Rubber template for Splunk agent(forwarder) installation

templates/splunk/config/rubber/deploy-splunk.rb

@@ -0,0 +1,69 @@
+namespace :rubber do
+
+  namespace :splunk do
+
+    namespace :client do
+
+      rubber.allow_optional_tasks(self)
+
+    if Rubber.env == 'production'
+      after "rubber:setup_volumes", "rubber:splunk:client:install"
+    end
+
+      desc "Install Splunk"
+      task :install, :roles => :splunk do
+        rubber.sudo_script 'install_splunk_client', <<-ENDSCRIPT
+          install_splunk ()
+          {
+              wget --no-check-certificate -qNP /tmp #{rubber_env.splunk_forwarder_pkg_url}
+              tar -C #{rubber_env.splunk_prefix} -zxf \
+                      /tmp/splunkforwarder-#{rubber_env.splunk_forwarder_version}-Linux-x86_64.tgz
+              #{rubber_env.splunk_forwarder_dir}/bin/splunk start --accept-license --answer-yes --no-prompt
+              #{rubber_env.splunk_forwarder_dir}/bin/splunk edit user #{rubber_env.splunk_forwarder_admin_user} \
+                      -password #{rubber_env.web_tools_password} -auth #{rubber_env.splunk_forwarder_admin_user}:changeme
+              #{rubber_env.splunk_forwarder_dir}/bin/splunk enable boot-start
+          }
+
+          if [ -f #{rubber_env.splunk_forwarder_dir}/bin/splunk ]; then
+            if [[ "#{rubber_env.splunk_forwarder_version}" != `#{rubber_env.splunk_forwarder_dir}/bin/splunk version |awk '{print $4 "-"$6}' |sed 's/)$//' || true` ]]; then
+              install_splunk
+            fi
+          else
+            install_splunk
+          fi
+        ENDSCRIPT
+      end
+
+    if Rubber.env == 'production'
+      after "rubber:bootstrap", "rubber:splunk:client:bootstrap"
+    end
+
+      desc "Bootstrap Splunk config"
+      task :bootstrap, :roles => :splunk do
+        rubber.update_code_for_bootstrap
+        rubber.run_config(:file => "role/splunk", :force => true, :deploy_path => release_path)
+        restart
+      end
+
+      desc "Stops Splunk forwarder"
+      task :stop, :roles => :splunk, :on_error => :continue do
+        rsudo "service splunk stop || true"
+        rsudo "sleep 5; [[ -n \"`pgrep splunkd`\" ]] && kill -9 `pgrep splunkd`"
+      end
+
+      desc "Starts Splunk forwarder"
+      task :start, :roles => :splunk do
+        rsudo "service splunk start"
+      end
+
+      desc "Restarts Splunk forwarder"
+      task :restart, :roles => :splunk do
+        stop
+        start
+      end
+
+    end
+
+  end
+
+end

templates/splunk/config/rubber/role/splunk/inputs.conf

@@ -0,0 +1,8 @@
+<%
+  @path = "#{rubber_env.splunk_forwarder_dir}/etc/apps/<%= rubber_env.app_name %>/local/inputs.conf"
+%>
+
+#Log monitor example
+[monitor:///var/log/syslog]
+sourcetype = production
+

templates/splunk/config/rubber/role/splunk/limits.conf

@@ -0,0 +1,11 @@
+<%
+  @path = "#{rubber_env.splunk_forwarder_dir}/etc/apps/<%= rubber_env.app_name %>/local/limits.conf"
+%>
+
+# By default a universal or light forwarder is limited to 256kB/s
+# Either set a different limit in kB/s, or set the value to zero to
+# have no limit.
+# Note that a full speed UF can overwhelm a single indexer.
+
+[thruput]
+maxKBps = 1000

templates/splunk/config/rubber/role/splunk/local.meta

@@ -0,0 +1,6 @@
+<%
+  @path = "#{rubber_env.splunk_forwarder_dir}/etc/apps/<%= rubber_env.app_name %>/metadata/local.meta"
+%>
+[]
+access = read : [ * ], write : [ admin ]
+export = system

templates/splunk/config/rubber/role/splunk/outputs.conf

@@ -0,0 +1,14 @@
+<%
+  @path = "#{rubber_env.splunk_forwarder_dir}/etc/apps/<%= rubber_env.app_name %>/local/outputs.conf"
+%>
+#SPLUNK CLOUD BASE SETTINGS
+[tcpout]
+defaultGroup =splunk_cloud
+[tcpout:splunk_cloud]
+useACK = true
+disabled = false
+server = <%= rubber_env.splunk_servers %>
+sslVerifyServerCert = false
+sslRootCAPath = $SPLUNK_HOME/etc/auth/cacert.pem
+sslCertPath = $SPLUNK_HOME/etc/auth/server.pem
+sslPassword = password

templates/splunk/config/rubber/rubber-splunk.yml

@@ -0,0 +1,6 @@
+splunk_forwarder_version: "6.0.3-204106"
+splunk_forwarder_pkg_url: "http://some_url/splunkforwarder-#{splunk_forwarder_version}-Linux-x86_64.tgz"
+splunk_prefix: "/opt"
+splunk_forwarder_dir: "#{splunk_prefix}/splunkforwarder"
+splunk_forwarder_admin_user: admin
+splunk_servers:

templates/splunk/templates.yml

@@ -0,0 +1 @@
+description: Splunk forwarder module