Merge pull request #4674 from edx/nadeem/OPS-3241

Add props and transforms configuration to anonymize ansible output splunk (OPS-3241)

Merge pull request #4674 from edx/nadeem/OPS-3241
Add props and transforms configuration to anonymize ansible output splunk (OPS-3241)
c603d80f · Nadeem Shahzad · GitHub · d2417b6b · 44e000fb · c603d80f
Unverified Commit c603d80f authored Jul 11, 2018 by Nadeem Shahzad Committed by GitHub Jul 11, 2018
3 changed files
--- a/playbooks/roles/splunk-server/tasks/main.yml
+++ b/playbooks/roles/splunk-server/tasks/main.yml
@@ -57,6 +57,28 @@
    group: splunk
    mode: "0600"

+- name: Create props configuation
+  template:
+    src: opt/splunk/etc/system/local/props.conf.j2
+    dest: "{{ splunk_home }}/etc/system/local/props.conf"
+    owner: splunk
+    group: splunk
+    mode: "0600"
+  tags:
+    - "install"
+    - "install:configuration"
+
+- name: Create transforms configuation
+  template:
+    src: opt/splunk/etc/system/local/transforms.conf.j2
+    dest: "{{ splunk_home }}/etc/system/local/transforms.conf"
+    owner: splunk
+    group: splunk
+    mode: "0600"
+  tags:
+    - "install"
+    - "install:configuration"
+
 - name: Create bucket directories
  file:
    path: "{{ item }}"

--- a/playbooks/roles/splunk-server/templates/opt/splunk/etc/system/local/props.conf.j2
+++ b/playbooks/roles/splunk-server/templates/opt/splunk/etc/system/local/props.conf.j2
+#   Version 6.2.1
+# DO NOT EDIT THIS FILE!
+# Changes to default files will be lost on update and are difficult to
+# manage and support.
+#
+# Please make any changes to system defaults by overriding them in
+# apps or $SPLUNK_HOME/etc/system/local  
+# (See "Configuration file precedence" in the web documentation).
+#
+# To override a specific setting, copy the name of the stanza and
+# setting to the file where you wish to override it.
+#
+# This file contains possible attribute/value pairs for configuring
+# Splunk's processing properties.
+#
+
+[junit]
+KV_MODE = xml
+TRUNCATE = 100000
+BREAK_ONLY_BEFORE = <\?xml version=
+MAX_EVENTS = 10000
+SHOULD_LINEMERGE = False
+LINE_BREAKER = (?s)(\s+)<case>.+?[^<][^\/][^c][^a][^s][^e][^>]
+
+[build_result]
+KV_MODE = xml
+BREAK_ONLY_BEFORE = <\?xml version=
+SHOULD_LINEMERGE = True
+MAX_EVENTS = 10000
+
+[sitespeed_result]
+SHOULD_LINEMERGE = true
+INDEXED_EXTRACTIONS = json
+NO_BINARY_CHECK = true
+KV_MODE = none
+TRUNCATE = 0
+
+[jenkins_build]
+BREAK_ONLY_BEFORE =
+DATETIME_CONFIG =
+NO_BINARY_CHECK = true
+category = Application
+description = Jenkins build logs
+disabled = false
+maxDist = 75
+pulldown_type = 1
+
+[syslog]
+TRANSFORMS-anonymize = ansible-output
--- a/playbooks/roles/splunk-server/templates/opt/splunk/etc/system/local/transforms.conf.j2
+++ b/playbooks/roles/splunk-server/templates/opt/splunk/etc/system/local/transforms.conf.j2
+[ansible-output]
+REGEX = ansible-(.*)
+# We want to anonymize Ansible command output in log events as it is
+# logging passwords in Splunk index (See https://openedx.atlassian.net/browse/OPS-3241).
+FORMAT = ansible-output: Anonymized for security.#########################
+DEST_KEY = _raw