Installation

installing splunk forwarder using ansible

gauravmsharma
Path Finder

While installing splunk forwarder 8.0.5 using ansible, it is throwing an error saying the url is not correct. I am using a basic block to install the rpm for it.

nameinstall splunk
  yum:
    name"{{ splunk_fwd_url }}"
    statepresent
 
The URL i am using is 
 
I am not sure if this is the correct URL because this use to work fine with the old version (7.0.0) but not in the latest version.
 
Below is the ansible error for reference
fatal: [default]: FAILED! => {"changed": false, "msg": "Failed to get nevra information from RPM package: https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version..."}
 
Labels (1)
0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust

Hi

I suppose that this URL need sing on before it works.

Next URLs works without signing or any authentication.

Splunk server can be found e.g. from URL http://download.splunk.com/products/splunk/releases/7.3.3/linux/splunk-7.3.3-7af3758d0d5e-linux-2.6-...

And UF can be found here:

http://download.splunk.com/products/universalforwarder/releases/8.0.5/linux/splunkforwarder-8.0.5-a1...

r. Ismo

View solution in original post

RMcCurdyDOTcom
Explorer

 

#!/bin/bash

########################## FUNC 
function UFYUM(){
cd /tmp
rpm -Uvh --nodeps `curl -s https://www.splunk.com/en_us/download/universal-forwarder.html\?locale\=en_us | grep -oP '"https:.*(?<=download).*x86_64.rpm"' |sed 's/\"//g' | head -n 1`
yum -y install splunkforwarder.x86_64
sleep 5

}

function UFDEB(){
cd /tmp
wget  `curl -s https://www.splunk.com/en_us/download/universal-forwarder.html\?locale\=en_us | grep -oP '"https:.*(?<=download).*amd64.deb"' |sed 's/\"//g' | head -n 1` -O amd64.deb
dpkg -i amd64.deb
sleep 5

}

function UFConf(){

mkdir -p /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/
cd /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/

cat <<EOF> /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/app.conf
[install]
state = enabled

[package]
check_for_updates = false

[ui]
is_visible = false
is_manageable = false
EOF

cat <<EOF> /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/deploymentclient.conf
[deployment-client]
phoneHomeIntervalInSecs = 60
[target-broker:deploymentServer]
targetUri = XXXXXXXXXXXXXXXXXXXXXXX:8089
EOF

cat <<EOF> /opt/splunkforwarder/etc/system/local/user-seed.conf
[user_info]
USERNAME = admin
PASSWORD = XXXXXXXXXXXXXXXXXXXXXXXX
EOF



/opt/splunkforwarder/bin/splunk cmd btool deploymentclient list --debug

/opt/splunkforwarder/bin/splunk start --accept-license
}

######################################################### MAIN 


# Check for RPM package managers
if command -v yum > /dev/null; then
	UFYUM
	UFConf
else
    echo "No YUM package manager found."
fi

# Check for DEB package managers
if command -v dpkg > /dev/null; then
	UFDEB
    UFConf
else
    echo "No DEB package manager found."
fi


 
 
 
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

why you don’t first get the rpm on your local repository, then verify that it’s correct and then install it from your ansible control node? It’s much secure that way. You know what you are installing to servers and you don’t need to open FW or use proxy to get that binary. 
r. Ismo

0 Karma

gauravmsharma
Path Finder

Splunk is a secure source and i have the code to verify the download. Anyways it still does not address my query, is this URL a Download-ble one ?

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

The correct URL to the latests UF seems to be:

'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.5&product=universalforwarder&filename=splunkforwarder-8.0.5-a1a6394cc5ae-linux-2.6-x86_64.rpm&wget=true'

For some unknow reason the rest of it has cut/missed on your original question.

r. Ismo

0 Karma

gauravmsharma
Path Finder

Still the same now it gives an error on No package matching

fatal: [default]: FAILED! => {"changed": false, "msg": "No package matching 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version...' found available, installed or updated", "rc": 126, "results": ["No package matching 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version...' found available, installed or updated"]}

 

PS: In this case i tried installing splunk rpm it gave the error same for UF

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

I suppose that this URL need sing on before it works.

Next URLs works without signing or any authentication.

Splunk server can be found e.g. from URL http://download.splunk.com/products/splunk/releases/7.3.3/linux/splunk-7.3.3-7af3758d0d5e-linux-2.6-...

And UF can be found here:

http://download.splunk.com/products/universalforwarder/releases/8.0.5/linux/splunkforwarder-8.0.5-a1...

r. Ismo

gauravmsharma
Path Finder

Works like a charm. Thanks for help 

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...