diff --git a/roles/splunk/defaults/main.yml b/roles/splunk/defaults/main.yml index e3dfb3e9..d508d2ab 100644 --- a/roles/splunk/defaults/main.yml +++ b/roles/splunk/defaults/main.yml @@ -20,7 +20,8 @@ clientName: undefined splunk_admin_username: admin splunk_admin_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name' splunk_configure_secret: false # If set to true, you need to update files/splunk.secret -splunk_secret_file: splunk.secret # Used to specify your splunk.secret filename(s), files should be placed in the "files" folder of the role +splunk_secret_file: undefined # Used to specify your splunk.secret filename(s), files should be placed in the "files" folder of the role +splunk_secret_text: undefined # Used to specify your splunk.secret via a text value # Although there are tasks for the following Splunk configurations in this role, they are not included in any tasks by default. You can add them to your install_splunk.yml if you would like to have Ansible manage any of these files splunk_configure_authentication: false ad_bind_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name' diff --git a/roles/splunk/tasks/configure_splunk_secret.yml b/roles/splunk/tasks/configure_splunk_secret.yml index 4c8d0f67..8b23bf4d 100644 --- a/roles/splunk/tasks/configure_splunk_secret.yml +++ b/roles/splunk/tasks/configure_splunk_secret.yml @@ -1,4 +1,4 @@ -- name: Install splunk.secret +- name: Install splunk.secret from file copy: src: "{{ splunk_secret_file }}" dest: "{{ splunk_home }}/etc/auth/splunk.secret" @@ -7,4 +7,19 @@ mode: 0644 become: true notify: restart splunk - when: splunk_configure_secret + when: + - splunk_configure_secret + - splunk_secret_file != 'undefined' + +- name: Install splunk.secret from text + template: + src: splunk.secret.j2 + dest: "{{ splunk_home }}/etc/auth/splunk.secret" + owner: "{{ splunk_nix_user }}" + group: "{{ splunk_nix_group }}" + mode: 0644 + become: true + notify: restart splunk + when: + - splunk_configure_secret + - splunk_secret_text != 'undefined' diff --git a/roles/splunk/templates/splunk.secret.j2 b/roles/splunk/templates/splunk.secret.j2 new file mode 100644 index 00000000..dfdee4f9 --- /dev/null +++ b/roles/splunk/templates/splunk.secret.j2 @@ -0,0 +1 @@ +{{ splunk_secret_text }} \ No newline at end of file