Splunk Search

Configure the AWS add on proxy configuration via CLI/Ansible

Meliodas1111111
New Member

'Hi,

We are want to create a playbook for Splunk with Ansible, 

We are having an issue config the AWS add on proxy configuration with the CLI or ansible,

When you configuring the proxy via the Web UI, it's generating passwords.conf file with the proxy configuration hashed, 

I tried to find a way to config the proxy configuration via CLI to create the hashed password.conf file and to actually see the config change in the Web UI without success. 

Is someone able to config the proxy via CLI ansible? not sure if there is a way either.

I tried to go around it, and found a the python script that running in the background when you config the proxy via the Web UI,

under - 

/opt/splunk/etc/apps/Splunk_TA_aws/bin/aws_proxy_settings_rh.py

 

Spoiler

from __future__ import absolute_import
import aws_bootstrap_env

import re
import logging
import splunk.admin as admin
from splunktalib.rest_manager import util, error_ctl
from splunk_ta_aws.common.proxy_conf import ProxyManager

KEY_NAMESPACE = util.getBaseAppName()
KEY_OWNER = '-'

AWS_PROXY = 'aws_proxy'

POSSIBLE_KEYS = ('host', 'port', 'username', 'password', 'proxy_enabled')


class ProxyRestHandler(admin.MConfigHandler):
def __init__(self, scriptMode, ctxInfo):
admin.MConfigHandler.__init__(self, scriptMode, ctxInfo)

if self.callerArgs.id and self.callerArgs.id != 'aws_proxy':
error_ctl.RestHandlerError.ctl(1202, msgx='aws_proxy', logLevel=logging.INFO)

def setup(self):
if self.requestedAction in (admin.ACTION_CREATE, admin.ACTION_EDIT):
for arg in POSSIBLE_KEYS:
self.supportedArgs.addOptArg(arg)
return

def handleCreate(self, confInfo):
try:
args = self.validate(self.callerArgs.data)

args_dict = {}

for arg in POSSIBLE_KEYS:
if arg in args:
args_dict[arg] = args[arg][0]
else:
args_dict[arg] = ''

proxy_str = '%s:%s@%s:%s' % (args_dict['username'], args_dict['password'], args_dict['host'], args_dict['port'])

if 'proxy_enabled' in args:
enable = True if args_dict['proxy_enabled'] == '1' else False
else:
proxy = self.get()
enable = True if (proxy and proxy.get_enable()) else False
self.update(proxy_str, enable)
except Exception as exc:
error_ctl.RestHandlerError.ctl(400, msgx=exc, logLevel=logging.INFO)

def handleList(self, confInfo):
try:
proxy = self.get()
if not proxy:
confInfo[AWS_PROXY].append('proxy_enabled', '0')
return
m = re.match('^(?P<username>\S*):(?P<password>\S*)@(?P<host>\S+):(?P<port>\d+$)', proxy.get_proxy())
if not m:
confInfo[AWS_PROXY].append('proxy_enabled', '0')
return

However, I couldn't find the correct way to run the script and pass it to the correct parameter for the script?

 

Created details.txt file with the proxy config as 

 

Spoiler
 ['1.1.1.1', '1111', 'username', 'password', '1']

 

Run the script 

Spoiler
/opt/splunk/bin/splunk cmd python3 /opt/splunk/etc/apps/Splunk_TA_aws/bin/aws_proxy_settings_rh.py setup details.txt

error:

Spoiler
^CTraceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/aws_proxy_settings_rh.py", line 95, in <module>
admin.init(ProxyRestHandler, admin.CONTEXT_NONE)
File "/opt/splunk/lib/python3.7/site-packages/splunk/admin.py", line 151, in init
hand = handler(mode, ctxInfo)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/aws_proxy_settings_rh.py", line 20, in __init__
admin.MConfigHandler.__init__(self, scriptMode, ctxInfo)
File "/opt/splunk/lib/python3.7/site-packages/splunk/admin.py", line 475, in __init__
dataFromSplunkd = sys.stdin.buffer.read()
KeyboardInterrupt

Is someone can try to help?

Thanks,

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...