Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Splunk license file #173

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Splunk license file #173

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fb0a747
feat(configure_license): enable custom src vs dest
zyphermonkey Feb 9, 2023
e627147
fix(configure_license): restart required to apply new license(s)
zyphermonkey Feb 9, 2023
376470e
fix(configure_license): ensure pass4SymmKey is set on licensemaster
zyphermonkey Feb 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 15 additions & 2 deletions roles/splunk/tasks/configure_license.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,14 @@
- splunk_license_group=="Enterprise"
- name: Copy license file
copy:
src: "{{ item }}"
dest: "{{ splunk_home }}/etc/licenses/enterprise/{{ item }}"
src: "{{ item.src | default(item) }}"
dest: "{{ splunk_home }}/etc/licenses/enterprise/{{ item.dest | default(item) }}"
owner: "{{ splunk_nix_user }}"
group: "{{ splunk_nix_group }}"
mode: "0600"
loop: "{{ splunk_license_file }}"
become: yes
notify: restart splunk
when:
- splunk_license_group=="Enterprise"
- name: "Remove {{ mode_option }} when using local license"
Expand All @@ -50,6 +51,18 @@
group: "{{ splunk_nix_group }}"
become: yes
notify: restart splunk
- name: Set pass4SymmKey on LM
ini_file:
path: "{{ splunk_home }}/etc/system/local/server.conf"
section: general
option: pass4SymmKey
value: "{{ splunk_general_key }}"
owner: "{{ splunk_nix_user }}"
group: "{{ splunk_nix_group }}"
become: yes
notify: restart splunk
when:
- splunk_license_group=="Enterprise"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be when "'licensemaster' in group_names".

It does not seem that much thought was put in to the LM configuration. I think there should be a splunk_lm_key variable just like there is one for the idxc etc. even though this one is in the general stanza. The default value in main.yml can be splunk_lm_key: "{{ splunk_general_key }}", but it gives you the option to customize it based on the role.

If done this way, the pass4SymmKey value for the license peer, should also be changed to splunk_lm_key.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if it is a good way to only check when "'licensemaster' in group_names", because what if someone has an additional standalone server with it's own license. I think the naming licensemaster can than be misleading.

I do not agree with a new variable, as the licensing does not have an own pass4SymmKey. It uses the one under the general stanza. So changing the pass4SymmKey besides the splunk_general_key generates different configurations.

when:
- not splunk_license_group=="Peer"
- splunk_install_type=="full"
Expand Down