07 August, 2016

installing splunkforwarder using ansible

The vars
---
  splunk_home: /opt/splunkforwarder
  splunk_exec: "{{ splunk_home }}/bin/splunk"


The playbook
---

- name: install splunk forwarder
  yum: name=splunkforwarder
       state=latest
  become: yes

# check for first time run
- stat:
    path: "{{ splunk_home }}/ftr"
  register: result_splunk_ftr_stat

- block:
    - name: setup splunk for first time run
      shell: |
        ps aux|grep splunkd && pkill -9 splunkd || true
        {{ splunk_exec }} start --accept-license --answer-yes --no-prompt
        {{ splunk_exec }} enable boot-start
  when: result_splunk_ftr_stat.stat.exists
  become: yes


# Only add servers which are not in list
# shell: /opt/splunkforwarder/bin/splunk list forward-server -auth user:pass
# register: current_fwd_list
#- block:
#    shell: "{{ splunk_exec }} add forward-server {{ splunk_server }}:{{ splunk_server_port }} -auth user:pass"
# when: item not in current_fwd_list
#  become: yes
# with_items: splunk_fwd_server

# same logic for adding logs
#    - shell: "{{ splunk_exec }} add monitor {{ item.path }} -index {{ item.idx }} -sourcetype {{ item.path }} || true"
#  with_items:  "{{ splunk_log_files }}"

and profit !