Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added support for splunk.secret to be passed as a variable #51

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Added support for splunk.secret to be passed as a variable #51

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a8520c6
First run at adding splunk.secret text option
chrisbalmer Mar 12, 2021
05401ee
Making changes to align with role standards
chrisbalmer Mar 17, 2021
b04cfe0
Updating conditionals for splunk_secret tasks
chrisbalmer Mar 30, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion roles/splunk/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ clientName: undefined
splunk_admin_username: admin
splunk_admin_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name'
splunk_configure_secret: false # If set to true, you need to update files/splunk.secret
splunk_secret_file: splunk.secret # Used to specify your splunk.secret filename(s), files should be placed in the "files" folder of the role
#splunk_secret_file: splunk.secret # Used to specify your splunk.secret filename(s), files should be placed in the "files" folder of the role
chrisbalmer marked this conversation as resolved.
Show resolved Hide resolved
#splunk_secret_text:
# Although there are tasks for the following Splunk configurations in this role, they are not included in any tasks by default. You can add them to your install_splunk.yml if you would like to have Ansible manage any of these files
splunk_configure_authentication: false
ad_bind_password: undefined # Use ansible-vault encrypt_string, e.g. ansible-vault encrypt_string --ask-vault-pass 'var_value_to_encrypt' --name 'var_name'
Expand Down
14 changes: 13 additions & 1 deletion roles/splunk/tasks/configure_splunk_secret.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,16 @@
mode: 0644
become: true
notify: restart splunk
when: splunk_configure_secret
when: splunk_configure_secret and splunk_secret_file is defined
chrisbalmer marked this conversation as resolved.
Show resolved Hide resolved

- name: Install splunk.secret
chrisbalmer marked this conversation as resolved.
Show resolved Hide resolved
template:
src: splunk.secret.j2
dest: "{{ splunk_home }}/etc/auth/splunk.secret"
owner: "{{ splunk_nix_user }}"
group: "{{ splunk_nix_group }}"
mode: 0644
become: true
notify: restart splunk
when: splunk_configure_secret and splunk_secret_text is defined
chrisbalmer marked this conversation as resolved.
Show resolved Hide resolved

1 change: 1 addition & 0 deletions roles/splunk/templates/splunk.secret.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{{ splunk_secret_text }}
12 changes: 12 additions & 0 deletions scripts/generate-secrets.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/bash
chrisbalmer marked this conversation as resolved.
Show resolved Hide resolved


docker_id=$(docker run --rm -d -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=doesntmatter" splunk/universalforwarder)

while [ ! $(docker inspect --format '{{json .State.Health.Status}}' $docker_id) = "\"healthy\"" ]
do
sleep 2
done

docker exec $docker_id sudo cat /opt/splunkforwarder/etc/auth/splunk.secret
docker container stop $docker_id