Merge pull request #837 from splunk/develop

sync master for patch2 release
splunk · Jun 18, 2024 · 3c11de1 · 3c11de1
2 parents 0798330 + 49223e8
commit 3c11de1
Show file tree

Hide file tree

Showing 41 changed files with 247 additions and 218 deletions.
diff --git a/default.yml b/default.yml
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -1,17 +1,20 @@
 ## Changelog
 
 ## Navigation
+* [9.2.1-patch2](#921-patch2)
 * [9.2.1-patch1](#921-patch1)
 * [9.2.1](#921)
 * [9.2.0.1](#9201)
 * [9.2.0](#920)
+* [9.1.4-patch2](#914-patch2)
 * [9.1.4-patch1](#914-patch1)
 * [9.1.4](#914)
 * [9.1.3](#913)
 * [9.1.2](#912)
 * [9.1.1](#911)
 * [9.1.0.2](#9102)
 * [9.1.0.1](#9101)
+* [9.0.9-patch2](#909-patch2)
 * [9.0.9-patch1](#909-patch1)
 * [9.0.9](#909)
 * [9.0.8](#908)
@@ -90,6 +93,18 @@
 
 ---
 
+## 9.2.1-patch2
+
+#### Changes
+* Use splunk_api to remove existing HEC token
+* Revert UDS regressions for windows bind + idx cluster peering
+* Fix conditions for HEC token creation
+* Add Splunk version condition for setting mgmtMode
+* Fix splunk_api body + cert_prefix usage
+* Fix cluster master ESS version check
+
+---
+
 ## 9.2.1-patch1
 
 #### Changes
@@ -122,6 +137,18 @@
 
 ---
 
+## 9.1.4-patch2
+
+#### Changes
+* Use splunk_api to remove existing HEC token
+* Revert UDS regressions for windows bind + idx cluster peering
+* Fix conditions for HEC token creation
+* Add Splunk version condition for setting mgmtMode
+* Fix splunk_api body + cert_prefix usage
+* Fix cluster master ESS version check
+
+---
+
 ## 9.1.4-patch1
 
 #### Changes
@@ -178,6 +205,18 @@
 
 ---
 
+## 9.0.9-patch2
+
+#### Changes
+* Use splunk_api to remove existing HEC token
+* Revert UDS regressions for windows bind + idx cluster peering
+* Fix conditions for HEC token creation
+* Add Splunk version condition for setting mgmtMode
+* Fix splunk_api body + cert_prefix usage
+* Fix cluster master ESS version check
+
+---
+
 ## 9.0.9-patch1
 
 #### Changes

diff --git a/docs/advanced/default.yml.spec.md b/docs/advanced/default.yml.spec.md
@@ -42,6 +42,10 @@ retry_delay: <int>
 * Duration of waits between each of the aforementioned retries (in seconds)
 * Default: 6
 
+restart_retry_delay: <int>
+* Duration of waits between retries to issue restart command for splunkd (in seconds)
+* Default: 30
+
 splunk_home_ownership_enforcement: true
 * Boolean that to control and enable UAC on $SPLUNK_HOME (recommended to be enabled)
 * Default: true

diff --git a/docs/execution_patterns/remote/default.yml b/docs/execution_patterns/remote/default.yml
@@ -1,5 +1,6 @@
 ---
 retry_delay: 6
+restart_retry_delay: 30
 retry_num: 60
 shc_sync_retry_num: 60
 

diff --git a/inventory/splunk_defaults_linux.yml b/inventory/splunk_defaults_linux.yml
@@ -3,6 +3,7 @@ ansible_pre_tasks:
 ansible_post_tasks:
 ansible_environment: {}
 retry_delay: 6
+restart_retry_delay: 30
 retry_num: 60
 hide_password: false
 wait_for_splunk_retry_num: 60

diff --git a/inventory/splunk_defaults_windows.yml b/inventory/splunk_defaults_windows.yml
@@ -3,6 +3,7 @@ ansible_pre_tasks:
 ansible_post_tasks:
 ansible_environment: {}
 retry_delay: 10
+restart_retry_delay: 30
 retry_num: 60
 hide_password: false
 wait_for_splunk_retry_num: 150

diff --git a/inventory/splunkforwarder_defaults_linux.yml b/inventory/splunkforwarder_defaults_linux.yml
@@ -3,6 +3,7 @@ ansible_pre_tasks:
 ansible_post_tasks:
 ansible_environment: {}
 retry_delay: 6
+restart_retry_delay: 30
 retry_num: 60
 hide_password: false
 wait_for_splunk_retry_num: 60

diff --git a/inventory/splunkforwarder_defaults_windows.yml b/inventory/splunkforwarder_defaults_windows.yml
@@ -3,6 +3,7 @@ ansible_pre_tasks:
 ansible_post_tasks:
 ansible_environment: {}
 retry_delay: 10
+restart_retry_delay: 30
 retry_num: 60
 hide_password: false
 wait_for_splunk_retry_num: 150

diff --git a/roles/splunk_cluster_master/tasks/generate_ess_bundle.yml b/roles/splunk_cluster_master/tasks/generate_ess_bundle.yml
@@ -12,12 +12,18 @@
     mode: 0777
 
 - name: Get ESS version
-  command: "/opt/splunk/bin/splunk display app -auth {{ splunk.admin_user }}:{{ splunk.password }} SplunkEnterpriseSecuritySuite"
+  command: "{{ splunk.exec }} search '| rest /services/apps/local splunk_server=local | search title=SplunkEnterpriseSecuritySuite | fields version' -auth {{ splunk.admin_user }}:{{ splunk.password }}"
   register: ess_info
   no_log: "{{ hide_password }}"
 
+- name: Set ESS version fact
+  set_fact:
+    ess_version: "{{ ess_info | regex_search(regexp, '\\1') | first }}"
+  vars:
+    regexp: '(\d+\.\d+\.\d+)'
+
 - name: Execute bundle script
-  command: "{{ splunk.exec }} cmd {% if ess_info.json.entry[0].content.version is version('6.1', '>=') %}python3{% else %}python{% endif %} /tmp/es_ta_for_indexers.py --password {{ splunk.password }} --username {{ splunk.admin_user }}"
+  command: "{{ splunk.exec }} cmd {% if ess_version is version('6.1', '>=') %}python3{% else %}python{% endif %} /tmp/es_ta_for_indexers.py --password {{ splunk.password }} --username {{ splunk.admin_user }}"
   become: yes
   become_user: "{{ splunk.user }}"
   no_log: "{{ hide_password }}"

diff --git a/roles/splunk_common/handlers/restart_splunk.yml b/roles/splunk_common/handlers/restart_splunk.yml
@@ -6,7 +6,7 @@
   register: task_result
   until: task_result.rc == 0
   retries: "{{ retry_num }}"
-  delay: "{{ retry_delay }}"
+  delay: "{{ restart_retry_delay }}"
   when: not splunk.enable_service
 
 - name: "Restart the splunkd service - Via Linux systemd or init"
@@ -23,12 +23,9 @@
     state: restarted
   when: splunk.enable_service and not ansible_system is match("Linux")
 
-- name: Check if UDS file exists
-  stat:
-    path: "/opt/splunkforwarder/var/run/splunk/cli.socket"
-  register: uds_socket_exists
+- include_tasks: ../tasks/check_uds_file.yml
 
 - name: "Wait for splunkd management port"
   wait_for:
     port: "{{ splunk.svc_port }}"
-  when: not uds_socket_exists.stat.exists
+  when: not uds_enabled | bool
diff --git a/roles/splunk_common/tasks/add_forward_server.yml b/roles/splunk_common/tasks/add_forward_server.yml
@@ -1,4 +1,8 @@
 ---
+# start splunk before running "add forward-server" command
+- include_tasks: start_splunk.yml
+  when: '("s2s" not in splunk and "s2s_port" in splunk) or ("s2s" in splunk and ("ssl" not in splunk.s2s or ("ssl" in splunk.s2s and not splunk.s2s.ssl))) | bool'
+
 - name: "Enable forwarding to {{ forward_servers }}"
   command: "{{ splunk.exec }} add forward-server {{ item }}:{{ splunk.s2s.port if splunk.s2s.port is defined else splunk.s2s_port }} -auth {{ splunk.admin_user }}:{{ splunk.password }} --accept-license --answer-yes --no-prompt"
   become: yes

diff --git a/roles/splunk_common/tasks/check_mgmt_mode_status.yml b/roles/splunk_common/tasks/check_mgmt_mode_status.yml
@@ -1,9 +1,4 @@
 ---
-- name: Check if UDS file exists
-  stat:
-    path: '{{ splunk.home }}/var/run/splunk/cli.socket'
-  register: client_socket_file
-
 # TODO: Can we convert the following task to be OS agnostic?
 #- name: Check if listening on SVC Port {{ splunk.svc_port }}
 #  shell: "netstat -lnt"
@@ -12,9 +7,9 @@
 - name: UF is configured to use UDS
   debug:
     msg: "cli.socket exists in $SPLUNK_HOME/var/run/splunk. This UF instance might be configured to use UDS socket for API communications."
-  when: client_socket_file.stat.exists
+  when: uds_enabled | bool
 
 - name: UF is configured to use TCP
   debug:
     msg: "cli.socket does not exists in $SPLUNK_HOME/var/run/splunk. This UF instance might be configured to use TCP."
-  when: not client_socket_file.stat.exists
+  when: not uds_enabled | bool
diff --git a/roles/splunk_common/tasks/check_uds_file.yml b/roles/splunk_common/tasks/check_uds_file.yml
@@ -0,0 +1,9 @@
+---
+- name: Check if UDS file exists
+  stat:
+    path: "{{ splunk.home }}/var/run/splunk/cli.socket"
+  register: socket_file
+
+- name: Set UDS enabled/disabled
+  set_fact:
+    uds_enabled: "{{ socket_file.stat.exists }}"
diff --git a/roles/splunk_common/tasks/configure_mgmt_port.yml b/roles/splunk_common/tasks/configure_mgmt_port.yml
@@ -1,4 +1,8 @@
 ---
+- name: set version fact
+  set_fact:
+    installed_splunk_version: "{{ lookup('file', '{{ splunk.home }}/etc/splunk.version') | regex_findall('VERSION=([0-9.]+)') | first }}"
+
 - name: Configure to set Mgmt Mode as auto (Allows UDS)
   ini_file:
     dest: "{{ splunk.home }}/etc/system/local/server.conf"
@@ -7,7 +11,11 @@
     value: "auto"
     owner: "{{ splunk.user }}"
     group: "{{ splunk.group }}"
-  when: splunk.role == "splunk_universal_forwarder" and splunk.splunk_http_enabled|bool == false
+  when:
+    - splunk.role == "splunk_universal_forwarder"
+    - not splunk.splunk_http_enabled | bool
+    - installed_splunk_version is version("9.1.0", ">=")
+    - ansible_system is not match("CYGWIN*|Win32NT")
 
 - name: Configure to set Mgmt Mode as tcp (Allows only TCP)
   ini_file:
@@ -17,4 +25,7 @@
     value: "tcp"
     owner: "{{ splunk.user }}"
     group: "{{ splunk.group }}"
-  when: splunk.role == "splunk_universal_forwarder" and splunk.splunk_http_enabled|bool == true
+  when:
+    - splunk.role == "splunk_universal_forwarder"
+    - splunk.splunk_http_enabled | bool or ansible_system is match("CYGWIN*|Win32NT")
+    - installed_splunk_version is version("9.1.0", ">=")
diff --git a/roles/splunk_common/tasks/configure_uds.yml b/roles/splunk_common/tasks/configure_uds.yml
@@ -5,4 +5,5 @@
     owner: "{{ splunk.user }}"
     group: "{{ splunk.group }}"
     mode: 0644
-  notify: restart splunk
+  notify: restart splunk
+  when: uds_enabled | bool
diff --git a/roles/splunk_common/tasks/disable_popups.yml b/roles/splunk_common/tasks/disable_popups.yml
@@ -3,6 +3,7 @@
   splunk_api:
     method: GET
     url: "/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general?output_mode=json"
+    cert_prefix: "{{ cert_prefix }}"
     username: "{{ splunk.admin_user }}"
     password: "{{ splunk.password }}"
     svc_port: "{{ splunk.svc_port }}"
@@ -15,13 +16,25 @@
 - name: Disable Popups
   splunk_api:
     method: POST
-    url: "{{ item.key }}"
+    url: "{{ item.url }}"
+    cert_prefix: "{{ cert_prefix }}"
     username: "{{ splunk.admin_user }}"
     password: "{{ splunk.password }}"
     svc_port: "{{ splunk.svc_port }}"
-    body: "{{ item.value }}"
+    body: "{{ item.body }}"
+    body_format: "form-urlencoded"
     status_code: 200,201,409
   with_items:
-    - { key: "/servicesNS/admin/user-prefs/data/user-prefs/general", value: "hideInstrumentationOptInModal=1&notification_python_3_impact=false&showWhatsNew=0" }
-    - { key: "/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general", value: "showOptInModal=0&optInVersionAcknowledged={{ telemetry['json']['entry'][0]['content']['optInVersion'] }}" }
-    - { key: "/servicesNS/admin/search/data/ui/ui-tour/search-tour", value: "tourPage=search&viewed=1" }
+    - url: "/servicesNS/admin/user-prefs/data/user-prefs/general"
+      body:
+        hideInstrumentationOptInModal: 1
+        notification_python_3_impact: false
+        showWhatsNew: 0
+    - url: "/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general"
+      body:
+        showOptInModal: 0
+        optInVersionAcknowledged: "{{ telemetry['json']['entry'][0]['content']['optInVersion'] }}"
+    - url: "/servicesNS/admin/search/data/ui/ui-tour/search-tour"
+      body:
+        tourPage: search
+        viewed: 1