Puppet Class: splunk::enterprise::password::manage

Inherits:
splunk::params
Defined in:
manifests/enterprise/password/manage.pp

Summary

Implements the direct management of the Splunk Enterprise admin password so it can be used outside of regular management of the whole stack to facilitate admin password resets through Bolt Plans. Note: Entirely done to make this implementation consistent with the method used to manage admin password seeding.

Overview

Parameters:

  • manage_password (Boolean) (defaults to: $splunk::params::manage_password)

    If set to true, Manage the contents of splunk.secret and passwd.

  • password_config_file (Stdlib::Absolutepath) (defaults to: $splunk::params::forwarder_password_config_file)

    Which file to put the password in i.e. in linux it would be ‘/opt/splunk/etc/passwd`.

  • password_content (String[1]) (defaults to: $splunk::params::password_content)

    The hashed password username/details for the user.

  • secret_file (Stdlib::Absolutepath) (defaults to: $splunk::params::forwarder_secret_file)

    Which file we should put the secret in.

  • secret (String[1]) (defaults to: $splunk::params::secret)

    The secret used to salt the splunk password.

  • splunk_user (String[1]) (defaults to: $splunk::params::splunk_user)
  • service (String[1]) (defaults to: $splunk::params::enterprise_service)
  • mode (Enum['agent', 'bolt']) (defaults to: 'bolt') 


35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
# File 'manifests/enterprise/password/manage.pp', line 35

class splunk::enterprise::password::manage(
  Boolean $manage_password                   = $splunk::params::manage_password,
  Stdlib::Absolutepath $password_config_file = $splunk::params::forwarder_password_config_file,
  String[1] $password_content                = $splunk::params::password_content,
  Stdlib::Absolutepath $secret_file          = $splunk::params::forwarder_secret_file,
  String[1] $secret                          = $splunk::params::secret,
  String[1] $splunk_user                     = $splunk::params::splunk_user,
  String[1] $service                         = $splunk::params::enterprise_service,
  Enum['agent', 'bolt'] $mode                = 'bolt',
) inherits splunk::params {

  file { $secret_file:
    ensure  => file,
    owner   => $splunk_user,
    group   => $splunk_user,
    content => $secret,
  }

  file { $password_config_file:
    ensure  => file,
    owner   => $splunk_user,
    group   => $splunk_user,
    content => $password_content,
    require => File[$secret_file],
  }

  if $mode == 'bolt' {
    service { $service:
      ensure     => running,
      enable     => true,
      hasstatus  => true,
      hasrestart => true,
      subscribe  => File[$password_config_file],
    }
  }
}