- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Re: search head cluster with ansible and kubernete...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
search head cluster with ansible and kubernetese
Hello
how can i configure search heade cluster with ansible and kubernetese ?
this is my configuration :
splunk-chart: namespace:
dev-aviation-01 persistence:
search:
dataSize: 50Gi
configSize: 10Gi
master:
dataSize: 50Gi
configSize: 10Gi
indexer:
dataSize: 250Gi
configSize: 10Gi app:configs:
enabled: true
## The image must contain 'indexer','master', and 'search' dirs
in /data
image:
repository: gcr.io/argussec1/splunk-aviation-configs
tag: 2.3.0
env:
- name: SPLUNK_BEFORE_START_CMD
value: sudo rm /opt/splunk/var/lib/splunk/kvstore/mongo/mongod.lock
indexer:
replicas: 1resources:
requests:
memory: 4Gi
cpu: 1
limits:
memory: 8Gi
cpu: 4# default configuration loaded by splunk, exposed by nginxsplunkDefaults:
defaultYml:
ansible_post_tasks: null
ansible_pre_tasks: null
config:
baked: default.yml
defaults_dir: /tmp/defaults
env:
headers: null
var: SPLUNK_DEFAULTS_URL
verify: true
host:
headers: null
url: null
verify: true
max_delay: 60
max_retries: 3
max_timeout: 1200
hide_password: false
retry_num: 50
shc_bootstrap_delay: 30
splunk:
admin_user: admin
allow_upgrade: true
app_paths:
default: /opt/splunaviationtc/apps
deployment: /opt/spaviationk/etc/deployment-apps
httpinput: /opt/splaviation/etc/apps/splunk_httpinput
idxc: /opt/splunk/eaviationmaster-apps
shc: /opt/splunk/etaviationhcluster/apps
enable_service: false
exec: /opt/splunk/bin/splunk
group: splunk
hec_disabled: 0
hec_enableSSL: 0
hec_port: 8088
hec_token: ea `` home: /opt/splunk
http_enableSSL: 0
http_enableSSL_cert: null
http_enableSSL_privKey: null
http_enableSSL_privKey_password: null
http_port: 8000
idxc:
enable: false
label: idxc_label
replication_factor: 3
replication_port: 9887
search_factor: 3
secret: T
ignore_license: false
license_download_dest: /tmp/splunk.lic
nfr_license: /tmp/nfr_enterprise.lic
opt: /opt
password: "" #overriden in the environment variables
pid: /opt/splunk/var/run/splunk/splunkd.pid
s2s_enable: true
s2s_port: 9997
search_head_cluster_url: null
secret: null
shc:
enable: false
label: shc_label
replication_factor: 3
replication_port: 9887
secret: C
smartstore: null
svc_port: 8089
tar_dir: splunk
user: splunk
wildcard_license: false
conf:
server:
directory: /opt/splunk/etc/system/local
content:
clustering:
summary_replication : true
splunk_home_ownership_enforcement:
true
but i don't see any cluster or even more than 1 SH...
what am i missing ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
why setup your own ansible when splunk has made it open source:
https://github.com/splunk/splunk-ansible
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i used this
but i don't see the search heads iv'e added
i guess im missing something but i cant tell what
after configuring the ansible should i configure something else in splunk ? where should i check to see that the cluster is up and running ?
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
