Advance Ansible configuration to deploy Splunk. Implements dynamic inventory under the AWS platform. See Managing Splunk with Ansible Part #2 for more information.
part 2 of: Managing Splunk with Ansible Part #1
apt-get install python-pip python-dev
install git/pip for your distributioncd /opt/
sudo git clone https://github.com/ansible/ansible.git
sudo git submodule update --init --recursive
cd /etc/
sudo git clone https://github.com/divious1/splunk-ansible-advance.git ansible
pip install boto jinja2
(or install it from your distro package manager)- Configure AWS credentials for Ansible (Remember to use IAM to create the API user):
$cat ~/.boto
[Credentials]
aws_access_key_id = XXXXXXXXXXXXXXXX
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxx
- Test your dynamic script:
/etc/ansible/ec2.py --list
- configure splunk-ansible-advance via editing
/etc/ansible/group_vars/all.yml
- Setup your credentials
/etc/ansible/playbooks/splunk_creds/
- Copy the credentials just generated into a amazon key pair.
- Configure Key Pair under
/etc/ansible/customer/[customer_name].yml
- common role now also installs is configure for automatic security updates (debian/ubuntu only)
- common role install ntp configuration
- made Splunk installation distro agnostic (Debian base or Redhat base). If you are going to use Debian base remember to configure sudoers under
/etc/ansible/roles/common/files/etc/sudoers
- Splunk runs as splunk user and not root
- Multiple SSL Vulnerabilities addressed under web.conf
- Updated package to new Splunk binaries.
- Indexer/Universal Forwarder role have been completed!
- Docs
- add CM role