Deployment Architecture

search head cluster with ansible and kubernetese

Communicator

Hello
how can i configure search heade cluster with ansible and kubernetese ?

this is my configuration :

splunk-chart: namespace:
dev-aviation-01 persistence:
search:
dataSize: 50Gi
configSize: 10Gi
master:
dataSize: 50Gi
configSize: 10Gi
indexer:
dataSize: 250Gi
configSize: 10Gi app:

configs:
enabled: true
## The image must contain 'indexer','master', and 'search' dirs
in /data
image:
repository: gcr.io/argussec1/splunk-aviation-configs
tag: 2.3.0
env:
- name: SPLUNK_BEFORE_START_CMD
value: sudo rm /opt/splunk/var/lib/splunk/kvstore/mongo/mongod.lock
indexer:
replicas: 1

resources:
requests:
memory: 4Gi
cpu: 1
limits:
memory: 8Gi
cpu: 4

 # default configuration loaded by splunk, exposed by nginx  

splunkDefaults:
defaultYml:
ansible_post_tasks: null
ansible_pre_tasks: null
config:
baked: default.yml
defaults_dir: /tmp/defaults
env:
headers: null
var: SPLUNK_DEFAULTS_URL
verify: true
host:
headers: null
url: null
verify: true
max_delay: 60
max_retries: 3
max_timeout: 1200
hide_password: false
retry_num: 50
shc_bootstrap_delay: 30
splunk:
admin_user: admin
allow_upgrade: true
app_paths:
default: /opt/splunaviationtc/apps
deployment: /opt/spaviationk/etc/deployment-apps
httpinput: /opt/splaviation/etc/apps/splunk_httpinput
idxc: /opt/splunk/eaviationmaster-apps
shc: /opt/splunk/etaviationhcluster/apps
enable_service: false
exec: /opt/splunk/bin/splunk
group: splunk
hec_disabled: 0
hec_enableSSL: 0
hec_port: 8088
hec_token: ea `` home: /opt/splunk
http_enableSSL: 0
http_enableSSL_cert: null
http_enableSSL_privKey: null
http_enableSSL_privKey_password: null
http_port: 8000
idxc:
enable: false
label: idxc_label
replication_factor: 3
replication_port: 9887
search_factor: 3
secret: T
ignore_license: false
license_download_dest: /tmp/splunk.lic
nfr_license: /tmp/nfr_enterprise.lic
opt: /opt
password: "" #overriden in the environment variables
pid: /opt/splunk/var/run/splunk/splunkd.pid
s2s_enable: true
s2s_port: 9997
search_head_cluster_url: null
secret: null
shc:
enable: false
label: shc_label
replication_factor: 3
replication_port: 9887
secret: C
smartstore: null
svc_port: 8089
tar_dir: splunk
user: splunk
wildcard_license: false
conf:
server:
directory: /opt/splunk/etc/system/local
content:
clustering:
summary_replication : true
splunk_home_ownership_enforcement:
true

but i don't see any cluster or even more than 1 SH...
what am i missing ?

0 Karma

Builder

why setup your own ansible when splunk has made it open source:
https://github.com/splunk/splunk-ansible

0 Karma

Communicator

i used this
but i don't see the search heads iv'e added
i guess im missing something but i cant tell what
after configuring the ansible should i configure something else in splunk ? where should i check to see that the cluster is up and running ?

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!