cdillc / cdillc.splunk / 0.24.2 / module / ksconf_package Create a Splunk app from a local directory | "added in version" 0.10.0 of cdillc.splunk" Authors: Lowell C. Alleman (@lowell80) This plugin has a corresponding action plugin.cdillc.splunk.ksconf_package (0.24.2) — module
Install with ansible-galaxy collection install cdillc.splunk:==0.24.2
collections: - name: cdillc.splunk version: 0.24.2
Build a Splunk app using the ksconf I(package) command. This can be as simple drop-in replacement for the M(community.general.archive) module. Advanced use cases can be supported by a combination of ksconf layers and/or file handlers. Idempotent behavior is fully supported.
The file handling mechanism allows for things like template rendering based on file matching.
Jinja2 template expansion is supported for (C(*.j2)) files by either using pure Jinja or Ansible Jinja handlers.
Ksconf I(layers) are fully supported and can be dynamically included or excluded with filters.
There are two Jinja template modes: Standard C(jinja) mode uses plain Jinja syntax and is more portable (e.g., as it's also available via the C(ksconf package) command.) The C(ansible-jinja) mode supports all the features of Jinja within Ansible, which includes access to inventory variables, Ansible's full range of filters and tests, as well as lookup functionality. By default, all file handling is disabled to avoid any unwanted content modification. Use the I(enable_handler) option to enable a template handler.
- name: Build addon using a specific set of layers cdillc.splunk.ksconf_package: source: "{{ app_repo }}/Splunk_TA_nix" file: "{{ install_root }}/build/Splunk_TA_nix.spl" block: ["*.sample"] local: preserve follow_symlink: false layers: - exclude: "30-*" - include: "30-{{role}}" - exclude: "40-*" - include: "40-{{env}}"
# More complex example that loops over an 'apps_inventory' list that contains both # local directories and pre-packaged tarballs (which don't need to be re-packaged) - name: Render apps from version control cdillc.splunk.ksconf_package: source: "{{ rendered_apps_folder }}/{{ item.name }}" file: "{{ tarred_apps_folder }}/{{ item.name }}-[[ layers_hash ]].tgz" local: preserve layers: - include: "10-upstream" - include: "20-common" - include: "30-{{ app_role }}" - include: "40-{{ layer_env }}" - include: "50-{{ app_role }}-{{ layer_env }}" - include: "60-{{ org }}" enable_handler: ansible-jinja template_vars: org_name: acme default_retention: 7d splunk: key_password: "{{ splunk.key_password }}" delegate_to: localhost run_once: true loop: > {{ apps_inventory | selectattr("state", "eq", "present") | rejectattr("tarball") }} register: app_render_output tags: render
file: description: 'Tarball file created of the app. This can be I(.spl) or I(.tar.gz) This parameter supports dynamic placeholders. Variables are listed L(here,https://ksconf.readthedocs.io/en/stable/cmd_package.html#variables) ' required: true type: path block: default: [] description: Pattern for files/directories to exclude. elements: path type: list local: choices: - preserve - block - promote default: preserve description: - Define handling of of C(local) directory and C(local.meta) file. - Use I(preserve) to keep the local artifacts as-is. - I(block) will exclude local artifacts from the generated app archive. - I(promote) will merge any local artifacts into the default layer. type: str layers: default: [] description: - Include and exclude rules regarding which layers to include in the generated app. - Layer filters rules are evaluated sequentially, and the last match wins. - List of dictionaries with a single key, either I(include) or I(exclude) elements: dict suboptions: exclude: description: Specify a layer or layer glob pattern to exclude. type: str include: description: Specify a layer or layer glob pattern to include. type: str type: list source: aliases: - src description: Path to input directory for the app required: true type: path context: description: - Free-form metadata that is passed through to the output. - Use this to pass around important app context variables that can be conveniently retained when looping and using C(register). type: dict encrypt: choices: - false - vault default: false description: - Encrypt the resulting archive I(file). Set to C(vault) to encrypt with ansible-vault. type: str app_name: description: - Specify the top-level folder (app) name. - If this is not given, the app folder name is automatically extracted from the basename of C(source). - Placeholder variables, such as C({{app_id}}) can be used here. type: str layer_method: choices: - auto - dir.d - disable default: dir.d description: Type of layers used within the I(source) directory. template_vars: default: {} description: - Add-hoc variables useable during template expansion. - This dictionary can be structured any way that's helpful. There are no restrictions imposed, but be aware that sending more variables than needed could result in extra processing. Future speedups will be based on building a hash of full value of the I(template_vars) data structure so any change will trigger a cache miss. required: false type: dict enable_handler: choices: - ansible-jinja - ansible-vault - jinja description: - Enable one or more file handlers for template expansion and encrypted file support. - Use C(jinja) for basic Jinja2 syntax support. All necessary variables must be passed in via the I(template_vars) argument. - Use C(ansible-jinja) to use the Ansible engine to handle all jinja rendering. By default, all Ansible variables, filters, tests, and lookups are available. This is effectively like using the M(ansible.builtin.template) module to render all C(*.j2) files before packaging an app. - Use C(ansible-vault) to enable ansible vault decryption of files. This will only decrypt files matching C(*.vault). elements: str type: list follow_symlink: default: false description: - Follow symbolic links pointing to directories. - Symlinks to files are always followed. type: bool
action: description: 'Resulting action code. Values are C(created), C(updated), or C(unchanged). If I(encrypt) has changed, without any changes in I(source), then actions will be either C(encrypt) and C(decrypt). ' returned: always sample: unchanged type: str app_name: description: 'Final name of the splunk app, which is the top-level directory included in the generated archive. ' returned: always sample: org_custom_tech type: str archive: description: 'The location where the generated archive lives. This could vary dynamically if C(file) contained a placeholder. ' returned: always sample: /tmp/splunk_apps/org_custom_tech-1.4.3.tgz type: path archive_size: description: Size of the generated C(archive) file in bytes. returned: always sample: null type: int context: description: Optional pass-through field. See the C(context) parameter. returned: when provided type: dict encryption: description: Final encryption state of the archive. returned: always sample: vault type: str encryption_size: description: Size of file on disk, after encryption. returned: if I(encrypt) is enabled type: int new_hash: description: 'Checksum of the previous (existing) tarball, if present. This is a SHA256 of the uncompressed content. ' returned: always sample: null type: str old_hash: description: Checksum of the new tarball. See notes regarding I(new_hash) for more details. returned: always sample: e1617a87ea51c0ca930285c0ce60af4308513ea426ae04be42b1d7b47aba16a5 type: str stdout: description: Output stream of details from the ksconf packaging operations. returned: always sample: null type: str