Puppet Class: splunk::forwarder::password::manage

Inherits:
splunk::params
Defined in:
manifests/forwarder/password/manage.pp

Summary

Implements the direct management of the Splunk Forwarder admin password so it can be used outside of regular management of the whole stack to facilitate admin password resets through Bolt Plans. Note: Entirely done to make this implementation consistent with the method used to manage admin password seeding.

Overview

Parameters:

  • manage_password (Boolean) (defaults to: $splunk::params::manage_password)

    If set to true, Manage the contents of splunk.secret and passwd.

  • password_config_file (Stdlib::Absolutepath) (defaults to: $splunk::params::enterprise_password_config_file)

    Which file to put the password in i.e. in linux it would be ‘/opt/splunkforwarder/etc/passwd`.

  • password_content (String[1]) (defaults to: $splunk::params::password_content)

    The hashed password username/details for the user.

  • secret_file (Stdlib::Absolutepath) (defaults to: $splunk::params::enterprise_secret_file)

    Which file we should put the secret in.

  • secret (String[1]) (defaults to: $splunk::params::secret)

    The secret used to salt the splunk password.

  • service (String[1]) (defaults to: $splunk::params::forwarder_service)

    Name of the Splunk Enterprise service that needs to be restarted after files are updated, not applicable when running in agent mode.

  • mode (Enum['agent', 'bolt']) (defaults to: 'bolt')

    The class is designed to work in two ways, as a helper that is called by Class or leveraged independently from with in a Bolt Plan. The value defaults to “bolt” implicitly assuming that anytime it is used outside of Class, it is being used by Bolt

  • splunk_user (String[1]) (defaults to: $splunk::params::splunk_user) 


35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'manifests/forwarder/password/manage.pp', line 35

class splunk::forwarder::password::manage (
  Boolean $manage_password                   = $splunk::params::manage_password,
  Stdlib::Absolutepath $password_config_file = $splunk::params::enterprise_password_config_file,
  String[1] $password_content                = $splunk::params::password_content,
  Stdlib::Absolutepath $secret_file          = $splunk::params::enterprise_secret_file,
  String[1] $secret                          = $splunk::params::secret,
  String[1] $splunk_user                     = $splunk::params::splunk_user,
  String[1] $service                         = $splunk::params::forwarder_service,
  Enum['agent', 'bolt'] $mode                = 'bolt',
) inherits splunk::params {
  file { $secret_file:
    ensure  => file,
    owner   => $splunk_user,
    group   => $splunk_user,
    content => $secret,
  }

  file { $password_config_file:
    ensure  => file,
    owner   => $splunk_user,
    group   => $splunk_user,
    content => $password_content,
    require => File[$secret_file],
  }

  if $mode == 'bolt' {
    service { $service:
      ensure     => running,
      enable     => true,
      hasstatus  => true,
      hasrestart => true,
      subscribe  => File[$password_config_file],
    }
  }
}