, status: nil, restart: nil, start: nil, stop: nil) } + end + + end + end + + context 'with $boot_start = false' do + if facts[:kernel] == 'Linux' || facts[:kernel] == 'SunOS' + + context 'with $facts[service_provider] == init and $splunk::params::version >= 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'init') + end + let(:pre_condition) do + "class { 'splunk::params': version => '7.2.2', boot_start => false }" + end + + it_behaves_like 'splunk forwarder' + it { is_expected.to contain_class('splunk::forwarder::service::nix') } + it { is_expected.to contain_class('splunk::forwarder').with(service_name: 'splunk') } + it { is_expected.not_to contain_exec('stop_splunkforwarder') } + it { is_expected.not_to contain_exec('enable_splunkforwarder') } + it { is_expected.to contain_exec('disable_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk disable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_exec('license_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk ftr --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_service('splunk').with(restart: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk restart'", start: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk start'", stop: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk stop'", status: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk status'") } + end + + context 'with $facts[service_provider] == init and $splunk::params::version < 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'init') + end + let(:pre_condition) do + "class { 'splunk::params': version => '6.0.0', boot_start => false }" + end + + it_behaves_like 'splunk forwarder' + it { is_expected.to contain_class('splunk::forwarder::service::nix') } + it { is_expected.to contain_class('splunk::forwarder').with(service_name: 'splunk') } + it { is_expected.not_to contain_exec('stop_splunkforwarder') } + it { is_expected.not_to contain_exec('enable_splunkforwarder') } + it { is_expected.to contain_exec('disable_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk disable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_exec('license_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk ftr --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_service('splunk').with(restart: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk restart'", start: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk start'", stop: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk stop'", status: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk status'") } + end + + context 'with $facts[service_provider] == systemd and $splunk::params::version >= 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'systemd') + end + let(:pre_condition) do + "class { 'splunk::params': version => '7.2.2', boot_start => false }" + end + + it_behaves_like 'splunk forwarder' + it { is_expected.to contain_class('splunk::forwarder::service::nix') } + it { is_expected.to contain_class('splunk::forwarder').with(service_name: 'SplunkForwarder') } + it { is_expected.not_to contain_exec('stop_splunkforwarder') } + it { is_expected.not_to contain_exec('enable_splunkforwarder') } + it { is_expected.to contain_exec('disable_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk disable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_exec('license_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk ftr --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_service('SplunkForwarder').with(restart: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk restart'", start: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk start'", stop: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk stop'", status: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk status'") } + end + + context 'with $facts[service_provider] == systemd and $splunk::params::version < 7.2.2' do + let(:facts) do + facts.merge(service_provider: 'systemd') + end + let(:pre_condition) do + "class { 'splunk::params': version => '6.0.0', boot_start => false }" + end + + it_behaves_like 'splunk forwarder' + it { is_expected.to contain_class('splunk::forwarder::service::nix') } + it { is_expected.to contain_class('splunk::forwarder').with(service_name: 'splunk') } + it { is_expected.not_to contain_exec('stop_splunkforwarder') } + it { is_expected.not_to contain_exec('enable_splunkforwarder') } + it { is_expected.to contain_exec('disable_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk disable boot-start -user root --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_exec('license_splunkforwarder').with(command: '/opt/splunkforwarder/bin/splunk ftr --accept-license --answer-yes --no-prompt') } + it { is_expected.to contain_service('splunk').with(restart: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk restart'", start: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk start'", stop: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk stop'", status: "/usr/sbin/runuser -l root -c '/opt/splunkforwarder/bin/splunk status'") } + end + + end + end + end end end end diff --git a/spec/classes/splunk_spec.rb b/spec/classes/splunk_spec.rb index d656b0f2..c05c42c5 100644 --- a/spec/classes/splunk_spec.rb +++ b/spec/classes/splunk_spec.rb @@ -13,47 +13,10 @@ context 'splunk class without any parameters' do it { is_expected.to compile.with_all_deps } - - it { is_expected.to contain_class('splunk::params') } - - it { is_expected.to contain_service('splunk') } - it { is_expected.to contain_package('splunk').with_ensure('installed') } - end - - context 'with pkg_provider set to yum and manage_package_source set to false' do - let(:params) do - { - 'pkg_provider' => 'yum', - 'package_name' => 'splunk_server_X', - 'manage_package_source' => false - } - end - - it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_package('splunk_server_X').with_provider('yum').without_source } + it { is_expected.to contain_class('splunk') } end end end end end - - context 'unsupported operating system' do - describe 'splunk class without any parameters on Solaris/Nexenta' do - let(:facts) do - { - os: { - family: 'Solaris', - name: 'Nexenta', - architecture: 'sparc' - }, - osfamily: 'Solaris', - operatingsystem: 'Nexenta', - kernel: 'SunOS', - architecture: 'sparc' - } - end - - it { expect { is_expected.to contain_package('splunk') }.to raise_error(Puppet::Error, %r{unsupported osfamily/arch Solaris/sparc}) } - end - end end diff --git a/spec/defines/addon_spec.rb b/spec/defines/addon_spec.rb new file mode 100644 index 00000000..80174765 --- /dev/null +++ b/spec/defines/addon_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper' + +describe 'splunk::addon' do + context 'supported operating systems' do + on_supported_os.each do |os, facts| + if os.start_with?('windows') + # Splunk Server not used supported on windows + else + context "on #{os}" do + let(:facts) do + facts + end + let(:title) { 'someaddon' } + let(:params) { { 'package_name' => 'foo' } } + + it { is_expected.to compile.with_all_deps } + end + end + end + end +end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 4572c8bd..5881cc3c 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -15,5 +15,14 @@ # Configure all nodes in nodeset c.before :suite do # Need to stage the Splunk/Splunkforwarder packages here. + + # The splunk unit file assumes certain cgroups are present, which is not + # the case in the testing container(s). Create cgroups resources here. + hosts.each do |host| + on(host, '/bin/mkdir -p /sys/fs/cgroup/cpu/system.slice/Splunkd.service') + on(host, '/bin/mkdir -p /sys/fs/cgroup/memory/system.slice/Splunkd.service') + on(host, '/bin/mkdir -p /sys/fs/cgroup/cpu/system.slice/SplunkForwarder.service') + on(host, '/bin/mkdir -p /sys/fs/cgroup/memory/system.slice/SplunkForwarder.service') + end end end