Ansible breaks part of functionality on 9.2.x, if it is not license manager.

[yaroslav-nakonechnikov]

https://github.com/splunk/splunk-ansible/blob/9.2.1/roles/splunk_common/tasks/enable_forwarding.yml#L57 this breaks functionality of splunk deployment server.

using defaults.yml file doesn't help. I suggest remove this block, or add new variable which will help to set it up.

splunk support ticket: https://splunk.my.site.com/customer/s/case/5005a00002xKTVtAAO/docker-splunk-and-deployment-server

[yaroslav-nakonechnikov]

atm workaround looks like:

- name: fix outputs.conf
  lineinfile:
    path: /opt/splunk/etc/system/local/outputs.conf
    regexp: '^(.*)index =(.*)$'
    line: 'index = True'
    backrefs: yes
  notify:
    - Restart the splunkd service

and setting SPLUNK_ANSIBLE_POST_TASKS = "file:///mnt/path/to/post_tasks.yml"

[jmeixensperger]

Can you elaborate on what functionality is broken? Apologies if it's described in the support ticket--I do not have access to view its details.

All deployment servers that I create on 9.2.1 are able to successfully distribute apps to other instances.

[yaroslav-nakonechnikov]

@jmeixensperger https://some_addess/en-US/manager/system/deploymentserver is always empty, for example, with blank screen

[jmeixensperger]

@yaroslav-nakonechnikov I am unable to reproduce using Splunk 9.2.1 and the latest commits of splunk-ansible. Can you try this out yourself and let me know if you are still seeing the issue?

Here's what I did:

1. Pull the latest release/develop commit of splunk-ansible in docker-splunk and run: make splunk-redhat-8
2. Setup a docker-compose.yml using the docker-splunk example here: https://github.com/splunk/docker-splunk/blob/develop/docs/advanced/DEPLOYMENT_SERVER.md#create-standalone-and-deployment-server. Copy the ports section to expose the web port for the deployment server as well.
3. Run docker-compose with a valid SPLUNK_PASSWORD and set SPLUNK_IMAGE to the new image that was built in step 1.
4. Wait for the containers to provision. Find the deployment server exposed port and navigate to the url that you shared above.

I also verified that local indexing was indeed disabled through the ansible provisioning. The playbook execution contains:

2024-06-21 10:52:32 TASK [splunk_common : Disable indexing on the current node] ********************
2024-06-21 10:52:32 changed: [localhost]

And the /opt/splunk/etc/system/local/outputs.conf file contains:

[indexAndForward]
index = false

[yaroslav-nakonechnikov]

and it should be with value true.

[jmeixensperger]

We also patched the 9.2.1 docker-splunk image a couple days ago with the splunk-ansible changes that I mentioned. You can try that out to verify if the blank screen issue is still occurring. Let me know if there are more specific steps required to reproduce this issue beyond the example that I shared above.

[jmeixensperger]

@yaroslav-nakonechnikov can you also clarify what you mean by a "blank screen" in case my understanding is wrong? A screenshot example would also be helpful.

[yaroslav-nakonechnikov]

@jmeixensperger

[yaroslav-nakonechnikov]

is https://github.com/splunk/splunk-ansible/pull/855 already released in some container on docker.hub?