Deployment Architecture

Provisioning via the deployment server and REST API to add a node to a serverclass with existing and new ordinals (whitelist)

a212830
Champion

Hi,

We are attempting to use deploy Splunk in our private cloud using chef, and provisioning via the deployment server and the REST API. We've noticed that when adding a node to a serverclass, you not only need to add that ordinal, but all the previous ordinals. So, I would need to go "whitelist.0, whitelist.1...whitelist.255", which... is nuts. Is there another way to do this? I know that I can grab the existing whitelist, but it still isn't efficient and I'm hoping there are better ways.

Here's an example (note that whitelist.0 already existed)

curl -k -u user:pass  https://myserver.com:8089/servicesNS/-/system/deployment/server/serverclasses/#{outputsServerClass} -d whitelist.1=1.2.3.4
then it will fail, saying:
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<response>\n  <messages>\n    <msg type=\"ERROR\">\n In handler 'serverclasses': Gap in numbered regexes: expected attribute=whitelist.0 not found</msg>\n  </messages>\n</response>\n"
However, if I do the following command:
curl -k -u user:pass https://myserver.com:8089/servicesNS/-/system/deployment/server/serverclasses/#{outputsServerClass} –d whitelist.0=1.2.3.4 -d whitelist.1=1.2.3.5

Then I will get a good response.
0 Karma

twinspop
Influencer
0 Karma

bmacias84
Champion

If you are using chef why not use partials templates.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

As far as I can tell, the tool you create for editing the white/black (example below just for whitelist) lists will need to do the following logic:

  1. Read/create the endpoint and make sure it exists.
  2. Parse the whitelist-size field to get the quantity of items that already exist
  3. Create a list of whitelist items, the size of the whitelist-size, consisting of the whitelist.# items that were output in step 1.
  4. POST to the server class with the whitelist items that already exist along with the new entry you’d like

The documentation for this endpoint in the REST API says "Filter ordinals must start at 0 and be consecutive” so I believe that is to let us know there’s no endpoint for doing a simple append.

a212830
Champion

Thanks Burch. Not ideal, for sure. Wondering if anyone has any other ideas or experience in this area - I've seen a lot of "using deployment server or automating deployment server" presentations floating around... hoping someone has run into this problem and solved it. Be nice to see Splunk just add an "append" feature to the rest call...

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Oh, there were some conf sessions on ansible automation - maybe they covered this in there as well?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...