feat(app_install): add option to allow downloading of apps local vs r…

…emote

splunk#48

README.md

@@ -132,7 +132,11 @@ Note: Any task with an **adhoc** prefix means that it can be used independently
 - **adhoc_fix_server_certificate.yml** - Use to delete an expired server.pem and generate a new one (default certs). Useful if your server.pem certificate has expired and you are using Splunk's default certificate for splunkd. Note that default certificates present a security risk and that their use should be avoided, if possible.
 - **adhoc_kill_splunkd.yml** - Some releases of Splunk have a "feature" that leaves zombie splunkd processes after a 'splunk stop'. Use this task after a 'splunk stop' to make sure that it's really stopped. Useful for upgrades on some of the 7.x releases, and automatically called by the upgrade_splunk.yml task.
 - **check_splunk.yml** - Check if Splunk is installed. If Splunk is not installed, it will be installed on the host. If Splunk is already installed, the task will execute a "splunk version" command on the host, and then compare the version and build number of Splunk to the version and build number of the expected version of Splunk. Note that the expected version of Splunk does not need to be statically defined; The expected Splunk version and build are automatically extracted from the value of splunk_package_url_full or splunk_package_url_uf using Jinja regex filters. This task will work for both the Universal Forwarder and full Splunk Enterprise packages. You define which host uses what package by organizing it under the appropriate group ('full' or 'uf') in your Ansible inventory.
-- **configure_apps.yml** - This task should be called directly from a playbook in order to deploy apps or configurations (from git repositories) to Splunk hosts. Tip: Add a this task to a playbook after the check_splunk.yml play. Doing so will perform a "install (or upgrade) and deploy apps" run, all in one playbook.
+- **configure_apps.yml** - This task should be called directly from a playbook in order to deploy apps or configurations (from git repositories) to Splunk hosts. Tip: Add a this task to a playbook after the check_splunk.yml play. Doing so will perform a "install (or upgrade) and deploy apps" run, all in one playbook.  
+  git_download_local: true  # This defines how the git app install download process works. If `true` it will download to localhost and sync to hosts from there. If `false` each host will download the package individually.
+  You can set if the download/unarchive process uses the Ansible host or if each host downloads and unarchives the package individually by setting `git_download_local`.  
+  Default is `true` which will download the package to the Ansible host and rsync to host from there.  
+  If set to `false` the app will be downloaded to each host individually.  
 - **configure_authentication.yml** - Uses the template identified by the `splunk_authenticationconf` variable to install an authentication.conf file to $SPLUNK_HOME/etc/system/local/authentication.conf. We are including this task here since Ansible is able to securely deploy an authentication.conf configuration by using ansible-vault to encrypt sensitive values such as the value of the `ad_bind_password` variable. Note: If you are using a common splunk.secret file, you can omit this task and instead use configure_apps.yml to deploy an authentication.conf file from a Git repository containing an authentication.conf app with pre-hashed credentials.
 - **configure_bash.yml** - Configures bashrc and bash_profile files for the splunk user. Please note that the templates included with this role will overwrite any existing files for the splunk user (if they exist). The templates will define a custom PS1 at the bash prompt, configure the $SPLUNK_HOME environment variable so that you can issue "splunk <command>" without specifying the full path to the Splunk binary, and will enable auto-completion of Splunk CLI commands in bash.
 - **configure_deploymentclient.yml** - Generates a new deploymentclient.conf file from the deploymentclient.conf.j2 template and installs it to $SPLUNK_HOME/etc/system/local/deploymentclient.conf. This task is included automatically during new installations when values have been configured for the `clientName` and `splunk_uri_ds` variables.

roles/splunk/defaults/main.yml

@@ -42,6 +42,8 @@ systemd_unit_full: Splunkd # You can change this in `host_vars` or `group_vars`
 systemd_unit_uf: SplunkForwarder # You can change this in `host_vars` or `group_vars` to customize the service name.
 splunk_disable_mgmt_port: false # If set to true, will disable splunkd management port during installation
 splunkd_port: 8089 # If changed, will overwrite the default port number used by splunkd
+git_download_local: true  # This defines how the git app install download process works. If `true` it will download to localhost and sync to hosts from there. If `false` each host will download the package individually.
+git_separate_git_dir: "{{ splunk_install_path }}/git"
 git_local_clone_path: ~/ # Base directory under which repositories for app deplyoment should be cloned to
 git_server: undefined # e.g. ssh://git@mygithost:1234 - Note that this may be set in an all.yml group_var or inside the git_apps dictionary within host_vars
 git_key: undefined # Path to SSH key for cloning repositories - Note that this may be set in an all.yml group_var or inside the git_apps dictionary within host_vars

roles/splunk/tasks/configure_apps.yml

@@ -94,3 +94,18 @@
     - git_key != 'undefined'
     - git_server != 'undefined'
     - git_project != 'undefined'
+    - git_download_local
+
+- block:
+    - name: Install apps
+      include_tasks: install_apps.yml
+      loop: "{{ git_apps }}"
+      vars:
+        app_dest: "{{ item.splunk_app_deploy_path | default(splunk_app_deploy_path) }}"
+  when:
+    - git_apps is defined
+    - git_version is defined
+    - git_key != 'undefined'
+    - git_server != 'undefined'
+    - git_project != 'undefined'
+    - not git_download_local

roles/splunk/tasks/install_apps.yml

@@ -87,8 +87,57 @@
   become: true
   become_user: "{{ splunk_nix_user }}"
   notify: "{{ handler }}"
+  when: git_download_local
 
-- name: Ensure correct permissions are set
+- block:
+    - name: "Ensure {{ git_separate_git_dir }}/{{ app_dest }} exists"  # noqa 208
+      become: true
+      file:
+        path: "{{ git_separate_git_dir }}/{{ app_dest }}"
+        state: directory
+        owner: "{{ splunk_nix_user }}"
+        group: "{{ splunk_nix_group }}"
+
+    - name: "Clone repo {{ item.name }} to {{ splunk_home }}/{{ app_dest }}/{{ item.name }}"
+      become: true
+      become_user: "{{ splunk_nix_user }}"
+      git:
+        accept_hostkey: true
+        repo: "{{ item.git_server | default(git_server) }}/{{ item.git_project | default(git_project) }}/{{ item.name }}"
+        version: "{{ item.git_version | default(git_version) }}"
+        dest: "{{ splunk_home }}/{{ app_dest }}/{{ item.name }}"
+        separate_git_dir: "{{ git_separate_git_dir }}/{{ app_dest }}/{{ item.name }}.git"
+        key_file: "{{ git_key }}"
+        # force: true
+      notify: "{{ handler }}"
+
+  rescue:
+    - name: Clean up repo dirs on error
+      become: true
+      file:
+        path: "{{ git_cleanup_dirs }}"
+        state: absent
+      with_items:
+        - "{{ splunk_home }}/{{ app_dest }}/{{ item.name }}"
+        - "{{ git_separate_git_dir }}/{{ app_dest }}/{{ item.name }}.git"
+      loop_control:
+        loop_var: git_cleanup_dirs
+
+    - name: "Clone repo {{ item.name }} to {{ splunk_home }}/{{ app_dest }}/{{ item.name }}"
+      become: true
+      become_user: "{{ splunk_nix_user }}"
+      git:
+        accept_hostkey: true
+        repo: "{{ item.git_server | default(git_server) }}/{{ item.git_project | default(git_project) }}/{{ item.name }}"
+        version: "{{ item.git_version | default(git_version) }}"
+        dest: "{{ splunk_home }}/{{ app_dest }}/{{ item.name }}"
+        separate_git_dir: "{{ git_separate_git_dir }}/{{ app_dest }}/{{ item.name }}.git"
+        key_file: "{{ git_key }}"
+      notify: "{{ handler }}"
+
+  when: not git_download_local
+
+- name: "Ensure correct permissions are set {{ splunk_home }}/{{ app_dest }}"
   file:
     path: "{{ splunk_home }}/{{ app_dest }}"
     owner: "{{ splunk_nix_user }}"