Foreword:
Splunk is used for log collection in production. The server has been installed and dozens of clients need to be deployed. Ansible is currently used for batch installation.
Environmental description:
CPU name | Operating system version | ip | ansible version | Remarks |
---|---|---|---|---|
ansible-awx | Centos 7.6.1810 | 172.27.34.51 | 2.9.9 | ansible management server |
client | Centos 7.6.1810 | 172.27.34.85 | / | splukn client |
1. Client installation steps
- Obtain the installation package and unzip
- Create or modify the configuration files inputs.conf and props.conf
- Register client to server
- Start the service and set it to start at boot
The customer service terminal installation is divided into 4 steps. The first step is to upload the compressed package and then decompress; the second step is to enter the corresponding directory, and then create (modify) the configuration file; the third step is to execute the'splunk add forward-server' command, Register the client to the server, and there will be an interactive window at this time, allowing you to enter the user name and password information; the fourth step is to run the program and set it to start automatically.
This article uses the ansible method to install the client in batches, calling each corresponding module to simulate the above 4 steps.
2. Preparation
1. Python pexpect module installation
Since the expect module of ansible will be used, the pexpect module of python needs to be called when the module is running. Install the pexpect module of python first
[root@ansible-awx yaml]# more install_pexpect.yaml
---
- hosts: "{{ hostlist }}"
tasks:
- name: Unarchive ptyprocess
unarchive:
src: /tmp/splunk/ptyprocess-0.6.0.tar.gz
dest: /root
mode: 0755
owner: root
group: root
- name: install ptyprocess
shell: "cd /root/ptyprocess-0.6.0;python ./setup.py install"
- name: Unarchive pexpect
unarchive:
src: /tmp/splunk/pexpect-4.8.0.tar.gz
dest: /root
mode: 0755
owner: root
group: root
- name: install pexpect
shell: "cd /root/pexpect-4.8.0;python ./setup.py install"
[root@ansible-awx yaml]# ansible-playbook install_pexpect.yaml -e hostlist=test85
Execution logic: Decompress the two installation packages of the ansible server through the unarchive module and send them to the splunk client, and then use the shell module to run the python command to install.
2. pexpect module verification
[root@client ~]# python
Python 2.7.5 (default, Oct 30 2018, 23:45:53)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pexpect
>>>
>>> exit()
Run the import command on the splunk client. If the pexpect module can be imported correctly, the installation is successful.
Three, role overview
1. Initialize the role
[root@ansible-awx roles]# ansible-galaxy init splunk
- Role splunk was created successfully
role name is splunk
2. Execution file
[root@ansible-awx ansible]# more splunk.yaml
---
- hosts: "{{ hostlist }}"
roles:
- role: splunk
Specify when the hosts list needs to be executed.
3.task file
[root@ansible-awx tasks]# more main.yml
---
# tasks file for splunk client install
# author: loong576
- name: Unarchive client install file
unarchive:
src: /tmp/splunk/splunkforwarder-8.0.5-a1a6394cc5ae-Linux-x86_64.tgz
dest: /opt
mode: 0755
owner: root
group: root
- name: copy template file
copy:
src: /etc/ansible/roles/splunk/templates/props.conf
dest: /opt/splunkforwarder/etc/system/local
owner: root
group: root
- name: modify template file
template:
src: /etc/ansible/roles/splunk/templates/inputs.conf
dest: /opt/splunkforwarder/etc/system/local/inputs.conf
- name: use expect add forward-server
expect:
command: /opt/splunkforwarder/bin/splunk add forward-server xx.xx.xx.xx:9997 --accept-license
responses:
Do you agree with this license? [y/n]: "y"
Please enter an administrator username: "admin"
Please enter a new password: "splunk@123!"
Please confirm new password: "splunk@123!"
- name: start the client and enable the process
shell: "/opt/splunkforwarder/bin/splunk start;/opt/splunkforwarder/bin/splunk enable boot-start"
xx.xx.xx.xx:9997 is the splunk server ip and port, modified according to the actual situation.
4. Interactive installation
If you install manually, there will be an interactive interface, as shown in the figure, you need to enter the confirmation information and user name and password information.
5.task file execution logic
- Use the unarchive module to upload the client installation file of the ansible host to the splunk client;
- Use the copy module to distribute the configuration file props.conf;
- Use the template module to distribute the configuration file inputs.conf;
- Interactive installation using the expect module
6.templates file
[root@ansible-awx ansible]# cd /etc/ansible/roles/splunk/templates/
[root@ansible-awx templates]# ll
总用量 8
-rw-r--r-- 1 root root 127 10月 21 16:14 inputs.conf
-rw-r--r-- 1 root root 25 10月 21 16:14 props.conf
[root@ansible-awx templates]# more inputs.conf
[default]
index = callcent
host = {{ ansible_default_ipv4.address }}
sourcetype = messageslog
[monitor:///var/log/messages]
[root@ansible-awx templates]# more props.conf
[callcent]
CHARSET=UTF-8
The host parameter of the configuration file inputs.con corresponds to the client host ip, which is obtained through ansible_default_ipv4.address; props.conf is a fixed file and does not need to be customized.
Fourth, run role
1. Execute role
[root@ansible-awx ansible]# ansible-playbook splunk.yaml -e hostlist=test85
Execution object is test85
2. Verification
[root@client ~]# netstat -anlp|grep 8089
tcp 0 0 0.0.0.0:8089 0.0.0.0:* LISTEN 17488/splunkd
[root@client ~]# ps -ef|grep splunk |grep -v grep
root 17488 1 0 16:48 ? 00:00:01 splunkd -p 8089 start
root 17496 17488 0 16:48 ? 00:00:00 [splunkd pid=17488] splunkd -p 8089 start [process-runner]
Log in to the client, you can see that port 8089 is in the listening state and the process has been started; you can also log in to the splunk server to view the log collection through the web.
The result is as expected
All scripts and configuration files in this article have been uploaded to github: ansible-production-practice-5
For more, please click: ansible series of articles