Ansible is great and so is Ansible Engine (AE)

[:en]In a previous blog post I mentioned a new approach for easing up your life when using splunk> in bigger environments.

Now the sources are up which bring the great concept of combining a powerful tool (Ansible) with an easy to use GUI (AE). Uploading the sources is still a work in progress and I need to split it in several parts so it’s more generic while the code is still growing. AE is documented by doxygen and you can find its link in the sources readme.

Features of AE (atm):

  • Link one or more app(s) to a target group in AE (required to deploy an app e.g. to your heavy forwarders)
  • List the linked apps for all or a specific target group or multiple groups
  • Deploy all linked apps of a target group (respecting the app install paths like shcluster/apps, apps, etc)
  • Deploy a single or multiple choosen app(s) to one or more target groups (coming in v2)
  • Edit, change, modify etc/system/local files centrally (you can still do local changes)
  • Install/Upgrade shelper
  • shelper reload cmds (apply config changes without a splunk restart)
  • Remote splunk stop/start/restart
  • Install splunk on a blank/fresh server
  • Download a new splunk release to the local repo (coming in v2)
  • Choose from all local available versions and stage it (coming in v2)
  • Upgrade splunk on a target (group)
  • Guided and ordered upgrade of multiple target groups (choose the order!) (coming in v2)
  • Cluster actions (currently: add a new power node to an existing indexer cluster)

If you use splunk in a bigger environment (so no single all-in-one instance) AE is for you!

It will just require to install Ansible on 1 host (e.g an existing splunk server like the dmc or any other Linux server you have) and prepare every splunk server once to allow remote access by Ansible and you can just fire up AE the next time.

The long term goal of AE is to fully fix the biggest issue in a splunk environment:

App deployment.

Yes in the current state AE will help you a LOT already as you can deploy from a single place an app to the Deployer, Heavyforwarder, Master Node and deployment server even in one shot but everything is in place to even do the actual deployment to the final end point. AE will never bypass the regular splunk deployment method but instead make use of that just from a central place. So stay tuned as that’s not a big deal but will just need a bit of time to finalize..

But enough of words start your journey and ease up your life:

AE sources, README and install instructions

There you find the sources, the documentation and even a wiki.

Have fun ;)[:de]In a previous blog post I mentioned the new approach of easing up your life when using splunk in bigger environments.

Now the sources are up which bring the great concept of combining a powerful tool (Ansible) with an easy to use GUI (AE). Uploading the sources is still a work in progress and I need to split it in several parts so it’s more generic while the code is still growing. AE is documented by doxygen and you can find its link in the sources readme.

Features of AE (atm):

  • Link one or more app(s) to a target group in AE (required to deploy an app e.g. to your heavy forwarders)
  • List the linked apps for all or a specific target group or multiple groups
  • Deploy all linked apps of a target group (respecting the app install paths like shcluster/apps, apps, etc)
  • Deploy a single or multiple choosen app(s) to one or more target groups (new in v2)
  • Edit, change, modify etc/system/local files centrally (you can still do local changes)
  • Install/Upgrade shelper
  • shelper reload cmds (apply config changes without a splunk restart)
  • Remote splunk stop/start/restart
  • Install splunk on a blank/fresh server
  • Download a new splunk release to the local repo (new in v2)
  • Choose from all local available versions and stage it (new in v2)
  • Upgrade splunk on a target (group)
  • Guided and ordered upgrade of multiple target groups (choose the order!) (new in v2)
  • Cluster actions (currently: add a new power node to an existing indexer cluster)

If you use splunk in a bigger environment (so no single all-in-one instance) AE is for you!

It will just require to install Ansible on 1 host (e.g an existing splunk server like the dmc) and prepare every splunk server once to allow remote access by Ansible and you can just fire up AE the next time.

The long term goal of AE is to fully fix the biggest issue in a splunk environment:

App deployment.

Yes in the current state AE will help you a LOT already as you can deploy from a single place an app to the Deployer, Heavyforwarder, Master Node and deployment server even in one shot but everything is in place to even do the actual deployment to the final end point. AE will never bypass the regular splunk deployment but instead make use of it just from one central place. So stay tuned as that’s not a big deal but will just need a bit of time to finalize.

But enough of words start your journey and ease up your life:

https://github.com/secure-diversITy/ansible_engine

There you find the sources, the documentation and even a wiki.

Have fun ;)[:]