Added support for installing on Windows the Splunk UF only

roles/splunk/defaults/main.yml

@@ -9,8 +9,10 @@ splunk_package_url: auto_determined # This gets set by main.yml but we have to d
 splunk_package_path: ~/
 splunk_package_url_full: https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.1.2&product=splunk&filename=splunk-8.1.2-545206cc9f70-Linux-x86_64.tgz&wget=true
 splunk_package_url_uf: https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.1.2&product=universalforwarder&filename=splunkforwarder-8.1.2-545206cc9f70-Linux-x86_64.tgz&wget=true
+splunk_package_winurl_uf: https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=windows&version=8.1.2&product=universalforwarder&filename=splunkforwarder-8.1.2-545206cc9f70-x64-release.msi&wget=true
 splunk_install_type: undefined # There are two ways to configure this. The easiest way is to nest hosts under either a "full" group or a "uf" group in your inventory and main.yml will handle it for you. Or, you can also set the value via a group_vars or host_vars file.
 splunk_install_path: /opt # Base directory on the operating system to which splunk should be installed
+splunk_install_winpath: C:\Program Files # Base directory on the operating system to which splunk should be installed
 splunk_nix_user: splunk
 splunk_nix_group: splunk
 splunk_uri_lm: undefined

roles/splunk/handlers/main.yml

@@ -77,6 +77,12 @@
     state: restarted
   become: true
 
+- name: restart windows splunk
+  win_service:
+    name: "{{ splunk_service }}"
+    state: restarted
+  ignore_errors: True
+
 - name: restart redhat auditd service
   command: service auditd condrestart
   become: true

roles/splunk/tasks/check_splunk.yml

@@ -1,15 +1,23 @@
 ---
-- name: Check if Splunk is installed
+- name: Linux - Check if Splunk is installed
   stat:
     path: "{{ splunk_home }}/bin/splunk"
     follow: true
   register: splunkd_path
   become: true
+  when: ansible_system == "Linux"
+
+- name: Windows - Check if Splunk is installed
+  win_stat:
+    path: "{{ splunk_home }}\\bin\\splunk.exe"
+    follow: true
+  register: splunkd_path
+  when: ansible_system == "Win32NT"
 
   # If installed, check version, if version is good, don't install but continue
 - name: Install Splunk if not installed
   include_tasks: install_splunk.yml
-  when: splunkd_path.stat.exists == false
+  when: not splunkd_path.stat.exists
 
   # Configure the license for both fresh and old installs
 - name: Configure license
@@ -18,16 +26,28 @@
 - name: Execute this block only if splunk is already installed
   block:
 
-    - name: Run splunk version command to check currently installed version
+    - name: Linux - Run splunk version command to check currently installed version
       command: "{{ splunk_home }}/bin/splunk version --answer-yes --auto-ports --no-prompt --accept-license"
       register: current_version
       become: true
       become_user: "{{ splunk_nix_user }}"
       changed_when: false
+      when: ansible_system == "Linux"
+
+    - name: Windows - Run splunk version command to check currently installed version
+      win_command: |
+        "{{ splunk_home }}\\bin\\splunk.exe" version --answer-yes --auto-ports --no-prompt --accept-license
+      register: current_version
+      changed_when: false
+      when: ansible_system == "Win32NT"
+
+    - name: Save current version in variable
+      set_fact:
+        splunk_current_version: "{{ current_version.stdout | regex_search('(\\d+\\.\\d+\\.\\d+(?:\\.\\d+)?)') }}"
 
     - name: "Checkpoint: Version" ##########################
       debug:
-        msg: "The value of splunk_version is: {{ splunk_version }} and the current_version is: {{ current_version.stdout }}"
+        msg: "The value of splunk_version is: {{ splunk_v }} and the current_version is: {{ splunk_current_version }}"
 
     - name: Execute this block only if the current version does not match the expected version
       block:
@@ -40,11 +60,19 @@
 
         - name: Stop Splunk if not at expected version and splunk is currently running
           include_tasks: splunk_stop.yml
-          when: splunk_status.rc == 0
+          when:
+            (
+              splunk_status.rc is defined and
+              splunk_status.rc == 0
+            ) or
+            (
+              win_splunk_status.stderr_lines is defined and
+              win_splunk_status.stderr_lines | length == 0
+            )
 
         - name: Upgrade Splunk if not at expected version
           include_tasks: upgrade_splunk.yml
       # Conditional for version mismatch block
-      when: current_version.stdout != splunk_version
+      when: current_version.stdout != splunk_v
   # Conditional for this block
-  when: splunkd_path.stat.exists == true
+  when: splunkd_path.stat.exists

roles/splunk/tasks/check_splunk_status.yml

@@ -1,8 +1,14 @@
 ---
-- name: Check if Splunk is currently running or stopped
+- name: Linux - Check if Splunk is currently running or stopped
   command: "{{ splunk_home }}/bin/splunk status"
   register: splunk_status
   become: true
   become_user: "{{ splunk_nix_user }}"
   failed_when: false
   changed_when: false
+  when: ansible_system == "Linux"
+
+- name: Windows - Get information about Splunk service
+  win_shell: (Get-Process -Name splunkd).Name
+  register: win_splunk_status
+  when: ansible_system == "Win32NT"

roles/splunk/tasks/configure_authentication.yml

@@ -1,5 +1,5 @@
 ---
-- name: Install authentication.conf for admins
+- name: Linux - Install authentication.conf for admins
   template:
     src: "{{ splunk_authenticationconf }}"
     dest: "{{ splunk_home }}/etc/system/local/authentication.conf"
@@ -9,4 +9,16 @@
   when:
     - splunk_authenticationconf is defined
     - ad_bind_password != 'undefined'
+    - ansible_system == "Linux"
   notify: restart splunk
+
+- name: Windows - Install authentication.conf for admins
+  win_template:
+    src: "{{ splunk_authenticationconf }}"
+    dest: "{{ splunk_home }}\\etc\\system\\local\\authentication.conf"
+    owner: "{{ splunk_nix_user }}"
+  when:
+    - splunk_authenticationconf is defined
+    - ad_bind_password != 'undefined'
+    - ansible_system == "Win32NT"
+  notify: restart windows splunk

roles/splunk/tasks/configure_deploymentclient.yml

@@ -1,5 +1,5 @@
 ---
-- name: Create deploymentclient.conf config
+- name: Linux - Create deploymentclient.conf config
   template:
     src: deploymentclient.conf.j2
     dest: "{{ splunk_home }}/etc/system/local/deploymentclient.conf"
@@ -10,3 +10,15 @@
   when:
     - clientName != 'undefined'
     - splunk_uri_ds != 'undefined'
+    - ansible_system == "Linux"
+
+- name: Windows - Create deploymentclient.conf config
+  win_template:
+    src: deploymentclient.conf.j2
+    dest: "{{ splunk_home }}\\etc\\system\\local\\deploymentclient.conf"
+    owner: "{{ splunk_nix_user }}"
+  notify: restart windows splunk
+  when:
+    - clientName != 'undefined'
+    - splunk_uri_ds != 'undefined'
+    - ansible_system == "Win32NT"

roles/splunk/tasks/configure_splunk_secret.yml

@@ -1,4 +1,5 @@
-- name: Install splunk.secret
+---
+- name: Linux - Install splunk.secret
   copy:
     src: "{{ splunk_secret_file }}"
     dest: "{{ splunk_home }}/etc/auth/splunk.secret"
@@ -7,4 +8,16 @@
     mode: 0644
   become: true
   notify: restart splunk
-  when: splunk_configure_secret
+  when:
+    - splunk_configure_secret
+    - ansible_system == "Linux"
+
+- name: Windows - Install splunk.secret
+  win_copy:
+    src: "{{ splunk_secret_file }}"
+    dest: "{{ splunk_home }}\\etc\\auth\\splunk.secret"
+    owner: "{{ splunk_nix_user }}"
+  notify: restart windows splunk
+  when:
+    - splunk_configure_secret
+    - ansible_system == "Win32NT"

roles/splunk/tasks/configure_user-seed.yml

@@ -1,21 +1,39 @@
 ---
 - name: Execute this block only when splunk_admin_password has been configured
   block:
-    - name: "Check for existing {{ splunk_home }}/etc/passwd"
+    - name: "Linux - Check for existing {{ splunk_home }}/etc/passwd"
       stat:
         path: "{{ splunk_home }}/etc/passwd"
       register: splunk_etc_passwd
       become: true
       become_user: "{{ splunk_nix_user }}"
+      when: ansible_system == "Linux"
 
-    - name: Create user-seed.conf file with splunk_admin_username and splunk_admin_password
+    - name: "Windows - Check for existing {{ splunk_home }}/etc/passwd"
+      win_stat:
+        path: "{{ splunk_home }}\\etc\\passwd"
+      register: splunk_etc_passwd
+      when: ansible_system == "Win32NT"
+
+    - name: Linux - Create user-seed.conf file with splunk_admin_username and splunk_admin_password
       template:
         src: user-seed.conf.j2
         dest: "{{ splunk_home }}/etc/system/local/user-seed.conf"
         owner: "{{ splunk_nix_user }}"
         group: "{{ splunk_nix_group }}"
         mode: 0644
       become: true
-      when: not splunk_etc_passwd.stat.exists
+      when:
+        - not splunk_etc_passwd.stat.exists
+        - ansible_system == "Linux"
+
+    - name: Windows - Create user-seed.conf file with splunk_admin_username and splunk_admin_password
+      win_template:
+        src: user-seed.conf.j2
+        dest: "{{ splunk_home }}\\etc\\system\\local\\user-seed.conf"
+        owner: "{{ splunk_nix_user }}"
+      when:
+        - not splunk_etc_passwd.stat.exists
+        - ansible_system == "Win32NT"
   when:
     - splunk_admin_password != 'undefined'

roles/splunk/tasks/install_splunk.yml

@@ -1,4 +1,27 @@
 ---
+- name: Windows - Save Splunk UF package name in variable
+  set_fact:
+    splunk_file: splunkforwarder-{{ splunk_package_winurl_uf | regex_search('(\\d+\\.\\d+\\.\\d+(?:\\.\\d+)?)') }}.msi
+  when: ansible_system == "Win32NT"
+
+- name: Windows - Download Splunk UF package
+  get_url:
+    url: "{{ splunk_package_url }}"
+    dest: /tmp/{{ splunk_file }}
+  delegate_to: localhost
+  register: download_result
+  retries: 3
+  delay: 10
+  until: download_result is success
+  run_once: true
+  when: ansible_system == "Win32NT"
+
+- name: Windows - Copy Splunk UF package to managed nodes
+  win_copy:
+    src: /tmp/{{ splunk_file }}
+    dest: C:\\Windows\\Temp
+  when: ansible_system == "Win32NT"
+
 #  This task should be used for fresh installations of Splunk, refer to upgrade_splunk.yml for upgrades
 - name: Block for non-root splunk user setup
   block:
@@ -7,8 +30,9 @@
         name: "{{ splunk_nix_group }}"
         state: present
       become: true
+      when: ansible_system == "Linux"
 
-    - name: Add nix splunk user
+    - name: Linux - Add nix splunk user
       user:
         name: "{{ splunk_nix_user }}"
         groups: "{{ splunk_nix_group }}"
@@ -17,20 +41,39 @@
         state: present
         shell: /bin/bash
       become: true
+      when: ansible_system == "Linux"
+
+    - name: Windows - Add nix splunk user
+      win_user:
+        name: "{{ splunk_nix_user }}"
+        password: "{{ splunk_admin_password }}"
+        state: present
+      when: ansible_system == "Win32NT"
 
     - name: Allow splunk user to read /var/log
       include_tasks: configure_facl.yml
+      when: ansible_system == "Linux"
 
     - name: Configure .bash_profile and .bashrc for splunk user
       include_tasks: configure_bash.yml
+      when: ansible_system == "Linux"
+
+  when: splunk_nix_user not in ["root","administrator"]
 
-  when: splunk_nix_user != 'root'
+- name: Windows - Install Latest Splunk Forwarder
+  win_package:
+    path: C:\\Windows\\Temp\\{{ splunk_file }}
+    arguments: AGREETOLICENSE=Yes SET_ADMIN_USER=0 LOGON_USERNAME="{{ ansible_hostname }}\{{ splunk_nix_user }}" LOGON_PASSWORD="{{ splunk_admin_password }}" SPLUNKUSERNAME="{{ splunk_admin_username }}" SPLUNKPASSWORD="{{ splunk_admin_password }}" /quiet
+    state: present
+  when: ansible_system == "Win32NT"
 
 - name: Configure OS to disable THP and increase ulimits for splunk process
   include_tasks: configure_os.yml
+  when: ansible_system == "Linux"
 
 - name: Include download and unarchive task
   include_tasks: download_and_unarchive.yml
+  when: ansible_system == "Linux"
 
 - name: Include configure splunk.secret task to standardize splunk.secret
   include_tasks: configure_splunk_secret.yml
@@ -58,3 +101,4 @@
 
 - name: Enable boot start
   include_tasks: configure_splunk_boot.yml
+  when: ansible_system == "Linux"