Giters

splunk / splunk-ansible

Ansible playbooks for configuring and managing Splunk Enterprise and Universal Forwarder deployments

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

enableSplunkdSSL environment variable

qwerty10110 opened this issue · comments

commented

I see there is an environment variable for SPLUNK_HTTP_ENABLESSL, along with supported paths for certs and passphrases. I assume this info gets written to web.conf (https://splunk.github.io/splunk-ansible/ADVANCED.html)

I haven't come across the equivalent set of environment variables for Splunkd for server.conf?

Are they one and the same in this build?

If not, why one but not the other?

commented

There are not the same.

splunkd (traditionally over port 8089) SSL configs are governed by the following of a mounted default.yml:

splunk:
    ssl:
        enable: True
        cert:
        password:
        ca:

I don't see the environment variable mapping, which is possibly an oversight we can add though.

commented

I'm hosting splunk in kubernetes, which has support for environment variables coming from secrets. I would rather pass an environment variable into that password field in the default.yaml rather than writing it down plainly. I know it gets encrypted when the splunk instances starts, I would rather use env variables to avoid writing the password in the first place.

For now, I'm curious to know how splunk-ansible would react if I passed a non splunk-supported environment variable, like SSLPASSWORD, using Kubernetes.

For example, will splunk-ansible be able to handle a default.yaml that looked like this:

splunk:
    ssl:
        enable: True
        cert: my/path/to/cert
        password: $SSLPASSWORD
        ca: path/to/key

This comes from https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables, where $ENV_VARIABLE format is used.

Ideally, Kubernetes will do its thing and insert the correct secret, and splunk-ansible won't break somehow.

commented

Sorry I missed your last post, but I don't believe the default.yaml does any environment extrapolation. I believe if you did that, it would treat the splunk.ssl.password as $SSLPASSWORD (plaintext value as-is). But it wouldn't attempt to search the environment variables and template that out. I can look into that as an option though.

commented

Will be out in the next Splunk docker image release (within a week from now)