Hello,

I'm relatively new to Splunk and even more on using this Ansible role so could you please provide some guidelines or examples on how to implement a distributed deployment?

My inventory looks like this:

[search]
splunk1

[indexer]
splunk2

[deploymentserver]
splunk3

[licensemaster]
splunk4

[dmc]
splunk4

[full:children]
search
indexer
deploymentserver
licensemaster
dmc

I have executed the splunk_install_or_upgrade.yml playbook and it just installed the package so I guess I'm missing the configuration part.

Thanks in advance for your help.

@tandrez splunk_install_or_upgrade.yml is specifically to either install splunk or upgrade if it's already install but with a different version. I would take a look at the splunk_idxc_deploy.yml and splunk_shc_deploy.yml playbooks that install and configure splunk. You can leverage those playbooks to create your own. You can also combine both in one playbook if necessary.

Thank you for your reply @Ces-Ces.
Yes, I ended up using the playbook splunk_idxc_deploy.yml even though initialy, I just wanted to implement a non-clustered deployment. My question is now: is the playbook configure_apps.yml just meant to deploy apps or also to configure everything (for example the files under $SPLUNK_HOME/etc/system/local).

Yes, it's only meant to deploy apps. By apps we mean splunk apps (like splunk addons) and not the splunk application itself. Here is a link for more information about splunk apps https://www.splunk.com/en_us/blog/tips-and-tricks/what-are-splunk-apps-and-add-ons.html

The way this works is to have this apps or addons on your git repo. That's the reason the documentation mentions about git_servers, git_key, etc, variables. This way you can install them on your splunk hosts.

I hope this makes sense.

Thanks again for your help @Ces-Ces. I think I'm starting to figure out how it works so I'm gonna close this issue.