Merge pull request #478 from splunk/develop

Release/8.0.4

CODEOWNERS

@@ -7,7 +7,7 @@
 
 # Default owners for everything in docker-splunk:
 # *       @splunk/if-01
-*       @nwang92 @alishamayor @arctan5x @lephino @jrigassio-splunk @jmeixensperger @hendolim @jonathan-vega-splunk
+*       @nwang92 @alishamayor @arctan5x @lephino @jrigassio-splunk @jmeixensperger @hendolim @jonathan-vega-splunk @bb03
 
 # Docs-only pull requests:
-/docs/  @alishamayor @nwang92
+/docs/  @alishamayor @nwang92 @bb03

Makefile

@@ -12,7 +12,7 @@ py3k-test-setup:
 	pip3 install -r $(shell pwd)/tests/requirements.txt --upgrade
 
 lint: test-setup
-	ansible-lint -v -c ./tests/lint.cfg site.yml roles/**/**/*.yml roles/**/**/**/*.yml
+	ansible-lint -v -c ./tests/ansible-lint.cfg site.yml roles/**/**/*.yml roles/**/**/**/*.yml
 
 py3k-lint: test-setup 
 	# We're treating each file separately here, because of their scarsity
@@ -34,7 +34,7 @@ py3k-small-tests: py3k-test-setup
 
 large-tests: test-setup
 	@echo 'Running the super awesome large tests'
-	cd roles/splunk_standalone && molecule test
+	cd roles/splunk_standalone && molecule test --all
 	cd roles/splunk_universal_forwarder && molecule test --all
 	cd roles/splunk_heavy_forwarder && molecule test --all
 

ansible.cfg

@@ -25,6 +25,7 @@ stdout_callback=debug
 [privilege_escalation]
 become = true
 become_method = sudo
+become_flags = -H -S -n -i
 
 [ssh_connection]
 pipelining = True

docs/ADVANCED.md

@@ -55,6 +55,7 @@ Splunk-Ansible ships with an inventory script in `inventory/environ.py`. The scr
 | SPLUNK_PREFERRED_CAPTAINCY | Set up search head clustering with preferred captaincy, typically pinned to the instance designated as `splunk_search_head_captain` | no | no | no |
 | SPLUNK_IDXC_SECRET | Indexer Clustering shared Secret (deprecated in favor of `SPLUNK_SHC_PASS4SYMMKEY`) | no | no | no |
 | SPLUNK_IDXC_PASS4SYMMKEY | Password for the Indexer Clustering shared Secret | no | no | yes |
+| SPLUNK_IDXC_DISCOVERYPASS4SYMMKEY | Password for the indexer discovery shared secret | no | no | yes |
 | SPLUNK_IDXC_LABEL | Indexer clustering label | no | no | yes |
 | SPLUNK_IDXC_REPLICATION_FACTOR | Configure indexer clustering data replication factor | no | no | no |
 | SPLUNK_IDXC_SEARCH_FACTOR | Configure indexer clustering search factor | no | no | no |
@@ -208,6 +209,8 @@ If SplunkBase apps are not specified or needed, the `splunkbase_username` and `s
 
 When deploying distributed Splunk Enterprise environments, apps should be installed on the deployer, cluster master, and deployment server instances. Each of these roles will take care of bundling and pushing the apps to their respective downstream peers. Note that any configuration files in any custom app's `local` directory will *not* be sent to peers - this is in alignment with Splunk best practices around configuration management.
 
+To install an app from elsewhere, provide a path to a compressed `splunkApp.spl` file (either through a filesystem or URL) as seen above. For proper installation, apps should be compressed using `tar` in a GNU/Linux environment, as apps compressed on OSX or other BSD-variant operating systems have been known to cause issues.
+
 ---
 
 ## SmartStore

docs/CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## Navigation
 
+* [8.0.4](#804)
 * [8.0.3](#803)
 * [8.0.2.1](#8021)
 * [8.0.2](#802)
@@ -30,6 +31,27 @@
 
 ---
 
+## 8.0.4
+
+#### What's New?
+* Support for custom SSL certificates for the Splunkd management endpoint
+* Support for custom ports for [Splunk Application Server](https://docs.splunk.com/Documentation/ITSI/latest/IModules/AboutApplicationServerModule) and [App KV Store](https://docs.splunk.com/Documentation/Splunk/8.0.0/Admin/AboutKVstore) using:
+    * `splunk.appserver.port`, `splunk.kvstore.port` in `default.yml`
+    * `SPLUNK_APPSERVER_PORT`, `SPLUNK_KVSTORE_PORT` environment variables
+* Java installation through `default.yml` with `java_download_url`, `java_update_version`, and `java_version`
+* Support for Windows+AWS deployments for Splunk v7.2 and v7.3
+
+
+#### Changes
+* Set pass4SymmKey for indexer discovery separately from pass4SymmKey for indexer clustering with:
+    * `splunk.idxc.discoveryPass4SymmKey` in `default.yml`
+    * `SPLUNK_IDXC_DISCOVERYPASS4SYMMKEY` environment variable
+* `outputs.conf` is configured without REST calls to ensure forwarding is enabled before Splunk starts
+* Splunk Deployer can be used as a deployment client
+* Refactored molecule test structure
+
+---
+
 ## 8.0.3
 
 #### What's New?
@@ -61,13 +83,13 @@
 ## 8.0.2
 
 #### What's New?
-* Revised Splunk forwarding/receiving plays to optionally support SSL (see documentation on [securing data from forwarders](https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutsecuringdatafromforwarders))
+* Revised Splunk forwarding/receiving plays to optionally support SSL. See [About securing data from forwarders](https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutsecuringdatafromforwarders).
 * Initial support for forwarder management using [Splunk Monitoring Console](https://docs.splunk.com/Documentation/Splunk/latest/DMC/DMCoverview)
 * New environment variables exposed to control replication/search factor for clusters, key/value pairs written to `splunk-launch.conf`, and replacing default security key (pass4SymmKey)
 
 #### Changes
 * Created new environment variables to control indexer + search head clustering replication and search factor at run-time; error handling of these values are now moved into dynamic inventory script
-* Created new environment variable `SPLUNK_PASS4SYMMKEY` to allow users to change the default shipped with Splunk Enterprise. Additionally, consolidated naming so `SPLUNK_SHC_SECRET` and `SPLUNK_IDXC_SECRET` will now be replaced by `SPLUNK_SHC_PASS4SYMMKEY` and `SPLUNK_IDXC_PASS4SYMMKEY` respectively in the future (see documentation on [securing clusters](https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutsecuringclusters))
+* Created new environment variable `SPLUNK_PASS4SYMMKEY` to allow users to change the default shipped with Splunk Enterprise. Additionally, consolidated naming, so `SPLUNK_SHC_SECRET` and `SPLUNK_IDXC_SECRET` will now be replaced by `SPLUNK_SHC_PASS4SYMMKEY` and `SPLUNK_IDXC_PASS4SYMMKEY` respectively in the future (see documentation on [securing clusters](https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutsecuringclusters))
 * Added `SPLUNK_LAUNCH_CONF` that accepts key=value comma-separated pairs (ex: `SPLUNK_LAUNCH_CONF=OPTIMISTIC_ABOUT_FILE_LOCKING=1,HELLO=WORLD`) that will get written to the Splunk Enterprise instance's `splunk-launch.conf`
 * Splunk-to-Splunk forwarding and receiving is now rewritten to support an optional SSL. To utilize encryption, you must bring your own certificates and make them available to both forwarders and receivers. For more information, see the documentation on [securing forwarder to indexer communication](https://docs.splunk.com/Documentation/Splunk/8.0.1/Security/ConfigureSplunkforwardingtousesignedcertificates)
 * Added `ansible_environment` variable to `default.yml` to set environment variables for task action contexts (see Ansible documentation on [setting environment](https://docs.ansible.com/ansible/latest/user_guide/playbooks_environment.html))

docs/advanced/default.yml.spec.md

@@ -283,6 +283,16 @@ splunk:
   * Determine the port used for Splunk management/remote API calls
   * Default: 8089
 
+  appserver:
+    port: <int>
+    * Determine the port used for Splunk Application Server
+    * Default: 8065
+
+  kvstore:
+    port: <int>
+    * Determine the port used for Splunk Key-Value store
+    * Default: 8191
+
   launch: null
   * key::value pairs for environment variables that get written to ${SPLUNK_HOME}/etc/splunk-launch.conf
   * Default: null
@@ -296,6 +306,25 @@ splunk:
   * Password for Symmetric Key used to encrypt Splunk's sensitive information on disk. When not set, Splunk will encrypt a default value (`changeme`) with `splunk.secret` and set it as `pass4SymmKey` in the `[general]` stanza of `/opt/splunk/etc/system/local/server.conf`.
   * Default: null
 
+  ssl:
+  * Configure the default certificates used by Splunk Enterprise
+  
+    enable: <bool>
+    * Enable SSL on the Splunkd management API (typically port 8089)
+    * Default: True
+
+    cert: <str>
+    * Specify the path to the SSL certificate used for the Splunkd management API
+    * Default: null
+
+    password <str>
+    * Specify the path to the SSL password used by the certificate above
+    * Default: null
+
+    ca: <str>
+    * Specify the path to the CA certificate used for the Splunkd management API
+    * Default: null
+
   idxc:
     label: <str>
     * Provide a label for indexer clustering configuration
@@ -322,6 +351,10 @@ splunk:
     * Determine the secret used to configure indexer clustering. This is REQUIRED when setting up indexer clustering. This is pass4SymmKey in the `[clustering]` stanza of server.conf.
     * Default: null
 
+    discoveryPass4SymmKey: <str>
+    * Determine the secret used to enable indexer discovery (for any forwarding clients connecting to the cluster master). This is pass4SymmKey in the `[indexer_discovery]` stanza of server.conf.
+    * Default: null
+
   shc:
     label: <str>
     * Provide a label for search head clustering configuration
@@ -405,6 +438,7 @@ splunk:
   * Name of directory for the Splunk tar
   * Default: splunk
   
+  # NOTE: This is the updated schema for this entry - please refer to "Configuration files" section for more info
   conf: <list>
     - key: <sttr - filename without .conf suffix)
       value:
@@ -426,7 +460,6 @@ The `default.yml` file can be used to specify multiple named configuration files
 
 `conf` accepts an array of objects where each entry's key corresponds to the name of the `.conf` file and each entry's value contains a mapping of `directory` and `contents`. Files will be created in the directory specified in `directory` or the default directory (`/opt/splunk/etc/system/local`) if not provided. `content` accepts a dictionary where keys are section names and values are key-value pairs to be listed in the configuration file.
 
-
 The following example generates `user-prefs.conf` in `/opt/splunk/etc/users/admin/user-prefs/local`
 ```
 splunk:
@@ -452,6 +485,23 @@ search_auto_format = false
 search_syntax_highlighting = dark
 ```
 
+**NOTE:** The above `splunk.conf` was changed to accept an array data-type. This array input is only applicable for recent versions of `splunk-ansible`. If you are using any of the git-tagged versions `<= 8.0.2, <= 7.3.5, <= 7.2.9` (which directly map to any of the Docker-based `splunk/splunk` images), you must use the former dictionary data-type. An example of this is shown below:
+```
+splunk:
+  conf:
+    user-prefs:
+      directory: /opt/splunk/etc/users/admin/user-prefs/local
+      content:
+        general:
+          default_namespace : appboilerplate
+          search_use_advanced_editor : true
+          search_line_numbers : false
+          search_auto_format : false
+          search_syntax_highlighting : dark
+```
+
+Any recent versions of `splunk-ansible` should still support this map type, however it is strongly recommended you move to the array type for future support.
+
 ---
 
 ## Example

inventory/environ.py

@@ -90,7 +90,7 @@ def getSplunkInventory(inventory, reName=r"(.*)_URL"):
     inventory["all"]["vars"] = getDefaultVars()
     inventory["all"]["vars"]["docker"] = False
 
-    if os.path.isfile("/.dockerenv") or os.path.isdir("/var/run/secrets/kubernetes.io") or os.environ.get("KUBERNETES_SERVICE_HOST"):
+    if os.path.isfile("/.dockerenv") or os.path.isfile("/run/.containerenv") or os.path.isdir("/var/run/secrets/kubernetes.io") or os.environ.get("KUBERNETES_SERVICE_HOST"):
         inventory["all"]["vars"]["docker"] = True
         if "localhost" not in inventory["all"]["children"]:
             inventory["all"]["hosts"].append("localhost")
@@ -172,6 +172,10 @@ def getIndexerClustering(vars_scope):
     else:
         idxc_vars["secret"] = os.environ.get("SPLUNK_IDXC_SECRET", idxc_vars.get("secret"))
         idxc_vars["pass4SymmKey"] = idxc_vars["secret"]
+    # Support separate pass4SymmKey for indexer discovery
+    idxc_vars["discoveryPass4SymmKey"] = os.environ.get("SPLUNK_IDXC_DISCOVERYPASS4SYMMKEY", idxc_vars.get("discoveryPass4SymmKey"))
+    if not idxc_vars["discoveryPass4SymmKey"]:
+        idxc_vars["discoveryPass4SymmKey"] = idxc_vars["pass4SymmKey"]
     # Rectify replication factor (https://docs.splunk.com/Documentation/Splunk/latest/Indexer/Thereplicationfactor)
     # Make sure default repl/search factor>0 else Splunk doesn't start unless user-defined
     if inventory.get("splunk_indexer"):
@@ -263,22 +267,22 @@ def getLicenses(vars_scope):
     Determine the location of Splunk licenses to install at start-up time
     """
     # Need to provide some file value (does not have to exist). The task will automatically skip over if the file is not found. Otherwise, will throw an error if no file is specified.
-    vars_scope["splunk"]["license_uri"] = os.environ.get("SPLUNK_LICENSE_URI", "splunk.lic")
+    vars_scope["splunk"]["license_uri"] = os.environ.get("SPLUNK_LICENSE_URI", vars_scope["splunk"].get("license_uri") or "splunk.lic")
     vars_scope["splunk"]["wildcard_license"] = False
     if vars_scope["splunk"]["license_uri"] and '*' in vars_scope["splunk"]["license_uri"]:
         vars_scope["splunk"]["wildcard_license"] = True
     vars_scope["splunk"]["ignore_license"] = False
     if os.environ.get("SPLUNK_IGNORE_LICENSE", "").lower() == "true":
         vars_scope["splunk"]["ignore_license"] = True
-    vars_scope["splunk"]["license_download_dest"] = os.environ.get("SPLUNK_LICENSE_INSTALL_PATH", "/tmp/splunk.lic")
+    vars_scope["splunk"]["license_download_dest"] = os.environ.get("SPLUNK_LICENSE_INSTALL_PATH", vars_scope["splunk"].get("license_download_dest") or "/tmp/splunk.lic")
 
 def getJava(vars_scope):
     """
     Parse and set Java installation parameters
     """
-    vars_scope["java_version"] = None
-    vars_scope["java_download_url"] = None
-    vars_scope["java_update_version"] = None
+    vars_scope["java_version"] = vars_scope.get("java_version")
+    vars_scope["java_download_url"] = vars_scope.get("java_download_url")
+    vars_scope["java_update_version"] = vars_scope.get("java_update_version")
     java_version = os.environ.get("JAVA_VERSION")
     if not java_version:
         return
@@ -412,6 +416,8 @@ def overrideEnvironmentVars(vars_scope):
     vars_scope["splunk"]["enable_service"] = os.environ.get('SPLUNK_ENABLE_SERVICE', vars_scope["splunk"]["enable_service"])
     vars_scope["splunk"]["service_name"] = os.environ.get('SPLUNK_SERVICE_NAME', vars_scope["splunk"]["service_name"])
     vars_scope["splunk"]["allow_upgrade"] = os.environ.get('SPLUNK_ALLOW_UPGRADE', vars_scope["splunk"]["allow_upgrade"])
+    vars_scope["splunk"]["appserver"]["port"] = os.environ.get('SPLUNK_APPSERVER_PORT', vars_scope["splunk"]["appserver"]["port"])
+    vars_scope["splunk"]["kvstore"]["port"] = os.environ.get('SPLUNK_KVSTORE_PORT', vars_scope["splunk"]["kvstore"]["port"])
 
     # Set set_search_peers to False to disable peering to indexers when creating multisite topology
     if os.environ.get("SPLUNK_SET_SEARCH_PEERS", "").lower() == "false":

inventory/splunk_defaults_linux.yml

@@ -38,6 +38,11 @@ splunk:
     secret:
     pass4SymmKey:
     svc_port: 8089
+    ssl:
+        enable: True
+        cert:
+        password:
+        ca:
     launch:
     set_search_peers: True
     s2s:
@@ -47,6 +52,10 @@ splunk:
         cert:
         password:
         ca:
+    appserver:
+        port: 8065
+    kvstore:
+        port: 8191
     http_port: 8000
     http_enableSSL: 0
     http_enableSSL_cert:
@@ -68,6 +77,7 @@ splunk:
     idxc:
         secret:
         pass4SymmKey:
+        discoveryPass4SymmKey:
         label: "idxc_label"
         search_factor: 3
         replication_factor: 3

inventory/splunk_defaults_windows.yml

@@ -28,8 +28,8 @@ splunk:
     tar_dir: "splunk"
     opt: &opt "/opt"
     home: &home !!python/object/apply:os.path.join [*opt, "splunk"]
-    user: "splunk"
-    group: "Administrators"
+    user: "SYSTEM"
+    group: "SYSTEM"
     exec: !!python/object/apply:os.path.join [*home, "bin", "splunk.exe"]
     pid: !!python/object/apply:os.path.join [*home, "var", "run", "splunk", "splunkd.pid"]
     admin_user: "admin"
@@ -38,6 +38,11 @@ splunk:
     secret:
     pass4SymmKey:
     svc_port: 8089
+    ssl:
+        enable: True
+        cert:
+        password:
+        ca:
     launch:
     set_search_peers: True
     s2s:
@@ -47,6 +52,10 @@ splunk:
         cert:
         password:
         ca:
+    appserver:
+        port: 8065
+    kvstore:
+        port: 8191
     http_port: 8000
     http_enableSSL: 0
     http_enableSSL_cert:
@@ -68,6 +77,7 @@ splunk:
     idxc:
         secret:
         pass4SymmKey:
+        discoveryPass4SymmKey:
         label: "idxc_label"
         search_factor: 3
         replication_factor: 3

inventory/splunkforwarder_defaults_linux.yml

@@ -38,6 +38,11 @@ splunk:
     secret:
     pass4SymmKey:
     svc_port: 8089
+    ssl:
+        enable: True
+        cert:
+        password:
+        ca:
     launch:
     set_search_peers: True
     s2s:
@@ -47,6 +52,10 @@ splunk:
         cert:
         password:
         ca:
+    appserver:
+        port: 8065
+    kvstore:
+        port: 8191
     http_port: 8000
     http_enableSSL: 0
     http_enableSSL_cert:
@@ -70,6 +79,7 @@ splunk:
         enable: False
         secret:
         pass4SymmKey:
+        discoveryPass4SymmKey:
         label: "idxc_label"
         search_factor: 3
         replication_factor: 3