Try SpotterCreate a Splunk app from a local directory
| "added in version" 0.10.0 of cdillc.splunk"
Authors: Lowell C. Alleman (@lowell80)
This plugin has a corresponding action plugin.
Install with ansible-galaxy collection install cdillc.splunk:==0.24.2
collections:
- name: cdillc.splunk
version: 0.24.2Build a Splunk app using the ksconf I(package) command. This can be as simple drop-in replacement for the M(community.general.archive) module. Advanced use cases can be supported by a combination of ksconf layers and/or file handlers. Idempotent behavior is fully supported.
The file handling mechanism allows for things like template rendering based on file matching.
Jinja2 template expansion is supported for (C(*.j2)) files by either using pure Jinja or Ansible Jinja handlers.
Ksconf I(layers) are fully supported and can be dynamically included or excluded with filters.
There are two Jinja template modes: Standard C(jinja) mode uses plain Jinja syntax and is more portable (e.g., as it's also available via the C(ksconf package) command.) The C(ansible-jinja) mode supports all the features of Jinja within Ansible, which includes access to inventory variables, Ansible's full range of filters and tests, as well as lookup functionality. By default, all file handling is disabled to avoid any unwanted content modification. Use the I(enable_handler) option to enable a template handler.
- name: Build addon using a specific set of layers
cdillc.splunk.ksconf_package:
source: "{{ app_repo }}/Splunk_TA_nix"
file: "{{ install_root }}/build/Splunk_TA_nix.spl"
block: ["*.sample"]
local: preserve
follow_symlink: false
layers:
- exclude: "30-*"
- include: "30-{{role}}"
- exclude: "40-*"
- include: "40-{{env}}"
# More complex example that loops over an 'apps_inventory' list that contains both
# local directories and pre-packaged tarballs (which don't need to be re-packaged)
- name: Render apps from version control
cdillc.splunk.ksconf_package:
source: "{{ rendered_apps_folder }}/{{ item.name }}"
file: "{{ tarred_apps_folder }}/{{ item.name }}-[[ layers_hash ]].tgz"
local: preserve
layers:
- include: "10-upstream"
- include: "20-common"
- include: "30-{{ app_role }}"
- include: "40-{{ layer_env }}"
- include: "50-{{ app_role }}-{{ layer_env }}"
- include: "60-{{ org }}"
enable_handler: ansible-jinja
template_vars:
org_name: acme
default_retention: 7d
splunk:
key_password: "{{ splunk.key_password }}"
delegate_to: localhost
run_once: true
loop: >
{{ apps_inventory
| selectattr("state", "eq", "present")
| rejectattr("tarball")
}}
register: app_render_output
tags: render
file:
description: 'Tarball file created of the app. This can be I(.spl) or I(.tar.gz)
This parameter supports dynamic placeholders. Variables are listed L(here,https://ksconf.readthedocs.io/en/stable/cmd_package.html#variables)
'
required: true
type: path
block:
default: []
description: Pattern for files/directories to exclude.
elements: path
type: list
local:
choices:
- preserve
- block
- promote
default: preserve
description:
- Define handling of of C(local) directory and C(local.meta) file.
- Use I(preserve) to keep the local artifacts as-is.
- I(block) will exclude local artifacts from the generated app archive.
- I(promote) will merge any local artifacts into the default layer.
type: str
layers:
default: []
description:
- Include and exclude rules regarding which layers to include in the generated app.
- Layer filters rules are evaluated sequentially, and the last match wins.
- List of dictionaries with a single key, either I(include) or I(exclude)
elements: dict
suboptions:
exclude:
description: Specify a layer or layer glob pattern to exclude.
type: str
include:
description: Specify a layer or layer glob pattern to include.
type: str
type: list
source:
aliases:
- src
description: Path to input directory for the app
required: true
type: path
context:
description:
- Free-form metadata that is passed through to the output.
- Use this to pass around important app context variables that can be conveniently
retained when looping and using C(register).
type: dict
encrypt:
choices:
- false
- vault
default: false
description:
- Encrypt the resulting archive I(file). Set to C(vault) to encrypt with ansible-vault.
type: str
app_name:
description:
- Specify the top-level folder (app) name.
- If this is not given, the app folder name is automatically extracted from the basename
of C(source).
- Placeholder variables, such as C({{app_id}}) can be used here.
type: str
layer_method:
choices:
- auto
- dir.d
- disable
default: dir.d
description: Type of layers used within the I(source) directory.
template_vars:
default: {}
description:
- Add-hoc variables useable during template expansion.
- This dictionary can be structured any way that's helpful. There are no restrictions
imposed, but be aware that sending more variables than needed could result in extra
processing. Future speedups will be based on building a hash of full value of the
I(template_vars) data structure so any change will trigger a cache miss.
required: false
type: dict
enable_handler:
choices:
- ansible-jinja
- ansible-vault
- jinja
description:
- Enable one or more file handlers for template expansion and encrypted file support.
- Use C(jinja) for basic Jinja2 syntax support. All necessary variables must be passed
in via the I(template_vars) argument.
- Use C(ansible-jinja) to use the Ansible engine to handle all jinja rendering. By
default, all Ansible variables, filters, tests, and lookups are available. This
is effectively like using the M(ansible.builtin.template) module to render all C(*.j2)
files before packaging an app.
- Use C(ansible-vault) to enable ansible vault decryption of files. This will only
decrypt files matching C(*.vault).
elements: str
type: list
follow_symlink:
default: false
description:
- Follow symbolic links pointing to directories.
- Symlinks to files are always followed.
type: bool
action:
description: 'Resulting action code. Values are C(created), C(updated), or C(unchanged).
If I(encrypt) has changed, without any changes in I(source), then actions will
be either C(encrypt) and C(decrypt).
'
returned: always
sample: unchanged
type: str
app_name:
description: 'Final name of the splunk app, which is the top-level directory included
in the generated archive.
'
returned: always
sample: org_custom_tech
type: str
archive:
description: 'The location where the generated archive lives. This could vary dynamically
if C(file) contained a placeholder.
'
returned: always
sample: /tmp/splunk_apps/org_custom_tech-1.4.3.tgz
type: path
archive_size:
description: Size of the generated C(archive) file in bytes.
returned: always
sample: null
type: int
context:
description: Optional pass-through field. See the C(context) parameter.
returned: when provided
type: dict
encryption:
description: Final encryption state of the archive.
returned: always
sample: vault
type: str
encryption_size:
description: Size of file on disk, after encryption.
returned: if I(encrypt) is enabled
type: int
new_hash:
description: 'Checksum of the previous (existing) tarball, if present. This is a
SHA256 of the uncompressed content.
'
returned: always
sample: null
type: str
old_hash:
description: Checksum of the new tarball. See notes regarding I(new_hash) for more
details.
returned: always
sample: e1617a87ea51c0ca930285c0ce60af4308513ea426ae04be42b1d7b47aba16a5
type: str
stdout:
description: Output stream of details from the ksconf packaging operations.
returned: always
sample: null
type: str