I am working on on a project to set up Splunk servers using Desired State Configuration (DSC). I am surprised that there are not any resources out there to do this. Am I missing something? Is there a big reason why nothing out there exists, e.g. it's not possible?
At this point there are not, but I did speak with a customer today who was interested in creating one and possibly sharing it with the community (Edit: aha, that was you!). As to your surprise--I'm not surprised for two reasons:
Is it possible to use DSC to manage Splunk? Of course. In fact, depending on your scope, a DSC resource could be trivially easy to do. The devil would be in the details of how far you want to go, given that there may be advantages in keeping DS around.
A minimal set of DSC resources might do the following:
- Deploy Splunk MSI & ensure its installed
- Copy a set of config files & ensure they are effected (by restarting splunkd service)
I can imagine you'd have a matrix of these that maps to Splunk server and client roles, such as:
- Search Head
- Indexer
- Deployment Server
- Universal Forwarder
The real question is whether you intend to mange all aspects of Splunk with DSC (very large project), or do you intend to simply use it for deployment client bootstrapping. If the latter, your DSC resource might have one step: deploy the MSI with a few parameters, one of which being the address to your DS.
I'd agree it's probably best to use DSC for the deployment of the UF to remote clients and let the splunk deployment server do the rest. Also DSC is now multiplatform! Its a new dawn for MS 🙂
https://msdn.microsoft.com/en-us/powershell/dsc/lnxgettingstarted
Im looking at the auto deployment of SSL certs to forwarders which I think DSC would be suited to this, I think it's possible via an splunk deployed app but sounds a bit messy.
If I do produce anything of use I will upload it to the community.