Any good examples of run books for upgrading splun...

sbattista09 · ‎11-23-2019

Hello everyone,
This is kind of a general question but, are there any good examples of run books for upgrading Splunk 7.x to 8.x using Ansible out there? The goal is to upgrade the SHC, indexer cluster, deployer, cluster master, deployment server, HWF's and intermediate forwarders.

I am thinking about starting to use Ansible for Splunk upgrades even with minor versions (like 8.1 to 8.2) since Splunk version life cycle's are going to be tightened.

If anyone is already doing this can you let me know what i should look out for?

Thanks everyone!

martynoconnor · ‎12-19-2019

Without going into the specifics of Ansible, there are some other things you should be aware of when doing upgrades in an environment like that: Namely that the order of upgrades is important and you should ensure Ansible respects that (i.e. it doesn't attempt to do things in parallel).

You should first update the Licence Master, then the Cluster Master, then the Search Heads, then the Indexers.

You could create Ansible variables for LM_updated/CM_updated and assign them to be true if splunk --version matches the target version of an upgrade, so that phase two of an upgrade won't start until phase 1 has started.

Any good examples of run books for upgrading splunk 7.x to 8.x using Ansible?

heavy forwarder

indexer

upgrade

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!