From 692e366dbd21711244d81efb5c0587900bb25f50 Mon Sep 17 00:00:00 2001
From: Mason Morales <mmorales@splunk.com>
Date: Fri, 6 Aug 2021 15:54:09 -0700
Subject: [PATCH] Bugfix and serverclass generation (#84)

* Accept license after other configuration tasks are done instead of immediately after unarchive
* Add serverclass.conf generation and documentation
---
 README.md                                     |  1 +
 environments/production/host_vars/my-ds.yml   | 39 +++++++++++++++++++
 roles/splunk/tasks/configure_serverclass.yml  | 20 ++++++++++
 roles/splunk/tasks/download_and_unarchive.yml |  3 --
 roles/splunk/tasks/install_splunk.yml         |  3 ++
 roles/splunk/tasks/upgrade_splunk.yml         |  3 ++
 roles/splunk/templates/serverclass.conf.j2    | 33 ++++++++++++++++
 7 files changed, 99 insertions(+), 3 deletions(-)
 create mode 100644 environments/production/host_vars/my-ds.yml
 create mode 100644 roles/splunk/tasks/configure_serverclass.yml
 create mode 100644 roles/splunk/templates/serverclass.conf.j2

diff --git a/README.md b/README.md
index 2c500c6f..1c6cab93 100644
--- a/README.md
+++ b/README.md
@@ -138,6 +138,7 @@ Note: Any task with an **adhoc** prefix means that it can be used independently
 - **configure_facl.yml** - Configure file system access control lists (FACLs) to allow the splunk user to read /var/log files and add the splunk user's group to /etc/audit/auditd.conf to read /var/log/audit/ directory. This allows the splunk user to read privileged files from a non-privileged system account. Note: This task is performed automatically during new installations when splunk is installed as a non-root user.
 - **configure_license.yml** - Configure the license master URI in server.conf for full Splunk installations when `splunk_uri_lm` has been defined. Note: This could also be accomplished using configure_apps.yml with a git repository.
 - **configure_os.yml** - Increases ulimits for the splunk user and disables Transparent Huge Pages (THP) per Splunk implementation best practices.
+- **configure_serverclass.yml** - Generates a new serverclass.conf file from the serverclass.conf.j2 template and installs it to $SPLUNK_HOME/etc/system/local/serverclass.conf.
 - **configure_shc_captain.yml** - Perform a `bootstrap shcluster-captain` using the server list provided in `splunk_shc_uri_list`.
 - **configure_shc_deployer.yml** - Configures a Splunk host to act as a search head deployer by configuring the pass4SymmKey contained in `splunk_shc_key` and the shcluster_label contained in `splunk_shc_label`.
 - **configure_shc_members.yml** - Initializes search head clustering on Splunk hosts that will be participating in a new search head cluster. Relies on the values of: `splunk_shc_key`, `splunk_shc_label`, `splunk_shc_deployer`, `splunk_shc_rf`, `splunk_shc_rep_port`, `splunkd_port`, `splunk_admin_username`, and `splunk_admin_password`. Be sure to review the default values for the role for these and configure them appropriately in your group_vars.
diff --git a/environments/production/host_vars/my-ds.yml b/environments/production/host_vars/my-ds.yml
new file mode 100644
index 00000000..73550e6d
--- /dev/null
+++ b/environments/production/host_vars/my-ds.yml
@@ -0,0 +1,39 @@
+---
+# Example host_vars for a deployment server that is leveraging the configure_serverclass.yml task to manage serverclass.conf
+serverclasses:
+# First server class example, basic definition:
+  - serverclass: ALL
+    whitelist:
+      - '*'
+    apps:
+      - name: my_outputs_addon
+        options:
+          restartSplunkd: 1
+# Second server class example, adding in the platform filter:
+  - serverclass: ALL_NIX
+    whitelist:
+      - '*'
+    platform: linux-x86_64
+    apps:
+      - name: Splunk_TA_nix
+        options:
+          restartSplunkd: 1
+# Third server class example, adding multiple apps and filters with additional options configured for each app:
+  - serverclass: ALL_WINDOWS_x64
+    whitelist:
+      - 'hosta'
+      - 'hostb'
+      - 'windows-dc-*'
+    blacklist:
+      - 'hostc'
+    platform: windows-x64
+    apps:
+      - name: Splunk_TA_windows
+        options:
+          restartSplunkd: 0
+          restartIfNeeded: 1
+      - name: custom_windows_inputs
+        options:
+          restartSplunkWeb: 0
+          restartSplunkd: 1
+          stateOnClient: enabled
diff --git a/roles/splunk/tasks/configure_serverclass.yml b/roles/splunk/tasks/configure_serverclass.yml
new file mode 100644
index 00000000..0cc602f5
--- /dev/null
+++ b/roles/splunk/tasks/configure_serverclass.yml
@@ -0,0 +1,20 @@
+---
+- name: Check for duplicate serverclasses
+  assert:
+    that: >
+          serverclasses | map(attribute='serverclass') | list | count
+          ==
+          serverclasses | map(attribute='serverclass') | list | unique | count
+    fail_msg: "A duplicate serverclass has been detected! Please correct the vars and try again."
+
+- name: Generate serverclass.conf from vars
+  template:
+    src: serverclass.conf.j2
+    dest: "{{ splunk_home }}/etc/system/local/serverclass.conf"
+    backup: true
+    mode: 0644
+    owner: "{{ splunk_nix_user }}"
+    group: "{{ splunk_nix_group }}"
+  become: true
+  notify: reload deployment server
+  when: serverclasses is defined
diff --git a/roles/splunk/tasks/download_and_unarchive.yml b/roles/splunk/tasks/download_and_unarchive.yml
index ab68ba67..9f8b979a 100644
--- a/roles/splunk/tasks/download_and_unarchive.yml
+++ b/roles/splunk/tasks/download_and_unarchive.yml
@@ -28,6 +28,3 @@
   become: true
   notify:
     - start splunk
-
-- name: Include accept license task
-  include_tasks: splunk_license_accept.yml
diff --git a/roles/splunk/tasks/install_splunk.yml b/roles/splunk/tasks/install_splunk.yml
index e7d62679..d4181752 100644
--- a/roles/splunk/tasks/install_splunk.yml
+++ b/roles/splunk/tasks/install_splunk.yml
@@ -61,6 +61,9 @@
   include_tasks: configure_disable_mgmt_port.yml
   when: splunk_disable_mgmt_port
 
+- name: Include accept license task
+  include_tasks: splunk_license_accept.yml
+
 - name: Include post-install tasks
   include_tasks: post_install.yml
 
diff --git a/roles/splunk/tasks/upgrade_splunk.yml b/roles/splunk/tasks/upgrade_splunk.yml
index 028a2d40..16fc43a4 100644
--- a/roles/splunk/tasks/upgrade_splunk.yml
+++ b/roles/splunk/tasks/upgrade_splunk.yml
@@ -13,6 +13,9 @@
 - name: Include download and unarchive task
   include_tasks: download_and_unarchive.yml
 
+- name: Include accept license task
+  include_tasks: splunk_license_accept.yml
+
 - name: Enable boot start
   include_tasks: configure_splunk_boot.yml
 
diff --git a/roles/splunk/templates/serverclass.conf.j2 b/roles/splunk/templates/serverclass.conf.j2
new file mode 100644
index 00000000..ab711010
--- /dev/null
+++ b/roles/splunk/templates/serverclass.conf.j2
@@ -0,0 +1,33 @@
+# This file is managed by Ansible - DO NOT MODIFY MANUALLY OR VIA SPLUNK WEB
+{% for x in serverclasses %}
+[serverClass:{{ x.serverclass }}]
+{% if x.platform is defined %}
+machineTypesFilter = {{ x.platform }}
+{% endif %}
+{% if x.blacklist is defined %}
+{% set blacklistindex = namespace(value=0) %}
+{% for y in x.blacklist %}
+blacklist.{{ blacklistindex.value }} = {{ y }}
+{% set blacklistindex.value = blacklistindex.value + 1 %}
+{% endfor %}
+{% endif %}
+{% if x.whitelist is defined %}
+{% set whitelistindex = namespace(value=0) %}
+{% for y in x.whitelist %}
+whitelist.{{ whitelistindex.value }} = {{ y }}
+{% set whitelistindex.value = whitelistindex.value + 1 %}
+{% endfor %}
+{% endif %}
+
+{% if x.apps is defined %}
+{% for z in x.apps %}
+[serverClass:{{ x.serverclass }}:app:{{ z.name }}]
+{% if z.options is defined %}
+{% for key, value in z.options.items() %}
+{{ key }} = {{ value }}
+{% endfor %}
+{% endif %}
+
+{% endfor %}
+{% endif %}
+{% endfor %}