Add the basic splunk role.

playbooks/roles/splunk/tasks/main.yml

----
-#
-# edX Configuration
-#
-# github:     https://github.com/edx/configuration
-# wiki:       https://github.com/edx/configuration/wiki
-# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
-# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
-#
-#
-#
-# Tasks for role splunk
-# 
-# Overview:
-# 
-#
-# Dependencies:
-#
-# 
-# Example play:
-#
-#
-
-- name: splunk | stub ansible task
-  debug: msg="This is a stub task created by the ansible-role role"
-  notify: splunk | notify me
\ No newline at end of file

playbooks/roles/splunk/defaults/main.yml → playbooks/roles/splunkforwarder/defaults/main.yml

@@ -20,15 +20,18 @@ splunk_role_name: 'splunk'
 # OS packages
 #
 
-splunk_debian_pkgs: []
+splunk_debian_pkgs:
+  - gdebi
 
 splunk_redhat_pkgs: []
 
-LOG_ITEMS:
-  - directory: '/var/log'
-    recursive: true
+SPLUNKFORWARDER_LOG_ITEMS:
+  - directory: '/mnt/logs/lms/edx.log'
+    index: 'feanilsandbox-lms'
 
-SPLUNK_SERVER: 'localhost:9997'
+SPLUNKFORWARDER_SERVER: 'localhost:9997'
 
-log_items: $LOG_ITEMS
-splunk_server: $SPLUNK_SERVER
+SPLUNKFORWARDER_PACKAGE_LOCATION: !!null
+SPLUNKFORWARDER_DEB: !!null
+SPLUNKFORWARDER_PASSWORD: !!null
+splunkforwarder_output_dir: '/opt/splunkforwarder/'

playbooks/roles/splunkforwarder/tasks/main.yml

+---
+#
+# edX Configuration
+#
+# github:     https://github.com/edx/configuration
+# wiki:       https://github.com/edx/configuration/wiki
+# code style: https://github.com/edx/configuration/wiki/Ansible-Coding-Conventions
+# license:    https://github.com/edx/configuration/blob/master/LICENSE.TXT
+#
+#
+#
+# Tasks for role splunk
+# 
+# Overview:
+# 
+#
+# Dependencies:
+#
+# 
+# Example play:
+#
+#
+
+- name: splunkforwarder | stub ansible task
+  debug: msg="This is a stub task created by the ansible-role role"
+  notify: splunk | notify me
+
+# Install Splunk Forwarder
+
+- name: splunkforwarder| install splunkforwarder specific system packages
+  apt: pkg={{','.join(splunk_debian_pkgs)}} state=present
+  tags:
+  - splunk
+  - install
+  - update
+
+- name: splunkforwarder | download the splunk deb
+  shell:
+    chdir="/tmp/" 
+    executable="/bin/bash" 
+    creates="/tmp/{{SPLUNKFORWARDER_DEB}}"
+    wget -q {{SPLUNKFORWARDER_PACKAGE_LOCATION}}{{SPLUNKFORWARDER_DEB}}
+  register: download_deb
+
+- name: splunkforwarder | install splunk forwarder
+  shell: gdebi -nq /tmp/{{SPLUNKFORWARDER_DEB}}
+  when: download_deb.changed
+
+# Create splunk user
+- name: splunkforwarder | create splunk user
+  user: name=splunk group=splunk createhome=no state=present append=yes groups=syslog
+  when: download_deb.changed
+
+- name: splunkforwarder | create boot script
+  shell: creates=/etc/init.d/splunk {{splunkforwarder_output_dir}}/bin/splunk enable boot-start -user splunk --accept-license --answer-yes --no-prompt
+  register: create_boot_script
+  when: download_deb.changed
+
+# Update credentials
+- name: splunkforwarder | update admin pasword
+  shell: "{{splunkforwarder_output_dir}}/bin/splunk edit user admin -password {{SPLUNKFORWARDER_PASSWORD}} -auth admin:changeme --accept-license --answer-yes --no-prompt"
+  when: download_deb.changed
+
+- name: splunkforwarder | add chkconfig to init script
+  shell: 'sed -i -e "s/\/bin\/sh/\/bin\/sh\n# chkconfig: 235 98 55/" /etc/init.d/splunk'
+  when: download_deb.changed and create_boot_script.changed
+
+# Ensure permissions on splunk content
+- name: splunkforwarder | ensure splunk forder permissions
+  file: path={{splunkforwarder_output_dir}} state=directory recurse=yes owner=splunk group=splunk
+  when: download_deb.changed
+
+# Drop template files.
+- name: splunkforwarder | drop input configuration
+  template:
+    src=opt/splunkforwarder/etc/system/local/inputs.conf.j2
+    dest=/opt/splunkforwarder/etc/system/local/inputs.conf
+    owner=splunk
+    group=splunk
+    mode=644
+
+- name: splunkforwarder | create outputs config file
+  template:
+    src=opt/splunkforwarder/etc/system/local/outputs.conf.j2
+    dest=/opt/splunkforwarder/etc/system/local/outputs.conf
+    owner=splunk
+    group=splunk
+    mode=644
+
+# Restart Splunk
+- name: splunkforwarder | restart the splunk forwarder
+  service: name=splunk state=restarted

playbooks/roles/splunk/templates/splunk.inputs.conf.j2 → playbooks/roles/splunkforwarder/templates/opt/splunkforwarder/etc/system/local/inputs.conf.j2

 [default]
 host = {{ansible_hostname}}
 
-{% for loggable in log_items%}
+{% for loggable in SPLUNKFORWARDER_LOG_ITEMS%}
 [monitor://{{loggable.directory}}]
 recursive = {{loggable.recursive|default(false)}}
 {% if loggable.sourcetype is defined %}
-sourcetype = loggable.sourcetype
+sourcetype = {{loggable.sourcetype}}
 {% endif %}
 {% if loggable.index is defined %}
-index = loggable.index
+index = {{loggable.index}}
 {% endif %}
 {% endfor %}

playbooks/roles/splunk/templates/splunk.outputs.conf.j2 → playbooks/roles/splunkforwarder/templates/opt/splunkforwarder/etc/system/local/outputs.conf.j2

@@ -2,7 +2,7 @@
 defaultGroup = default_output_server
 
 [tcpout:default_output_server]
-server = {{splunk_server}}
+server = {{SPLUNKFORWARDER_SERVER}}
 
-[tcpout-server://{{splunk_server}}]
+[tcpout-server://{{SPLUNKFORWARDER_SERVER}}]