Puppet Class: splunk::forwarder

Inherits:
splunk
Defined in:
manifests/forwarder.pp

Summary

Install and configure an instance of Splunk Universal Forwarder

Overview

Examples:

Basic usage

include splunk::forwarder

Install specific version and build with admin passord management

class { 'splunk::params':
  version => '7.2.5',
  build   => '088f49762779',
}
class { 'splunk::forwarder':
  package_ensure => latest,
  manage_password => true,
}

Parameters:

  • server (String[1]) (defaults to: $splunk::params::server)

    The fqdn or IP address of the Splunk server.

  • version (String[1]) (defaults to: $splunk::params::version)

    Specifies the version of Splunk Forwarder the module should install and manage.

  • package_name (String[1]) (defaults to: $splunk::params::forwarder_package_name)

    The name of the package(s) Puppet will use to install Splunk Forwarder.

  • package_ensure (String[1]) (defaults to: $splunk::params::forwarder_package_ensure)

    Ensure parameter which will get passed to the Splunk package resource.

  • staging_dir (String[1]) (defaults to: $splunk::params::staging_dir)

    Root of the archive path to host the Splunk package.

  • path_delimiter (String[1]) (defaults to: $splunk::params::path_delimiter)

    The path separator used in the archived path of the Splunk package.

  • forwarder_package_src (String[1]) (defaults to: $splunk::params::forwarder_package_src)

    The source URL for the splunk installation media (typically an RPM, MSI, etc). If a ‘$src_root` parameter is set in splunk::params, this will be automatically supplied. Otherwise it is required. The URL can be of any protocol supported by the puppet/archive module. On Windows, this can be a UNC path to the MSI.

  • package_provider (Optional[String[1]]) (defaults to: $splunk::params::package_provider)

    The package management system used to host the Splunk packages.

  • manage_package_source (Boolean) (defaults to: true)

    Whether or not to use the supplied ‘forwarder_package_src` param.

  • package_source (Optional[String[1]]) (defaults to: undef)

    Optional The source URL for the splunk installation media (typically an RPM, MSI, etc). If ‘enterprise_package_src` parameter is set in splunk::params and `manage_package_source` is true, this will be automatically supplied. Otherwise it is required. The URL can be of any protocol supported by the puppet/archive module. On Windows, this can be a UNC path to the MSI.

  • install_options (Splunk::Fwdinstalloptions) (defaults to: $splunk::params::forwarder_install_options)

    This variable is passed to the package resources’ install_options parameter.

  • splunk_user (String[1]) (defaults to: $splunk::params::splunk_user)

    The user to run Splunk as.

  • forwarder_homedir (Stdlib::Absolutepath) (defaults to: $splunk::params::forwarder_homedir)

    Specifies the Splunk Forwarder home directory.

  • forwarder_confdir (Stdlib::Absolutepath) (defaults to: $splunk::params::forwarder_confdir)

    Specifies the Splunk Forwarder configuration directory.

  • service_name (String[1]) (defaults to: $splunk::params::forwarder_service)

    The name of the Splunk Forwarder service.

  • service_file (Stdlib::Absolutepath) (defaults to: $splunk::params::forwarder_service_file)

    The path to the Splunk Forwarder service file.

  • boot_start (Boolean) (defaults to: $splunk::params::boot_start)

    Whether or not to enable splunk boot-start, which generates a service file to manage the Splunk Forwarder service.

  • use_default_config (Boolean) (defaults to: true)

    Whether or not the module should manage a default set of Splunk Forwarder configuration parameters.

  • splunkd_listen (Stdlib::IP::Address) (defaults to: '127.0.0.1')

    The address on which splunkd should listen.

  • splunkd_port (Stdlib::Port) (defaults to: $splunk::params::splunkd_port)

    The management port for Splunk.

  • logging_port (Stdlib::Port) (defaults to: $splunk::params::logging_port)

    The port on which to send and listen for logs.

  • purge_inputs (Boolean) (defaults to: false)

    Optional If set to true, inputs.conf will be purged of configuration that is no longer managed by the ‘splunkforwarder_input` type.

  • purge_outputs (Boolean) (defaults to: false)

    Optional If set to true, outputs.conf will be purged of configuration that is no longer managed by the ‘splunk_output` type.

  • purge_props (Boolean) (defaults to: false)

    Optional If set to true, props.conf will be purged of configuration that is no longer managed by the ‘splunk_props` type.

  • purge_transforms (Boolean) (defaults to: false)

    Optional If set to true, transforms.conf will be purged of configuration that is no longer managed by the ‘splunk_transforms` type.

  • purge_web (Boolean) (defaults to: false)

    Optional If set to true, web.conf will be purged of configuration that is no longer managed by the ‘splunk_web` type.

  • forwarder_input (Hash) (defaults to: $splunk::params::forwarder_input)

    Used to override the default ‘forwarder_input` type defined in splunk::params.

  • forwarder_output (Hash) (defaults to: $splunk::params::forwarder_output)

    Used to override the default ‘forwarder_output` type defined in splunk::params.

  • manage_password (Boolean) (defaults to: $splunk::params::manage_password)

    If set to true, Manage the contents of splunk.secret and passwd.

  • seed_password (Boolean) (defaults to: $splunk::params::seed_password)

    If set to true, Manage the contents of splunk.secret and user-seed.conf.

  • reset_seeded_password (Boolean) (defaults to: $splunk::params::reset_seeded_password)

    If set to true, deletes ‘password_config_file` to trigger Splunk’s password import process on restart of the Splunk services.

  • password_config_file (Stdlib::Absolutepath) (defaults to: $splunk::params::forwarder_password_config_file)

    Which file to put the password in i.e. in linux it would be ‘/opt/splunkforwarder/etc/passwd`.

  • seed_config_file (Stdlib::Absolutepath) (defaults to: $splunk::params::forwarder_seed_config_file)

    Which file to place the admin password hash in so its imported by Splunk on restart.

  • seed_user (String[1]) (defaults to: $splunk::params::seed_user)

    The local user (usually ‘admin’) imported by Splunk.

  • password_content (String[1]) (defaults to: $splunk::params::password_content)

    The hashed password username/details for the user.

  • password_hash (String[1]) (defaults to: $splunk::params::password_hash)

    The hashed password for the admin user.

  • secret_file (Stdlib::Absolutepath) (defaults to: $splunk::params::forwarder_secret_file)

    Which file we should put the secret in.

  • secret (String[1]) (defaults to: $splunk::params::secret)

    The secret used to salt the splunk password.

  • addons (Hash) (defaults to: {})

    Manage a splunk addons, see ‘splunk::addons`.

  • purge_deploymentclient (Boolean) (defaults to: false) 


153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
 
# File 'manifests/forwarder.pp', line 153

class splunk::forwarder (
  String[1] $server                          = $splunk::params::server,
  String[1] $version                         = $splunk::params::version,
  String[1] $package_name                    = $splunk::params::forwarder_package_name,
  String[1] $package_ensure                  = $splunk::params::forwarder_package_ensure,
  String[1] $staging_dir                     = $splunk::params::staging_dir,
  String[1] $path_delimiter                  = $splunk::params::path_delimiter,
  String[1] $forwarder_package_src           = $splunk::params::forwarder_package_src,
  Optional[String[1]] $package_provider      = $splunk::params::package_provider,
  Boolean $manage_package_source             = true,
  Optional[String[1]] $package_source        = undef,
  Splunk::Fwdinstalloptions $install_options = $splunk::params::forwarder_install_options,
  String[1] $splunk_user                     = $splunk::params::splunk_user,
  Stdlib::Absolutepath $forwarder_homedir    = $splunk::params::forwarder_homedir,
  Stdlib::Absolutepath $forwarder_confdir    = $splunk::params::forwarder_confdir,
  String[1] $service_name                    = $splunk::params::forwarder_service,
  Stdlib::Absolutepath $service_file         = $splunk::params::forwarder_service_file,
  Boolean $boot_start                        = $splunk::params::boot_start,
  Boolean $use_default_config                = true,
  Stdlib::IP::Address $splunkd_listen        = '127.0.0.1',
  Stdlib::Port $splunkd_port                 = $splunk::params::splunkd_port,
  Stdlib::Port $logging_port                 = $splunk::params::logging_port,
  Boolean $purge_deploymentclient            = false,
  Boolean $purge_outputs                     = false,
  Boolean $purge_inputs                      = false,
  Boolean $purge_props                       = false,
  Boolean $purge_transforms                  = false,
  Boolean $purge_web                         = false,
  Hash $forwarder_output                     = $splunk::params::forwarder_output,
  Hash $forwarder_input                      = $splunk::params::forwarder_input,
  Boolean $manage_password                   = $splunk::params::manage_password,
  Boolean $seed_password                     = $splunk::params::seed_password,
  Boolean $reset_seeded_password             = $splunk::params::reset_seeded_password,
  Stdlib::Absolutepath $password_config_file = $splunk::params::forwarder_password_config_file,
  Stdlib::Absolutepath $seed_config_file     = $splunk::params::forwarder_seed_config_file,
  String[1] $password_content                = $splunk::params::password_content,
  String[1] $password_hash                   = $splunk::params::password_hash,
  String[1] $seed_user                       = $splunk::params::seed_user,
  Stdlib::Absolutepath $secret_file          = $splunk::params::forwarder_secret_file,
  String[1] $secret                          = $splunk::params::secret,
  Hash $addons                               = {},
) inherits splunk {
  if (defined(Class['splunk::enterprise'])) {
    fail('Splunk Universal Forwarder provides a subset of Splunk Enterprise capabilities, and has potentially conflicting resources when included with Splunk Enterprise on the same node.  Do not include splunk::forwarder on the same node as splunk::enterprise.  Configure Splunk Enterprise to meet your forwarding needs.'
    )
  }

  if ($facts['os']['family'] == 'windows') and ($package_ensure == 'latest') {
    fail('This module does not currently support continuously upgrading the Splunk Universal Forwarder on Windows. Please do not set "package_ensure" to "latest" on Windows.')
  }

  if $manage_password and $seed_password {
    fail('The setting "manage_password" and "seed_password" are in conflict with one another; they are two ways of accomplishing the same goal, "seed_password" is preferred according to Splunk documentation. If you need to reset the admin user password after initially installation then set "reset_seeded_password" temporarily.')
  }

  if $manage_password {
    info("The setting \"manage_password\" will manage the contents of ${password_config_file} which Splunk changes on restart, this results in Puppet initiating a corrective change event on every run and will trigger a resart of all Splunk services")
  }

  if $reset_seeded_password {
    info("The setting \"reset_seeded_password\" will delete ${password_config_file} on each run of Puppet and generate a corrective change event, the file must be absent for Splunk's admin password seeding process to be triggered so this setting should only be used temporarily as it'll also cause a resart of the Splunk service")
  }

  contain 'splunk::forwarder::install'
  contain 'splunk::forwarder::config'
  contain 'splunk::forwarder::service'

  Class['splunk::forwarder::install']
  -> Class['splunk::forwarder::config']
  ~> Class['splunk::forwarder::service']

  # This is a module that supports multiple platforms. For some platforms
  # there is non-generic configuration that needs to be declared in addition
  # to the agnostic resources declared here.
  if $facts['kernel'] in ['Linux', 'SunOS', 'FreeBSD'] {
    contain 'splunk::forwarder::service::nix'
    Class['splunk::forwarder::config']
    -> Class['splunk::forwarder::service::nix']
    -> Class['splunk::forwarder::service']
  }

  Splunk_config['splunk'] {
    forwarder_confdir                => $forwarder_confdir,
    purge_forwarder_deploymentclient => $purge_deploymentclient,
    purge_forwarder_outputs          => $purge_outputs,
    purge_forwarder_inputs           => $purge_inputs,
    purge_forwarder_props            => $purge_props,
    purge_forwarder_transforms       => $purge_transforms,
    purge_forwarder_web              => $purge_web,
  }
}