Deployment Architecture

Provisioning via the deployment server and REST API to add a node to a serverclass with existing and new ordinals (whitelist)

Champion

Hi,

We are attempting to use deploy Splunk in our private cloud using chef, and provisioning via the deployment server and the REST API. We've noticed that when adding a node to a serverclass, you not only need to add that ordinal, but all the previous ordinals. So, I would need to go "whitelist.0, whitelist.1...whitelist.255", which... is nuts. Is there another way to do this? I know that I can grab the existing whitelist, but it still isn't efficient and I'm hoping there are better ways.

Here's an example (note that whitelist.0 already existed)

curl -k -u user:pass  https://myserver.com:8089/servicesNS/-/system/deployment/server/serverclasses/#{outputsServerClass} -d whitelist.1=1.2.3.4
then it will fail, saying:
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<response>\n  <messages>\n    <msg type=\"ERROR\">\n In handler 'serverclasses': Gap in numbered regexes: expected attribute=whitelist.0 not found</msg>\n  </messages>\n</response>\n"
However, if I do the following command:
curl -k -u user:pass https://myserver.com:8089/servicesNS/-/system/deployment/server/serverclasses/#{outputsServerClass} –d whitelist.0=1.2.3.4 -d whitelist.1=1.2.3.5

Then I will get a good response.
0 Karma

Influencer
0 Karma

Champion

If you are using chef why not use partials templates.

0 Karma

Ultra Champion

As far as I can tell, the tool you create for editing the white/black (example below just for whitelist) lists will need to do the following logic:

  1. Read/create the endpoint and make sure it exists.
  2. Parse the whitelist-size field to get the quantity of items that already exist
  3. Create a list of whitelist items, the size of the whitelist-size, consisting of the whitelist.# items that were output in step 1.
  4. POST to the server class with the whitelist items that already exist along with the new entry you’d like

The documentation for this endpoint in the REST API says "Filter ordinals must start at 0 and be consecutive” so I believe that is to let us know there’s no endpoint for doing a simple append.

Champion

Thanks Burch. Not ideal, for sure. Wondering if anyone has any other ideas or experience in this area - I've seen a lot of "using deployment server or automating deployment server" presentations floating around... hoping someone has run into this problem and solved it. Be nice to see Splunk just add an "append" feature to the rest call...

0 Karma

Ultra Champion

Oh, there were some conf sessions on ansible automation - maybe they covered this in there as well?

0 Karma