From 82efb87f779eefa9c146f8592cd5fc2af42a8597 Mon Sep 17 00:00:00 2001 From: Jorrit Folmer Date: Fri, 13 Apr 2018 21:32:58 +0200 Subject: [PATCH] Added pool_suggestion parameter --- CHANGELOG.md | 4 + README.md | 6 +- TEST_COVERAGE.md | 6 +- manifests/init.pp | 75 ++++++------- manifests/params.pp | 103 +++++++++--------- manifests/server/license.pp | 1 + metadata.json | 2 +- spec/classes/init_spec.rb | 14 +++ .../local/server.conf | 3 + 9 files changed, 122 insertions(+), 92 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 09f248a..c86cd3a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +### 3.11.0 + +- Added pool_suggestion parameter + ### 3.10.2 - Improved searchpeer documentation and error handling diff --git a/README.md b/README.md index 064fa08..e26434d 100644 --- a/README.md +++ b/README.md @@ -864,8 +864,12 @@ Optional. ### `phonehomeintervalinsec` -Optional. Unsed to configure the phonehomeinterval of the deploymentclient. +Optional. Used to configure the phonehomeinterval of the deploymentclient. Defaults to undef. + +### `pool_suggestion` + +Optional. Used to perform license pool management at the indexers instead of at the licence master. ### `repositorylocation` diff --git a/TEST_COVERAGE.md b/TEST_COVERAGE.md index 8072b1b..6c76838 100644 --- a/TEST_COVERAGE.md +++ b/TEST_COVERAGE.md @@ -13,13 +13,14 @@ | v3.7.0 | 30 | 48 | | v3.8.0 | 30 | 50 | | v3.9.0 | 33 | 53 | +| v3.11.0 | 34 | 54 | ## By operating system: | os | tested | total | |---------|--------|-------| -| linux | 33 | 53 | -| windows | 0 | 53 | +| linux | 34 | 54 | +| windows | 0 | 54 | ## By parameter: @@ -52,6 +53,7 @@ | `package_source` | yes | | `pass4symmkey` | no | | `phonehomeintervalinsec` | no | +| `pool_suggestion` | Y | | `replication_port`| Y | | `repositorylocation`| Y | | `requireclientcert`| Y | diff --git a/manifests/init.pp b/manifests/init.pp index 54cba9a..dab8522 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -21,54 +21,55 @@ # SOFTWARE. class splunk ( - $type = $splunk::params::type, - $package_source = $splunk::params::package_source, - $splunk_os_user = $splunk::params::splunk_os_user, - $splunk_os_group = $splunk::params::splunk_os_group, - $splunk_bindip = $splunk::params::splunk_bindip, - $splunk_db = $splunk::params::splunk_db, - $lm = $splunk::params::lm, - $ds = $splunk::params::ds, - $sslcompatibility = $splunk::params::sslcompatibility, - $ciphersuite_modern = $splunk::params::ciphersuite_modern, - $sslversions_modern = $splunk::params::sslversions_modern, - $dhparamsize_modern = $splunk::params::dhparamsize_modern, - $ecdhcurvename_modern = $splunk::params::ecdhcurvename_modern, + $admin = $splunk::params::admin, + $auth = $splunk::params::auth, $ciphersuite_intermediate = $splunk::params::ciphersuite_intermediate, - $sslversions_intermediate = $splunk::params::sslversions_intermediate, + $ciphersuite_modern = $splunk::params::ciphersuite_modern, + $clustering = $splunk::params::clustering, $dhparamsize_intermediate = $splunk::params::dhparamsize_intermediate, + $dhparamsize_modern = $splunk::params::dhparamsize_modern, + $dontruncmds = $splunk::params::dontruncmds, + $ds = $splunk::params::ds, + $ds_intermediate = $splunk::params::ds_intermediate, $ecdhcurvename_intermediate = $splunk::params::ecdhcurvename_intermediate, + $ecdhcurvename_modern = $splunk::params::ecdhcurvename_modern, + $httpport = $splunk::params::httpport, + $inputport = $splunk::params::inputport, + $kvstoreport = $splunk::params::kvstoreport, + $lm = $splunk::params::lm, + $maxbackupindex = $splunk::params::maxbackupindex, + $maxfilesize = $splunk::params::maxfilesize, + $maxkbps = $splunk::params::maxkbps, + $minfreespace = $splunk::params::minfreespace, + $mgmthostport = $splunk::params::mgmthostport, + $package_source = $splunk::params::package_source, + $pass4symmkey = $splunk::params::pass4symmkey, + $phonehomeintervalinsec = $splunk::params::phonehomeintervalinsec, + $pool_suggestion = $splunk::params::pool_suggestion, + $replication_port = $splunk::params::replication_port, + $repositorylocation = $splunk::params::repositorylocation, $requireclientcert = $splunk::params::requireclientcert, $reuse_puppet_certs = $splunk::params::reuse_puppet_certs, + $rolemap = $splunk::params::rolemap, + $searchpeers = $splunk::params::searchpeers, + $secret = $splunk::params::secret, + $service = $splunk::params::service, + $shclustering = $splunk::params::shclustering, + $sslcompatibility = $splunk::params::sslcompatibility, + $sslversions_modern = $splunk::params::sslversions_modern, + $sslversions_intermediate = $splunk::params::sslversions_intermediate, $sslcertpath = $splunk::params::sslcertpath, $sslrootcapath = $splunk::params::sslrootcapath, $sslpassword = $splunk::params::sslpassword, $sslverifyservercert = $splunk::params::sslverifyservercert, - $inputport = $splunk::params::inputport, - $httpport = $splunk::params::httpport, - $kvstoreport = $splunk::params::kvstoreport, - $mgmthostport = $splunk::params::mgmthostport, + $splunk_os_user = $splunk::params::splunk_os_user, + $splunk_os_group = $splunk::params::splunk_os_group, + $splunk_bindip = $splunk::params::splunk_bindip, + $splunk_db = $splunk::params::splunk_db, $tcpout = $splunk::params::tcpout, - $searchpeers = $splunk::params::searchpeers, - $admin = $splunk::params::admin, - $clustering = $splunk::params::clustering, - $replication_port = $splunk::params::replication_port, - $shclustering = $splunk::params::shclustering, - $service = $splunk::params::service, + $type = $splunk::params::type, $use_ack = $splunk::params::use_ack, - $ds_intermediate = $splunk::params::ds_intermediate, - $repositorylocation = $splunk::params::repositorylocation, - $version = $splunk::params::version, - $auth = $splunk::params::auth, - $rolemap = $splunk::params::rolemap, - $dontruncmds = $splunk::params::dontruncmds, - $pass4symmkey = $splunk::params::pass4symmkey, - $minfreespace = $splunk::params::minfreespace, - $phonehomeintervalinsec = $splunk::params::phonehomeintervalinsec, - $secret = $splunk::params::secret, - $maxbackupindex = $splunk::params::maxbackupindex, - $maxfilesize = $splunk::params::maxfilesize, - $maxkbps = $splunk::params::maxkbps + $version = $splunk::params::version ) inherits splunk::params { case $::osfamily { diff --git a/manifests/params.pp b/manifests/params.pp index 64b4e96..62681e3 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -5,51 +5,7 @@ class splunk::params ( ) { - $type = undef - $package_source = undef - $splunk_os_user = undef - $splunk_os_group = undef - $splunk_bindip = undef - $splunk_db = undef - $lm = undef - $ds = undef - $inputport = undef - $outputs = undef - $webssl = true - $sslcompatibility = 'modern' - $sslversions_modern = 'tls1.1, tls1.2' - $ciphersuite_modern = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK' - $dhparamsize_modern = 2048 - $ecdhcurvename_modern = 'secp384r1' - $sslversions_intermediate = '*,-ssl2' - $ciphersuite_intermediate = 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS' - $dhparamsize_intermediate = 2048 - $ecdhcurvename_intermediate = 'secp384r1' - $requireclientcert = undef - $reuse_puppet_certs = true - $sslcertpath = 'certs/s2s.pem' - $sslrootcapath = 'certs/ca.crt' - $sslpassword = undef - $sslverifyservercert = undef - $httpport = undef - $kvstoreport = undef - $mgmthostport = undef - $tcpout = undef - # set to some string instead of undef to prevent 'Missing title' errors in Puppet 4.x - $searchpeers = 'empty' - $admin = undef - $clustering = { } - $replication_port = 9887 - $shclustering = { } - $service = { - enable => true, - ensure => undef, - } - $use_ack = false - $ds_intermediate = undef - $phonehomeintervalinsec = 60 - $repositorylocation = undef - $version = undef + $admin = undef $auth = { 'type' => 'Splunk', 'saml_idptype' => undef, @@ -74,17 +30,62 @@ 'ldap_userbasefilter' => '(objectclass=user)', 'ldap_usernameattribute' => 'sAMAccountName', } + $ciphersuite_intermediate = 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS' + $ciphersuite_modern = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK' + $clustering = { } + $dhparamsize_intermediate = 2048 + $dhparamsize_modern = 2048 + $ds = undef + $ds_intermediate = undef + $dontruncmds = false + $ecdhcurvename_intermediate = 'secp384r1' + $ecdhcurvename_modern = 'secp384r1' + $httpport = undef + $inputport = undef + $kvstoreport = undef + $lm = undef + $maxbackupindex = 1 + $maxfilesize = 10000000 + $maxkbps = undef + $mgmthostport = undef + $minfreespace = undef + $package_source = undef + $pass4symmkey = 'changeme' + $phonehomeintervalinsec = 60 + $pool_suggestion = undef + $outputs = undef + $replication_port = 9887 + $repositorylocation = undef + $requireclientcert = undef + $reuse_puppet_certs = true $rolemap = { 'admin' => 'Domain Admins', 'power' => 'Power Users', 'user' => 'Domain Users', } - $dontruncmds = false - $minfreespace = undef - $pass4symmkey = 'changeme' + # set to some string instead of undef to prevent 'Missing title' errors in Puppet 4.x + $searchpeers = 'empty' $secret = undef - $maxbackupindex = 1 - $maxfilesize = 10000000 - $maxkbps = undef + $service = { + enable => true, + ensure => undef, + } + $shclustering = { } + $splunk_os_user = undef + $splunk_os_group = undef + $splunk_bindip = undef + $splunk_db = undef + $sslcompatibility = 'modern' + $sslversions_modern = 'tls1.1, tls1.2' + $sslversions_intermediate = '*,-ssl2' + $sslcertpath = 'certs/s2s.pem' + $sslrootcapath = 'certs/ca.crt' + $sslpassword = undef + $sslverifyservercert = undef + $tcpout = undef + $type = undef + $use_ack = false + $version = undef + $webssl = true } diff --git a/manifests/server/license.pp b/manifests/server/license.pp index bb27d88..14bd087 100644 --- a/manifests/server/license.pp +++ b/manifests/server/license.pp @@ -5,6 +5,7 @@ class splunk::server::license ( $lm = $splunk::lm, + $pool_suggestion = $splunk::pool_suggestion, $splunk_os_user = $splunk::real_splunk_os_user, $splunk_os_group = $splunk::real_splunk_os_group, $splunk_dir_mode = $splunk::real_splunk_dir_mode, diff --git a/metadata.json b/metadata.json index f1b9bf0..3241bd7 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "jorritfolmer-splunk", - "version": "3.10.2", + "version": "3.11.0", "author": "Jorrit Folmer", "summary": "Deploy Splunk indexers, search heads and universal forwarders into any imaginable topology, distributed or (multisite) clustered.", "license": "MIT", diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index cb69bac..8031986 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -414,6 +414,20 @@ it { should contain_file('/opt/splunk/etc/apps/puppet_common_license_client_base/local/server.conf').with_content(/master_uri = https:\/\/lm.internal.corp.tld:8089/) } end + context 'with license server and pool suggestion' do + let(:params) { + { + :lm => 'lm.internal.corp.tld:8089', + :pool_suggestion => 'prodpool', + :admin => { 'hash' => 'zzzz', 'fn' => 'yyyy', 'email' => 'wwww', }, + :dontruncmds => true, + } + } + it { should contain_class('splunk::installed') } + it { should contain_package('splunk') } + it { should contain_file('/opt/splunk/etc/apps/puppet_common_license_client_base/local/server.conf').with_content(/master_uri = https:\/\/lm.internal.corp.tld:8089\npool_suggestion = prodpool/) } + end + context 'with splunk secret' do let(:params) { { diff --git a/templates/puppet_common_license_client_base/local/server.conf b/templates/puppet_common_license_client_base/local/server.conf index f2037c2..85acd98 100644 --- a/templates/puppet_common_license_client_base/local/server.conf +++ b/templates/puppet_common_license_client_base/local/server.conf @@ -1,2 +1,5 @@ [license] master_uri = https://<%= @lm %> +<% if not @pool_suggestion.nil? -%> +pool_suggestion = <%= @pool_suggestion %> +<% end -%>