Splunk forwarder installation using Ansible – easy install in 1 min

Introduction:

Splunk forwarder installation can be accomplished using Ansible. In this guide, we are about to see a small playbook which can be used for multiple times with any numbers of remote servers.

In my case, the requirement came to install on hundreds of RHEL 7 servers. Creating playbook took 20 mins by referring to existing playbooks and official guide. Finally completed installing on all servers within 10 mins.

Article Updated with latest Splunk version 8.1.0 installing on CentOS 8.3, RHEL 8.x versions.

Modules we are using in this playbook

Before start using this playbook replace “your_username” with a remote user account which you are using to manage servers. This playbook builds only with copy, yum, shell, command and debug modules. This is more than enough to handle this simple installation and managing the forwarder service.

Splunk Forwarder Download

The forwarder package version I’m using in this guide is a very recent one. If you are looking for an older version installation guide, have a look into Splunk forwarder installation guide.

Ansible Related Articles

1. Install and configure Ansible Automation IT Tool
2. Install Ansible using Python installation manager pip
3. How to create a host’s Inventory using Ansible
4. Managing Groups and User creation using Ansible
5. Creating a Logical volume-based file system using Ansible

We need to install python expect package on the remote servers. Now worries, it’s included in the play.

Copy-paste of Playbook

--- - hosts: "{{ hosts_prompt }}" remote_user: ansible become: yes become_method: sudo vars_prompt: - name: "hosts_prompt" prompt: "hostname or host group need to run with Playbook" private: no tasks: - name: Copy the Splunk Forwarder RPM to remote Servers. copy: src: /home/ansible/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-x86_64.rpm dest: /home/ansible/ owner: ansible group: ansible mode: 0644 - name: Import GnuPG Public Key for Splunk package rpm_key: key: https://docs.splunk.com/images/6/6b/SplunkPGPKey.pub state: present - name: Install Splunk Forwarder RPM package on remote servers. yum: name: - python3-pexpect.noarch - /home/ansible/splunkforwarder-8.1.0-f57c09e87251-linux-2.6-x86_64.rpm state: present - name: Copy the Splunk Forwarder config from your centralized server to remote servers. copy: src: /home/ansible/splunk_forwarder_output/ dest: /opt/splunkforwarder/etc/system/ directory_mode: yes owner: splunk group: splunk mode: 0600 - name: Start Splunk forwarder service. remote_user: ansible become: yes become_method: sudo become_user: splunk expect: command: /opt/splunkforwarder/bin/splunk start --accept-license timeout: 60 responses: (.*)Please enter an administrator username(.*): "admin" (.*)Please enter a new password(.*): "redhat@1020" (.*)Please confirm new password(.*): "redhat@1020" - name: Check Splunk forwarder service. command: /opt/splunkforwarder/bin/splunk status register: service_splunk_status - name: Report Splunk forwarder Status. debug: var: service_splunk_status.stdout_lines ...

Password used in this guide is plain text, if you are consider it to encrypt have a look into this guide.

Output for reference.

[ansible@gateway ~]$ ansible-playbook splunk_forwader_install.yaml hostname or host group need to run with Playbook: spkhosts PLAY [spkhosts] ********************************************************************************************************************************************************************************************************************************************** TASK [Gathering Facts] *************************************************************************************************************************************************************************************************************************************** ok: [192.168.0.222] TASK [Copy the Splunk Forwarder RPM to remote Servers.] ****************************************************************************************************************************************************************************************************** ok: [192.168.0.222] TASK [Import GnuPG Public Key for Splunk package] ************************************************************************************************************************************************************************************************************ ok: [192.168.0.222] TASK [Install Splunk Forwarder RPM package on remote servers.] *********************************************************************************************************************************************************************************************** changed: [192.168.0.222] TASK [Copy the Splunk Forwarder config from your centralized server to remote servers.] ********************************************************************************************************************************************************************** changed: [192.168.0.222] TASK [Start Splunk forwarder service.] *********************************************************************************************************************************************************************************************************************** permissions manually changed: [192.168.0.222] TASK [Check Splunk forwarder service.] *********************************************************************************************************************************************************************************************************************** changed: [192.168.0.222] TASK [Report Splunk forwarder Status.] *********************************************************************************************************************************************************************************************************************** ok: [192.168.0.222] => { "service_splunk_status.stdout_lines": [ "splunkd is running (PID: 11526).", "splunk helpers are running (PIDs: 11532)." ] } PLAY RECAP *************************************************************************************************************************************************************************************************************************************************** 192.168.0.222 : ok=8 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [ansible@gateway ~]$ 

That’s it, Ansible made our life easier.

Are you looking for Oracle RAC server preparation? Keep in touch you can expect soon. If you need more Ansible relevant articles, you can find at the beginning of this post else scroll little below to find the same.

Conclusion:

Automating RPM installation on the remote servers can be accomplished using a simple playbook. Will come up with more playbook in future. Subscribe to our newsletter to receive the updates.