Ansible production environment usage scenario (5): batch installation of splunk client

Enterprise 2020-10-22 16:31:45 views: null

Foreword:

​ Splunk is used for log collection in production. The server has been installed and dozens of clients need to be deployed. Ansible is currently used for batch installation.

Environmental description:

CPU name Operating system version ip ansible version Remarks
ansible-awx Centos 7.6.1810 172.27.34.51 2.9.9 ansible management server
client Centos 7.6.1810 172.27.34.85 / splukn client

1. Client installation steps

  • Obtain the installation package and unzip
  • Create or modify the configuration files inputs.conf and props.conf
  • Register client to server
  • Start the service and set it to start at boot

The customer service terminal installation is divided into 4 steps. The first step is to upload the compressed package and then decompress; the second step is to enter the corresponding directory, and then create (modify) the configuration file; the third step is to execute the'splunk add forward-server' command, Register the client to the server, and there will be an interactive window at this time, allowing you to enter the user name and password information; the fourth step is to run the program and set it to start automatically.

This article uses the ansible method to install the client in batches, calling each corresponding module to simulate the above 4 steps.

2. Preparation

1. Python pexpect module installation

Since the expect module of ansible will be used, the pexpect module of python needs to be called when the module is running. Install the pexpect module of python first

[root@ansible-awx yaml]# more install_pexpect.yaml 
---
- hosts: "{{ hostlist }}" 
  tasks:
  - name: Unarchive ptyprocess 
    unarchive:
      src: /tmp/splunk/ptyprocess-0.6.0.tar.gz 
      dest: /root
      mode: 0755
      owner: root
      group: root
  - name: install ptyprocess
    shell: "cd /root/ptyprocess-0.6.0;python ./setup.py install"
  - name: Unarchive pexpect 
    unarchive:
      src: /tmp/splunk/pexpect-4.8.0.tar.gz
      dest: /root
      mode: 0755
      owner: root
      group: root
  - name: install pexpect 
    shell: "cd /root/pexpect-4.8.0;python ./setup.py install"
[root@ansible-awx yaml]# ansible-playbook install_pexpect.yaml -e hostlist=test85

image-20201021154802825

Execution logic: Decompress the two installation packages of the ansible server through the unarchive module and send them to the splunk client, and then use the shell module to run the python command to install.

2. pexpect module verification

[root@client ~]# python
Python 2.7.5 (default, Oct 30 2018, 23:45:53) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pexpect
>>> 
>>> exit()

image-20201021154735258

Run the import command on the splunk client. If the pexpect module can be imported correctly, the installation is successful.

Three, role overview

1. Initialize the role

[root@ansible-awx roles]# ansible-galaxy init splunk
- Role splunk was created successfully

role name is splunk

2. Execution file

[root@ansible-awx ansible]# more splunk.yaml 
---
- hosts: "{{ hostlist }}"
  roles:
  - role: splunk

Specify when the hosts list needs to be executed.

3.task file

[root@ansible-awx tasks]# more main.yml 
---
# tasks file for splunk client install 
# author: loong576

- name: Unarchive client install file 
  unarchive:
    src: /tmp/splunk/splunkforwarder-8.0.5-a1a6394cc5ae-Linux-x86_64.tgz 
    dest: /opt
    mode: 0755
    owner: root
    group: root

- name: copy template file 
  copy:
    src: /etc/ansible/roles/splunk/templates/props.conf 
    dest: /opt/splunkforwarder/etc/system/local 
    owner: root
    group: root

- name: modify template file 
  template:
    src: /etc/ansible/roles/splunk/templates/inputs.conf 
    dest: /opt/splunkforwarder/etc/system/local/inputs.conf 

- name: use expect add forward-server 
  expect:
    command: /opt/splunkforwarder/bin/splunk add forward-server xx.xx.xx.xx:9997   --accept-license 
    responses:
      Do you agree with this license? [y/n]: "y"
      Please enter an administrator username: "admin"
      Please enter a new password: "splunk@123!"
      Please confirm new password: "splunk@123!"

- name: start the client and enable the process 
  shell: "/opt/splunkforwarder/bin/splunk start;/opt/splunkforwarder/bin/splunk enable boot-start"

xx.xx.xx.xx:9997 is the splunk server ip and port, modified according to the actual situation.

4. Interactive installation

image-20201021164016248

If you install manually, there will be an interactive interface, as shown in the figure, you need to enter the confirmation information and user name and password information.

5.task file execution logic

  • Use the unarchive module to upload the client installation file of the ansible host to the splunk client;
  • Use the copy module to distribute the configuration file props.conf;
  • Use the template module to distribute the configuration file inputs.conf;
  • Interactive installation using the expect module

6.templates file

[root@ansible-awx ansible]# cd /etc/ansible/roles/splunk/templates/
[root@ansible-awx templates]# ll
总用量 8
-rw-r--r-- 1 root root 127 10月 21 16:14 inputs.conf
-rw-r--r-- 1 root root  25 10月 21 16:14 props.conf
[root@ansible-awx templates]# more inputs.conf 
[default]
index = callcent 
host = {{ ansible_default_ipv4.address }} 
sourcetype = messageslog 
[monitor:///var/log/messages]
[root@ansible-awx templates]# more props.conf 
[callcent]
CHARSET=UTF-8

The host parameter of the configuration file inputs.con corresponds to the client host ip, which is obtained through ansible_default_ipv4.address; props.conf is a fixed file and does not need to be customized.

Fourth, run role

1. Execute role

[root@ansible-awx ansible]# ansible-playbook splunk.yaml -e hostlist=test85

image-20201021165059955

Execution object is test85

2. Verification

[root@client ~]# netstat -anlp|grep 8089
tcp        0      0 0.0.0.0:8089            0.0.0.0:*               LISTEN      17488/splunkd       
[root@client ~]# ps -ef|grep splunk |grep -v grep
root     17488     1  0 16:48 ?        00:00:01 splunkd -p 8089 start
root     17496 17488  0 16:48 ?        00:00:00 [splunkd pid=17488] splunkd -p 8089 start [process-runner]

image-20201021165654330

Log in to the client, you can see that port 8089 is in the listening state and the process has been started; you can also log in to the splunk server to view the log collection through the web.

The result is as expected

 

 

All scripts and configuration files in this article have been uploaded to github: ansible-production-practice-5

For more, please click: ansible series of articles

Guess you like

Origin blog.51cto.com/3241766/2542848
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com