Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Installation
- :
- installing splunk forwarder using ansible
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
While installing splunk forwarder 8.0.5 using ansible, it is throwing an error saying the url is not correct. I am using a basic block to install the rpm for it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I suppose that this URL need sing on before it works.
Next URLs works without signing or any authentication.
Splunk server can be found e.g. from URL http://download.splunk.com/products/splunk/releases/7.3.3/linux/splunk-7.3.3-7af3758d0d5e-linux-2.6-...
And UF can be found here:
r. Ismo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
#!/bin/bash
########################## FUNC
function UFYUM(){
cd /tmp
rpm -Uvh --nodeps `curl -s https://www.splunk.com/en_us/download/universal-forwarder.html\?locale\=en_us | grep -oP '"https:.*(?<=download).*x86_64.rpm"' |sed 's/\"//g' | head -n 1`
yum -y install splunkforwarder.x86_64
sleep 5
}
function UFDEB(){
cd /tmp
wget `curl -s https://www.splunk.com/en_us/download/universal-forwarder.html\?locale\=en_us | grep -oP '"https:.*(?<=download).*amd64.deb"' |sed 's/\"//g' | head -n 1` -O amd64.deb
dpkg -i amd64.deb
sleep 5
}
function UFConf(){
mkdir -p /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/
cd /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/
cat <<EOF> /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/app.conf
[install]
state = enabled
[package]
check_for_updates = false
[ui]
is_visible = false
is_manageable = false
EOF
cat <<EOF> /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/deploymentclient.conf
[deployment-client]
phoneHomeIntervalInSecs = 60
[target-broker:deploymentServer]
targetUri = XXXXXXXXXXXXXXXXXXXXXXX:8089
EOF
cat <<EOF> /opt/splunkforwarder/etc/system/local/user-seed.conf
[user_info]
USERNAME = admin
PASSWORD = XXXXXXXXXXXXXXXXXXXXXXXX
EOF
/opt/splunkforwarder/bin/splunk cmd btool deploymentclient list --debug
/opt/splunkforwarder/bin/splunk start --accept-license
}
######################################################### MAIN
# Check for RPM package managers
if command -v yum > /dev/null; then
UFYUM
UFConf
else
echo "No YUM package manager found."
fi
# Check for DEB package managers
if command -v dpkg > /dev/null; then
UFDEB
UFConf
else
echo "No DEB package manager found."
fi
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
why you don’t first get the rpm on your local repository, then verify that it’s correct and then install it from your ansible control node? It’s much secure that way. You know what you are installing to servers and you don’t need to open FW or use proxy to get that binary.
r. Ismo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk is a secure source and i have the code to verify the download. Anyways it still does not address my query, is this URL a Download-ble one ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
The correct URL to the latests UF seems to be:
'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.5&product=universalforwarder&filename=splunkforwarder-8.0.5-a1a6394cc5ae-linux-2.6-x86_64.rpm&wget=true'For some unknow reason the rest of it has cut/missed on your original question.
r. Ismo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Still the same now it gives an error on No package matching
fatal: [default]: FAILED! => {"changed": false, "msg": "No package matching 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version...' found available, installed or updated", "rc": 126, "results": ["No package matching 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version...' found available, installed or updated"]}
PS: In this case i tried installing splunk rpm it gave the error same for UF
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I suppose that this URL need sing on before it works.
Next URLs works without signing or any authentication.
Splunk server can be found e.g. from URL http://download.splunk.com/products/splunk/releases/7.3.3/linux/splunk-7.3.3-7af3758d0d5e-linux-2.6-...
And UF can be found here:
r. Ismo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Works like a charm. Thanks for help
Community Content Calendar, September edition
Splunkbase Unveils New App Listing Management Public Preview
Leveraging Automated Threat Analysis Across the Splunk Ecosystem
