Puppet Class: splunk::enterprise

Inherits:
splunk
Defined in:
manifests/enterprise.pp

Summary

Install and configure an instance of Splunk Enterprise

Overview

Examples:

Basic usage

include splunk::enterprise

Install specific version and build with admin passord management

class { 'splunk::params':
  version => '7.2.5',
  build   => '088f49762779',
}
class { 'splunk::enterprise':
  package_ensure => latest,
  manage_password => true,
}

Parameters:

  • version (String[1]) (defaults to: $splunk::params::version)

    Specifies the version of Splunk Enterprise the module should install and manage.

  • package_name (String[1]) (defaults to: $splunk::params::enterprise_package_name)

    The name of the package(s) Puppet will use to install Splunk.

  • package_ensure (String[1]) (defaults to: $splunk::params::enterprise_package_ensure)

    Ensure parameter which will get passed to the Splunk package resource.

  • staging_dir (String[1]) (defaults to: $splunk::params::staging_dir)

    Root of the archive path to host the Splunk package.

  • path_delimiter (String[1]) (defaults to: $splunk::params::path_delimiter)

    The path separator used in the archived path of the Splunk package.

  • enterprise_package_src (String[1]) (defaults to: $splunk::params::enterprise_package_src)

    The source URL for the splunk installation media (typically an RPM, MSI, etc). If a ‘$src_root` parameter is set in splunk::params, this will be automatically supplied. Otherwise it is required. The URL can be of any protocol supported by the pupept/archive module. On Windows, this can be a UNC path to the MSI.

  • package_provider (Optional[String[1]]) (defaults to: $splunk::params::package_provider)

    The package management system used to host the Splunk packages.

  • manage_package_source (Boolean) (defaults to: true)

    Whether or not to use the supplied ‘enterprise_package_src` param.

  • package_source (Optional[String[1]]) (defaults to: undef)

    Optional The source URL for the splunk installation media (typically an RPM, MSI, etc). If ‘enterprise_package_src` parameter is set in splunk::params and `manage_package_source` is true, this will be automatically supplied. Otherwise it is required. The URL can be of any protocol supported by the puppet/archive module. On Windows, this can be a UNC path to the MSI.

  • install_options (Splunk::Entinstalloptions) (defaults to: $splunk::params::enterprise_install_options)

    This variable is passed to the package resources’ install_options parameter.

  • splunk_user (String[1]) (defaults to: $splunk::params::splunk_user)

    The user to run Splunk as.

  • enterprise_homedir (Stdlib::Absolutepath) (defaults to: $splunk::params::enterprise_homedir)

    Specifies the Splunk Enterprise home directory.

  • enterprise_confdir (Stdlib::Absolutepath) (defaults to: $splunk::params::enterprise_confdir)

    Specifies the Splunk Enterprise configuration directory.

  • service_name (String[1]) (defaults to: $splunk::params::enterprise_service)

    The name of the Splunk Enterprise service.

  • service_file (Stdlib::Absolutepath) (defaults to: $splunk::params::enterprise_service_file)

    The path to the Splunk Enterprise service file.

  • boot_start (Boolean) (defaults to: $splunk::params::boot_start)

    Whether or not to enable splunk boot-start, which generates a service file to manage the Splunk Enterprise service.

  • use_default_config (Boolean) (defaults to: true)

    Whether or not the module should manage a default set of Splunk Enterprise configuration parameters.

  • input_default_host (String[1]) (defaults to: $facts['networking']['fqdn'])

    Part of the default config. Sets the ‘splunk_input` default host.

  • input_connection_host (String[1]) (defaults to: 'dns')

    Part of the default config. Sets the ‘splunk_input` connection host.

  • splunkd_listen (Stdlib::IP::Address) (defaults to: '127.0.0.1')

    The address on which splunkd should listen.

  • logging_port (Stdlib::Port) (defaults to: $splunk::params::logging_port)

    The port to receive TCP logs on.

  • splunkd_port (Stdlib::Port) (defaults to: $splunk::params::splunkd_port)

    The management port for Splunk.

  • web_httpport (Stdlib::Port) (defaults to: 8000)

    The port on which to service the Splunk Web interface.

  • purge_inputs (Boolean) (defaults to: false)

    If set to true, inputs.conf will be purged of configuration that is no longer managed by the ‘splunk_input` type.

  • purge_outputs (Boolean) (defaults to: false)

    If set to true, outputs.conf will be purged of configuration that is no longer managed by the ‘splunk_output` type.

  • purge_authentication (Boolean) (defaults to: false)

    If set to true, authentication.conf will be purged of configuration that is no longer managed by the ‘splunk_authentication` type.

  • purge_authorize (Boolean) (defaults to: false)

    If set to true, authorize.conf will be purged of configuration that is no longer managed by the ‘splunk_authorize` type.

  • purge_distsearch (Boolean) (defaults to: false)

    If set to true, distsearch.conf will be purged of configuration that is no longer managed by the ‘splunk_distsearch` type.

  • purge_indexes (Boolean) (defaults to: false)

    If set to true, indexes.conf will be purged of configuration that is no longer managed by the ‘splunk_indexes` type.

  • purge_limits (Boolean) (defaults to: false)

    If set to true, limits.conf will be purged of configuration that is no longer managed by the ‘splunk_limits` type.

  • purge_props (Boolean) (defaults to: false)

    If set to true, props.conf will be purged of configuration that is no longer managed by the ‘splunk_props` type.

  • purge_server (Boolean) (defaults to: false)

    If set to true, server.conf will be purged of configuration that is no longer managed by the ‘splunk_server` type.

  • purge_transforms (Boolean) (defaults to: false)

    If set to true, transforms.conf will be purged of configuration that is no longer managed by the ‘splunk_transforms` type.

  • purge_web (Boolean) (defaults to: false)

    If set to true, web.conf will be purged of configuration that is no longer managed by the ‘splunk_web type`.

  • manage_password (Boolean) (defaults to: $splunk::params::manage_password)

    If set to true, Manage the contents of splunk.secret and passwd.

  • seed_password (Boolean) (defaults to: $splunk::params::seed_password)

    If set to true, Manage the contents of splunk.secret and user-seed.conf.

  • reset_seeded_password (Boolean) (defaults to: $splunk::params::reset_seeded_password)

    If set to true, deletes ‘password_config_file` to trigger Splunk’s password import process on restart of the Splunk services.

  • password_config_file (Stdlib::Absolutepath) (defaults to: $splunk::params::enterprise_password_config_file)

    Which file to put the password in i.e. in linux it would be ‘/opt/splunk/etc/passwd`.

  • seed_config_file (Stdlib::Absolutepath) (defaults to: $splunk::params::enterprise_seed_config_file)

    Which file to place the admin password hash in so its imported by Splunk on restart.

  • seed_user (String[1]) (defaults to: $splunk::params::seed_user)

    The local user (usually ‘admin’) imported by Splunk.

  • password_content (String[1]) (defaults to: $splunk::params::password_content)

    The hashed password username/details for the user.

  • password_hash (String[1]) (defaults to: $splunk::params::password_hash)

    The hashed password for the admin user.

  • secret_file (Stdlib::Absolutepath) (defaults to: $splunk::params::enterprise_secret_file)

    Which file we should put the secret in.

  • secret (String[1]) (defaults to: $splunk::params::secret)

    The secret used to salt the splunk password.

  • purge_alert_actions (Boolean) (defaults to: false)
  • purge_deploymentclient (Boolean) (defaults to: false)
  • purge_serverclass (Boolean) (defaults to: false)
  • purge_uiprefs (Boolean) (defaults to: false) 


174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
 
# File 'manifests/enterprise.pp', line 174

class splunk::enterprise (
  String[1] $version                         = $splunk::params::version,
  String[1] $package_name                    = $splunk::params::enterprise_package_name,
  String[1] $package_ensure                  = $splunk::params::enterprise_package_ensure,
  String[1] $staging_dir                     = $splunk::params::staging_dir,
  String[1] $path_delimiter                  = $splunk::params::path_delimiter,
  String[1] $enterprise_package_src          = $splunk::params::enterprise_package_src,
  Optional[String[1]] $package_provider      = $splunk::params::package_provider,
  Boolean $manage_package_source             = true,
  Optional[String[1]] $package_source        = undef,
  Splunk::Entinstalloptions $install_options = $splunk::params::enterprise_install_options,
  String[1] $splunk_user                     = $splunk::params::splunk_user,
  Stdlib::Absolutepath $enterprise_homedir   = $splunk::params::enterprise_homedir,
  Stdlib::Absolutepath $enterprise_confdir   = $splunk::params::enterprise_confdir,
  String[1] $service_name                    = $splunk::params::enterprise_service,
  Stdlib::Absolutepath $service_file         = $splunk::params::enterprise_service_file,
  Boolean $boot_start                        = $splunk::params::boot_start,
  Boolean $use_default_config                = true,
  String[1] $input_default_host              = $facts['networking']['fqdn'],
  String[1] $input_connection_host           = 'dns',
  Stdlib::IP::Address $splunkd_listen        = '127.0.0.1',
  Stdlib::Port $splunkd_port                 = $splunk::params::splunkd_port,
  Stdlib::Port $logging_port                 = $splunk::params::logging_port,
  Stdlib::Port $web_httpport                 = 8000,
  Boolean $purge_alert_actions               = false,
  Boolean $purge_authentication              = false,
  Boolean $purge_authorize                   = false,
  Boolean $purge_deploymentclient            = false,
  Boolean $purge_distsearch                  = false,
  Boolean $purge_indexes                     = false,
  Boolean $purge_inputs                      = false,
  Boolean $purge_limits                      = false,
  Boolean $purge_outputs                     = false,
  Boolean $purge_props                       = false,
  Boolean $purge_server                      = false,
  Boolean $purge_serverclass                 = false,
  Boolean $purge_transforms                  = false,
  Boolean $purge_uiprefs                     = false,
  Boolean $purge_web                         = false,
  Boolean $manage_password                   = $splunk::params::manage_password,
  Boolean $seed_password                     = $splunk::params::seed_password,
  Boolean $reset_seeded_password             = $splunk::params::reset_seeded_password,
  Stdlib::Absolutepath $password_config_file = $splunk::params::enterprise_password_config_file,
  Stdlib::Absolutepath $seed_config_file     = $splunk::params::enterprise_seed_config_file,
  String[1] $password_content                = $splunk::params::password_content,
  String[1] $password_hash                   = $splunk::params::password_hash,
  String[1] $seed_user                       = $splunk::params::seed_user,
  Stdlib::Absolutepath $secret_file          = $splunk::params::enterprise_secret_file,
  String[1] $secret                          = $splunk::params::secret,
) inherits splunk {
  if (defined(Class['splunk::forwarder'])) {
    fail('Splunk Universal Forwarder provides a subset of Splunk Enterprise capabilities, and has potentially conflicting resources when included with Splunk Enterprise on the same node.  Do not include splunk::forwarder on the same node as splunk::enterprise.  Configure Splunk Enterprise to meet your forwarding needs.'
    )
  }

  if ($facts['os']['family'] == 'windows') and ($package_ensure == 'latest') {
    fail('This module does not currently support continuously upgrading Splunk Enterprise on Windows. Please do not set "package_ensure" to "latest" on Windows.')
  }

  if $manage_password and $seed_password {
    fail('The setting "manage_password" and "seed_password" are in conflict with one another; they are two ways of accomplishing the same goal, "seed_password" is preferred according to Splunk documentation. If you need to reset the admin user password after initially installation then set "reset_seeded_password" temporarily.')
  }

  if $manage_password {
    info("The setting \"manage_password\" will manage the contents of ${password_config_file} which Splunk changes on restart, this results in Puppet initiating a corrective change event on every run and will trigger a resart of all Splunk services")
  }

  if $reset_seeded_password {
    info("The setting \"reset_seeded_password\" will delete ${password_config_file} on each run of Puppet and generate a corrective change event, the file must be absent for Splunk's admin password seeding process to be triggered so this setting should only be used temporarily as it'll also cause a resart of the Splunk service")
  }

  contain 'splunk::enterprise::install'
  contain 'splunk::enterprise::config'
  contain 'splunk::enterprise::service'

  Class['splunk::enterprise::install']
  -> Class['splunk::enterprise::config']
  ~> Class['splunk::enterprise::service']

  # This is a module that supports multiple platforms. For some platforms
  # there is non-generic configuration that needs to be declared in addition
  # to the agnostic resources declared here.
  if $facts['kernel'] in ['Linux','SunOS'] {
    contain 'splunk::enterprise::service::nix'
    Class['splunk::enterprise::config']
    -> Class['splunk::enterprise::service::nix']
    -> Class['splunk::enterprise::service']
  }

  # Purge resources if option set
  Splunk_config['splunk'] {
    purge_alert_actions    => $purge_alert_actions,
    purge_authentication   => $purge_authentication,
    purge_authorize        => $purge_authorize,
    purge_deploymentclient => $purge_deploymentclient,
    purge_distsearch       => $purge_distsearch,
    purge_indexes          => $purge_indexes,
    purge_inputs           => $purge_inputs,
    purge_limits           => $purge_limits,
    purge_outputs          => $purge_outputs,
    purge_props            => $purge_props,
    purge_server           => $purge_server,
    purge_serverclass      => $purge_serverclass,
    purge_transforms       => $purge_transforms,
    purge_uiprefs          => $purge_uiprefs,
    purge_web              => $purge_web
  }
}