Splunk forwarder installation using Ansible

Splunk forwarder installation can be accomplished using Ansible. In this guide, we are about to see a small playbook which can be used for multiple times with any numbers of remote servers.

In my case, the requirement came to install on hundreds of RHEL 7 servers. Creating playbook took 20 mins by referring to existing playbooks and official guide. Finally completed installing on all servers within 10 mins.

Modules we are using in this playbook

Before start using this playbook replace “your_username” with a remote user account which you are using to manage servers. This playbook builds only with copy, yum, shell, command and debug modules. This is more than enough to handle this simple installation and managing the forwarder service.

Splunk Forwarder download

The forwarder package version I’m using in this guide is little older, to get the latest one refer our Splunk forwarder installation guide.

Ansible Related Articles

1. Install and configure Ansible Automation IT Tool
2. Install Ansible using Python installation manager pip
3. How to create a host’s Inventory using Ansible
4. Managing Groups and User creation using Ansible
5. Creating a Logical volume based file system using Ansible

Copy paste of Playbook

---
- hosts: "{{ hosts_prompt }}"
  
  vars_prompt:
    - name: "hosts_prompt"
      prompt: "hostname or host group need to run with Playbook"
      private: no

  tasks:

    - name: Copy the Splunk Forwarder RPM to remote Servers.
      remote_user: your_username
      become: yes
      become_method: sudo
      copy:
         src: /home/ansibleadmin/splunkforwarder-6.6.3-e21ee54bc796-linux-2.6-x86_64.rpm
         dest: /home/your_username/
         owner: your_username
         group: your_username
         mode: 0644
 
    - name: Install Splunk Forwarder RPM package on remote servers.
      remote_user: your_username
      become: yes
      become_method: sudo
      yum: state=present name={{ item }}
      with_items:
            - /home/your_username/splunkforwarder-6.6.3-e21ee54bc796-linux-2.6-x86_64.rpm 

    - name: Copy the Splunk Forwarder config from your centralized server to remote servers.
      remote_user: your_username
      become: yes
      become_method: sudo
      copy:
        src: /home/ansibleadmin/splunk_forwarder_output/
        dest: /opt/splunkforwarder/etc/system/
        directory_mode: yes
        owner: splunk
        group: splunk
        mode: 0600

    - name: Start Splunk forwarder service.
      remote_user: your_username
      become: yes
      become_method: sudo
      become_user: splunk
      shell:
        /opt/splunkforwarder/bin/splunk start --accept-license

    - name: Check Splunk forwarder service.
      remote_user: your_username
      become: yes
      become_method: sudo
      command:
        /opt/splunkforwarder/bin/splunk status
      register: service_splunk_status

    - name: Report Splunk forwarder Status.
      remote_user: your_username
      become: yes
      become_method: sudo
      debug:
         var: service_splunk_status.stdout_lines

That’s it, Ansible made our life more easier.

Are you looking for Oracle RAC server preparation? Keep in touch you can expect soon. If you need more Ansible relevant articles, you can find at the beginning of this post else scroll little below to find the same.

Conclusion:

Automating RPM installation on the remote servers can be accomplished using a simple playbook. Will come up with more playbook in future. Subscriber to our newsletter to receive the updates.