diff --git a/default.yml b/default.yml deleted file mode 100644 index dfbaca51..00000000 --- a/default.yml +++ /dev/null @@ -1,78 +0,0 @@ -hide_password: false -retry_delay: 3 -retry_num: 60 -wait_for_splunk_retry_num: 60 -shc_sync_retry_num: 60 -splunk_home_ownership_enforcement: true - -config: - baked: default.yml - defaults_dir: /tmp/defaults - env: - headers: null - var: SPLUNK_DEFAULTS_URL - verify: true - host: - headers: null - url: null - verify: true - max_delay: 60 - max_retries: 3 - max_timeout: 1200 - -splunk: - role: splunk_standalone - enable_tcp_mode: false - upgrade: false - build_location: /tmp/splunk.tgz - apps_location: null - license_uri: null - admin_user: admin - app_paths: - default: /opt/splunk/etc/apps - deployment: /opt/splunk/etc/deployment-apps - httpinput: /opt/splunk/etc/apps/splunk_httpinput - idxc: /opt/splunk/etc/master-apps - shc: /opt/splunk/etc/shcluster/apps - enable_service: false - exec: /opt/splunk/bin/splunk - group: splunk - hec: - enable: True - ssl: True - port: 8088 - token: 4a8a737d-5452-426c-a6f7-106dca4e813f - home: /opt/splunk - http_enableSSL: 0 - http_enableSSL_cert: null - http_enableSSL_privKey: null - http_enableSSL_privKey_password: null - http_port: 8000 - idxc: - enable: false - label: idxc_label - replication_factor: 3 - replication_port: 9887 - search_factor: 3 - secret: dmwHG97SpM+GzeGPUELwr7xXowSAVmLW - ignore_license: false - license_download_dest: /tmp/splunk.lic - opt: /opt - password: helloworld - pid: /opt/splunk/var/run/splunk/splunkd.pid - s2s_enable: true - s2s_port: 9997 - search_head_captain_url: null - secret: null - splunk_http_enabled: True - shc: - enable: false - label: shc_label - replication_factor: 3 - replication_port: 9887 - secret: EpcUlTUHMSOhdjRZb3QqPYf9Lf7L991c - smartstore: null - svc_port: 8089 - tar_dir: splunk - user: splunk - wildcard_license: false diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 1dc931f3..9270dd3d 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -1,10 +1,12 @@ ## Changelog ## Navigation +* [9.2.1-patch2](#921-patch2) * [9.2.1-patch1](#921-patch1) * [9.2.1](#921) * [9.2.0.1](#9201) * [9.2.0](#920) +* [9.1.4-patch2](#914-patch2) * [9.1.4-patch1](#914-patch1) * [9.1.4](#914) * [9.1.3](#913) @@ -12,6 +14,7 @@ * [9.1.1](#911) * [9.1.0.2](#9102) * [9.1.0.1](#9101) +* [9.0.9-patch2](#909-patch2) * [9.0.9-patch1](#909-patch1) * [9.0.9](#909) * [9.0.8](#908) @@ -90,6 +93,18 @@ --- +## 9.2.1-patch2 + +#### Changes +* Use splunk_api to remove existing HEC token +* Revert UDS regressions for windows bind + idx cluster peering +* Fix conditions for HEC token creation +* Add Splunk version condition for setting mgmtMode +* Fix splunk_api body + cert_prefix usage +* Fix cluster master ESS version check + +--- + ## 9.2.1-patch1 #### Changes @@ -122,6 +137,18 @@ --- +## 9.1.4-patch2 + +#### Changes +* Use splunk_api to remove existing HEC token +* Revert UDS regressions for windows bind + idx cluster peering +* Fix conditions for HEC token creation +* Add Splunk version condition for setting mgmtMode +* Fix splunk_api body + cert_prefix usage +* Fix cluster master ESS version check + +--- + ## 9.1.4-patch1 #### Changes @@ -178,6 +205,18 @@ --- +## 9.0.9-patch2 + +#### Changes +* Use splunk_api to remove existing HEC token +* Revert UDS regressions for windows bind + idx cluster peering +* Fix conditions for HEC token creation +* Add Splunk version condition for setting mgmtMode +* Fix splunk_api body + cert_prefix usage +* Fix cluster master ESS version check + +--- + ## 9.0.9-patch1 #### Changes diff --git a/docs/advanced/default.yml.spec.md b/docs/advanced/default.yml.spec.md index d6b2a3fc..87e009e1 100644 --- a/docs/advanced/default.yml.spec.md +++ b/docs/advanced/default.yml.spec.md @@ -42,6 +42,10 @@ retry_delay: * Duration of waits between each of the aforementioned retries (in seconds) * Default: 6 +restart_retry_delay: +* Duration of waits between retries to issue restart command for splunkd (in seconds) +* Default: 30 + splunk_home_ownership_enforcement: true * Boolean that to control and enable UAC on $SPLUNK_HOME (recommended to be enabled) * Default: true diff --git a/docs/execution_patterns/remote/default.yml b/docs/execution_patterns/remote/default.yml index 32ff474a..58de6c7c 100644 --- a/docs/execution_patterns/remote/default.yml +++ b/docs/execution_patterns/remote/default.yml @@ -1,5 +1,6 @@ --- retry_delay: 6 +restart_retry_delay: 30 retry_num: 60 shc_sync_retry_num: 60 diff --git a/inventory/splunk_defaults_linux.yml b/inventory/splunk_defaults_linux.yml index c82bc9ac..fd298854 100644 --- a/inventory/splunk_defaults_linux.yml +++ b/inventory/splunk_defaults_linux.yml @@ -3,6 +3,7 @@ ansible_pre_tasks: ansible_post_tasks: ansible_environment: {} retry_delay: 6 +restart_retry_delay: 30 retry_num: 60 hide_password: false wait_for_splunk_retry_num: 60 diff --git a/inventory/splunk_defaults_windows.yml b/inventory/splunk_defaults_windows.yml index 72fbcfab..f3f49bb5 100644 --- a/inventory/splunk_defaults_windows.yml +++ b/inventory/splunk_defaults_windows.yml @@ -3,6 +3,7 @@ ansible_pre_tasks: ansible_post_tasks: ansible_environment: {} retry_delay: 10 +restart_retry_delay: 30 retry_num: 60 hide_password: false wait_for_splunk_retry_num: 150 diff --git a/inventory/splunkforwarder_defaults_linux.yml b/inventory/splunkforwarder_defaults_linux.yml index 6f040479..d1071f2a 100644 --- a/inventory/splunkforwarder_defaults_linux.yml +++ b/inventory/splunkforwarder_defaults_linux.yml @@ -3,6 +3,7 @@ ansible_pre_tasks: ansible_post_tasks: ansible_environment: {} retry_delay: 6 +restart_retry_delay: 30 retry_num: 60 hide_password: false wait_for_splunk_retry_num: 60 diff --git a/inventory/splunkforwarder_defaults_windows.yml b/inventory/splunkforwarder_defaults_windows.yml index c93a4fb6..737555e7 100644 --- a/inventory/splunkforwarder_defaults_windows.yml +++ b/inventory/splunkforwarder_defaults_windows.yml @@ -3,6 +3,7 @@ ansible_pre_tasks: ansible_post_tasks: ansible_environment: {} retry_delay: 10 +restart_retry_delay: 30 retry_num: 60 hide_password: false wait_for_splunk_retry_num: 150 diff --git a/roles/splunk_cluster_master/tasks/generate_ess_bundle.yml b/roles/splunk_cluster_master/tasks/generate_ess_bundle.yml index eecede6b..ceebee0b 100644 --- a/roles/splunk_cluster_master/tasks/generate_ess_bundle.yml +++ b/roles/splunk_cluster_master/tasks/generate_ess_bundle.yml @@ -12,12 +12,18 @@ mode: 0777 - name: Get ESS version - command: "/opt/splunk/bin/splunk display app -auth {{ splunk.admin_user }}:{{ splunk.password }} SplunkEnterpriseSecuritySuite" + command: "{{ splunk.exec }} search '| rest /services/apps/local splunk_server=local | search title=SplunkEnterpriseSecuritySuite | fields version' -auth {{ splunk.admin_user }}:{{ splunk.password }}" register: ess_info no_log: "{{ hide_password }}" +- name: Set ESS version fact + set_fact: + ess_version: "{{ ess_info | regex_search(regexp, '\\1') | first }}" + vars: + regexp: '(\d+\.\d+\.\d+)' + - name: Execute bundle script - command: "{{ splunk.exec }} cmd {% if ess_info.json.entry[0].content.version is version('6.1', '>=') %}python3{% else %}python{% endif %} /tmp/es_ta_for_indexers.py --password {{ splunk.password }} --username {{ splunk.admin_user }}" + command: "{{ splunk.exec }} cmd {% if ess_version is version('6.1', '>=') %}python3{% else %}python{% endif %} /tmp/es_ta_for_indexers.py --password {{ splunk.password }} --username {{ splunk.admin_user }}" become: yes become_user: "{{ splunk.user }}" no_log: "{{ hide_password }}" diff --git a/roles/splunk_common/handlers/restart_splunk.yml b/roles/splunk_common/handlers/restart_splunk.yml index 3eb7e068..118ede21 100644 --- a/roles/splunk_common/handlers/restart_splunk.yml +++ b/roles/splunk_common/handlers/restart_splunk.yml @@ -6,7 +6,7 @@ register: task_result until: task_result.rc == 0 retries: "{{ retry_num }}" - delay: "{{ retry_delay }}" + delay: "{{ restart_retry_delay }}" when: not splunk.enable_service - name: "Restart the splunkd service - Via Linux systemd or init" @@ -23,12 +23,9 @@ state: restarted when: splunk.enable_service and not ansible_system is match("Linux") -- name: Check if UDS file exists - stat: - path: "/opt/splunkforwarder/var/run/splunk/cli.socket" - register: uds_socket_exists +- include_tasks: ../tasks/check_uds_file.yml - name: "Wait for splunkd management port" wait_for: port: "{{ splunk.svc_port }}" - when: not uds_socket_exists.stat.exists + when: not uds_enabled | bool diff --git a/roles/splunk_common/tasks/add_forward_server.yml b/roles/splunk_common/tasks/add_forward_server.yml index fac2cc7c..3ec46f98 100644 --- a/roles/splunk_common/tasks/add_forward_server.yml +++ b/roles/splunk_common/tasks/add_forward_server.yml @@ -1,4 +1,8 @@ --- +# start splunk before running "add forward-server" command +- include_tasks: start_splunk.yml + when: '("s2s" not in splunk and "s2s_port" in splunk) or ("s2s" in splunk and ("ssl" not in splunk.s2s or ("ssl" in splunk.s2s and not splunk.s2s.ssl))) | bool' + - name: "Enable forwarding to {{ forward_servers }}" command: "{{ splunk.exec }} add forward-server {{ item }}:{{ splunk.s2s.port if splunk.s2s.port is defined else splunk.s2s_port }} -auth {{ splunk.admin_user }}:{{ splunk.password }} --accept-license --answer-yes --no-prompt" become: yes diff --git a/roles/splunk_common/tasks/check_mgmt_mode_status.yml b/roles/splunk_common/tasks/check_mgmt_mode_status.yml index ffc40fc8..e36a9d41 100644 --- a/roles/splunk_common/tasks/check_mgmt_mode_status.yml +++ b/roles/splunk_common/tasks/check_mgmt_mode_status.yml @@ -1,9 +1,4 @@ --- -- name: Check if UDS file exists - stat: - path: '{{ splunk.home }}/var/run/splunk/cli.socket' - register: client_socket_file - # TODO: Can we convert the following task to be OS agnostic? #- name: Check if listening on SVC Port {{ splunk.svc_port }} # shell: "netstat -lnt" @@ -12,9 +7,9 @@ - name: UF is configured to use UDS debug: msg: "cli.socket exists in $SPLUNK_HOME/var/run/splunk. This UF instance might be configured to use UDS socket for API communications." - when: client_socket_file.stat.exists + when: uds_enabled | bool - name: UF is configured to use TCP debug: msg: "cli.socket does not exists in $SPLUNK_HOME/var/run/splunk. This UF instance might be configured to use TCP." - when: not client_socket_file.stat.exists + when: not uds_enabled | bool diff --git a/roles/splunk_common/tasks/check_uds_file.yml b/roles/splunk_common/tasks/check_uds_file.yml new file mode 100644 index 00000000..d83ab40e --- /dev/null +++ b/roles/splunk_common/tasks/check_uds_file.yml @@ -0,0 +1,9 @@ +--- +- name: Check if UDS file exists + stat: + path: "{{ splunk.home }}/var/run/splunk/cli.socket" + register: socket_file + +- name: Set UDS enabled/disabled + set_fact: + uds_enabled: "{{ socket_file.stat.exists }}" diff --git a/roles/splunk_common/tasks/configure_mgmt_port.yml b/roles/splunk_common/tasks/configure_mgmt_port.yml index 59abc779..b2bf0417 100644 --- a/roles/splunk_common/tasks/configure_mgmt_port.yml +++ b/roles/splunk_common/tasks/configure_mgmt_port.yml @@ -1,4 +1,8 @@ --- +- name: set version fact + set_fact: + installed_splunk_version: "{{ lookup('file', '{{ splunk.home }}/etc/splunk.version') | regex_findall('VERSION=([0-9.]+)') | first }}" + - name: Configure to set Mgmt Mode as auto (Allows UDS) ini_file: dest: "{{ splunk.home }}/etc/system/local/server.conf" @@ -7,7 +11,11 @@ value: "auto" owner: "{{ splunk.user }}" group: "{{ splunk.group }}" - when: splunk.role == "splunk_universal_forwarder" and splunk.splunk_http_enabled|bool == false + when: + - splunk.role == "splunk_universal_forwarder" + - not splunk.splunk_http_enabled | bool + - installed_splunk_version is version("9.1.0", ">=") + - ansible_system is not match("CYGWIN*|Win32NT") - name: Configure to set Mgmt Mode as tcp (Allows only TCP) ini_file: @@ -17,4 +25,7 @@ value: "tcp" owner: "{{ splunk.user }}" group: "{{ splunk.group }}" - when: splunk.role == "splunk_universal_forwarder" and splunk.splunk_http_enabled|bool == true + when: + - splunk.role == "splunk_universal_forwarder" + - splunk.splunk_http_enabled | bool or ansible_system is match("CYGWIN*|Win32NT") + - installed_splunk_version is version("9.1.0", ">=") diff --git a/roles/splunk_common/tasks/configure_uds.yml b/roles/splunk_common/tasks/configure_uds.yml index 25571c9f..976ca536 100644 --- a/roles/splunk_common/tasks/configure_uds.yml +++ b/roles/splunk_common/tasks/configure_uds.yml @@ -5,4 +5,5 @@ owner: "{{ splunk.user }}" group: "{{ splunk.group }}" mode: 0644 - notify: restart splunk \ No newline at end of file + notify: restart splunk + when: uds_enabled | bool \ No newline at end of file diff --git a/roles/splunk_common/tasks/disable_popups.yml b/roles/splunk_common/tasks/disable_popups.yml index 2ee31247..d014bc94 100644 --- a/roles/splunk_common/tasks/disable_popups.yml +++ b/roles/splunk_common/tasks/disable_popups.yml @@ -3,6 +3,7 @@ splunk_api: method: GET url: "/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general?output_mode=json" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -15,13 +16,25 @@ - name: Disable Popups splunk_api: method: POST - url: "{{ item.key }}" + url: "{{ item.url }}" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" - body: "{{ item.value }}" + body: "{{ item.body }}" + body_format: "form-urlencoded" status_code: 200,201,409 with_items: - - { key: "/servicesNS/admin/user-prefs/data/user-prefs/general", value: "hideInstrumentationOptInModal=1¬ification_python_3_impact=false&showWhatsNew=0" } - - { key: "/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general", value: "showOptInModal=0&optInVersionAcknowledged={{ telemetry['json']['entry'][0]['content']['optInVersion'] }}" } - - { key: "/servicesNS/admin/search/data/ui/ui-tour/search-tour", value: "tourPage=search&viewed=1" } + - url: "/servicesNS/admin/user-prefs/data/user-prefs/general" + body: + hideInstrumentationOptInModal: 1 + notification_python_3_impact: false + showWhatsNew: 0 + - url: "/servicesNS/nobody/splunk_instrumentation/admin/telemetry/general" + body: + showOptInModal: 0 + optInVersionAcknowledged: "{{ telemetry['json']['entry'][0]['content']['optInVersion'] }}" + - url: "/servicesNS/admin/search/data/ui/ui-tour/search-tour" + body: + tourPage: search + viewed: 1 diff --git a/roles/splunk_common/tasks/enable_dfs.yml b/roles/splunk_common/tasks/enable_dfs.yml index 34b12d22..83a79b88 100644 --- a/roles/splunk_common/tasks/enable_dfs.yml +++ b/roles/splunk_common/tasks/enable_dfs.yml @@ -3,6 +3,7 @@ splunk_api: url: system/configs/conf-server/dfs method: POST + cert_prefix: "{{ cert_prefix }}" user: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -18,6 +19,7 @@ splunk_api: url: /servicesNS/nobody/system/configs/conf-limits/dfs method: POST + cert_prefix: "{{ cert_prefix }}" svc_port: "{{ splunk.svc_port }}" body: dfc_num_slots: "{{ splunk.dfs.dfc_num_slots }}" @@ -35,6 +37,7 @@ splunk_api: url: system/configs/conf-limits/search method: POST + cert_prefix: "{{ cert_prefix }}" user: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -50,6 +53,7 @@ splunk_api: url: servicesNS/nobody/system/configs/conf-limits/search_optimization%3a%3adfs_job_extractor method: POST + cert_prefix: "{{ cert_prefix }}" user: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -61,6 +65,7 @@ splunk_api: url: servicesNS/nobody/system/configs/conf-limits method: POST + cert_prefix: "{{ cert_prefix }}" user: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -79,13 +84,14 @@ splunk_api: url: servicesNS/nobody/system/configs/conf-limits/search_optimization%3a%3adfs_job_extractor method: POST + cert_prefix: "{{ cert_prefix }}" user: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" body: enabled: "true" commands: "stats,join,sort,head,tail,reverse,dedup,rename,fields,union,from,eval" - status_code: [200] + status_code: [200] timeout: 10 use_proxy: no register: update_dfs_job_extractor_result diff --git a/roles/splunk_common/tasks/enable_forwarder_monitoring.yml b/roles/splunk_common/tasks/enable_forwarder_monitoring.yml index 542b5d3a..3a39b5ff 100644 --- a/roles/splunk_common/tasks/enable_forwarder_monitoring.yml +++ b/roles/splunk_common/tasks/enable_forwarder_monitoring.yml @@ -7,6 +7,7 @@ splunk_api: method: GET url: "{{ dmc_forwarder_assets_url }}?output_mode=json" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -21,6 +22,7 @@ splunk_api: method: POST url: "{{ dmc_forwarder_assets_url }}" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -39,6 +41,7 @@ splunk_api: method: POST url: "{{ dmc_forwarder_assets_url }}/dispatch" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" diff --git a/roles/splunk_common/tasks/extract_app.yml b/roles/splunk_common/tasks/extract_app.yml index 564f686b..aacc693a 100644 --- a/roles/splunk_common/tasks/extract_app.yml +++ b/roles/splunk_common/tasks/extract_app.yml @@ -3,6 +3,7 @@ splunk_api: method: POST url: /services/apps/local + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" diff --git a/roles/splunk_common/tasks/install_apps.yml b/roles/splunk_common/tasks/install_apps.yml index f37a0496..f042e463 100644 --- a/roles/splunk_common/tasks/install_apps.yml +++ b/roles/splunk_common/tasks/install_apps.yml @@ -3,11 +3,12 @@ splunk_api: method: POST url: /services/apps/local + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" body: - name: "{{ app_filepath }}" + name: "{{ app_url }}" update: "true" filename: "true" auth: "{{ splunkbase_token }}" @@ -15,8 +16,8 @@ status_code: 200,201 timeout: 300 when: - - app_filepath is defined - - "'splunkbase.splunk.com' in app_filepath" + - app_url is defined + - "'splunkbase.splunk.com' in app_url" - splunkbase_token is defined - splunkbase_token != None no_log: "{{ hide_password }}" @@ -70,27 +71,28 @@ notify: - Restart the splunkd service -- name: Install app via REST - splunk_api: - method: POST - url: "/services/apps/local" - username: "{{ splunk.admin_user }}" - password: "{{ splunk.password }}" - svc_port: "{{ splunk.svc_port }}" - body: - name: "{{ app_filepath }}" - update: "true" - filename: "true" - status_code: 200,201 - timeout: 90 - body_format: "form-urlencoded" - register: post_apps_local - until: post_apps_local is succeeded - retries: 5 - delay: "{{ retry_delay }}" - changed_when: post_apps_local.status == 201 - when: - - "'itsi' not in app_contents.stdout_lines" - - "'DA-ITSI-ContentLibrary' not in app_contents.stdout_lines" - - app_remote is changed or app_local.stat.exists - no_log: "{{ hide_password }}" + - name: Install app via REST + splunk_api: + method: POST + url: "/services/apps/local" + cert_prefix: "{{ cert_prefix }}" + username: "{{ splunk.admin_user }}" + password: "{{ splunk.password }}" + svc_port: "{{ splunk.svc_port }}" + body: + name: "{{ app_filepath }}" + update: "true" + filename: "true" + status_code: 200,201 + timeout: 90 + body_format: "form-urlencoded" + register: post_apps_local + until: post_apps_local is succeeded + retries: 5 + delay: "{{ retry_delay }}" + changed_when: post_apps_local.status == 201 + when: + - "'itsi' not in app_contents.stdout_lines" + - "'DA-ITSI-ContentLibrary' not in app_contents.stdout_lines" + - app_remote is changed or app_local.stat.exists + no_log: "{{ hide_password }}" diff --git a/roles/splunk_common/tasks/install_python_requirements.yml b/roles/splunk_common/tasks/install_python_requirements.yml index 8d10246a..a33f9b79 100644 --- a/roles/splunk_common/tasks/install_python_requirements.yml +++ b/roles/splunk_common/tasks/install_python_requirements.yml @@ -9,20 +9,24 @@ name: pip extra_args: --upgrade executable: pip3 - when: requests_unixsocket_check is failed + when: requests_unixsocket_check.stdout is undefined - name: Check if pip3 unixsocket exits command: "pip3 list | grep 'requests-unixsocket'" register: requests_unixsocket_check_py3 - when: requests_unixsocket_check is failed + when: requests_unixsocket_check.stdout is undefined ignore_errors: true - name: Install missing requests_unixsocket ansible.builtin.pip: name: "requests_unixsocket" - when: requests_unixsocket_check is succeeded and (requests_unixsocket_check.stdout | length == 0 or requests_unixsocket_check.stdout.find("requests-unixsocket") == -1) + when: + - requests_unixsocket_check.stdout is defined + - requests_unixsocket_check.stdout | length == 0 or requests_unixsocket_check.stdout.find("requests-unixsocket") == -1 - name: Install missing requests_unixsocket PY3 ansible.builtin.pip: name: "requests_unixsocket" - when: requests_unixsocket_check_py3 is succeeded and (requests_unixsocket_check_py3.stdout | length == 0 or requests_unixsocket_check_py3.stdout.find("requests-unixsocket") == -1) + when: + - requests_unixsocket_check_py3.stdout is defined + - requests_unixsocket_check_py3.stdout | length == 0 or requests_unixsocket_check_py3.stdout.find("requests-unixsocket") == -1 diff --git a/roles/splunk_common/tasks/licenses/enable_forwarder_license.yml b/roles/splunk_common/tasks/licenses/enable_forwarder_license.yml index 00f9037e..e3bbb46e 100644 --- a/roles/splunk_common/tasks/licenses/enable_forwarder_license.yml +++ b/roles/splunk_common/tasks/licenses/enable_forwarder_license.yml @@ -3,6 +3,7 @@ splunk_api: method: GET url: "/services/licenser/groups/Forwarder?output_mode=json" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -16,6 +17,7 @@ splunk_api: method: POST url: "/services/licenser/groups/Forwarder?output_mode=json" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -24,4 +26,4 @@ body_format: "form-urlencoded" status_code: [200] timeout: 10 - when: not check_fwd_lic.content.json.entry[0].content.is_active + when: not check_fwd_lic.json.entry[0].content.is_active diff --git a/roles/splunk_common/tasks/licenses/enable_free_license.yml b/roles/splunk_common/tasks/licenses/enable_free_license.yml index 922f086a..5292100e 100644 --- a/roles/splunk_common/tasks/licenses/enable_free_license.yml +++ b/roles/splunk_common/tasks/licenses/enable_free_license.yml @@ -3,6 +3,7 @@ splunk_api: method: GET url: "/services/licenser/groups/Free?output_mode=json" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -18,6 +19,7 @@ splunk_api: method: POST url: "/services/licenser/groups/Free?output_mode=json" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" diff --git a/roles/splunk_common/tasks/main.yml b/roles/splunk_common/tasks/main.yml index c624b3e6..bbe667a3 100644 --- a/roles/splunk_common/tasks/main.yml +++ b/roles/splunk_common/tasks/main.yml @@ -126,13 +126,8 @@ - include_tasks: start_splunk.yml -- name: Check if UDS file exists - stat: - path: "/opt/splunkforwarder/var/run/splunk/cli.socket" - register: uds_socket_exists - - include_tasks: set_certificate_prefix.yml - when: not uds_socket_exists.stat.exists + when: not uds_enabled | bool - include_tasks: clean_user_seed.yml diff --git a/roles/splunk_common/tasks/peer_cluster_master.yml b/roles/splunk_common/tasks/peer_cluster_master.yml index 4e2d50ac..5eeb1d1c 100644 --- a/roles/splunk_common/tasks/peer_cluster_master.yml +++ b/roles/splunk_common/tasks/peer_cluster_master.yml @@ -3,13 +3,12 @@ vars: splunk_instance_address: "{{ splunk.cluster_master_url }}" -# Do I need to upate this line? # http://docs.splunk.com/Documentation/Splunk/latest/DistSearch/SHCandindexercluster#Integrate_with_a_single-site_indexer_cluster - name: Peer cluster master TCP command: "{{ splunk.exec }} edit cluster-config -mode searchhead -master_uri {{ cert_prefix }}://{{ splunk.cluster_master_url }}:{{ splunk.svc_port }} -replication_port {{ splunk.idxc.replication_port }} -secret '{{ splunk.idxc.pass4SymmKey }}' -auth '{{ splunk.admin_user }}:{{ splunk.password }}'" become: yes become_user: "{{ splunk.user }}" - when: splunk.splunk_http_enabled|bool == true + when: not uds_enabled | bool register: peer_cluster_master until: peer_cluster_master.rc == 0 or "Cannot edit this searchhead" in peer_cluster_master.stderr changed_when: peer_cluster_master.rc == 0 @@ -25,7 +24,7 @@ command: "{{ splunk.exec }} edit cluster-config -mode searchhead -master_uri http+unix://{{ splunk.uds_socket_path_url }} -replication_port {{ splunk.idxc.replication_port }} -secret '{{ splunk.idxc.pass4SymmKey }}' -auth '{{ splunk.admin_user }}:{{ splunk.password }}'" become: yes become_user: "{{ splunk.user }}" - when: splunk.splunk_http_enabled|bool == false + when: uds_enabled | bool register: peer_cluster_master until: peer_cluster_master.rc == 0 or "Cannot edit this searchhead" in peer_cluster_master.stderr changed_when: peer_cluster_master.rc == 0 diff --git a/roles/splunk_common/tasks/premium_apps/configure_ess.yml b/roles/splunk_common/tasks/premium_apps/configure_ess.yml index 1f244a81..8de5bdd5 100644 --- a/roles/splunk_common/tasks/premium_apps/configure_ess.yml +++ b/roles/splunk_common/tasks/premium_apps/configure_ess.yml @@ -12,6 +12,7 @@ password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" timeout: 10 + cert_prefix: "{{ cert_prefix }}" register: ess_info no_log: "{{ hide_password }}" diff --git a/roles/splunk_common/tasks/set_as_hec_receiver.yml b/roles/splunk_common/tasks/set_as_hec_receiver.yml index 59e75d91..84fcd85a 100644 --- a/roles/splunk_common/tasks/set_as_hec_receiver.yml +++ b/roles/splunk_common/tasks/set_as_hec_receiver.yml @@ -1,23 +1,6 @@ --- # TODO: Remove all secondary conditionals on deprecation of splunk.hec_* variables -- name: Setup global HEC - splunk_api: - url: "/services/data/inputs/http/http" - method: POST - cert_prefix: "{{ cert_prefix }}" - username: "{{ splunk.admin_user }}" - password: "{{ splunk.password }}" - svc_port: "{{ splunk.svc_port }}" - body: - disabled: "{% if ('hec' in splunk and 'enable' in splunk.hec and splunk.hec.enable | bool) or ('hec_disabled' in splunk and not splunk.hec_disabled | bool) %}0{% else %}1{% endif %}" - enableSSL: "{% if ('hec' in splunk and 'ssl' in splunk.hec and splunk.hec.ssl | bool) or ('hec_enableSSL' in splunk and splunk.hec_enableSSL | bool) %}1{% else %}0{% endif %}" - port: "{% if 'hec' in splunk and 'port' in splunk.hec and splunk.hec.port %}{{ splunk.hec.port }}{% elif 'hec_port' in splunk and splunk.hec_port %}{{ splunk.hec_port }}{% else %}8088{% endif %}" - serverCert: "{% if 'hec' in splunk and 'cert' in splunk.hec and splunk.hec.cert %}{{ splunk.hec.cert }}{% endif %}" - sslPassword: "{% if 'hec' in splunk and 'password' in splunk.hec and splunk.hec.password %}{{ splunk.hec.password }}{% endif %}" - body_format: "form-urlencoded" - register: sample - - name: Get existing HEC token splunk_api: url: "/services/data/inputs/http/splunk_hec_token?output_mode=json" @@ -36,12 +19,14 @@ # The REST API does not support modifying tokens in-place, so we'll need to delete/re-create - name: Remove existing HEC token - uri: - url: "{{ cert_prefix }}://127.0.0.1:{{ splunk.svc_port }}/services/data/inputs/http/splunk_hec_token" + splunk_api: + url: "/services/data/inputs/http/splunk_hec_token" method: DELETE - user: "{{ splunk.admin_user }}" + cert_prefix: "{{ cert_prefix }}" + username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" - status_code: 200,404 + status_code: [200, 404] + svc_port: "{{ splunk.svc_port }}" timeout: 60 use_proxy: no register: delete_hec_token @@ -68,5 +53,21 @@ register: create_hec_token changed_when: create_hec_token.status == 201 when: - - hec_token is defined and hec_token.status == 200 - ('hec' in splunk and 'token' in splunk.hec and splunk.hec.token) or ('hec_token' in splunk and splunk.hec_token) + +- name: Setup global HEC + splunk_api: + url: "/services/data/inputs/http/http" + method: POST + cert_prefix: "{{ cert_prefix }}" + username: "{{ splunk.admin_user }}" + password: "{{ splunk.password }}" + svc_port: "{{ splunk.svc_port }}" + body: + disabled: "{% if ('hec' in splunk and 'enable' in splunk.hec and splunk.hec.enable | bool) or ('hec_disabled' in splunk and not splunk.hec_disabled | bool) %}0{% else %}1{% endif %}" + enableSSL: "{% if ('hec' in splunk and 'ssl' in splunk.hec and splunk.hec.ssl | bool) or ('hec_enableSSL' in splunk and splunk.hec_enableSSL | bool) %}1{% else %}0{% endif %}" + port: "{% if 'hec' in splunk and 'port' in splunk.hec and splunk.hec.port %}{{ splunk.hec.port }}{% elif 'hec_port' in splunk and splunk.hec_port %}{{ splunk.hec_port }}{% else %}8088{% endif %}" + serverCert: "{% if 'hec' in splunk and 'cert' in splunk.hec and splunk.hec.cert %}{{ splunk.hec.cert }}{% endif %}" + sslPassword: "{% if 'hec' in splunk and 'password' in splunk.hec and splunk.hec.password %}{{ splunk.hec.password }}{% endif %}" + body_format: "form-urlencoded" + register: sample diff --git a/roles/splunk_common/tasks/set_certificate_prefix.yml b/roles/splunk_common/tasks/set_certificate_prefix.yml index 19abcbf0..9bc6c195 100644 --- a/roles/splunk_common/tasks/set_certificate_prefix.yml +++ b/roles/splunk_common/tasks/set_certificate_prefix.yml @@ -1,9 +1,4 @@ --- -- name: Check if UDS file exists - stat: - path: "/opt/splunkforwarder/var/run/splunk/cli.socket" - register: uds_socket_exists - - name: "Test basic https endpoint" uri: url: "https://127.0.0.1:{{ splunk.svc_port }}" @@ -13,7 +8,7 @@ timeout: 10 use_proxy: no register: ssl_enabled - when: not uds_socket_exists.stat.exists + when: not uds_enabled | bool ignore_errors: true delay: "{{ retry_delay }}" retries: "{{ retry_num }}" diff --git a/roles/splunk_common/tasks/set_mgmt_port.yml b/roles/splunk_common/tasks/set_mgmt_port.yml index cfc9cd14..9ccffcc4 100644 --- a/roles/splunk_common/tasks/set_mgmt_port.yml +++ b/roles/splunk_common/tasks/set_mgmt_port.yml @@ -9,6 +9,21 @@ group: "{{ splunk.group }}" when: - "'svc_port' in splunk" + - ansible_system is not match("CYGWIN*|Win32NT") + register: set_mgmt_port + +- name: Set mgmt port (Windows) + ini_file: + dest: "{{ splunk.home }}/etc/system/local/web.conf" + section: settings + option: "mgmtHostPort" + value: "127.0.0.1:{{ splunk.svc_port }}" + owner: "{{ splunk.user }}" + group: "{{ splunk.group }}" + when: + - "'svc_port' in splunk" + - ansible_system is match("CYGWIN*|Win32NT") + - splunk.svc_port | int != 8089 register: set_mgmt_port # Restart only when Splunk is running and when any of the above have changed diff --git a/roles/splunk_common/tasks/start_splunk.yml b/roles/splunk_common/tasks/start_splunk.yml index 88220dd1..3c26e146 100644 --- a/roles/splunk_common/tasks/start_splunk.yml +++ b/roles/splunk_common/tasks/start_splunk.yml @@ -50,15 +50,12 @@ - splunk.enable_service - ansible_os_family == "Windows" -- name: Check if UDS file exists - stat: - path: "/opt/splunkforwarder/var/run/splunk/cli.socket" - register: uds_socket_exists +- include_tasks: check_uds_file.yml - name: "Wait for splunkd management port" wait_for: port: "{{ splunk.svc_port }}" - when: not uds_socket_exists.stat.exists + when: not uds_enabled | bool - name: Flush restart handlers meta: flush_handlers diff --git a/roles/splunk_common/tasks/wait_for_splunk_instance.yml b/roles/splunk_common/tasks/wait_for_splunk_instance.yml index 12e304c5..1f74ec5d 100644 --- a/roles/splunk_common/tasks/wait_for_splunk_instance.yml +++ b/roles/splunk_common/tasks/wait_for_splunk_instance.yml @@ -1,9 +1,11 @@ --- -- name: Check Splunk instance is running - splunk_api: - url: "" +# Use wait_for_splunk_process.yml for local (non-remote) instances +# This play does not support UDS endpoints on remote forwarders +- name: Check remote Splunk instance is running + uri: + url: "{{ scheme | default(cert_prefix) }}://{{ splunk_instance_address }}:{{ port | default(splunk.svc_port) }}" method: GET - svc_port: "{{ port | default(splunk.svc_port) }}" + validate_certs: false use_proxy: no register: task_response until: @@ -12,4 +14,3 @@ delay: "{{ retry_delay }}" ignore_errors: true no_log: "{{ hide_password }}" -# INFRA-38882 diff --git a/roles/splunk_common/tasks/wait_for_splunk_process.yml b/roles/splunk_common/tasks/wait_for_splunk_process.yml index 439c8a1d..e238dc51 100644 --- a/roles/splunk_common/tasks/wait_for_splunk_process.yml +++ b/roles/splunk_common/tasks/wait_for_splunk_process.yml @@ -5,14 +5,9 @@ state: present when: ansible_system is match("Linux") -- name: Check if UDS file exists - stat: - path: "/opt/splunkforwarder/var/run/splunk/cli.socket" - register: uds_socket_exists - - name: Wait for the Splunk service port to be available wait_for: host: 127.0.0.1 port: "{{ splunk.svc_port }}" timeout: 180 - when: not uds_socket_exists.stat.exists + when: not uds_enabled | bool diff --git a/roles/splunk_deployer/tasks/main.yml b/roles/splunk_deployer/tasks/main.yml index 2a553370..6255ebae 100644 --- a/roles/splunk_deployer/tasks/main.yml +++ b/roles/splunk_deployer/tasks/main.yml @@ -23,6 +23,7 @@ splunk_api: method: POST url: "/servicesNS/nobody/system/configs/conf-app/shclustering" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" diff --git a/roles/splunk_monitor/tasks/adding_peers.yml b/roles/splunk_monitor/tasks/adding_peers.yml index 09e74a42..2c0ce2dd 100644 --- a/roles/splunk_monitor/tasks/adding_peers.yml +++ b/roles/splunk_monitor/tasks/adding_peers.yml @@ -3,6 +3,7 @@ splunk_api: method: GET url: "/servicesNS/nobody/search/configs/conf-distsearch/distributedSearch?output_mode=json" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" diff --git a/roles/splunk_monitor/tasks/initialize_dmc.yml b/roles/splunk_monitor/tasks/initialize_dmc.yml index ebee7981..e7508024 100644 --- a/roles/splunk_monitor/tasks/initialize_dmc.yml +++ b/roles/splunk_monitor/tasks/initialize_dmc.yml @@ -3,6 +3,7 @@ splunk_api: method: GET url: "/servicesNS/nobody/splunk_monitoring_console/saved/searches/DMC%20Asset%20-%20Build%20Full?output_mode=json" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -16,6 +17,7 @@ splunk_api: method: POST url: "/servicesNS/nobody/splunk_monitoring_console/saved/searches/DMC%20Asset%20-%20Build%20Full/dispatch" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -31,6 +33,7 @@ splunk_api: method: GET url: "/servicesNS/nobody/splunk_monitoring_console/data/ui/nav/default.distributed?output_mode=json" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -44,6 +47,7 @@ splunk_api: method: POST url: "/servicesNS/nobody/splunk_monitoring_console/data/ui/nav/default" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -56,6 +60,7 @@ splunk_api: method: POST url: "/servicesNS/nobody/splunk_monitoring_console/configs/conf-splunk_monitoring_console_assets/settings" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -72,9 +77,16 @@ splunk_api: method: POST url: "/servicesNS/nobody/system/apps/local/splunk_monitoring_console" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" - body: "author=Splunk&check_for_updates=1&configured=1&label=Monitoring+Console&version={{ settings.json['generator']['version'] }}&visible=1" - body_format: "form" + body: + author: Splunk + check_for_updates: 1 + configured: 1 + label: "Monitoring Console" + version: "{{ settings.json['generator']['version'] }}" + visible: 1 + body_format: "form-urlencoded" status_code: "200,201,409" diff --git a/roles/splunk_monitor/tasks/main.yml b/roles/splunk_monitor/tasks/main.yml index d7d36be2..f2ca4923 100644 --- a/roles/splunk_monitor/tasks/main.yml +++ b/roles/splunk_monitor/tasks/main.yml @@ -8,6 +8,7 @@ splunk_api: method: GET url: "/services/server/info/server-info?output_mode=json" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -25,6 +26,7 @@ splunk_api: method: GET url: "/services/cluster/master/peers?output_mode=json&count=0" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -48,6 +50,7 @@ splunk_api: method: GET url: "/services/search/distributed/peers?output_mode=json&count=0" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -68,6 +71,7 @@ splunk_api: method: GET url: "/services/search/distributed/peers?output_mode=json&count=0" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" diff --git a/roles/splunk_monitor/tasks/post_calls.yml b/roles/splunk_monitor/tasks/post_calls.yml index a516e501..3abbf537 100644 --- a/roles/splunk_monitor/tasks/post_calls.yml +++ b/roles/splunk_monitor/tasks/post_calls.yml @@ -13,6 +13,7 @@ splunk_api: method: POST url: "/services/search/distributed/groups" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -35,6 +36,7 @@ splunk_api: method: POST url: "/services/search/distributed/groups/{{ item }}/edit" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" @@ -57,10 +59,14 @@ splunk_api: method: POST url: "/services/search/distributed/groups" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" - body: "member={{ item.name }}&default=false&name=dmc_indexerclustergroup_{{ item.cluster_label }}" + body: + member: {{ item.name }} + default: false + name: dmc_indexerclustergroup_{{ item.cluster_label }}" body_format: "form-urlencoded" status_code: "201,409" timeout: 10 @@ -73,10 +79,14 @@ splunk_api: method: POST url: "/services/search/distributed/groups" + cert_prefix: "{{ cert_prefix }}" username: "{{ splunk.admin_user }}" password: "{{ splunk.password }}" svc_port: "{{ splunk.svc_port }}" - body: "member={{ item.name }}&default=false&name=dmc_indexerclustergroup_{{ item.cluster_label }}/edit" + body: + member: {{ item.name }} + default: false + name: dmc_indexerclustergroup_{{ item.cluster_label }}/edit" body_format: "form-urlencoded" status_code: "201,409" timeout: 10 diff --git a/roles/splunk_search_head/tasks/search_head_clustering.yml b/roles/splunk_search_head/tasks/search_head_clustering.yml index 1dac44db..8d181e0b 100644 --- a/roles/splunk_search_head/tasks/search_head_clustering.yml +++ b/roles/splunk_search_head/tasks/search_head_clustering.yml @@ -29,6 +29,7 @@ status_code: "200,409" timeout: 10 use_proxy: no + cert_prefix: "{{ cert_prefix }}" notify: - Restart the splunkd service register: preferred_captaincy_result diff --git a/roles/splunk_universal_forwarder/tasks/main.yml b/roles/splunk_universal_forwarder/tasks/main.yml index 96ec4956..e30d01c9 100644 --- a/roles/splunk_universal_forwarder/tasks/main.yml +++ b/roles/splunk_universal_forwarder/tasks/main.yml @@ -1,6 +1,4 @@ --- -- include_tasks: ../../../roles/splunk_common/tasks/set_as_hec_receiver.yml - - include_tasks: ../../../roles/splunk_common/tasks/set_as_deployment_client.yml when: - splunk.deployment_server is defined @@ -39,4 +37,6 @@ notify: - Restart the splunkd service +- include_tasks: ../../../roles/splunk_common/tasks/set_as_hec_receiver.yml + - include_tasks: ../../../roles/splunk_common/tasks/check_for_required_restarts.yml diff --git a/roles/splunk_universal_forwarder/tasks/set_mgmt_mode.yml b/roles/splunk_universal_forwarder/tasks/set_mgmt_mode.yml deleted file mode 100644 index fccad701..00000000 --- a/roles/splunk_universal_forwarder/tasks/set_mgmt_mode.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Set Mgmt Mode - ini_file: - dest: "{{ splunk.home }}/etc/system/local/server.conf" - option: "mgmtMode" - value: "auto" - owner: "{{ splunk.user }}" - group: "{{ splunk.group }}" diff --git a/test-playbook.yml b/test-playbook.yml deleted file mode 100644 index 6bcf78d4..00000000 --- a/test-playbook.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Run default Splunk provisioning - hosts: localhost - gather_facts: true - strategy: free - environment: "{{ ansible_environment | default({}) }}" - tasks: - - name: Get existing HEC token - splunk_api: - url: "/services/data/inputs/http/splunk_hec_token?output_mode=json" - method: GET - user: "{{ splunk.admin_user }}" - password: "{{ splunk.password }}" - status_code: [200, 404] - register: hec_token - when: ('hec' in splunk and 'token' in splunk.hec) or ('hec_token' in splunk) - no_log: "{{ hide_password }}" \ No newline at end of file