Splunk ConfiguraAon Management and Deployment with Ansible

Similar documents
Splunk and Ansible. Joining forces to increase implementation power. Rodrigo Santos Silva Head of Professional Services, Tempest Security Intelligence

Infoblox and Ansible Integration

Cloud and Devops - Time to Change!!! PRESENTED BY: Vijay

Ansible Tower Quick Setup Guide

Ansible Tower Quick Setup Guide

Ansible Bootcamp. Bruce Becker: Coordinator, Africa-Arabia ROC

Red Hat Ansible Workshop. Lai Kok Foong, Kelvin

AUTOMATION ACROSS THE ENTERPRISE

Zero Touch Provisioning of NIOS on Openstack using Ansible

Zabbix Ansible Module. Patrik Uytterhoeven

Deploying MySQL HA. with Ansible and Vagrant (101) Daniel Guzman Burgos (Percona) Robert Barabas (Percona)

AGENTLESS ARCHITECTURE

ANSIBLE TOWER OVERVIEW AND ROADMAP. Bill Nottingham Senior Principal Product Manager

IN DEPTH INTRODUCTION ARCHITECTURE, AGENTS, AND SECURITY

Malaysian Open Source Conference (The) Multi Facets of the Open Source Tools. Muhammad Najmi Ahmad Zabidi

MULTI CLOUD AS CODE WITH ANSIBLE & TOWER

Rapid Deployment of Bare-Metal and In-Container HPC Clusters Using OpenHPC playbooks

Automation: Making the Best Choice for Your Organization

Ansible: Server and Network Device Automation

Introduction to Ansible

DevOPS, Ansible and Automation for the DBA. Tech Experience 18, Amsersfoot 7 th / 8 th June 2018

An introduction to ANSIBLE. Anand Buddhdev RIPE NCC

Infrastructure at your Service. Setup Oracle Infrastructure with Vagrant & Ansible

Automation and configuration management across hybrid clouds with CloudForms, Satellite 6, Ansible Tower

Ansible Essentials 5 days Hands on

Ansible at Scale. David Melamed Senior Research Engineer, CTO Office, CloudLock

Ansible + Hadoop. Deploying Hortonworks Data Platform with Ansible. Michael Young Solutions Engineer February 23, 2017

Ansible and Firebird

Modern Provisioning and CI/CD with Terraform, Terratest & Jenkins. Duncan Hutty

Automate Patching for Oracle Database in your Private Cloud

Getting started with Ansible and Oracle

Ansible and Ansible Tower by Red Hat

Ansible in Depth WHITEPAPER. ansible.com

Getting Started with Ansible - Introduction

We are ready to serve Latest IT Trends, Are you ready to learn?? New Batches Info

Enhancing Secrets Management in Ansible with CyberArk Application Identity Manager

vagrant up for Network Engineers Do it like they do on the Developer Channel!

GIVING POWER TO THE PEOPLE With General Mills

Get Automating with Infoblox DDI IPAM and Ansible

Data-Driven DevOps Using Splunk SoLware and Ansible Tower

Choosing an orchestration tool: Ansible and Salt. Ken Wilson Opengear. Copyright 2017 Opengear, Inc. 1

OPEN SOURCING ANSIBLE

The recommended way for deploying a OSS DC/OS cluster on GCE is using Terraform.

FMW Automatic install using cloning

INTRODUCTION CONTENTS BEGINNER S GUIDE: CONTROL WITH RED HAT ANSIBLE TOWER

Behind the scenes of a FOSS-powered HPC cluster at UCLouvain

Contents. Prerequisites 1. Linux 1. Installation 1. What is Ansible? 1. Basic Ansible Commands 1. Ansible Core Components 2. Plays and Playbooks 8

How to avoid boring work - Automation for DBAs

Harnessing your cluster with Ansible

Provisioning MongoDB with Vagrant and Chef. Nathen Harvey Web Opera=ons, CustomInk

SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other

AUTOMATING THE ENTERPRISE WITH ANSIBLE. Dustin Boyd Solutions Architect September 12, 2017

Study Guide. Expertise in Ansible Automation

Infrastructure Configuration and Management with Ansible. Kaklamanos Georgios

WHAT IS ANSIBLE AND HOW CAN IT HELP ME?

ansible-workshop Documentation

Sanjay Shitole, Principle Solutions Engineer

Getting Started with Ansible for Linux on z David Gross

Henry Stamerjohann. Apfelwerk GmbH & Co. #macadmins

(Almost) Instant monitoring

Ansible Tower on the AWS Cloud

Ansible. Go directly to project site 1 / 36

Button Push Deployments With Integrated Red Hat Open Management

Introduction to CLI Automation with Ansible

Ansible - Automation for Everyone!

Building and Managing Clouds with CloudForms & Ansible. Götz Rieger Senior Solution Architect January 27, 2017

ANSIBLE AUTOMATION AT TJX

Infrastructure as Code CS398 - ACC

introducing Haid-und-Neu-Str. 18, Karlsruhe Germany

HASHICORP TERRAFORM AND RED HAT ANSIBLE AUTOMATION Infrastructure as code automation

mastering ansible A622DFD780311BCF8921DE033F8C7977 Mastering Ansible 1 / 6

AUTOMATION FOR EVERYONE Accelerating your journey to the Hybrid Cloud with Ansible Tower

Agile Oracle BI Development for Multiple Users with Git. Yes, it can be done

RED HAT TECH EXCHANGE HOUSE RULES

Ansible Tower Quick Install

Database Operations at Groupon using Ansible. Mani Subramanian Sr. Manager Global Database Services Groupon

Dominating Your Systems Universe with Ansible Daniel Hanks Sr. System Administrator Adobe Systems Incorporated

Ansible F5 Workshop +

Ansible. For Oracle DBAs. Alexander Hofstetter Trivadis GmbH

Ansible Hands-on Introduction

The Foreman. Doina Cristina Duma, cristina.aiftimiei<at>cnaf.infn.it Diego Michelotto, diego.michelotto<at>cnaf.infn.it INFN-CNAF

MARCO MALAVOLTI

Heidi Hasting. Bringing source control to BI world!

ABOUT INTRODUCTION ANSIBLE END Ansible Basics Oleg Fiksel Security CSPI GmbH OpenRheinRuhr 2015

Introduction to Ansible. yench

From Docker les to Ansible Container

Ansible Tower Quick Install

Housekeeping. Timing Breaks Takeaways

regpg safely store server secrets Tony Finch Tuesday 21st November 2017 Abstract

Ansible. -- Make it so

Managing Microservices using Terraform, Docker, and the Cloud

Ansible for DevOps. Server and configuration management for humans. Jeff Geerling ISBN Jeff Geerling

Dell EMC OpenManage Ansible Modules. Version 1.0 Installation Guide

Splunking ibeacon (BLE) for Profit and Pleasure

Ansible in Operation. Bruce Becker: Coordinator, SAGrid

INTRODUCTION WHY CI/CD

ANSIBLE TOWER IN THE SOFTWARE DEVELOPMENT LIFECYCLE

OpenStack Summit Austin

SELF-SERVICE IT WITH ANSIBLE TOWER & MICROSOFT AZURE. Chris Houseknecht Dave Johnson. June #redhat #rhsummit

J, K, L. Each command, 31. Fully qualified domain name (FQDN), 116

Transcription:

Copyright 2015 Splunk Inc. Splunk ConfiguraAon Management and Deployment with Ansible Jose Hernandez Director Security SoluAons, Zenedge Sean Delaney Client Architect, Splunk

Intros

Disclaimer During the course of this presentaaon, we may make forward looking statements regarding future events or the expected performance of the company. We cauaon you that such statements reflect our current expectaaons and esamates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward- looking statements, please review our filings with the SEC. The forward- looking statements made in the this presentaaon are being made as of the Ame and date of its live presentaaon. If reviewed auer its live presentaaon, this presentaaon may not contain current or accurate informaaon. We do not assume any obligaaon to update any forward looking statements we may make. In addiaon, any informaaon about our roadmap outlines our general product direcaon and is subject to change at any Ame without noace. It is for informaaonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligaaon either to develop the features or funcaonality described or to include any such feature or funcaonality in a future release. 3

Agenda! Deploying Splunk with Ansible! Git for ConfiguraAon Management! Git for ConfiguraAon Monitoring! Demo! Take Away 4

Deploying Splunk with Ansible

! Why use a deployment tool? Deployment Tools Automate Deployment (full lifecycle) ê Provision systems and OperaAng System ê Create users and the applicaaon environment ê Deploy/update binaries and scripts ê Deploy/update configuraaon files ê Control start/stop/restart services Deployment Server? ê Only deploys Splunk configuraaons under $SPLUNK_HOME/etc/apps Many choices: Ansible Puppet Chef CFEngine Salt BladeLogic 6

Why Ansible?! No Agent Required! Uses SSH as Transport! Easy to pickup! Low overhead and scales to huge deployments! Python Base! Windows deployments via Powershell 7

Ansible Primer! Ansible- playbook: Ansible executable which runs the playbooks etc..! Hosts: INI file which contains the role/group and host mapping! Playbooks: Ties in Roles, host groups and task together to create orchestrated acaons on target hosts! Roles: contains the acaons each group will complete (this is where the deployment logic lives) 8

Ansible Structure 9

Requirements:! Ansible Installed Running Ansible! Splunk- admin user updated with your keys under /playbooks/ splunk_creds/splunk- admin.pub! Root password of hosts to run Ansible in! Make sure you have ssh keys generated for root! Hosts inventory updated 10

Running Ansible, cont! Before running Ansible make sure that your environment is set correctly. Run:!. /opt/ansible/hacking/env-setup!! To build a splunk server from scratch just run:!./ansible-playbook /etc/ansible/playbook/ search_heads.yml!! Make sure that you have hosts defined under hosts 11

Running a Playbook 12

Running Searchhead Playbook /etc/ansible#ansible-playbook playbooks/search_heads.yml! PLAY [apply common configuration to all nodes] ********************************! GATHERING FACTS ***************************************************************! ok: [162.243.231.42]! TASK: [common install security controls] ************************************! ok: [162.243.231.42] => (item=chkrootkit,rkhunter,clamav,fail2ban)! TASK: [common install basic utilities] **************************************! ok: [162.243.231.42] => (item=vim,screen,iotop,htop,ioping,ntp)! TASK: [common create splunk-admin] ******************************************! ok: [162.243.231.42]! TASK: [common copy splunk-admin bash_profile] *******************************! ok: [162.243.231.42]! 13

Splunk and Git Part 1: ConfiguraAon Management

DevOps Approach! Treat ConfiguraAon Files as code and test, deploy programmaacally! Apply QA/change management controls Gold reference copy Check- ins and diffs (Who, What, When changed) Combine with CM/TickeAng System (Who and Why) Easy roll- back to known good state 15

ConfiguraAon Deployment Deployer Search Heads, Linux Git Repository Master Cluster Node Indexers, Linux Source File Check-in Scheduled Repository Check-out to Ansible source directory Deployment Server Forwarders, Windows Forwarders, Linux 16

Git Repository Tree 17

Git: Clone, Sample And Create Your Own Repository! git clone <repo> /etc/ansible!! rm -rf.git!! git init!! git add *!! git commit -m my first commit!! git remote add origin <your new repo url>!! git push -u origin masterfile check-in! 18

Git: Checking Updated Files! git status!! git add modifiedfile.txt!! git commit -m add your commit message here!! git push origin master! 19

Git: Checkout to Ansible Source! On the Ansible server run the following in a script via cron! git fetch --all!! git reset --hard origin/master! 20

Splunk and Git Part 2: ConfiguraAon Monitoring

Problem: Search Load Gone Crazy?! One or many users have created or modified a dashboard search or saved scheduled that is creaang excess load on your Splunk servers! How do you find which search is the culprit? 22

SoluAon: Monitoring Changes to Search Configs! On search heads setup a cron script to check- in any changes Git on the following directories:! $SPLUNK_HOME/etc/system!! $SPLUNK_HOME/etc/apps!! $SPLUNK_HOME/etc/users! Use a scheduled scripted input on a forwarder to collect regular file changes and index the changes in Splunk! git whatchanged!! Once indexed you can search for changes over a Ame window 23

Splunking Searchhead Config Changes Search Head Git Repository Forwarder Indexers Search Head $SPLUNK_HOME/etc/system $SPLUNK_HOME/etc/apps $SPLUNK_HOME/etc/users SH/$SERVER_NAME/etc/system SH/$SERVER_NAME/etc/apps SH/$SERVER_NAMEetc/users 24

Pupng it in AcAon Demo Time

Take Away! AutomaAon with Ansible takes some work up from, but will will make life simpler in the long run! Using Git for Splunk/Ansible configuraaon management allows for change management and simplified roll backs.! Checking in Searchhead configs into Splunk provides the ability to detect Admin and User Search changes 26

Resources!!!! Deploying Splunk Securely with Ansible Config Management Part 1 hqp://blogs.splunk.com/2014/07/12/ deploying- splunk- securely- with- ansible- config- management- part- 1/ Deploying Splunk Securely with Ansible Config Management Part 2 hqp://blogs.splunk.com/2015/02/09/ deploying- splunk- securely- with- ansible- config- management- part- 2/ 27

What Now? Related breakout sessions and acaviaes 28

THANK YOU

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback