Splunk Search

Configure the AWS add on proxy configuration via CLI/Ansible

Meliodas1111111
New Member

'Hi,

We are want to create a playbook for Splunk with Ansible, 

We are having an issue config the AWS add on proxy configuration with the CLI or ansible,

When you configuring the proxy via the Web UI, it's generating passwords.conf file with the proxy configuration hashed, 

I tried to find a way to config the proxy configuration via CLI to create the hashed password.conf file and to actually see the config change in the Web UI without success. 

Is someone able to config the proxy via CLI ansible? not sure if there is a way either.

I tried to go around it, and found a the python script that running in the background when you config the proxy via the Web UI,

under - 

/opt/splunk/etc/apps/Splunk_TA_aws/bin/aws_proxy_settings_rh.py

 

Spoiler

from __future__ import absolute_import
import aws_bootstrap_env

import re
import logging
import splunk.admin as admin
from splunktalib.rest_manager import util, error_ctl
from splunk_ta_aws.common.proxy_conf import ProxyManager

KEY_NAMESPACE = util.getBaseAppName()
KEY_OWNER = '-'

AWS_PROXY = 'aws_proxy'

POSSIBLE_KEYS = ('host', 'port', 'username', 'password', 'proxy_enabled')


class ProxyRestHandler(admin.MConfigHandler):
def __init__(self, scriptMode, ctxInfo):
admin.MConfigHandler.__init__(self, scriptMode, ctxInfo)

if self.callerArgs.id and self.callerArgs.id != 'aws_proxy':
error_ctl.RestHandlerError.ctl(1202, msgx='aws_proxy', logLevel=logging.INFO)

def setup(self):
if self.requestedAction in (admin.ACTION_CREATE, admin.ACTION_EDIT):
for arg in POSSIBLE_KEYS:
self.supportedArgs.addOptArg(arg)
return

def handleCreate(self, confInfo):
try:
args = self.validate(self.callerArgs.data)

args_dict = {}

for arg in POSSIBLE_KEYS:
if arg in args:
args_dict[arg] = args[arg][0]
else:
args_dict[arg] = ''

proxy_str = '%s:%s@%s:%s' % (args_dict['username'], args_dict['password'], args_dict['host'], args_dict['port'])

if 'proxy_enabled' in args:
enable = True if args_dict['proxy_enabled'] == '1' else False
else:
proxy = self.get()
enable = True if (proxy and proxy.get_enable()) else False
self.update(proxy_str, enable)
except Exception as exc:
error_ctl.RestHandlerError.ctl(400, msgx=exc, logLevel=logging.INFO)

def handleList(self, confInfo):
try:
proxy = self.get()
if not proxy:
confInfo[AWS_PROXY].append('proxy_enabled', '0')
return
m = re.match('^(?P<username>\S*):(?P<password>\S*)@(?P<host>\S+):(?P<port>\d+$)', proxy.get_proxy())
if not m:
confInfo[AWS_PROXY].append('proxy_enabled', '0')
return

However, I couldn't find the correct way to run the script and pass it to the correct parameter for the script?

 

Created details.txt file with the proxy config as 

 

Spoiler
 ['1.1.1.1', '1111', 'username', 'password', '1']

 

Run the script 

Spoiler
/opt/splunk/bin/splunk cmd python3 /opt/splunk/etc/apps/Splunk_TA_aws/bin/aws_proxy_settings_rh.py setup details.txt

error:

Spoiler
^CTraceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/aws_proxy_settings_rh.py", line 95, in <module>
admin.init(ProxyRestHandler, admin.CONTEXT_NONE)
File "/opt/splunk/lib/python3.7/site-packages/splunk/admin.py", line 151, in init
hand = handler(mode, ctxInfo)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/aws_proxy_settings_rh.py", line 20, in __init__
admin.MConfigHandler.__init__(self, scriptMode, ctxInfo)
File "/opt/splunk/lib/python3.7/site-packages/splunk/admin.py", line 475, in __init__
dataFromSplunkd = sys.stdin.buffer.read()
KeyboardInterrupt

Is someone can try to help?

Thanks,

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...