You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
164 lines
4.3 KiB
164 lines
4.3 KiB
7 months ago
|
---
|
||
|
# this is done in 2 host sets, as we need to disable fact gathering until ansible is installed.
|
||
|
- hosts: all
|
||
|
gather_facts: False
|
||
|
pre_tasks:
|
||
|
- name: Install python for Ansible
|
||
|
raw: test -e /usr/bin/python || (apt -y update && apt install -y python)
|
||
|
register: output
|
||
|
changed_when: output.stdout != ""
|
||
|
- name: install ansible
|
||
|
raw: test -e /usr/bin/ansible || (apt -y update && apt install -y ansible)
|
||
|
register: output
|
||
|
changed_when: output.stdout != ""
|
||
|
|
||
|
- hosts: all
|
||
|
gather_facts: True
|
||
|
tasks:
|
||
|
- name: Wait for automatic system updates
|
||
|
shell: "while fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 1; done;"
|
||
|
|
||
|
- name: Install splunk-ansible prereqs
|
||
|
apt:
|
||
|
name: "{{ splunk_ansible_packages }}"
|
||
|
vars:
|
||
|
splunk_ansible_packages:
|
||
|
- rsync
|
||
|
- tar
|
||
|
- wget
|
||
|
- net-tools
|
||
|
- curl
|
||
|
- sudo
|
||
|
- iputils-ping
|
||
|
- dnsutils
|
||
|
- ansible
|
||
|
- python-yaml
|
||
|
- python-pip
|
||
|
|
||
|
- name: Install splunk-ansible pip requirements
|
||
|
pip:
|
||
|
name:
|
||
|
- requests
|
||
|
- ansible
|
||
|
|
||
|
- name: Wait for splunk-ansible updates to finish
|
||
|
shell: "while fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 1; done;"
|
||
|
|
||
|
- name: Wait for splunk-ansible updates for frontend
|
||
|
shell: "while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do sleep 1; done;"
|
||
|
|
||
|
- name: Install splunk prereqs
|
||
|
apt:
|
||
|
name: "{{ splunk_packages }}"
|
||
|
vars:
|
||
|
splunk_packages:
|
||
|
- libgssapi-krb5-2
|
||
|
- procps
|
||
|
- acl
|
||
|
- locales
|
||
|
- gnupg
|
||
|
|
||
|
- name: Setup locales for splunk
|
||
|
command: echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
|
||
|
|
||
|
- name: Removing any existing locales alias
|
||
|
file:
|
||
|
path: /usr/share/locale/locale.alias
|
||
|
state: absent
|
||
|
|
||
|
- name: Link the new locales alias
|
||
|
file:
|
||
|
src: /etc/locale.alias
|
||
|
dest: /usr/share/locale/locale.alias
|
||
|
state: link
|
||
|
|
||
|
- name: Generate the new locales
|
||
|
command: locale-gen
|
||
|
|
||
|
- name: Make sure the definition is set for locales
|
||
|
command: localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
|
||
|
|
||
|
- name: Check if user exists
|
||
|
getent:
|
||
|
database: passwd
|
||
|
key: ansible
|
||
|
fail_key: yes
|
||
|
register: user_exist
|
||
|
ignore_errors: true
|
||
|
|
||
|
- name: Setup the ansible user for splunk-ansible
|
||
|
user:
|
||
|
name: ansible
|
||
|
comment: Splunk-Ansible User
|
||
|
shell: /bin/bash
|
||
|
generate_ssh_key: yes
|
||
|
ssh_key_bits: 2048
|
||
|
ssh_key_file: .ssh/id_rsa
|
||
|
groups:
|
||
|
- sudo
|
||
|
state: present
|
||
|
when: user_exist["failed"] == true
|
||
|
|
||
|
- name: Check if splunk user exists
|
||
|
getent:
|
||
|
database: passwd
|
||
|
key: splunk
|
||
|
fail_key: yes
|
||
|
register: user_exist
|
||
|
ignore_errors: true
|
||
|
|
||
|
- name: Setup the splunk user
|
||
|
user:
|
||
|
name: splunk
|
||
|
comment: Splunk User
|
||
|
shell: /bin/bash
|
||
|
generate_ssh_key: yes
|
||
|
ssh_key_bits: 2048
|
||
|
ssh_key_file: .ssh/id_rsa
|
||
|
state: present
|
||
|
when: user_exist["failed"] == true
|
||
|
|
||
|
- name: Setup Ansible User Sudoers
|
||
|
lineinfile:
|
||
|
path: /etc/sudoers
|
||
|
state: present
|
||
|
regexp: '^%sudo'
|
||
|
line: '%sudo ALL=(ALL:ALL) NOPASSWD: ALL'
|
||
|
|
||
|
- name: Compress splunk-ansible into /tmp/splunk-ansible.tgz
|
||
|
archive:
|
||
|
path: ../../splunk-ansible/*
|
||
|
dest: /tmp/splunk-ansible.tgz
|
||
|
exclude_path:
|
||
|
- ../wrapper-example
|
||
|
delegate_to: localhost
|
||
|
|
||
|
- name: Transfer splunk-ansible from localhost to target server
|
||
|
copy:
|
||
|
src: /tmp/splunk-ansible.tgz
|
||
|
dest: /tmp/splunk-ansible.tgz
|
||
|
|
||
|
- name: Create splunk-ansible directory
|
||
|
file:
|
||
|
state: directory
|
||
|
path: /opt/ansible
|
||
|
owner: ansible
|
||
|
group: ansible
|
||
|
# when specifying mode using octal numbers, add a leading 0
|
||
|
mode: 0755
|
||
|
|
||
|
- name: Create splunk-ansible container info directory
|
||
|
file:
|
||
|
state: directory
|
||
|
path: /opt/container_artifact
|
||
|
owner: ansible
|
||
|
group: ansible
|
||
|
# when specifying mode using octal numbers, add a leading 0
|
||
|
mode: 0777
|
||
|
|
||
|
- name: Unarchive splunk-ansible on remote machine
|
||
|
unarchive:
|
||
|
src: /tmp/splunk-ansible.tgz
|
||
|
dest: /opt/ansible
|
||
|
remote_src: yes
|