Splunk_Docker/New-smaller/splunk-ansible/docs/execution_patterns/remote/README.md

# Remote Execution
This folder provides guidance in how to use `splunk-ansible` from a controller node, setting up and provisioning a Splunk Enterprise indexer cluster on a series of remote instances. Or visually, the example shown here can be represented by the diagram below:

![diagram](./remote-diagram.png)

## Configure hosts
First, we'll need a few hosts to run these Ansible plays against. These can be bare-metal machines in a datacenter, cloud-provisioned VMs, or for demonstration purposes a set of containers running `sshd` locally. For more information on what's in the container image used, please see the [Dockerfile](./Dockerfile) in this directory.

Additionally, see the [docker-compose.yml](./docker-compose.yml) file included for how the multiple containers are defined to assume the roles in the Splunk deployment.
```bash
$ docker-compose up -d
```

## Setup hosts file
Ansible's inventory files are used to define the multiple nodes or hosts you plan on managing. For more information, see [how to build your inventory](https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#inventory-basics-formats-hosts-and-groups) on Ansible's documentation. 

For our use case, we will be add all the hosts used to compose the indexer cluster in the [hosts.yml](./hosts.yml) file. The key things here are:
* Each host is added to the respective group matching the Splunk role it expects to fulfill
* In addition to group membership, each instance should have a matching `splunk.role` variable defined
* All top-level variables, including SSH connection parameters - for instance user, password, and port - can be included in `all.vars`
* Host-specific variables can be defined at the individual host level

Given that we are using Docker containers for the target hosts in this example, the corresponding `hosts.yml` file will look like the following:
```
all:
  vars:
    # These vars are used to access the remote hosts
    ansible_user: root
    ansible_password: screencast
  children:
    # Configure individual information about each Splunk Enterprise instance
    splunk_search_head:
      hosts:
        sh1:
          ansible_port: 2222
          ansible_host: 0.0.0.0
          splunk:
            role: splunk_search_head
    splunk_cluster_master:
      hosts:
        cm1:
          ansible_port: 2223
          ansible_host: 0.0.0.0
          splunk:
            role: splunk_cluster_master
    splunk_indexer:
      hosts:
        idx1:
          ansible_port: 2224
          ansible_host: 0.0.0.0
          splunk:
            role: splunk_indexer
        idx2:
          ansible_port: 2225
          ansible_host: 0.0.0.0
          splunk:
            role: splunk_indexer
        idx3:
          ansible_port: 2226
          ansible_host: 0.0.0.0
          splunk:
            role: splunk_indexer
```

## Test connection
Ansible's `ping` module can be used to quickly confirm that:
1. The `hosts.yml` file is setup properly
2. The target instances are reachable from the controller node

To test the connection, run:
```bash
$ ansible -i hosts.yml all -m ping
```

## Setup variables
The playbooks in `splunk-ansible` use a series of variables that drive how Splunk is configured. These are known as the `default.yml`, and the full spec can be found [here](https://github.com/splunk/splunk-ansible/blob/develop/inventory/splunk_defaults_linux.yml).

To generate a template of this `default.yml`, you can use Splunk's official Docker image as follows:
```bash
$ docker run -it splunk/splunk:latest create-defaults > default.yml
```

If you plan on running Ansible remotely, there are a few key variables you must make sure you define:
* `splunk.role`: the role this instance will play in the Splunk Enterprise deployment
* `splunk.build_location`: URL to dynamically fetch the Splunk Enterprise build and install it at run time
* `splunk.password`: default `admin` user password that Splunk will be provisioned with on first-time run

## Deploy Splunk
Once the `default.yml` has been setup to your liking, execute the following command to setup the indexer cluster:
```bash
ansible-playbook -i hosts.yml site.yml -e "@default.yml"
```
Inital Commit 8 months ago			`# Remote Execution`
			This folder provides guidance in how to use `splunk-ansible` from a controller node, setting up and provisioning a Splunk Enterprise indexer cluster on a series of remote instances. Or visually, the example shown here can be represented by the diagram below:

			`![diagram](./remote-diagram.png)`

			`## Configure hosts`
			First, we'll need a few hosts to run these Ansible plays against. These can be bare-metal machines in a datacenter, cloud-provisioned VMs, or for demonstration purposes a set of containers running `sshd` locally. For more information on what's in the container image used, please see the [Dockerfile](./Dockerfile) in this directory.

			`Additionally, see the [docker-compose.yml](./docker-compose.yml) file included for how the multiple containers are defined to assume the roles in the Splunk deployment.`
			```bash
			`$ docker-compose up -d`
			```

			`## Setup hosts file`
			`Ansible's inventory files are used to define the multiple nodes or hosts you plan on managing. For more information, see [how to build your inventory](https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#inventory-basics-formats-hosts-and-groups) on Ansible's documentation.`

			`For our use case, we will be add all the hosts used to compose the indexer cluster in the [hosts.yml](./hosts.yml) file. The key things here are:`
			`* Each host is added to the respective group matching the Splunk role it expects to fulfill`
			* In addition to group membership, each instance should have a matching `splunk.role` variable defined
			* All top-level variables, including SSH connection parameters - for instance user, password, and port - can be included in `all.vars`
			`* Host-specific variables can be defined at the individual host level`

			Given that we are using Docker containers for the target hosts in this example, the corresponding `hosts.yml` file will look like the following:
			```
			`all:`
			`vars:`
			`# These vars are used to access the remote hosts`
			`ansible_user: root`
			`ansible_password: screencast`
			`children:`
			`# Configure individual information about each Splunk Enterprise instance`
			`splunk_search_head:`
			`hosts:`
			`sh1:`
			`ansible_port: 2222`
			`ansible_host: 0.0.0.0`
			`splunk:`
			`role: splunk_search_head`
			`splunk_cluster_master:`
			`hosts:`
			`cm1:`
			`ansible_port: 2223`
			`ansible_host: 0.0.0.0`
			`splunk:`
			`role: splunk_cluster_master`
			`splunk_indexer:`
			`hosts:`
			`idx1:`
			`ansible_port: 2224`
			`ansible_host: 0.0.0.0`
			`splunk:`
			`role: splunk_indexer`
			`idx2:`
			`ansible_port: 2225`
			`ansible_host: 0.0.0.0`
			`splunk:`
			`role: splunk_indexer`
			`idx3:`
			`ansible_port: 2226`
			`ansible_host: 0.0.0.0`
			`splunk:`
			`role: splunk_indexer`
			```

			`## Test connection`
			Ansible's `ping` module can be used to quickly confirm that:
			1. The `hosts.yml` file is setup properly
			`2. The target instances are reachable from the controller node`

			`To test the connection, run:`
			```bash
			`$ ansible -i hosts.yml all -m ping`
			```

			`## Setup variables`
			The playbooks in `splunk-ansible` use a series of variables that drive how Splunk is configured. These are known as the `default.yml`, and the full spec can be found [here](https://github.com/splunk/splunk-ansible/blob/develop/inventory/splunk_defaults_linux.yml).

			To generate a template of this `default.yml`, you can use Splunk's official Docker image as follows:
			```bash
			`$ docker run -it splunk/splunk:latest create-defaults > default.yml`
			```

			`If you plan on running Ansible remotely, there are a few key variables you must make sure you define:`
			* `splunk.role`: the role this instance will play in the Splunk Enterprise deployment
			* `splunk.build_location`: URL to dynamically fetch the Splunk Enterprise build and install it at run time
			* `splunk.password`: default `admin` user password that Splunk will be provisioned with on first-time run

			`## Deploy Splunk`
			Once the `default.yml` has been setup to your liking, execute the following command to setup the indexer cluster:
			```bash
			`ansible-playbook -i hosts.yml site.yml -e "@default.yml"`
			```