Merge pull request #174

* Uplift the cookbook to be compatible with chef-client version 14
* remove requirement for vagrant-ohai plugin for local testing

.gitignore

@@ -9,6 +9,7 @@
 *.bak
 *.DS_Store
 *.un~
+.ruby-version
 
 # Generated from metadata.rb
 metadata.json

.travis.yml

@@ -6,6 +6,7 @@ cache: bundler
 sudo: false
 rvm:
 - 2.3.1
+- 2.5.1
 script:
 - bundle exec rubocop
 - bundle exec foodcritic -f any .

Gemfile

@@ -6,13 +6,18 @@ foodcritic_version = '= 11.0.0'
 rubocop_version = '= 0.48.1'
 chef_vault_version = '> 3.0'
 
-# https://github.com/cerner/cerner_splunk/issues/142
-chef_version = '= 12.18.31'
+chef_version = if Bundler.current_ruby.on_23?
+                 '= 12.18.31'
+               else
+                 '= 14.5.27'
+               end
 
 gem 'berkshelf'
 gem 'chef', chef_version
 gem 'chef-sugar'
 gem 'chef-vault', chef_vault_version
 gem 'chefspec', chefspec_version
+# https://github.com/cucumber/cucumber-ruby-core/issues/160
+gem 'cucumber-core', '~> 3.2'
 gem 'foodcritic', foodcritic_version
 gem 'rubocop', rubocop_version

README.md

@@ -9,8 +9,9 @@ Based on the work done by [BBY Solutions](https://github.com/bestbuycom/splunk_c
 
 Requirements
 ------------
-* Red Hat Enterprise / CentOS 5.5+ / Windows Server 2008+ (forwarder only) or Ubuntu LTS 12.04+
+* Red Hat Enterprise / CentOS 6.7+ / Windows Server 2008+ (forwarder only) or Ubuntu LTS 12.04+
 * Chef 12+
+* Chef 14+
 
 Getting your logs into Splunk
 -----------------------------

Vagrantfile

@@ -3,7 +3,7 @@
 
 Vagrant.require_version '>= 1.4.1'
 
-%w[vagrant-ohai vagrant-omnibus].each do |plugin|
+%w[vagrant-omnibus].each do |plugin|
   fail "Missing #{plugin}. Please install it!" unless Vagrant.has_plugin? plugin
 end
 
@@ -44,7 +44,7 @@ fail 'Non-unique hostnames' if @network.collect { |_, v| v[:hostname] }.uniq!
 fail 'Non-unique ports' if @network.collect { |_, v| v[:ports].keys }.flat_map { |v| v }.uniq!
 
 def default_omnibus(config)
-  config.omnibus.chef_version = '12'
+  config.omnibus.chef_version = 14
 end
 
 def network(config, name, splunk_password = true)
@@ -76,7 +76,6 @@ end
 
 Vagrant.configure('2') do |config|
   config.vm.box = 'bento/centos-6.7'
-  config.ohai.primary_nic = 'eth1'
 
   if Vagrant.has_plugin? 'vagrant-berkshelf'
     config.berkshelf.enabled = false
@@ -352,7 +351,7 @@ Vagrant.configure('2') do |config|
     default_omnibus config
     # config below prevents the installation of latest Chef on the box.
     # Reference: https://github.com/chef/vagrant-omnibus/issues/118
-    config.omnibus.install_url = 'https://packages.chef.io/files/stable/chef/12.18.31/windows/2012r2/chef-client-12.18.31-1-x64.msi'
+    config.omnibus.install_url = 'https://packages.chef.io/files/stable/chef/14.5.27/windows/2012r2/chef-client-14.5.27-1-x64.msi'
     cfg.vm.provider :virtualbox do |vb|
       vb.customize ['modifyvm', :id, '--memory', 1024]
     end

attributes/_configure.rb

@@ -18,7 +18,8 @@
 # Attributes used for configuring SH clustering
 default['splunk']['bootstrap_shc_member'] = false
 # This is only used for SH Clustering identifying address to the management port
-default['splunk']['mgmt_host'] = node['ipaddress']
+default['splunk']['mgmt_host'] = nil
+default['splunk']['mgmt_interface'] = node['network']['default_interface']
 
 default['splunk']['free_license'] = false
 

attributes/_install.rb

@@ -39,13 +39,3 @@
       '-x86-release.msi'
     end
   end
-
-default['splunk']['package']['provider'] =
-  case node['platform_family']
-  when 'rhel', 'fedora'
-    Chef::Provider::Package::Rpm
-  when 'debian'
-    Chef::Provider::Package::Dpkg
-  when 'windows'
-    Chef::Provider::Package::Windows
-  end

docs/attributes.md

@@ -28,7 +28,6 @@ Configurable (with defaults)
 * `node['splunk']['package']['file_suffix']` - URI path portion, suffix to append after building (set based on ohai attributes)
 * `node['splunk']['package']['file_name']` - Actual package file name (`"#{node['splunk']['package']['name']}#{node['splunk']['package']['file_suffix']}"`)
 * `node['splunk']['package']['url']` - Full URI to the Splunk package to download (Constructed from above package attributes)
-* `node['splunk']['package']['provider']` - Provider to use to install file (set based on ohai attributes)
 * `node['splunk']['config']['alerts']` - Data bag item used to configure alerts (`nil` - alerts not managed by chef)
 * `node['splunk']['config']['authentication']` - Data bag item used to configure authentication (`nil` - authentication not managed by chef)
 * `node['splunk']['config']['host']` - Hostname to configure the Splunk instance to report as. (EC2 Instance ID or Fully Qualified Domain Name)
@@ -40,12 +39,13 @@ Configurable (with defaults)
 * `node['splunk']['config']['ui_prefs']` - Hash of stanzas used to configure [ui-prefs.conf][] on the search head in a clustered configuration or a standalone instance.
 * `node['splunk']['config']['assumed_index']` - Name of the index to which data is forwarded to by default, when the index is not configured for the input.(`main`)
 * `node['splunk']['bootstrap_shc_member']` - Set this attribute to `true` to bootstrap a member to the Search Head Cluster (SHC). (`false`)
-* `node['splunk']['mgmt_host']` - The host other SHC members use when connecting to the current node. You probably want a wrapper cookbook to override this. (`node['ipaddress']`)
 * `node['splunk']['heavy_forwarder']['use_license_uri']` - Set this attribute to `true` to point the Heavy Forwarder to the license master. (`false`)
 * `node['splunk']['apps']` - An [apps hash](databags.md#apps-hash) of apps to configure locally. (Does not support downloading apps ... yet...)
 * `node['splunk']['data_bag_secret']` - The location of the shared secret file if your encrypted data bags are encrypted via shared secret rather than chef-vault. If this is not specified, and the encrypted data bags are using shared secret encryption then chef looks for a secret at the path specified by the encrypted_data_bag_secret setting in the client.rb file.
 * `node['splunk']['forwarder_site']` - Set this attribute to configure site awareness for your forwarders.(`site0`)
-
+* `node['splunk']['mgmt_host']` - The host other SHC members use when connecting to the current node. You probably want a wrapper cookbook to override this. By default `node['splunk']['mgmt_interface']` is now used, but to support existing configurations this attribute is still available and takes precedence when set. (`nil`)
+* `node['splunk']['mgmt_interface']` - The network interface this node should use for communicating with other members of a SHC. (`node['network']['default_interface']`)
+* `node['splunk']['windows_password']` - This should be the name of a data bag item key where your windows password for the `Splunk` user is stored.
 
 Non-configurable (defaults)
 ----------------------------

libraries/authentication.rb

@@ -5,8 +5,9 @@
 
 require_relative 'databag'
 
+# CernerSplunk module for cerner_splunk cookbook.
 module CernerSplunk
-  ASSUMPTIONS =
+  ASSUMPTIONS ||=
     {
       'LDAP_strategies' => 'LDAP',
       'cacheTiming' => 'Scripted',

libraries/recipe.rb

@@ -135,4 +135,16 @@ def self.multisite_cluster?(bag, cluster)
     fail "'site' attribute not configured in the cluster databag: #{cluster}" if bag['site'].nil? || bag['site'].empty?
     true
   end
+
+  # Sets management_host for the search head cluster host value
+  def self.management_host(node)
+    if node['splunk']['mgmt_host']
+      management_host = node['splunk']['mgmt_host']
+    else
+      addresses_hash = node['network']['interfaces'][node['splunk']['mgmt_interface']]['addresses']
+      management_host = addresses_hash.select { |_, v| v['family'] == 'inet' }.keys.first
+    end
+
+    management_host
+  end
 end

libraries/splunk_template.rb

@@ -79,7 +79,7 @@ def after_created
         fail Exceptions::ValidationFailed, "#{message}\nKnown files are:\n\t#{KNOWN_CONFIG_FILES.join("\n\t")}" if fail_unknown
       end
 
-      KNOWN_CONFIG_FILES = %w[
+      KNOWN_CONFIG_FILES ||= %w[
         alert_actions.conf
         authentication.conf
         authorize.conf

libraries/unit_converter.rb

@@ -6,9 +6,9 @@
 # Module contains different functions used to manipulate the units of file sizes.
 #
 module CernerSplunk
-  SIZE_SCALE = %w[KB MB GB TB].freeze
-  REGEX = /(?i)^\s*+(\d++(?>\.\d+)?+)\s*+([kmgt](?>i?+b)?+|b?+)\s*+$/
-  POWER = { '' => 0, 'B' => 0, 'K' => 1, 'M' => 2, 'G' => 3, 'T' => 4 }.freeze
+  SIZE_SCALE ||= %w[KB MB GB TB].freeze
+  REGEX ||= /(?i)^\s*+(\d++(?>\.\d+)?+)\s*+([kmgt](?>i?+b)?+|b?+)\s*+$/
+  POWER ||= { '' => 0, 'B' => 0, 'K' => 1, 'M' => 2, 'G' => 3, 'T' => 4 }.freeze
   # Methods converts file sizes in KB, MB, GB and TB into Bytes.
   def self.convert_to_bytes(string)
     matchdata = string.match REGEX

metadata.rb

@@ -4,17 +4,16 @@
 license          'Apache-2.0'
 description      'Installs/Configures Splunk Servers and Forwarders'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '2.21.1'
+version          '2.22.0'
 
 source_url       'https://github.com/cerner/cerner_splunk'
 issues_url       'https://github.com/cerner/cerner_splunk/issues'
 
-chef_version     '~> 12.4' if respond_to?(:chef_version)
+chef_version     '>= 12.7', '< 15'
 
 depends          'chef-vault', '~> 3.0'
-depends          'ulimit', '~> 0.3'
-depends          'xml', '~> 1.2'
+depends          'ulimit', '~> 1.0'
 
-supports         'redhat', '>= 5.5'
+supports         'redhat', '>= 6.7'
 supports         'ubuntu', '>= 12.04'
 supports         'windows', '>= 6.1'

providers/sh_cluster.rb

@@ -22,12 +22,13 @@
 action :add do
   search_heads = new_resource.search_heads
   admin_password = new_resource.admin_password
+  management_host = CernerSplunk.management_host(node)
 
   execute 'add search head' do # ~FC009
     command "#{node['splunk']['cmd']} add shcluster-member -current_member_uri #{search_heads.first} -auth admin:#{admin_password}"
     environment 'HOME' => node['splunk']['home']
     # execute only if this SH is not an existing member of the SHC
-    not_if "#{node['splunk']['cmd']} list shcluster-members -auth admin:#{admin_password} | grep #{node['ipaddress']}"
+    not_if "#{node['splunk']['cmd']} list shcluster-members -auth admin:#{admin_password} | grep #{management_host}"
     ignore_failure true
     sensitive true
   end
@@ -40,7 +41,7 @@
     command "#{node['splunk']['cmd']} remove shcluster-member -auth admin:#{admin_password}"
     environment 'HOME' => node['splunk']['home']
     # execute only if this SH is an existing member of the SHC
-    only_if "#{node['splunk']['cmd']} list shcluster-members -auth admin:#{admin_password} | grep #{node['ipaddress']}"
+    only_if "#{node['splunk']['cmd']} list shcluster-members -auth admin:#{admin_password} | grep #{management_host}"
     sensitive true
   end
 end

recipes/_configure_server.rb

@@ -154,6 +154,7 @@
   cluster, bag = CernerSplunk.my_cluster(node)
   deployer_uri = bag['deployer_uri'] || ''
   replication_ports = bag['shc_replication_ports'] || bag['replication_ports'] || {}
+  management_host = CernerSplunk.management_host(node)
   settings = (bag['shc_settings'] || {}).reject do |k, _|
     k.start_with?('_cerner_splunk')
   end
@@ -178,7 +179,7 @@
   server_stanzas['shclustering']['pass4SymmKey'] = CernerSplunk::ConfTemplate.compose encrypt_password, CernerSplunk::ConfTemplate::Value.constant(value: pass) if pass
   server_stanzas['shclustering']['conf_deploy_fetch_url'] = deployer_uri
   server_stanzas['shclustering']['disabled'] = 0
-  server_stanzas['shclustering']['mgmt_uri'] = "https://#{node['splunk']['mgmt_host']}:8089"
+  server_stanzas['shclustering']['mgmt_uri'] = "https://#{management_host}:8089"
   server_stanzas['shclustering']['id'] = old_id if old_id
 end
 

recipes/_install.rb

@@ -55,23 +55,41 @@ def nsp
   only_if(&manifest_missing)
 end
 
-package node['splunk']['package']['base_name'] do
-  source splunk_file
-  version "#{node['splunk']['package']['version']}-#{node['splunk']['package']['build']}"
-  provider node['splunk']['package']['provider']
-  only_if(&manifest_missing)
-  if platform_family?('windows')
+if platform_family? 'rhel', 'fedora', 'amazon'
+  rpm_package node['splunk']['package']['base_name'] do
+    source splunk_file
+    version "#{node['splunk']['package']['version']}-#{node['splunk']['package']['build']}"
+    only_if(&manifest_missing)
+  end
+elsif platform_family? 'debian'
+  dpkg_package node['splunk']['package']['base_name'] do
+    source splunk_file
+    version "#{node['splunk']['package']['version']}-#{node['splunk']['package']['build']}"
+    only_if(&manifest_missing)
+  end
+elsif platform_family? 'windows'
+  windows_package node['splunk']['package']['base_name'] do
+    source splunk_file
+    version "#{node['splunk']['package']['version']}-#{node['splunk']['package']['build']}"
+    only_if(&manifest_missing)
     # installing as the system user by default as Splunk has difficulties with being a limited user
     options %(AGREETOLICENSE=Yes SERVICESTARTTYPE=auto LAUNCHSPLUNK=0 INSTALLDIR="#{node['splunk']['home'].tr('/', '\\')}")
   end
+else
+  fail 'unsupported platform'
 end
 
 include_recipe 'cerner_splunk::_configure_secret'
 
+windows_password = CernerSplunk::DataBag.load(node['splunk']['windows_password'], secret: node['splunk']['data_bag_secret'])
+
 execute 'splunk-first-run' do
   command "#{node['splunk']['cmd']} help commands --accept-license --answer-yes --no-prompt"
   user node['splunk']['user']
   group node['splunk']['group']
+  if Gem::Version.new(Chef::VERSION) >= Gem::Version.new('12.19.33')
+    password windows_password if platform_family?('windows')
+  end
   only_if { ::File.exist? "#{node['splunk']['home']}/ftr" }
 end
 

recipes/license_server.rb

@@ -7,7 +7,6 @@
 
 fail 'License Server installation not currently supported on windows' if platform_family?('windows')
 
-include_recipe 'xml::ruby'
 require 'nokogiri'
 
 ## Attributes

spec/unit/recipes/_configure_secret_spec.rb

@@ -13,7 +13,7 @@
   end
 
   let(:platform) { 'centos' }
-  let(:platform_version) { '6.6' }
+  let(:platform_version) { '6.9' }
   let(:node_type) { :server }
 
   context 'when the secret is configured for the current node' do

spec/unit/recipes/_configure_spec.rb

@@ -81,7 +81,7 @@
 
     context 'when node is not a forwarder' do
       it 'should raise an exception' do
-        expect { subject }.to raise_exception
+        expect { subject }.to raise_error(StandardError, /You need to configure at least one cluster databag./)
       end
     end
   end

spec/unit/recipes/_install_spec.rb

@@ -11,6 +11,7 @@
       node.override['splunk']['package']['download_group'] = 'universalforwarder'
       node.override['splunk']['package']['file_suffix'] = '.txt'
       node.override['splunk']['config']['clusters'] = ['cerner_splunk/cluster']
+      node.override['splunk']['windows_password'] = password_databag
     end
     runner.converge(described_recipe)
   end
@@ -27,6 +28,7 @@
       'indexes' => 'cerner_splunk/indexes'
     }
   end
+  let(:password_databag) { nil }
 
   let(:platform) { 'centos' }
   let(:platform_version) { '6.8' }
@@ -99,35 +101,32 @@
       let(:platform) { 'windows' }
       let(:platform_version) { '2012R2' }
       let(:windows) { true }
+      let(:password_databag) { 'cerner_splunk/passwords:winpass' }
 
       before do
         ENV['PROGRAMW6432'] = 'test'
+        allow(ChefVault::Item).to receive(:data_bag_item_type).and_return(:normal)
+        stub_data_bag_item('cerner_splunk', 'passwords').and_return('winpass' => 'foobar')
       end
 
       it 'installs downloaded splunk package' do
         expected_attrs = {
           source: splunk_filepath,
-          provider: Chef::Provider::Package::Windows,
           options: %(AGREETOLICENSE=Yes SERVICESTARTTYPE=auto LAUNCHSPLUNK=0 INSTALLDIR="test\\splunkforwarder")
         }
-        if Chef::VERSION.slice(0..1) == '11'
-          expect(subject).to install_windows_package('splunkforwarder').with(expected_attrs)
-        else
-          expect(subject).to install_package('splunkforwarder').with(expected_attrs)
-        end
+        expect(subject).to install_windows_package('splunkforwarder').with(expected_attrs)
       end
     end
 
     context 'when platform is rhel' do
       let(:platform) { 'centos' }
-      let(:platform_version) { '6.6' }
+      let(:platform_version) { '6.9' }
 
       it 'installs downloaded splunk package and notifies splunk-first-run' do
         expected_attrs = {
-          source: splunk_filepath,
-          provider: Chef::Provider::Package::Rpm
+          source: splunk_filepath
         }
-        expect(subject).to install_package('splunkforwarder').with(expected_attrs)
+        expect(subject).to install_rpm_package('splunkforwarder').with(expected_attrs)
       end
     end
 
@@ -137,10 +136,9 @@
 
       it 'installs downloaded splunk package and notifies splunk-first-run' do
         expected_attrs = {
-          source: splunk_filepath,
-          provider: Chef::Provider::Package::Dpkg
+          source: splunk_filepath
         }
-        expect(subject).to install_package('splunkforwarder').with(expected_attrs)
+        expect(subject).to install_dpkg_package('splunkforwarder').with(expected_attrs)
       end
     end
   end

spec/unit/recipes/_migrate_forwarder_spec.rb

@@ -41,7 +41,7 @@
 
   context 'when platform family is linux' do
     let(:platform) { 'centos' }
-    let(:platform_version) { '6.6' }
+    let(:platform_version) { '6.9' }
 
     it 'deletes the splunk home directory' do
       expect(subject).to delete_directory('/opt/splunkforwarder')