When you start setting up and administrating splunk> you will find something very strange and complicated to handle: the deployment mechanism or should I say the THREE different ones? I mean.. three?
- Deployer for the SH cluster
- Deployment server for UF’s, HF’s
- Master node for the Indexer cluster
Well and its not just the amount they all need to be configured and handled different. Hey splunk, seriously?
Ok what first sounds like something not so dramatically… when you administrate all of them and then think about do that for 2 or 3 environments (e.g. production, staging and development) plus servers in multiple DMZ.. you will understand me.
So what? Some of my customers got sick of this and so starting to implement an own deployment process instead of using the multiple splunk ones. I saw implementations with Puppet or Ansible and my credo is “I’m fine with whatever works”…
…and one thing is clear: the splunk way does not work (atm). In a future post I will show what Ansible can do for you to solve all these problems and more! ;)