Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mercedes-benz/ansible-for-splunk-cloud

Ansible playbooks for configuring and managing Splunk Cloud deployments with the Admin Config Service (ACS) API
https://github.com/mercedes-benz/ansible-for-splunk-cloud

acs ansible cicd cloud splunk

Last synced: 3 months ago
JSON representation

Ansible playbooks for configuring and managing Splunk Cloud deployments with the Admin Config Service (ACS) API

Host: GitHub
URL: https://github.com/mercedes-benz/ansible-for-splunk-cloud
Owner: mercedes-benz
License: mit
Created: 2023-04-28T06:25:16.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2024-11-06T10:34:57.000Z (3 months ago)
Last Synced: 2024-11-06T11:36:41.865Z (3 months ago)
Topics: acs, ansible, cicd, cloud, splunk
Homepage:
Size: 35.2 KB
Stars: 25
Watchers: 4
Forks: 8
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md

Awesome Lists containing this project

README

# ansible-for-splunk-cloud

## Usage

:warning: Warning: These ansible playbooks will adjust configurations in your Splunk Cloud environment. In this process configurations like apps or indexes will get deleted when not configured in ansible correctly.

### Quickstart

1. Add your Splunk Cloud FQDN to `inventory/inventory.yml`.
2. Generate a token with an user which has the [required capabilities](https://docs.splunk.com/Documentation/SplunkCloud/latest/Config/ACSreqs). The `sc_admin` role has all required capabilities by default.
3. Encrypt the token with `ansible-vault` and place it into `inventory/*/host_vars/vars.yml`.
4. Encrypt your splunkbase username + password and place it into `inventory/group_vars/splunkcloud.yml`
5. Use GitHub repositiory secrets to store the ansible-vault password in the `ANSIBLE_VAULT_PASSWORD` variable (this is needed so the workflows can decrypt the variables when running the playbooks).
6. Adjust the config files to trigger the workflows/ansible playbooks.

### create/update/delete an index

```bash
ansible-playbook -i inventory --ask-vault-password cloud_index_config.yml

# only create/update indexes without removing anything
ansible-playbook -i inventory --ask-vault-password cloud_index_config.yml --skip-tags splunk_cloud_remove_index
```

```yaml
splunk_cloud_index_list:
- name: "testindex"
searchableDays: 92
maxDataSizeMB: 1024
- name: "testindex-2"
datatype: "metric"
```

### install/update/remove a private app

```bash
ansible-playbook -i inventory --ask-vault-password cloud_privateapp_install.yml

# only install/update private apps without removing anything
ansible-playbook -i inventory --ask-vault-password cloud_privateapp_install.yml --skip-tags splunk_cloud_remove_apps
```

```yaml
splunk_cloud_private_app_folder: "./apps/"
```

### install/update/remove a splunkbase app

```bash
ansible-playbook -i inventory --ask-vault-password cloud_splunkbaseapp_install.yml

# only install/update splunkbase apps without removing anything
ansible-playbook -i inventory --ask-vault-password cloud_splunkbaseapp_install.yml --skip-tags splunkbase_remove_app
```

```yaml
splunkbase_username: my-splunk-account-username # please use ansible-vault
splunkbase_password: my-secret-splunk-password # please use ansible-vault
splunkbase_app_list:
- id: 2968 # SA-cim_vladiator
version: "1.8.2"
license: "https://www.apache.org/licenses/LICENSE-2.0.html"
permissions: # optional
sharing: "global"
read: "*"
write: "sc_admin,power"
```

### configure splunk cloud ingress rules

```bash
ansible-playbook -i inventory --ask-vault-password cloud_ingress_allow.yml

# only add ingress rules without removing anything
ansible-playbook -i inventory --ask-vault-password cloud_ingress_allow.yml --skip-tags splunk_cloud_ingress_remove
```

```yaml
splunk_cloud_ingress_allow_list:
search-ui:
- "1.2.3.4/32"
search-api:
- "4.3.2.1/32"
idm-api:
- "3.2.1.4/32"
s2s:
- "2.1.4.3/32"
hec:
- "1.3.4.2/32"
```

### configure splunk cloud egress rules

```bash
ansible-playbook -i inventory --ask-vault-password cloud_egress_allow.yml

# only add egress rules without removing anything
ansible-playbook -i inventory --ask-vault-password cloud_egress_allow.yml --skip-tags splunk_cloud_egress_remove
```

```yaml
splunk_cloud_egress_allow_list:
- port: 8089
subnets:
- "1.1.1.1/32" # some public endpoint you need to access from splunk cloud
- "8.8.8.8/32" # some public endpoint you need to access from splunk cloud
```

## Contributing

We welcome any contributions.
If you want to contribute to this project, please read the [contributing guide](CONTRIBUTING.md).

## Code of Conduct

Please read our [Code of Conduct](CODE_OF_CONDUCT.md) as it is our base for interaction.

## License

This project is licensed under the [MIT LICENSE](LICENSE).

## Provider Information

Please visit for information on the provider.

Notice: Before you use the program in productive use, please take all necessary precautions,
e.g. testing and verifying the program with regard to your specific use.
The program was tested solely for our own use cases, which might differ from yours.

## Legal

* Ansible is a registered trademark of Red Hat, Inc. in the United States and other countries.
* Splunk, Splunk>, and Turn Data Into Doing are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2023 Splunk Inc. All rights reserved.