-
Notifications
You must be signed in to change notification settings - Fork 48
/
configuration_description.yml
378 lines (337 loc) · 11.6 KB
/
configuration_description.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
---
# splunk_config.yml
plugin: splunk-platform-automator
######################################################################
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# This is not a working example
# This file documents all the possible config settings
#
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
######################################################################
# General settings
general:
# Force a certain language in the created links in index.html
url_locale: en-GB
# Custom settings
custom:
# Use this section for example, if no vagrant is used and you need to define ansible connection settings, like
ansible_port: 22
ansible_user: ansible
ansible_ssh_private_key_file: "~/.ssh/ansible_id_rsa"
# Virtualbox settings
virtualbox:
# VirtualBox will only allow IP addresses in 192.68.56.0/21 range, see: https://www.virtualbox.org/manual/ch06.html#network_hostonly
start_ip: 192.168.60.200 # Defaul: 192.168.60.100
box: "centos/7"
# box: "ubuntu/xenial64"
memory: 512
cpus: 1
# Install vbox guest additions
install_vbox_additions: false # true/false
# You need to install vagrant plugin vagrant-vbguest to mount folders
synced_folder:
# - source: "../../Documents/Splunk/Software"
# target: "/Splunk_Software"
# Operating System definitions
os:
# Execute remote commands before ansible is called.
# Example: Workaround for missing python in ubuntu/xenial64
remote_command: 'which python || (sudo apt-get update; sudo apt-get -y install python)'
# Example for missing ACL support in Ubuntu on AWS. But can be added in the os.packages section as well.
remote_command: 'sudo apt-get install -y acl'
# The timezone defaults to the vagrant host timezone, but you can set another one here
time_zone: "Europe/Zurich"
# If you want to manually control the time sync cron
enable_time_sync_cron: false # Default true for virtualbox
# Install additional packages
packages:
- acl
- polkit
- unzip
- epel-release
- sysstat
- lsof
- net-tools
# Set hostname to ansible_inventory name
set_hostname: true
# Disable SELinux
disable_selinux: true
# Disable AppArmor
disable_apparmor: true
# Do not update /etc/hosts file
update_hosts_file: false
# Do not create splunk group/user
splunk_group_create: false
splunk_user_create: false
splunk_defaults:
# Defines the environment name and org name for the base_config apps
splunk_env_name: splunk1
# Specify a Splunk version. Will use the latest found when not set or set to 'latest'. Can also be set on the host level
splunk_version: '8.2.4'
# Specify a Splunk architecture. This is the os architecture portion in the splunk archive name. Will use 'amd64' if not set. Can also be set on the host level
splunk_architecture: amd64
# Enable FIPS mode for Splunk. Can also be set on the host level.
splunk_fips: true
# Download Splunk archive from splunk.com. The archive must still be found in the
# local Software directory to fulfill the software download agreement
splunk_download:
splunk: true
splunkforwarder: true
# admin user password
splunk_admin_password: 'splunklab1'
# Give a path to a license file. Must be located in splunk_software_dir
splunk_license_file: Splunk_Enterprise.lic
# If there is an existing license server. Specify an IP or FQDN
splunk_license_server: license.splunk.local
# If you deploy to a cloud like AWS you may want to set the serverName variable
# and/or default-hostname to the inventory name
splunk_set_servername: true
splunk_set_default_hostname: true
# Turn of loginpage info, if not needed
splunk_loginpage_print_hostname: false
splunk_loginpage_print_userpw: false
splunk_loginpage_print_roles: false
# Disable checking for policykit, will install a sudo rule, if polkit is not found.
# You can add the package to be installed in the os.packages section
splunk_use_policykit: false
# Disable the usage of the new wiredTiger KV Store Engine (8.1+)
splunk_kv_store_engine_wiredtiger: false
# Add Splunk config settings to a file location relative to $SPLUNK_HOME/etc
# This will be applied to all Splunk Enterprise Instances
splunk_conf:
apps/splunk_all_server/local/server.conf: # Conf file name in an app
diskUsage: # Stanza name [diskUsage]
minFreeSpace: 500 # value to be set
otherthing: othervalue
otherstanza:
key: value
system/local/limits.conf: # File in system/local
stanzaname:
key: value
# Define additional indexes to be created on the indexers.
# Per default there will be a 'test' and 'test_metrics' index created.
# Volume definitions can be set in the splunk_indexer_volumes section. Otherwise creates a 'primary' volume
# You can define index settings for each index. Specifying homePath, coldPath and thawedPath is not needed.
splunk_indexes:
test1:
frozenTimePeriodInSecs: 604800
test2_metrics:
datatype: metric
test3:
# Set this to false, if you do not want to have default path settings in the [default] stanza
# They will be written to each defined index instead above.
splunk_indexes_default_paths: false
# Define Indexer Volumes (filesystem must exist)
splunk_indexer_volumes:
primary:
path: "/splunkdata/hot" # Defaults to "{{splunk_home}}/var/lib/splunk" otherwise
maxVolumeDataSizeMB: 50000 # Will ignore VolumeDataSize_Free_MB, if set directly here
cold:
path: "/splunkdata/cold"
maxVolumeDataSizeMB: 50000
# _splunk_summaries:
# path: /splunk/dma
# Set the default for volumes
splunk_volume_defaults:
VolumeDataSize_Free_MB: 800 # Will calculate maxVolumeDataSizeMB as 'fs_free - VolumeDataSize_Free_MB'
# Define the volumes to be used for the indexes
homePath: primary
coldPath: cold
# Enable SSL for web, inputs and outputs. Own certs can be provided and have to be put
# inside splunk-platform-automator/auth directory. If own_certs=false the Splunk internal self-signed
# ones are used.
splunk_ssl:
web:
enable: true
own_certs: true
# For web private keys the cert filename must match
# the systems name given in the splunk_hosts section.
# Example: cm -> cm.pem
config:
enableSplunkWebSSL: true
privKeyPath: etc/auth/{{splunk_env_name}}/custom_privkey.web.pem
serverCert: etc/auth/{{splunk_env_name}}/custom_cacert.pem
inputs:
enable: true
own_certs: true
# If own certs are provided, they must match the filename given here
config:
rootCA: "$SPLUNK_HOME/etc/auth/{{splunk_env_name}}/custom_cacert.pem"
serverCert: "$SPLUNK_HOME/etc/auth/{{splunk_env_name}}/custom_inputs_server.pem"
password: "password"
outputs:
enable: true
own_certs: true
# If own certs are provided, they must match the filename given here
config:
sslRootCAPath: "custom_cacert.pem"
sslCertPath: "custom_outputs_server.pem"
sslPassword: "password"
# Share the same splunk.secret file with all Splunk nodes
# Note: You must first deploy splunk to one host only to store the splunk.secret file
# You can do that by running: ansible-playbook ansible/setup_common.yml ansible/install_splunk.yml --limit <one_host_from_the_list>
# After that you can run ansible/deploy_site.yml to all hosts
splunk_secret_share:
# for Splunk Enterprise
splunk: true
# for Splunk Universal Forwarders
splunkforwarder: true
# use the same for both install types
equal: true
splunk_dirs:
# Location of the extracted baseconfig apps
splunk_baseconfig_dir: ../Software
# This is where the splunk install archives are searched for
splunk_software_dir: ../Software
splunk_apps:
# Location where to save the base config apps on the Ansible host.
#splunk_save_baseconfig_apps_dir: apps
# Save a copy of all the baseconfig apps
splunk_save_baseconfig_apps: true
# Save a copy of the serverclass file
splunk_save_serverclass: true
# Splunk general settings
splunk_environments:
- splunk_env_name: splunk1
splunk_version: '7.0.1'
splunk_admin_password: 'splunklab'
# Give a path to a license file. Must be located in splunk_software_dir
splunk_license_file: Splunk_Enterprise.lic
# Define some indexes to be created on the indexers
splunk_indexes:
test1:
frozenTimePeriodInSecs: 604800
test2_metrics:
datatype: metric
test3:
# Indexer Cluster settings
splunk_idxclusters:
- idxc_name: idxc1
idxc_password: splunkidxc
idxc_replication_port: 9887
idxc_site_rf: 'origin:2, total:2'
idxc_site_sf: 'origin:2, total:2'
# For non multi-site clusters use these two settings
#idxc_rf: 2
#idxc_sf: 2
# Enable indexer discovery
#idxc_discovery_password: idxdisco
# Search Head Cluster settings
splunk_shclusters:
- shc_name: shc1
shc_site: site0
shc_password: splunkshc
shc_replication_port: 9887
# Splunk hosts with its settings
splunk_hosts:
# Cluster Manager
- name: cm
# You can set host specific vbox resources here as well
virtualbox:
cpus: 2
memory: 1024
# You can set an ip addr here, which overrides the dynamic one
# ip_addr: 192.168.2.210
# You can also set os specific configurations here
os:
time_zone: "America/Los_Angeles"
# Install additional packages
packages:
- unzip
- lsof
roles:
- cluster_manager
- license_manager
# Name the indexer cluster to be master of
idxcluster: idxc1
site: site0
# Specify different version for this host
splunk_version: '6.5.3'
# Only enable FIPS mode for this host
splunk_fips: true
# Custom settings
custom:
# Use this section for example, if no vagrant is used and you need to define ansible connection settings, like
ansible_host: 172.16.1.100
# Special settings can be set for one host only
# Other file definitions will be merged with the global settings
splunk_conf:
apps/splunk_all_server/local/server.conf: # Conf file name in an app
diskUsage: # Stanza name [diskUsage]
minFreeSpace: 500 # value to be set
otherthing: othervalue
otherstanza:
key: value
system/local/limits.conf: # File in system/local
stanzaname:
key: value
# Create a list of hosts
# Cluster Indexer
- list:
- idx1
- idx2
roles:
- indexer
# Name the indexer cluster to be a member of
idxcluster: idxc1
site: site1
# Create a list of hosts and iterate a number
# Cluster Indexer
- iter:
prefix: idx
numbers: 2..3
#postfix: _server
roles:
- indexer
idxcluster: idxc1
site: site2
# Cluster Indexer
- name: idx4
roles:
- indexer
# Name the indexer cluster to be a member of
idxcluster: idxc1
site: site3
# Cluster Indexer
- name: idx5
roles:
- indexer
idxcluster: idxc1
site: site3
# Deployment Server
- name: ds
roles:
- deployment_server
- deployer
# Name the search head cluster deploy packages to
shcluster: shc1
# Single Indexer
- name: idx5
roles:
- indexer
# Search Head Cluster Members
- iter:
prefix: sh
numbers: 1..3
roles:
- search_head
shcluster: shc1
# Single Search Head
- name: smc
roles:
- monitoring_console
# Heavy Forwarder
- name: hf1
roles:
- heavy_forwarder
# Universal Forwarder
- name: uf1
roles:
- universal_forwarder
os:
# packages needed for Unix TA
packages:
- net-tools
- lsof
- sysstat