Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Provisioning via the deployment server and REST API to add a node to a serverclass with existing and new ordinals (whitelist)

a212830
Champion
‎10-04-2015 07:02 PM

Hi,

We are attempting to use deploy Splunk in our private cloud using chef, and provisioning via the deployment server and the REST API. We've noticed that when adding a node to a serverclass, you not only need to add that ordinal, but all the previous ordinals. So, I would need to go "whitelist.0, whitelist.1...whitelist.255", which... is nuts. Is there another way to do this? I know that I can grab the existing whitelist, but it still isn't efficient and I'm hoping there are better ways.

Here's an example (note that whitelist.0 already existed)

curl -k -u user:pass  https://myserver.com:8089/servicesNS/-/system/deployment/server/serverclasses/#{outputsServerClass} -d whitelist.1=1.2.3.4
then it will fail, saying:
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<response>\n  <messages>\n    <msg type=\"ERROR\">\n In handler 'serverclasses': Gap in numbered regexes: expected attribute=whitelist.0 not found</msg>\n  </messages>\n</response>\n"
However, if I do the following command:
curl -k -u user:pass https://myserver.com:8089/servicesNS/-/system/deployment/server/serverclasses/#{outputsServerClass} –d whitelist.0=1.2.3.4 -d whitelist.1=1.2.3.5

Then I will get a good response.
0 Karma
Reply

twinspop
Influencer
‎04-12-2016 10:17 AM

Use the REST API maybe?

curl -ku admin:your_password https://your_splunk_server:8089/servicesNS/-/system/deployment/server/config/_reload

0 Karma
Reply

bmacias84
Champion
‎10-05-2015 10:08 AM

If you are using chef why not use partials templates.

0 Karma
Reply

sloshburch
Ultra Champion
‎10-05-2015 07:56 AM

As far as I can tell, the tool you create for editing the white/black (example below just for whitelist) lists will need to do the following logic:

  1. Read/create the endpoint and make sure it exists.
  2. Parse the whitelist-size field to get the quantity of items that already exist
  3. Create a list of whitelist items, the size of the whitelist-size, consisting of the whitelist.# items that were output in step 1.
  4. POST to the server class with the whitelist items that already exist along with the new entry you’d like

The documentation for this endpoint in the REST API says "Filter ordinals must start at 0 and be consecutive” so I believe that is to let us know there’s no endpoint for doing a simple append.

Reply

a212830
Champion
‎10-05-2015 09:58 AM

Thanks Burch. Not ideal, for sure. Wondering if anyone has any other ideas or experience in this area - I've seen a lot of "using deployment server or automating deployment server" presentations floating around... hoping someone has run into this problem and solved it. Be nice to see Splunk just add an "append" feature to the rest call...

0 Karma
Reply

sloshburch
Ultra Champion
‎10-05-2015 10:28 AM

Oh, there were some conf sessions on ansible automation - maybe they covered this in there as well?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...