splunk / ansible-role-for-splunk

Splunk@Splunk's Ansible role for installing Splunk, upgrading Splunk, and installing apps/addons on Splunk deployments (VM/bare metal)
Apache License 2.0
147 stars 103 forks source link

How to deploy apps without deleting local/ files #196

Open emallinger opened 1 year ago

emallinger commented 1 year ago

Hello,

I'm very glad for this role and I've started to adapt it to my ecosystem. When trying to use tasks/configure_apps.yml, I discovered it is based on each app having its own git repository. Got it. When dry running the playbook on my test instance, the sync action included in tasks/install_apps.yml always outputs :

*deleting   myapp/local/filename
... 

In tasks/install_apps.yml, the sync actions starts like this :

# Note: By using the synchronize module, if the repo already exists on the target host, we are able to only update the diff while preserving the local/ folder
- name: "Synchronize {{ item.name }} repo from local Ansible host to {{ splunk_home }}/{{ app_dest }}/{{ item.name }} on remote host"
    synchronize:
    src: "{{ app_src }}"
    dest: "{{ splunk_home }}/{{ app_dest }}/"
    recursive: true
    delete: true
    checksum: true
    rsync_opts:
      - "--prune-empty-dirs"
      - "--itemize-changes"
      - "--no-owner"
      - "--no-group"
      - "--no-times"
  become: true
  become_user: "{{ splunk_nix_user }}"
  notify: "{{ handler }}"

I do not see here which rsync option is supposed to allow the protection of local/ folder and its content.

I'm lost as to how I'm supposed to have the expected behavior.

Could someone point me in the right direction ?

Thank you !

Regards, Ema

dtwersky commented 1 year ago

I'm pretty sure that it does not delete the files that are not configured to be copied over. In fact, there was discussion of adding a task that will clean up unused apps that are either not in the list, or are not in a serverclass.

This may be some bug in the check_mode on ansibles side. but to be safe, I would run a test on a non-prod host without --check, and see what happens.

emallinger commented 1 year ago

Hi, Just understood you were asking me to test it without the --check option. I'll do that asap and get back to you. ;) Regards,

emallinger commented 1 year ago

Hi again,

Tested it ! Here's the results.

=> check mode:

<fc.T...... search_portal/.git/index
<fcsT...... search_portal/.git/logs/HEAD
<fc.T...... search_portal/.git/logs/refs/heads/main
<fc.T...... search_portal/.git/logs/refs/remotes/origin/HEAD
<fcsTp..... search_portal/metadata/local.meta
*deleting   search_portal/local/savedsearches.conf
*deleting   search_portal/local/

=> for real :

<fc.T...... search_portal/.git/index
<fcsT...... search_portal/.git/logs/HEAD
<fc.T...... search_portal/.git/logs/refs/heads/main
<fc.T...... search_portal/.git/logs/refs/remotes/origin/HEAD
<fcsTp..... search_portal/metadata/local.meta
*deleting   search_portal/local/savedsearches.conf
*deleting   search_portal/local/
*deleting   search_portal/.git/FETCH_HEAD

Also, I added "--filter=rsync-filter" in install_apps.yml with half success => some of .git files are synchronized but not all and then in any case the line *deleting search_portal/.git/FETCH_HEAD feels weird.

Here's my rsyncfilter :

+ /opt/
+ /opt/splunk/
+ /opt/splunk/etc/
+ /opt/splunk/etc/apps/
+ /opt/splunk/etc/apps/search_portal/
- /.git
- /*/.git
- /.gitignore
- /*/README.txt
- /*/README.MD
- /*/README.md
- /*/app.manifest
- /*/githash
- /*/package.json
- *

Not sure what to think of it all. I'll take any ideas you might have :), I'm probably doing something not the expected way... Thanks ! Ema