Hi,
We are attempting to use deploy Splunk in our private cloud using chef, and provisioning via the deployment server and the REST API. We've noticed that when adding a node to a serverclass, you not only need to add that ordinal, but all the previous ordinals. So, I would need to go "whitelist.0, whitelist.1...whitelist.255", which... is nuts. Is there another way to do this? I know that I can grab the existing whitelist, but it still isn't efficient and I'm hoping there are better ways.
Here's an example (note that whitelist.0 already existed)
curl -k -u user:pass https://myserver.com:8089/servicesNS/-/system/deployment/server/serverclasses/#{outputsServerClass} -d whitelist.1=1.2.3.4
then it will fail, saying:
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<response>\n <messages>\n <msg type=\"ERROR\">\n In handler 'serverclasses': Gap in numbered regexes: expected attribute=whitelist.0 not found</msg>\n </messages>\n</response>\n"
However, if I do the following command:
curl -k -u user:pass https://myserver.com:8089/servicesNS/-/system/deployment/server/serverclasses/#{outputsServerClass} –d whitelist.0=1.2.3.4 -d whitelist.1=1.2.3.5
Then I will get a good response.
Use the REST API maybe?
curl -ku admin:your_password https://your_splunk_server:8089/servicesNS/-/system/deployment/server/config/_reload
If you are using chef why not use partials templates.
As far as I can tell, the tool you create for editing the white/black (example below just for whitelist) lists will need to do the following logic:
The documentation for this endpoint in the REST API says "Filter ordinals must start at 0 and be consecutive” so I believe that is to let us know there’s no endpoint for doing a simple append.
Thanks Burch. Not ideal, for sure. Wondering if anyone has any other ideas or experience in this area - I've seen a lot of "using deployment server or automating deployment server" presentations floating around... hoping someone has run into this problem and solved it. Be nice to see Splunk just add an "append" feature to the rest call...
Oh, there were some conf sessions on ansible automation - maybe they covered this in there as well?