UF_install

1. #Recently had Splunk Architecture Lab, one of the requirement is to install the Splunk Universal Forwarders(UF) on two linux servers in an automated manner. There are more than three version of this script available in Splunk base and Splunk answers.
2. #
3. #Took one of them and tweaked it to suit the lab needs.
4. #
5. #High Level Steps
6. # To download the UF from Splunk base. (The instance supports wget, so ensure to get the latest version of the software.)
7. # To install the software in a silent manner, but will prompt the user for credentials.
8. # To copy the deploymentclinet.conf file with the deployment server detail and perform a restart
9. # Then continue the same to other servers.
10. #
11. #Supporting Files
12. #
13. #Forwarderlist.txt - List of universal forwarders with ssh
14. # sample
15. # user@ipaddress1
16. # user@ipaddress2
17. #
18. #DeploymentClient.conf
19. # [target-broker:deploymentServer]
20. # targetUri = deploymentserverip:8089
21. #
22. #The user must have enough permission to copy the file to a tmp directory and then to the /opt/splunk/bin/script directory.
23. #
24. ######### UF_install.sh Script ##############
25.  
26. #!/bin/sh
27.  
28. #### forwarderlist.txt contains the IP address of the forwarder to SSH into
29.  
30. HOSTS_FILE="forwarderlist.txt"
31.  
32. ### Download the latest version of the installer from splunk site
33.  
34. WGET_CMD="wget -O splunkforwarder-7.0.1-2b5b15c4ee89-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.0.1&product=universalforwarder&filename=splunkforwarder-7.0.1-2b5b15c4ee89-Linux-x86_64.tgz&wget=true'"
35.  
36. INSTALL_FILE="splunkforwarder-7.0.1-2b5b15c4ee89-Linux-x86_64.tgz"
37.  
38. DEPLOY_SERVER="172.31.23.245:8089"
39. PASSWORD="JK!"
40.  
41. ### installation steps
42. REMOTE_SCRIPT="
43. cd /opt
44. sudo $WGET_CMD
45. sudo tar -xzf $INSTALL_FILE
46.  
47. sudo useradd -m -r splunk
48. sudo chown -R splunk:splunk /opt/splunkforwarder
49.  
50. ### /opt/splunkforwarder/bin/splunk enable boot-start -user splunk
51. sudo -u splunk /opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt
52. sudo -u splunk /opt/splunkforwarder/bin/splunk set deploy-poll $DEPLOY_SERVER --accept-license --answer-yes --auto-ports --no-prompt -auth admin:changeme
53. sudo -u splunk /opt/splunkforwarder/bin/splunk edit user admin -password $PASSWORD -auth admin:changeme
54.  
55. ### SCP (copy) the files from Search head into the folder where the user has access to
56.  
57. sudo scp -r deploymentclient.conf ec2-user@$HOSTS_FILE:~/deploymentclient.conf
58.  
59. # Change permissions to splunk user
60. sudo chown -R splunk:splunk deploymentclient.conf
61.  
62. # Then copy the file to appropriate directory
63. sudo cp -r deploymentclient.conf /opt/splunkforwarder/etc/system/local/
64.  
65. # once the file in /etc/system/local restart to take effect
66. sudo -u splunk /opt/splunkforwarder/bin/splunk restart
67. "
68.  
69. ### Continue the same for other UF hosts
70. echo "In 5 seconds, will run the following script on each remote host:"
71. echo
72. echo "===================="
73. echo "$REMOTE_SCRIPT"
74. echo "===================="
75. echo
76. sleep 5
77. echo "Reading host logins from $HOSTS_FILE"
78. echo
79. echo "Starting."
80. for DST in `cat "$HOSTS_FILE"`; do
81. if [ -z "$DST" ]; then
82. continue;
83. fi
84. echo "---------------------------"
85. echo "Installing to $DST"
86. sudo ssh -t "$DST" "$REMOTE_SCRIPT"
87. done
88. echo "---------------------------"
89. echo "Done"
90.  
91. ######## end of script ######
92. #Comment below if there is any questions.
93. # -i /Users/patrickhastings/PEM/mickey.pem