yaroslav-nakonechnikov
commented
11 months ago but if you need to preinstall it, why avanced.yml is not working? ansible supports splunkbase apps... at least there is a setting for it
Closed stefanjay closed 11 months ago
yaroslav-nakonechnikov
commented
11 months ago but if you need to preinstall it, why avanced.yml is not working? ansible supports splunkbase apps... at least there is a setting for it
stefanjay
commented
11 months ago but if you need to preinstall it, why avanced.yml is not working? ansible supports splunkbase apps... at least there is a setting for it
I don´t want to get you wrong - but I´m using the Helm Chart for the Splunk Operator, for this, I need to define everything in the values.yaml. Because of that, I´m creating this issue. Or do you referencing to a specific line in the chart?
yaroslav-nakonechnikov
commented
11 months ago @stefanjay if you install splunk-operator chart, without enterprise, so you will need to add manifests for crd's. in that case: https://github.com/splunk/splunk-operator/blob/main/helm-chart/splunk-operator/crds/enterprise.splunk.com_licensemasters.yaml#L1120C22-L1120C22
if you install enterprise chart, so there is a line: https://github.com/splunk/splunk-operator/blob/main/helm-chart/splunk-enterprise/values.yaml#L153C5-L153C5
these links are examples, but all exist for each and every role.
stefanjay
commented
11 months ago Thanks for your reply. I´d added the crds and installed the splunk operator and splunk enterprise chart already to deploy a s1 instance. I´m not sure how to define the apps in the chart.
My guess would be, becuase of the CRD
defaultsUrlApps:
description: Full path or URL for one or more defaults.yml files specific
to App install, separated by commas. The defaults listed here will
be installed on the CM, standalone, search head deployer or license
manager instance.
type: stringhttps://github.com/splunk/splunk-operator/blob/main/helm-chart/splunk-enterprise/values.yaml#L169
[169] defaultsUrlApps: "https://splunkbase.splunk.com/app/4353, https://splunkbase.splunk.com/app/3435"Is this correct?
yaroslav-nakonechnikov
commented
11 months ago i can't say for defaultsUrlApps, as i didn't use that.
but for defaults it should look something like:
defaults:
splunkbase_username: user
splunkbase_password: pass
splunk:
apps_location:
- https://splunkbase.splunk.com/app/4353/release/$versionA/download
- https://splunkbase.splunk.com/app/3435/release/$versionB/downloadit is described in https://github.com/splunk/splunk-ansible/blob/9.1.1/docs/ADVANCED.md#apps
stefanjay
commented
11 months ago Thanks, that´s what I was looking for. Any idea to reference user + pass a safe way using k8s secrets and environments variables? Like this:
extraEnv:
- name: splunkbase_username
valueFrom:
secretKeyRef:
name: splunkbase_username
key: user
- name: splunkbase_password
valueFrom:
secretKeyRef:
name: splunkbase_password
key: password
defaults:
splunkbase_username: $(SPLUNKBASE_USER)
splunkbase_password: $(SPLUNKBASE_PASS)
splunk:
apps_location:
- https://splunkbase.splunk.com/app/4353/release/1.7.15/downloadSadly that isn´t working as expected as the credentials are not correctly passed to the ansible task it seems:
│ WARNING: No password ENV var. Stack may fail to provision if splunk.password is not set in ENV or a default.yml │
│ [DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the │
│ controller starting with Ansible 2.12. Current version: 3.7.16 (default, Sep 8 │
│ 2023, 18:10:23) [GCC 8.5.0 20210514 (Red Hat 8.5.0-18)]. This feature will be │
│ removed from ansible-core in version 2.12. Deprecation warnings can be disabled │
│ by setting deprecation_warnings=False in ansible.cfg. │
│ [DEPRECATION WARNING]: COMMAND_WARNINGS option, the command warnings feature is │
│ being removed. This feature will be removed from ansible-core in version 2.14. │
│ Deprecation warnings can be disabled by setting deprecation_warnings=False in │
│ ansible.cfg. │
│ [DEPRECATION WARNING]: [defaults]callback_whitelist option, normalizing names │
│ to new standard, use callbacks_enabled instead. This feature will be removed │
│ from ansible-core in version 2.15. Deprecation warnings can be disabled by │
│ setting deprecation_warnings=False in ansible.cfg. │
│ [WARNING]: * Failed to parse /opt/ansible/inventory/environ.py with script │
│ plugin: Inventory script (/opt/ansible/inventory/environ.py) had an execution │
│ error: Traceback (most recent call last): File │
│ "/opt/ansible/inventory/environ.py", line 881, in <module> main() File │
│ "/opt/ansible/inventory/environ.py", line 867, in main │
│ getSplunkInventory(inventory) File "/opt/ansible/inventory/environ.py", line │
│ 95, in getSplunkInventory inventory["all"]["vars"] = getDefaultVars() │
│ File "/opt/ansible/inventory/environ.py", line 147, in getDefaultVars │
│ getSplunkbaseToken(defaultVars) File "/opt/ansible/inventory/environ.py", │
│ line 353, in getSplunkbaseToken raise Exception("Invalid Splunkbase │
│ credentials - will not download apps from Splunkbase") Exception: Invalid │
│ Splunkbase credentials - will not download apps from Splunkbase │
│ [WARNING]: * Failed to parse /opt/ansible/inventory/environ.py with ini │
│ plugin: /opt/ansible/inventory/environ.py:16: Expected key=value host variable │
│ assignment, got: __future__ │
│ [WARNING]: Unable to parse /opt/ansible/inventory/environ.py as an inventory │
│ source │
│ ERROR! No inventory was parsed, please check your configuration and options. │
│ Stream closed EOF for splunk-enterprise/splunk-s1-forwarder-standalone-0 (splunk) │you can use SPLUNKBASE_USERNAME and SPLUNKBASE_PASSWORD environment variables for that. list of possible variables also listed in https://github.com/splunk/splunk-ansible/blob/9.1.1/docs/ADVANCED.md#apps
by the way, you can add tricky things with power of jinja. But this is not recommended, i guess. For example: https://github.com/splunk/splunk-operator/issues/1048#issuecomment-1405123619, there i had to pass specific setting depending on SPLUNK_ROLE env variable
stefanjay
commented
11 months ago That´s it! Thanks a lot helping me out. 🥇
Please select the type of request
Feature Request
Tell us more
Describe the request I want to add Apps from the Splunk Base, preferable the appID to be deployed with my splunk deployment.
e.g. https://splunkbase.splunk.com/app/4353 which is the config explorer using ID 4353.
Expected behavior I want to configure this within the helm chart.
Splunk setup on K8S AKS using 1.27.3 with splunk operator 2.3.0 and splunk 9.1.1
Reproduction/Testing steps Find option to add apps using the ids from the splunk base is not documented.
K8s environment 1.27.3 AKS
Proposed changes(optional) add ability add documentation add examples
K8s collector data(optional)
Additional context(optional)