Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Distributed deployment using ansible-role-for-splunk?

mickey
Loves-to-Learn
‎03-06-2023 03:59 AM

I successfully installed splunk using the ansible-role-for-splunk one a single machine. It worked as expected. I am trying now to deploy a distributed splunk system (7 VMs in total). I prepared the inventory based on https://github.com/splunk/ansible-role-for-splunk/blob/master/environments/production/inventory.yml. when i ran the playbook, the bahviour is 7 individual installations of splunk instead of a distributed installation with indexer cluster, search head etc. My understanding was that based on the group name in the inventory, ansible role will install only the required components. Is it not true?

I am posting my playbook and inventory file (as first 2 replies). thanks

mickey_0-1678109947656.png

 

Labels (1)
Labels
0 Karma
Reply

mickey
Loves-to-Learn
‎03-13-2023 06:14 AM

my understand is that the above ansible role will install splunk on al the nodes and based on the configurationf passed to the node, the node can play a different role (indexer, cluster manager etc.)

0 Karma
Reply

mickey
Loves-to-Learn
‎03-06-2023 04:00 AM

Here is the inventory file:

all:
  children:
    full:
      children:
        clustermanager:
          hosts:
            lab-splunk-util:

        licensemaster:
          hosts:
            lab-splunk-util:

        # Distributed Management Console
        dmc:
          hosts:
            lab-splunk-util:

        deploymentserver:
          hosts:
            lab-splunk-depl:

        #Search head
        search:
          children:
            searchhead:
              hosts:
                lab-splunk-sh:

        heavyforwarder:
          hosts:
            lab-splunk-hf:

        indexer:
          hosts:
            lab-splunk-idx0:
            lab-splunk-idx1:
            lab-splunk-idx2:
0 Karma
Reply

mickey
Loves-to-Learn
‎03-06-2023 04:01 AM

Here is the playbook. Note that I installed the role ansible-role-for-splunk.

---
- hosts: all
  become: true
  tasks:
    - name: Install or Upgrade Splunk
      include_role:
        name: ansible-role-for-splunk
0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...