Skip to content

feat: add become statements to allow non-root ansible execution #893

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
tod-uma wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

feat: add become statements to allow non-root ansible execution #893

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions roles/splunk_common/tasks/enable_forwarding.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
# Configure forwarding to indexer cluster master
# See: https://docs.splunk.com/Documentation/Splunk/latest/Indexer/indexerdiscovery
- name: Setup indexer discovery for index-clustering
become: yes
become_user: "{{ splunk.user }}"
ini_file:
path: "{{ splunk.home }}/etc/system/local/outputs.conf"
section: "indexer_discovery:splunk-indexer"
Expand All @@ -21,6 +23,8 @@
label: "{{ item.key }}"

- name: Setup tcpout group for index-clustering
become: yes
become_user: "{{ splunk.user }}"
ini_file:
path: "{{ splunk.home }}/etc/system/local/outputs.conf"
section: "tcpout:group1"
Expand All @@ -40,6 +44,8 @@
register: tcpout_group

- name: Setup default tcpout group for index-clustering
become: yes
become_user: "{{ splunk.user }}"
ini_file:
path: "{{ splunk.home }}/etc/system/local/outputs.conf"
section: "tcpout"
Expand All @@ -57,6 +63,8 @@

# NOTE: If this task is called or used, it will disable all local indexing!
- name: Disable indexing on the current node
become: yes
become_user: "{{ splunk.user }}"
ini_file:
path: "{{ splunk.home }}/etc/system/local/outputs.conf"
section: "indexAndForward"
Expand Down
8 changes: 8 additions & 0 deletions roles/splunk_common/tasks/enable_splunkweb_ssl.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
owner: "{{ splunk.user }}"
group: "{{ splunk.group }}"
mode: 0660
become: true
become_user: "{{ splunk.user }}"

- name: Set Web certificate path
ini_file:
Expand All @@ -21,6 +23,8 @@
when:
- splunk.http_enableSSL_cert is defined
- splunk.http_enableSSL_cert
become: true
become_user: "{{ splunk.user }}"

- name: Set Web private key path
ini_file:
Expand All @@ -34,6 +38,8 @@
when:
- splunk.http_enableSSL_privKey is defined
- splunk.http_enableSSL_privKey
become: true
become_user: "{{ splunk.user }}"

- name: Set Web private key password
ini_file:
Expand All @@ -47,3 +53,5 @@
when:
- splunk.http_enableSSL_privKey_password is defined
- splunk.http_enableSSL_privKey_password
become: true
become_user: "{{ splunk.user }}"
8 changes: 8 additions & 0 deletions roles/splunk_common/tasks/s2s/configure_splunktcp.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
---
- name: Enable splunktcp input
become: yes
become_user: "{{ splunk.user }}"
ini_file:
dest: "{{ splunk.home }}/etc/system/local/inputs.conf"
section: "splunktcp://{{ splunk.s2s_port if splunk.s2s_port is defined else splunk.s2s.port }}"
Expand All @@ -10,6 +12,8 @@
register: splunktcp_enabled

- name: Remove splunktcp-ssl input
become: yes
become_user: "{{ splunk.user }}"
ini_file:
dest: "{{ splunk.home }}/etc/system/local/inputs.conf"
section: "splunktcp-ssl:{{ splunk.s2s_port if splunk.s2s_port is defined else splunk.s2s.port }}"
Expand All @@ -19,6 +23,8 @@
register: splunktcp_ssl_disabled

- name: Remove input SSL settings
become: yes
become_user: "{{ splunk.user }}"
ini_file:
dest: "{{ splunk.home }}/etc/system/local/inputs.conf"
section: SSL
Expand All @@ -28,6 +34,8 @@
register: splunktcp_ssl_reset

- name: Reset root CA
become: yes
become_user: "{{ splunk.user }}"
ini_file:
dest: "{{ splunk.home }}/etc/system/local/inputs.conf"
section: sslConfig
Expand Down
2 changes: 2 additions & 0 deletions roles/splunk_common/tasks/set_general_symmkey_password.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
group: "{{ splunk.group }}"
register: set_symmkey
no_log: "{{ hide_password }}"
become: true
become_user: "{{ splunk.user }}"

- include_tasks: trigger_restart.yml
when: set_symmkey is changed
4 changes: 4 additions & 0 deletions roles/splunk_common/tasks/set_http_port.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
owner: "{{ splunk.user }}"
group: "{{ splunk.group }}"
when: splunk.http_port == 0
become: true
become_user: "{{ splunk.user }}"

- name: Set HTTP Port
ini_file:
Expand All @@ -18,3 +20,5 @@
owner: "{{ splunk.user }}"
group: "{{ splunk.group }}"
when: splunk.http_port != 0
become: true
become_user: "{{ splunk.user }}"
4 changes: 4 additions & 0 deletions roles/splunk_common/tasks/set_mgmt_port.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@
- "'svc_port' in splunk"
- ansible_system is not match("CYGWIN*|Win32NT")
register: set_mgmt_port
become: true
become_user: "{{ splunk.user }}"

- name: Set mgmt port (Windows)
ini_file:
Expand All @@ -30,6 +32,8 @@
- ansible_system is match("CYGWIN*|Win32NT")
- splunk.svc_port | int != 8089
register: set_mgmt_port
become: true
become_user: "{{ splunk.user }}"

# Restart only when Splunk is running and when any of the above have changed
- include_tasks: ../handlers/restart_splunk.yml
Expand Down