From 8784d5595937d01d62f25ac9342ddb079112961c Mon Sep 17 00:00:00 2001 From: Ian Formanek Date: Thu, 22 Dec 2011 17:01:54 +0100 Subject: [PATCH 1/5] Added ability to specify the default admin password for initial splunk install - override the [:splunk][:admin_password] attribute with the desired value --- attributes/default.rb | 1 + recipes/default.rb | 8 ++++++++ templates/default/user-seed.conf.erb | 17 +++++++++++++++++ 3 files changed, 26 insertions(+) create mode 100644 templates/default/user-seed.conf.erb diff --git a/attributes/default.rb b/attributes/default.rb index 4b26a98..941075b 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -1,4 +1,5 @@ default[:splunk][:root] = "/opt/splunk" +default[:splunk][:admin_password] = "changeme" default[:splunk][:version] = "4.2.4-110225" default[:splunk][:proxy_user] = "admin" default[:splunk][:proxy_pass] = "{SHA}+pvrmeQCmtWmYVOZ57uuITVghrM=" diff --git a/recipes/default.rb b/recipes/default.rb index 9f19496..eee0571 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -24,6 +24,14 @@ source "/usr/src/splunk-#{node[:splunk][:version]}-linux-2.6-#{pkg_arch}.deb" end +template "#{node[:splunk][:root]}/etc/system/default/user-seed.conf" do + action :create + source "user-seed.conf.erb" + owner "root" + group "root" + mode "600" +end + service "splunk" do supports :status => true, :restart => true, :reload => false start_command "#{node[:splunk][:root]}/bin/splunk start --accept-license --answer-yes --no-prompt" diff --git a/templates/default/user-seed.conf.erb b/templates/default/user-seed.conf.erb new file mode 100644 index 0000000..9df36a1 --- /dev/null +++ b/templates/default/user-seed.conf.erb @@ -0,0 +1,17 @@ +# Copyright (C) 2005-2011 Splunk Inc. All Rights Reserved. Version 4.2.5 +# +# This is an example user-seed.conf. Use this file to create an initial login. +# +# NOTE: To change the default start up login and password, this file must be in +# $SPLUNK_HOME/etc/system/default/ prior to starting Splunk for the first time. +# +# To use this configuration, copy the configuration block into user-seed.conf +# in $SPLUNK_HOME/etc/system/local/. You must restart Splunk to enable configurations. +# +# To learn more about configuration files (including precedence) please see the documentation +# located at http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles + + +[user_info] +USERNAME = admin +PASSWORD = <%= node[:splunk][:admin_password] %> \ No newline at end of file From c258e044bf866266b7d5d59728f1fdec777219f3 Mon Sep 17 00:00:00 2001 From: Ian Formanek Date: Sun, 15 Jan 2012 17:05:17 +0100 Subject: [PATCH 2/5] Updated splunk to latest release (4.3) and fixed the URL creation to work with 2 digit version number --- attributes/default.rb | 2 +- recipes/default.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/attributes/default.rb b/attributes/default.rb index 941075b..f4e7f66 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -1,6 +1,6 @@ default[:splunk][:root] = "/opt/splunk" default[:splunk][:admin_password] = "changeme" -default[:splunk][:version] = "4.2.4-110225" +default[:splunk][:version] = "4.3-115073" default[:splunk][:proxy_user] = "admin" default[:splunk][:proxy_pass] = "{SHA}+pvrmeQCmtWmYVOZ57uuITVghrM=" default[:splunk][:alt_htpasswd] = false diff --git a/recipes/default.rb b/recipes/default.rb index eee0571..518b7c5 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -12,7 +12,7 @@ raise "seems that your system's architecture is neither i686 nor amd64; no dice." end -short_ver=node[:splunk][:version].match(/\d.\d.\d/).to_s +short_ver=node[:splunk][:version].match(/(.*)-/)[1] remote_file "/usr/src/splunk-#{node[:splunk][:version]}-linux-2.6-#{pkg_arch}.deb" do source "http://www.splunk.com/index.php/download_track?file=#{short_ver}/splunk/linux/splunk-#{node[:splunk][:version]}-linux-2.6-#{pkg_arch}.deb&ac=wiki_download&wget=true&name=wget&typed=releases" From 89f15be843ae7f5321bbaea7f9d8d25d84aa40f5 Mon Sep 17 00:00:00 2001 From: Ian Formanek Date: Mon, 16 Jan 2012 08:59:43 +0100 Subject: [PATCH 3/5] README mention for the admin_password attribute --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index f28e7e9..3f57db6 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,8 @@ Attributes `splunk[:proxy_pass]` - Sets the hashed password for basic HTTP authentication when using `splunk::apache_proxy`. Default is hashed value for 'changeme' matching the default splunk password. +`splunk[:admin_password]` - Sets the default admin password. The default value is Splunk's default `changeme`. + Future Plans ============ * Consider using tarball install to simplify support for all distributions. From f68ee6e5628777f861da17e4a28b6b2546ce135f Mon Sep 17 00:00:00 2001 From: Ian Formanek Date: Mon, 6 Feb 2012 18:12:48 +0100 Subject: [PATCH 4/5] Added attribute that allows to control whether splunk is only bound to local interface --- attributes/default.rb | 1 + metadata.rb | 7 ++++++- recipes/apache_proxy.rb | 21 +++++++++++++++------ 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/attributes/default.rb b/attributes/default.rb index f4e7f66..7b1e14f 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -4,3 +4,4 @@ default[:splunk][:proxy_user] = "admin" default[:splunk][:proxy_pass] = "{SHA}+pvrmeQCmtWmYVOZ57uuITVghrM=" default[:splunk][:alt_htpasswd] = false +default[:splunk][:bind_all_interfaces] = true \ No newline at end of file diff --git a/metadata.rb b/metadata.rb index 90cd9dc..37b88c5 100644 --- a/metadata.rb +++ b/metadata.rb @@ -2,7 +2,7 @@ maintainer_email "cameron@needle.com" license "Apache 2.0" description "Installs and configures splunk" -version "0.1.1" +version "0.1.2" depends "apache2" # for apache_proxy recipe recipe "splunk", "Default splunk indexer configuration" recipe "splunk::apache_proxy", "Configures Apache to proxy for splunk on port 80 with HTTP basic auth" @@ -31,3 +31,8 @@ :display_name => "Apache proxy htpasswd path", :description => "Path to an alternate htpasswd file for authenticating to splunk when using splunk::apache_proxy recipe", :default => "false" + +attribute "splunk/bind_all_interfaces", + :display_name => "Bind splunk to all interfaces", + :description => "If true, splunk will be listening on all interfaces, if false, only on localhost (127.0.0.1)", + :default => "true" diff --git a/recipes/apache_proxy.rb b/recipes/apache_proxy.rb index 7ec20ee..41b6edf 100644 --- a/recipes/apache_proxy.rb +++ b/recipes/apache_proxy.rb @@ -27,9 +27,18 @@ end end -execute "Update bind settings in #{node[:splunk][:root]}/etc/splunk-launch.conf" do - command "echo '\nSPLUNK_BINDIP=127.0.0.1\n' >> #{node[:splunk][:root]}/etc/splunk-launch.conf" - notifies :restart, resources(:service => "splunk") - not_if "grep SPLUNK_BINDIP=127.0.0.1 #{node[:splunk][:root]}/etc/splunk-launch.conf" -end - +if node[:splunk][:bind_all_interfaces] + # if bind to localhost is present, remove it + execute "Update bind settings in #{node[:splunk][:root]}/etc/splunk-launch.conf to allow bind on all interfaces" do + command "mv #{node[:splunk][:root]}/etc/splunk-launch.conf #{node[:splunk][:root]}/etc/splunk-launch.conf.backup; sed '/SPLUNK_BINDIP=127.0.0.1/d' #{node[:splunk][:root]}/etc/splunk-launch.conf.backup > #{node[:splunk][:root]}/etc/splunk-launch.conf" + notifies :restart, resources(:service => "splunk") + only_if "grep '^[[:space:]]*SPLUNK_BINDIP=127.0.0.1' #{node[:splunk][:root]}/etc/splunk-launch.conf" + end +else + # if bind to localhost is not present, add it + execute "Update bind settings in #{node[:splunk][:root]}/etc/splunk-launch.conf to allow bind only on 127.0.0.1" do + command "echo '\nSPLUNK_BINDIP=127.0.0.1\n' >> #{node[:splunk][:root]}/etc/splunk-launch.conf" + notifies :restart, resources(:service => "splunk") + not_if "grep '^[[:space:]]*SPLUNK_BINDIP=127.0.0.1' #{node[:splunk][:root]}/etc/splunk-launch.conf" + end +end \ No newline at end of file From 6de97900657c89607e14897ec84b2a39c33bc446 Mon Sep 17 00:00:00 2001 From: Ian Formanek Date: Mon, 6 Feb 2012 18:13:10 +0100 Subject: [PATCH 5/5] Removed apache authorization --- templates/default/splunk_proxy.erb | 8 -------- 1 file changed, 8 deletions(-) diff --git a/templates/default/splunk_proxy.erb b/templates/default/splunk_proxy.erb index 287d806..e0e504c 100644 --- a/templates/default/splunk_proxy.erb +++ b/templates/default/splunk_proxy.erb @@ -12,12 +12,4 @@ Order deny,allow Deny from all Allow from all - AuthName "<%= node[:fqdn] %>" - AuthType Basic -<% if node[:splunk][:alt_htpasswd] %> - AuthUserFile <%= node[:splunk][:alt_htpasswd] %> -<% else %> - AuthUserFile <%= node[:splunk][:root] %>/.htpasswd -<% end %> - Require valid-user