def upgrade_uf(sec=None):
'''
Upgrades Universal Forwarder in Linux Deployments
'''
# Make sure you are upgrading at least from 4.2 to 5.0. Versions before 4.2 do not support direct upgrade.
splunk_package = 'splunkforwarder-6.0-182037-linux-2.6-x86_64.rpm'
if sec == None:
print("Please confirm that server can mount network share.")
return
#I'm adding the step below because I had some issues while upgrading splunk in some systems
if sec == 'n':
put('splunk/' + splunk_package, '/tmp/' + splunk_package, use_sudo=True, mode=0755)
stop('uf')
sudo('tar cvzf /apps/splunk-upgrade-backup.tar.gz /apps/splunkforwarder')
sudo('rpm -U --prefix=/apps /tmp/' + splunk_package)
sudo('/apps/splunkforwarder/bin/splunk start --accept-license --answer-yes')
remove_remote_file('~/splunkforwarder*')
elif sec == 'y':
common.mountshare()
stop('uf')
sudo('rpm -U --prefix=/apps /apps/tmp/splunk/forwarder/x/' + splunk_package)
sudo('/apps/splunkforwarder/bin/splunk start --accept-license --answer-yes')
common.unmount_share()
def deploy_dm_app():
"""
deploys the Splunk Deployment monitor app
"""
common.mountshare()
with cd('/apps/splunk'):
stop('f')
sudo('tar xvf /apps/tmp/splunk/Apps/splunk_app_deploymentmonitor-5.0.3-181055.tgz')
set_splunk_perms()
restart('f')
def upgrade_full():
'''
Upgrades Full Splunk in Linux Deployments
'''
# Make sure you are upgrading at least from 4.2 to 5.0. Versions before 4.2 do not support direct upgrade.
splunk_package = 'splunk-6.0-182037-linux-2.6-x86_64.rpm'
#I'm adding the step below because I had some issues while upgrading splunk in some systems
common.mountshare()
stop('f')
sudo('rpm -U --prefix=/apps /apps/tmp/splunk/full/x/' + splunk_package)
sudo('/apps/splunk/bin/splunk start --accept-license --answer-yes')
common.unmount_share()
def db2engine_update_fixpack():
'''Installs latest fixpack to db2 engine'''
common.mountshare()
instance_name = raw_input('Please enter instance name: ')
db2engine_stop(instance_name)
db2admin_stop()
with cd('/apps/tmp/commerce/install/db2dscfp8'):
run('./installFixPack -n -b /db2_exec/db2/V9.7')
run('cd /')
db2engine_db2update()
db2engine_db2dasupdate()
common.unmount_share()
db2engine_start(instance_name)
def deploy_unix_linux_app(sec=None):
'''
Deploys the full version app of the Unix linux app for Splunk.
This app is meant to be deploy only on indexers, search head, and heavy forwarders not on universal forwarders
'''
if sec == None:
print('Confirm if server can mount NFS export, if not then enter n')
return
if sec == 'n':
put('splunk/splunk_app_for_nix-5.0.0-182057.zip', 'splunk_app_for_nix-5.0.0-182057.zip', use_sudo=True, mode=0755 )
sudo('unzip splunk_app_for_nix.zip -d /apps/splunk/')
restart('f')
remove_remote_file('splunk_app_for_nix-5.0.0-182057.zip')
elif sec == 'y':
common.mountshare()
sudo('unzip /apps/tmp/splunk/Apps/nix_apps/splunk_app_for_nix-5.0.0-182057.zip -d /apps/splunk/')
restart('f')
def install_fwd(system=None, strenv=None, db2instname=None, sec=None):
"""
Install splunk forwarder.
"""
if system is None or env is None:
print "Please supply system to monitor: ihs8,ihs7, ws7, ws8, tfim, ldap"
return
if strenv == 'p':
list_of_indexers = ['SLSPINDEX01.domain.com:9997', 'SLSPINDEX02.domain.com:9997']
elif strenv == 's':
list_of_indexers = ['SLSSINDEX02.domain.com:9997', 'SLSSINDEX03.domain.com:9997']
if sec == 'n':
common.mountshare()
sudo('rpm -i --prefix=/apps /apps/tmp/splunk/forwarder/x/splunkforwarder-6.0-182037-linux-2.6-x86_64.rpm')
elif sec == 'y':
put('splunk/splunkforwarder-6.0-182037-linux-2.6-x86_64.rpm', '/root/splunkforwarder-6.0-182037-linux-2.6-x86_64.rpm', use_sudo=True, mode=0755)
sudo('rpm -i --prefix=/apps ~/splunkforwarder-6.0-182037-linux-2.6-x86_64.rpm')
sudo('/apps/splunkforwarder/bin/splunk start --accept-license')
sudo('/apps/splunkforwarder/bin/splunk enable boot-start')
for indexer in list_of_indexers:
sudo('/apps/splunkforwarder/bin/splunk add forward-server {0} -auth admin:changeme'.format(indexer))
sudo('/apps/splunkforwarder/bin/splunk stop')
sudo('mkdir /apps/splunkforwarder/etc/apps/search/local')
source_path = '../fabric/'
if system == "default":
put(source_path + 'inputs.conf', '/apps/splunkforwarder/etc/apps/search/local/inputs.conf', use_sudo=True, mode=0644)
elif system == "ldap":
put(source_path + 'ldap.conf', '/apps/splunkforwarder/etc/apps/search/local/inputs.conf', use_sudo=True, mode=0644)
elif system == "tfim":
put(source_path + 'tfim.conf', '/apps/splunkforwarder/etc/apps/search/local/inputs.conf', use_sudo=True, mode=0644)
elif system == "ihs8":
put(source_path + 'ihs8.conf', '/apps/splunkforwarder/etc/apps/search/local/inputs.conf', use_sudo=True, mode=0644)
elif system == "tameb":
put(source_path + 'tameb.conf', '/apps/splunkforwarder/etc/apps/search/local/inputs.conf', use_sudo=True, mode=0644)
elif system == "webseal":
put(source_path + 'webseal.conf', '/apps/splunkforwarder/etc/apps/search/local/inputs.conf', use_sudo=True, mode=0644)
elif system == "ws8":
put(source_path + 'was.conf', '/apps/splunkforwarder/etc/apps/search/local/inputs.conf', use_sudo=True, mode=0644)
elif system == "search":
put(source_path + 'search.conf', '/apps/splunkforwarder/etc/apps/search/local/inputs.conf', use_sudo=True, mode=0644)
elif system == "db2":
db2inputs(db2instname)
elif system == "wesb":
put(source_path + 'wesb.conf', '/apps/splunkforwarder/etc/apps/search/local/inputs.conf', use_sudo=True, mode=0644)
elif system == "syslog":
put(source_path + 'syslog.conf', '/apps/splunkforwarder/etc/apps/search/local/inputs.conf', use_sudo=True, mode=0644)
elif system == "commerce":
put(source_path + 'commerce/inputs.conf', '/apps/splunkforwarder/etc/apps/search/local/inputs.conf', use_sudo=True, mode=0644)
elif system == "search":
put(source_path + 'search.conf', '/apps/splunkforwarder/etc/apps/search/local/inputs.conf', use_sudo=True, mode=0644)
elif system == "nagios":
put(source_path + 'nagios.conf', '/apps/splunkforwarder/etc/apps/search/local/inputs.conf', use_sudo=True, mode=0644)
set_splunk_perms()
sudo('/apps/splunkforwarder/bin/splunk start')
remove_remote_file('~/splunkforwarder*')
common.unmount_share()
