API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 11th, 2024
25
0
275 days
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 58.33 KB | Fixit | 0 0
raw download clone embed print report
  1.  
  2. TASK [splunk_common : Detect service name] *************************************
  3. included: /opt/ansible/roles/splunk_common/tasks/get_facts_service_name.yml for localhost
  4. Monday 05 February 2024 16:38:10 +0000 (0:00:00.087) 0:00:05.883 *******
  5.  
  6. TASK [splunk_common : Setting service_name fact from config] *******************
  7. ok: [localhost]
  8. Monday 05 February 2024 16:38:11 +0000 (0:00:00.098) 0:00:05.982 *******
  9. Monday 05 February 2024 16:38:11 +0000 (0:00:00.052) 0:00:06.035 *******
  10. Monday 05 February 2024 16:38:11 +0000 (0:00:00.055) 0:00:06.091 *******
  11. Monday 05 February 2024 16:38:11 +0000 (0:00:00.051) 0:00:06.143 *******
  12. Monday 05 February 2024 16:38:11 +0000 (0:00:00.054) 0:00:06.197 *******
  13. Monday 05 February 2024 16:38:11 +0000 (0:00:00.053) 0:00:06.250 *******
  14.  
  15. TASK [splunk_common : include_tasks] *******************************************
  16. included: /opt/ansible/roles/splunk_common/tasks/change_splunk_directory_owner.yml for localhost
  17. Monday 05 February 2024 16:38:11 +0000 (0:00:00.141) 0:00:06.392 *******
  18.  
  19. TASK [splunk_common : Update Splunk directory owner] ***************************
  20. ok: [localhost]
  21. Monday 05 February 2024 16:38:15 +0000 (0:00:03.828) 0:00:10.220 *******
  22.  
  23. TASK [splunk_common : include_tasks] *******************************************
  24. included: /opt/ansible/roles/splunk_common/tasks/update_etc.yml for localhost
  25. Monday 05 February 2024 16:38:15 +0000 (0:00:00.111) 0:00:10.332 *******
  26.  
  27. TASK [splunk_common : Check if /sbin/updateetc.sh exists] **********************
  28. ok: [localhost]
  29. Monday 05 February 2024 16:38:15 +0000 (0:00:00.491) 0:00:10.824 *******
  30.  
  31. TASK [splunk_common : Update /opt/splunk/etc] **********************************
  32. ok: [localhost]
  33. Monday 05 February 2024 16:38:16 +0000 (0:00:00.662) 0:00:11.486 *******
  34. Monday 05 February 2024 16:38:16 +0000 (0:00:00.082) 0:00:11.568 *******
  35. Monday 05 February 2024 16:38:16 +0000 (0:00:00.084) 0:00:11.652 *******
  36. Monday 05 February 2024 16:38:16 +0000 (0:00:00.077) 0:00:11.730 *******
  37. Monday 05 February 2024 16:38:16 +0000 (0:00:00.073) 0:00:11.804 *******
  38.  
  39. TASK [splunk_common : include_tasks] *******************************************
  40. included: /opt/ansible/roles/splunk_common/tasks/remove_first_login.yml for localhost
  41. Monday 05 February 2024 16:38:16 +0000 (0:00:00.094) 0:00:11.898 *******
  42.  
  43. TASK [splunk_common : Create .ui_login] ****************************************
  44. ok: [localhost]
  45. Monday 05 February 2024 16:38:17 +0000 (0:00:00.512) 0:00:12.411 *******
  46. Monday 05 February 2024 16:38:17 +0000 (0:00:00.051) 0:00:12.462 *******
  47.  
  48. TASK [splunk_common : include_tasks] *******************************************
  49. included: /opt/ansible/roles/splunk_common/tasks/set_splunk_secret.yml for localhost
  50. Monday 05 February 2024 16:38:17 +0000 (0:00:00.101) 0:00:12.564 *******
  51. Monday 05 February 2024 16:38:17 +0000 (0:00:00.052) 0:00:12.616 *******
  52. Monday 05 February 2024 16:38:17 +0000 (0:00:00.057) 0:00:12.674 *******
  53.  
  54. TASK [splunk_common : include_tasks] *******************************************
  55. included: /opt/ansible/roles/splunk_common/tasks/enable_admin_auth.yml for localhost
  56. Monday 05 February 2024 16:38:17 +0000 (0:00:00.143) 0:00:12.818 *******
  57. Monday 05 February 2024 16:38:17 +0000 (0:00:00.072) 0:00:12.891 *******
  58. Monday 05 February 2024 16:38:18 +0000 (0:00:00.076) 0:00:12.967 *******
  59. Monday 05 February 2024 16:38:18 +0000 (0:00:00.073) 0:00:13.040 *******
  60. Monday 05 February 2024 16:38:18 +0000 (0:00:00.075) 0:00:13.115 *******
  61. Monday 05 February 2024 16:38:18 +0000 (0:00:00.074) 0:00:13.190 *******
  62. Monday 05 February 2024 16:38:18 +0000 (0:00:00.074) 0:00:13.264 *******
  63. Monday 05 February 2024 16:38:18 +0000 (0:00:00.039) 0:00:13.303 *******
  64.  
  65. TASK [splunk_common : include_tasks] *******************************************
  66. included: /opt/ansible/roles/splunk_common/tasks/pre_splunk_start_commands.yml for localhost
  67. Monday 05 February 2024 16:38:18 +0000 (0:00:00.107) 0:00:13.411 *******
  68. Monday 05 February 2024 16:38:18 +0000 (0:00:00.092) 0:00:13.504 *******
  69.  
  70. TASK [splunk_common : include_tasks] *******************************************
  71. included: /opt/ansible/roles/splunk_common/tasks/enable_s2s.yml for localhost
  72. Monday 05 February 2024 16:38:18 +0000 (0:00:00.114) 0:00:13.619 *******
  73. Monday 05 February 2024 16:38:18 +0000 (0:00:00.076) 0:00:13.696 *******
  74.  
  75. TASK [splunk_common : include_tasks] *******************************************
  76. included: /opt/ansible/roles/splunk_common/tasks/s2s/configure_splunktcp.yml for localhost
  77. Monday 05 February 2024 16:38:18 +0000 (0:00:00.111) 0:00:13.807 *******
  78.  
  79. TASK [splunk_common : Enable splunktcp input] **********************************
  80. ok: [localhost]
  81. Monday 05 February 2024 16:38:19 +0000 (0:00:00.689) 0:00:14.497 *******
  82.  
  83. TASK [splunk_common : Remove splunktcp-ssl input] ******************************
  84. changed: [localhost]
  85. Monday 05 February 2024 16:38:20 +0000 (0:00:00.472) 0:00:14.970 *******
  86.  
  87. TASK [splunk_common : Remove input SSL settings] *******************************
  88. changed: [localhost]
  89. Monday 05 February 2024 16:38:20 +0000 (0:00:00.476) 0:00:15.447 *******
  90.  
  91. TASK [splunk_common : Reset root CA] *******************************************
  92. ok: [localhost]
  93. Monday 05 February 2024 16:38:20 +0000 (0:00:00.453) 0:00:15.900 *******
  94.  
  95. TASK [splunk_common : include_tasks] *******************************************
  96. included: /opt/ansible/roles/splunk_common/tasks/trigger_restart.yml for localhost
  97. Monday 05 February 2024 16:38:21 +0000 (0:00:00.082) 0:00:15.983 *******
  98.  
  99. TASK [splunk_common : include_tasks] *******************************************
  100. included: /opt/ansible/roles/splunk_common/tasks/get_splunk_status.yml for localhost
  101. Monday 05 February 2024 16:38:21 +0000 (0:00:00.064) 0:00:16.048 *******
  102.  
  103. TASK [splunk_common : Restrict permissions on splunk.key for Status] ***********
  104. included: /opt/ansible/roles/splunk_common/tasks/restrict_permissions.yml for localhost => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key)
  105. Monday 05 February 2024 16:38:21 +0000 (0:00:00.074) 0:00:16.122 *******
  106.  
  107. TASK [splunk_common : Check if /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key exists] ***
  108. ok: [localhost]
  109. Monday 05 February 2024 16:38:21 +0000 (0:00:00.452) 0:00:16.575 *******
  110.  
  111. TASK [splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key] ***
  112. ok: [localhost]
  113. Monday 05 February 2024 16:38:22 +0000 (0:00:00.479) 0:00:17.054 *******
  114.  
  115. TASK [splunk_common : Get Splunk status] ***************************************
  116. ok: [localhost]
  117. Monday 05 February 2024 16:38:22 +0000 (0:00:00.451) 0:00:17.506 *******
  118.  
  119. TASK [splunk_common : Trigger restart] *****************************************
  120. ok: [localhost]
  121. Monday 05 February 2024 16:38:23 +0000 (0:00:00.476) 0:00:17.983 *******
  122. Monday 05 February 2024 16:38:23 +0000 (0:00:00.050) 0:00:18.033 *******
  123. Monday 05 February 2024 16:38:23 +0000 (0:00:00.078) 0:00:18.111 *******
  124.  
  125. TASK [splunk_common : include_tasks] *******************************************
  126. included: /opt/ansible/roles/splunk_common/tasks/set_mgmt_port.yml for localhost
  127. Monday 05 February 2024 16:38:23 +0000 (0:00:00.109) 0:00:18.220 *******
  128.  
  129. TASK [splunk_common : Set mgmt port] *******************************************
  130. ok: [localhost]
  131. Monday 05 February 2024 16:38:23 +0000 (0:00:00.468) 0:00:18.689 *******
  132. Monday 05 February 2024 16:38:23 +0000 (0:00:00.057) 0:00:18.747 *******
  133. Monday 05 February 2024 16:38:23 +0000 (0:00:00.039) 0:00:18.786 *******
  134. Monday 05 February 2024 16:38:23 +0000 (0:00:00.077) 0:00:18.864 *******
  135. Monday 05 February 2024 16:38:24 +0000 (0:00:00.080) 0:00:18.945 *******
  136. Monday 05 February 2024 16:38:24 +0000 (0:00:00.088) 0:00:19.034 *******
  137.  
  138. TASK [splunk_common : include_tasks] *******************************************
  139. included: /opt/ansible/roles/splunk_common/tasks/enable_splunkd_ssl.yml for localhost
  140. Monday 05 February 2024 16:38:24 +0000 (0:00:00.123) 0:00:19.157 *******
  141.  
  142. TASK [splunk_common : Enable Splunkd SSL] **************************************
  143. ok: [localhost]
  144. Monday 05 February 2024 16:38:24 +0000 (0:00:00.486) 0:00:19.643 *******
  145. Monday 05 February 2024 16:38:24 +0000 (0:00:00.040) 0:00:19.684 *******
  146. Monday 05 February 2024 16:38:24 +0000 (0:00:00.040) 0:00:19.725 *******
  147. Monday 05 February 2024 16:38:24 +0000 (0:00:00.039) 0:00:19.764 *******
  148. Monday 05 February 2024 16:38:24 +0000 (0:00:00.038) 0:00:19.803 *******
  149. Monday 05 February 2024 16:38:24 +0000 (0:00:00.086) 0:00:19.890 *******
  150. Monday 05 February 2024 16:38:25 +0000 (0:00:00.087) 0:00:19.978 *******
  151. Monday 05 February 2024 16:38:25 +0000 (0:00:00.040) 0:00:20.018 *******
  152.  
  153. TASK [splunk_common : include_tasks] *******************************************
  154. included: /opt/ansible/roles/splunk_common/tasks/start_splunk.yml for localhost
  155. Monday 05 February 2024 16:38:25 +0000 (0:00:00.123) 0:00:20.142 *******
  156.  
  157. TASK [splunk_common : include_tasks] *******************************************
  158. included: /opt/ansible/roles/splunk_common/tasks/get_splunk_status.yml for localhost
  159. Monday 05 February 2024 16:38:25 +0000 (0:00:00.059) 0:00:20.202 *******
  160.  
  161. TASK [splunk_common : Restrict permissions on splunk.key for Status] ***********
  162. included: /opt/ansible/roles/splunk_common/tasks/restrict_permissions.yml for localhost => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key)
  163. Monday 05 February 2024 16:38:25 +0000 (0:00:00.072) 0:00:20.274 *******
  164.  
  165. TASK [splunk_common : Check if /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key exists] ***
  166. ok: [localhost]
  167. Monday 05 February 2024 16:38:25 +0000 (0:00:00.488) 0:00:20.762 *******
  168.  
  169. TASK [splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key] ***
  170. ok: [localhost]
  171. Monday 05 February 2024 16:38:26 +0000 (0:00:00.459) 0:00:21.222 *******
  172.  
  173. TASK [splunk_common : Get Splunk status] ***************************************
  174. ok: [localhost]
  175. Monday 05 February 2024 16:38:26 +0000 (0:00:00.450) 0:00:21.672 *******
  176.  
  177. TASK [splunk_common : Cleanup Splunk runtime files] ****************************
  178. ok: [localhost] => (item=/opt/splunk/var/run/splunk/splunkd.pid)
  179. changed: [localhost] => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/mongod.lock)
  180. Monday 05 February 2024 16:38:27 +0000 (0:00:00.866) 0:00:22.539 *******
  181.  
  182. TASK [splunk_common : Restrict permissions on splunk.key] **********************
  183. included: /opt/ansible/roles/splunk_common/tasks/restrict_permissions.yml for localhost => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key)
  184. Monday 05 February 2024 16:38:27 +0000 (0:00:00.077) 0:00:22.616 *******
  185.  
  186. TASK [splunk_common : Check if /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key exists] ***
  187. ok: [localhost]
  188. Monday 05 February 2024 16:38:28 +0000 (0:00:00.480) 0:00:23.096 *******
  189.  
  190. TASK [splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key] ***
  191. ok: [localhost]
  192. Monday 05 February 2024 16:38:28 +0000 (0:00:00.481) 0:00:23.578 *******
  193.  
  194. TASK [splunk_common : Start Splunk via CLI] ************************************
  195. changed: [localhost]
  196. Monday 05 February 2024 16:39:01 +0000 (0:00:32.446) 0:00:56.025 *******
  197. Monday 05 February 2024 16:39:01 +0000 (0:00:00.041) 0:00:56.066 *******
  198. Monday 05 February 2024 16:39:01 +0000 (0:00:00.041) 0:00:56.108 *******
  199.  
  200. TASK [splunk_common : Wait for splunkd management port] ************************
  201. ok: [localhost]
  202. Monday 05 February 2024 16:39:01 +0000 (0:00:00.700) 0:00:56.809 *******
  203. Monday 05 February 2024 16:39:01 +0000 (0:00:00.019) 0:00:56.829 *******
  204.  
  205. TASK [splunk_common : include_tasks] *******************************************
  206. included: /opt/ansible/roles/splunk_common/tasks/set_certificate_prefix.yml for localhost
  207. Monday 05 February 2024 16:39:02 +0000 (0:00:00.124) 0:00:56.953 *******
  208.  
  209. TASK [splunk_common : Test basic https endpoint] *******************************
  210. ok: [localhost]
  211. Monday 05 February 2024 16:39:03 +0000 (0:00:01.291) 0:00:58.245 *******
  212.  
  213. TASK [splunk_common : Set url prefix for future REST calls] ********************
  214. ok: [localhost]
  215. Monday 05 February 2024 16:39:03 +0000 (0:00:00.120) 0:00:58.366 *******
  216.  
  217. TASK [splunk_common : include_tasks] *******************************************
  218. included: /opt/ansible/roles/splunk_common/tasks/clean_user_seed.yml for localhost
  219. Monday 05 February 2024 16:39:03 +0000 (0:00:00.172) 0:00:58.539 *******
  220.  
  221. TASK [splunk_common : Remove user-seed.conf] ***********************************
  222. ok: [localhost]
  223. Monday 05 February 2024 16:39:04 +0000 (0:00:00.502) 0:00:59.041 *******
  224.  
  225. TASK [splunk_common : include_tasks] *******************************************
  226. included: /opt/ansible/roles/splunk_common/tasks/add_splunk_license.yml for localhost
  227. Monday 05 February 2024 16:39:04 +0000 (0:00:00.163) 0:00:59.205 *******
  228.  
  229. TASK [splunk_common : Initialize licenses array] *******************************
  230. ok: [localhost]
  231. Monday 05 February 2024 16:39:04 +0000 (0:00:00.125) 0:00:59.330 *******
  232.  
  233. TASK [splunk_common : Determine available licenses] ****************************
  234. ok: [localhost] => (item=splunk.lic)
  235. Monday 05 February 2024 16:39:04 +0000 (0:00:00.114) 0:00:59.445 *******
  236.  
  237. TASK [splunk_common : Apply licenses] ******************************************
  238. included: /opt/ansible/roles/splunk_common/tasks/apply_licenses.yml for localhost => (item=splunk.lic)
  239. Monday 05 February 2024 16:39:04 +0000 (0:00:00.128) 0:00:59.573 *******
  240. Monday 05 February 2024 16:39:04 +0000 (0:00:00.080) 0:00:59.653 *******
  241. Monday 05 February 2024 16:39:04 +0000 (0:00:00.081) 0:00:59.735 *******
  242. Monday 05 February 2024 16:39:04 +0000 (0:00:00.043) 0:00:59.779 *******
  243.  
  244. TASK [splunk_common : include_tasks] *******************************************
  245. included: /opt/ansible/roles/splunk_common/tasks/licenses/add_license.yml for localhost
  246. Monday 05 February 2024 16:39:04 +0000 (0:00:00.116) 0:00:59.895 *******
  247. Monday 05 February 2024 16:39:05 +0000 (0:00:00.053) 0:00:59.949 *******
  248.  
  249. TASK [splunk_common : Ensure license path] *************************************
  250. ok: [localhost]
  251. Monday 05 February 2024 16:39:05 +0000 (0:00:00.475) 0:01:00.425 *******
  252. Monday 05 February 2024 16:39:05 +0000 (0:00:00.039) 0:01:00.464 *******
  253. Monday 05 February 2024 16:39:05 +0000 (0:00:00.040) 0:01:00.505 *******
  254. Monday 05 February 2024 16:39:05 +0000 (0:00:00.021) 0:01:00.526 *******
  255. Monday 05 February 2024 16:39:05 +0000 (0:00:00.093) 0:01:00.620 *******
  256.  
  257. TASK [splunk_standalone : include_tasks] ***************************************
  258. included: /opt/ansible/roles/splunk_standalone/tasks/../../splunk_common/tasks/set_as_hec_receiver.yml for localhost
  259. Monday 05 February 2024 16:39:05 +0000 (0:00:00.067) 0:01:00.687 *******
  260.  
  261. TASK [splunk_standalone : Setup global HEC] ************************************
  262. fatal: [localhost]: FAILED! => {
  263. "cache_control": "private",
  264. "changed": false,
  265. "connection": "Close",
  266. "content_length": "130",
  267. "content_type": "text/xml; charset=UTF-8",
  268. "date": "Mon, 05 Feb 2024 16:39:06 GMT",
  269. "elapsed": 0,
  270. "redirected": false,
  271. "server": "Splunkd",
  272. "status": 401,
  273. "url": "https://127.0.0.1:8089/services/data/inputs/http/http",
  274. "vary": "Cookie, Authorization",
  275. "warnings": [
  276. 0=M 1=o 2=d 3=u 4=l 5=e 6= 7=d 8=i 9=d 10= 11=n 12=o 13=t 14= 15=s 16=e 17=t 18= 19=n 20=o 21=_ 22=l 23=o 24=g 25= 26=f 27=o 28=r 29= 30=p 31=a 32=s 33=s 34=w 35=o 36=r 37=d
  277. ],
  278. "www_authenticate": "Basic realm=\"/splunk\"",
  279. "x_content_type_options": "nosniff",
  280. "x_frame_options": "SAMEORIGIN"
  281. }
  282.  
  283. MSG:
  284.  
  285. Status code was 401 and not [200]: HTTP Error 401: Unauthorized
  286.  
  287. PLAY RECAP *********************************************************************
  288. localhost : ok=68 changed=4 unreachable=0 failed=1 skipped=58 rescued=0 ignored=0
  289.  
  290. Monday 05 February 2024 16:39:06 +0000 (0:00:01.130) 0:01:01.818 *******
  291. ===============================================================================
  292. splunk_common : Start Splunk via CLI ----------------------------------- 32.45s
  293. splunk_common : Update Splunk directory owner --------------------------- 3.83s
  294. Gathering Facts --------------------------------------------------------- 1.46s
  295. splunk_common : Test basic https endpoint ------------------------------- 1.29s
  296. splunk_standalone : Setup global HEC ------------------------------------ 1.13s
  297. splunk_common : Cleanup Splunk runtime files ---------------------------- 0.87s
  298. splunk_common : Wait for splunkd management port ------------------------ 0.70s
  299. splunk_common : Enable splunktcp input ---------------------------------- 0.69s
  300. splunk_common : Find manifests ------------------------------------------ 0.68s
  301. splunk_common : Update /opt/splunk/etc ---------------------------------- 0.66s
  302. splunk_common : Check for scloud ---------------------------------------- 0.66s
  303. splunk_common : Create .ui_login ---------------------------------------- 0.51s
  304. splunk_common : Remove user-seed.conf ----------------------------------- 0.50s
  305. splunk_common : Check if /sbin/updateetc.sh exists ---------------------- 0.49s
  306. splunk_common : Check if /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key exists --- 0.49s
  307. splunk_common : Enable Splunkd SSL -------------------------------------- 0.49s
  308. splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key --- 0.48s
  309. splunk_common : Check if /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key exists --- 0.48s
  310. splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key --- 0.48s
  311. splunk_common : Trigger restart ----------------------------------------- 0.48s
  312. [DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the
  313. controller starting with Ansible 2.12. Current version: 3.7.16 (default, Feb 1
  314. 2024, 00:27:11) [GCC 8.5.0 20210514 (Red Hat 8.5.0-20)]. This feature will be
  315. removed from ansible-core in version 2.12. Deprecation warnings can be disabled
  316. by setting deprecation_warnings=False in ansible.cfg.
  317. [DEPRECATION WARNING]: COMMAND_WARNINGS option, the command warnings feature is
  318. being removed. This feature will be removed from ansible-core in version 2.14.
  319. Deprecation warnings can be disabled by setting deprecation_warnings=False in
  320. ansible.cfg.
  321. [DEPRECATION WARNING]: [defaults]callback_whitelist option, normalizing names
  322. to new standard, use callbacks_enabled instead. This feature will be removed
  323. from ansible-core in version 2.15. Deprecation warnings can be disabled by
  324. setting deprecation_warnings=False in ansible.cfg.
  325.  
  326. PLAY [Run default Splunk provisioning] *****************************************
  327. Monday 05 February 2024 16:39:10 +0000 (0:00:00.205) 0:00:00.205 *******
  328.  
  329. TASK [Gathering Facts] *********************************************************
  330. ok: [localhost]
  331. Monday 05 February 2024 16:39:11 +0000 (0:00:01.473) 0:00:01.679 *******
  332. Monday 05 February 2024 16:39:11 +0000 (0:00:00.072) 0:00:01.752 *******
  333.  
  334. TASK [Provision role] **********************************************************
  335. Monday 05 February 2024 16:39:11 +0000 (0:00:00.145) 0:00:01.897 *******
  336.  
  337. TASK [splunk_common : include_tasks] *******************************************
  338. included: /opt/ansible/roles/splunk_common/tasks/get_facts.yml for localhost
  339. Monday 05 February 2024 16:39:12 +0000 (0:00:00.115) 0:00:02.013 *******
  340.  
  341. TASK [splunk_common : Set privilege escalation user] ***************************
  342. ok: [localhost]
  343. Monday 05 February 2024 16:39:12 +0000 (0:00:00.097) 0:00:02.111 *******
  344.  
  345. TASK [splunk_common : Check for scloud] ****************************************
  346. ok: [localhost]
  347. Monday 05 February 2024 16:39:12 +0000 (0:00:00.603) 0:00:02.714 *******
  348. Monday 05 February 2024 16:39:12 +0000 (0:00:00.050) 0:00:02.765 *******
  349. Monday 05 February 2024 16:39:12 +0000 (0:00:00.038) 0:00:02.803 *******
  350.  
  351. TASK [splunk_common : Check for existing installation] *************************
  352. ok: [localhost]
  353. Monday 05 February 2024 16:39:13 +0000 (0:00:00.457) 0:00:03.260 *******
  354.  
  355. TASK [splunk_common : Set splunk install fact] *********************************
  356. ok: [localhost]
  357. Monday 05 February 2024 16:39:13 +0000 (0:00:00.104) 0:00:03.365 *******
  358.  
  359. TASK [splunk_common : Check for existing splunk secret] ************************
  360. ok: [localhost]
  361. Monday 05 February 2024 16:39:13 +0000 (0:00:00.441) 0:00:03.806 *******
  362.  
  363. TASK [splunk_common : Set first run fact] **************************************
  364. ok: [localhost]
  365. Monday 05 February 2024 16:39:13 +0000 (0:00:00.098) 0:00:03.904 *******
  366.  
  367. TASK [splunk_common : Set splunk_build_type fact] ******************************
  368. included: /opt/ansible/roles/splunk_common/tasks/get_facts_build_type.yml for localhost
  369. Monday 05 February 2024 16:39:14 +0000 (0:00:00.075) 0:00:03.980 *******
  370. Monday 05 February 2024 16:39:14 +0000 (0:00:00.038) 0:00:04.019 *******
  371. Monday 05 February 2024 16:39:14 +0000 (0:00:00.054) 0:00:04.074 *******
  372. Monday 05 February 2024 16:39:14 +0000 (0:00:00.054) 0:00:04.129 *******
  373. Monday 05 February 2024 16:39:14 +0000 (0:00:00.054) 0:00:04.183 *******
  374. Monday 05 February 2024 16:39:14 +0000 (0:00:00.063) 0:00:04.246 *******
  375.  
  376. TASK [splunk_common : Set target version fact] *********************************
  377. included: /opt/ansible/roles/splunk_common/tasks/get_facts_target_version.yml for localhost
  378. Monday 05 February 2024 16:39:14 +0000 (0:00:00.100) 0:00:04.347 *******
  379. Monday 05 February 2024 16:39:14 +0000 (0:00:00.049) 0:00:04.397 *******
  380. Monday 05 February 2024 16:39:14 +0000 (0:00:00.050) 0:00:04.448 *******
  381. Monday 05 February 2024 16:39:14 +0000 (0:00:00.050) 0:00:04.499 *******
  382.  
  383. TASK [splunk_common : Find manifests] ******************************************
  384. ok: [localhost]
  385. Monday 05 February 2024 16:39:15 +0000 (0:00:00.708) 0:00:05.207 *******
  386.  
  387. TASK [splunk_common : Set current version fact] ********************************
  388. ok: [localhost]
  389. Monday 05 February 2024 16:39:15 +0000 (0:00:00.108) 0:00:05.315 *******
  390.  
  391. TASK [splunk_common : Setting upgrade fact] ************************************
  392. ok: [localhost]
  393. Monday 05 February 2024 16:39:15 +0000 (0:00:00.103) 0:00:05.419 *******
  394.  
  395. TASK [splunk_common : Setting indexer cluster fact from config] ****************
  396. ok: [localhost]
  397. Monday 05 February 2024 16:39:15 +0000 (0:00:00.097) 0:00:05.517 *******
  398.  
  399. TASK [splunk_common : Setting search head cluster fact from config] ************
  400. ok: [localhost]
  401. Monday 05 February 2024 16:39:15 +0000 (0:00:00.100) 0:00:05.617 *******
  402. Monday 05 February 2024 16:39:15 +0000 (0:00:00.038) 0:00:05.655 *******
  403. Monday 05 February 2024 16:39:15 +0000 (0:00:00.051) 0:00:05.706 *******
  404. Monday 05 February 2024 16:39:15 +0000 (0:00:00.051) 0:00:05.758 *******
  405.  
  406. TASK [splunk_common : Detect service name] *************************************
  407. included: /opt/ansible/roles/splunk_common/tasks/get_facts_service_name.yml for localhost
  408. Monday 05 February 2024 16:39:15 +0000 (0:00:00.088) 0:00:05.846 *******
  409.  
  410. TASK [splunk_common : Setting service_name fact from config] *******************
  411. ok: [localhost]
  412. Monday 05 February 2024 16:39:16 +0000 (0:00:00.099) 0:00:05.946 *******
  413. Monday 05 February 2024 16:39:16 +0000 (0:00:00.052) 0:00:05.998 *******
  414. Monday 05 February 2024 16:39:16 +0000 (0:00:00.052) 0:00:06.051 *******
  415. Monday 05 February 2024 16:39:16 +0000 (0:00:00.052) 0:00:06.104 *******
  416. Monday 05 February 2024 16:39:16 +0000 (0:00:00.052) 0:00:06.156 *******
  417. Monday 05 February 2024 16:39:16 +0000 (0:00:00.053) 0:00:06.210 *******
  418.  
  419. TASK [splunk_common : include_tasks] *******************************************
  420. included: /opt/ansible/roles/splunk_common/tasks/change_splunk_directory_owner.yml for localhost
  421. Monday 05 February 2024 16:39:16 +0000 (0:00:00.147) 0:00:06.357 *******
  422.  
  423. TASK [splunk_common : Update Splunk directory owner] ***************************
  424. ok: [localhost]
  425. Monday 05 February 2024 16:39:20 +0000 (0:00:03.799) 0:00:10.157 *******
  426.  
  427. TASK [splunk_common : include_tasks] *******************************************
  428. included: /opt/ansible/roles/splunk_common/tasks/update_etc.yml for localhost
  429. Monday 05 February 2024 16:39:20 +0000 (0:00:00.109) 0:00:10.266 *******
  430.  
  431. TASK [splunk_common : Check if /sbin/updateetc.sh exists] **********************
  432. ok: [localhost]
  433. Monday 05 February 2024 16:39:20 +0000 (0:00:00.451) 0:00:10.718 *******
  434.  
  435. TASK [splunk_common : Update /opt/splunk/etc] **********************************
  436. ok: [localhost]
  437. Monday 05 February 2024 16:39:21 +0000 (0:00:00.684) 0:00:11.403 *******
  438. Monday 05 February 2024 16:39:21 +0000 (0:00:00.081) 0:00:11.484 *******
  439. Monday 05 February 2024 16:39:21 +0000 (0:00:00.083) 0:00:11.568 *******
  440. Monday 05 February 2024 16:39:21 +0000 (0:00:00.079) 0:00:11.647 *******
  441. Monday 05 February 2024 16:39:21 +0000 (0:00:00.072) 0:00:11.720 *******
  442.  
  443. TASK [splunk_common : include_tasks] *******************************************
  444. included: /opt/ansible/roles/splunk_common/tasks/remove_first_login.yml for localhost
  445. Monday 05 February 2024 16:39:21 +0000 (0:00:00.092) 0:00:11.812 *******
  446.  
  447. TASK [splunk_common : Create .ui_login] ****************************************
  448. ok: [localhost]
  449. Monday 05 February 2024 16:39:22 +0000 (0:00:00.538) 0:00:12.350 *******
  450. Monday 05 February 2024 16:39:22 +0000 (0:00:00.049) 0:00:12.399 *******
  451.  
  452. TASK [splunk_common : include_tasks] *******************************************
  453. included: /opt/ansible/roles/splunk_common/tasks/set_splunk_secret.yml for localhost
  454. Monday 05 February 2024 16:39:22 +0000 (0:00:00.099) 0:00:12.499 *******
  455. Monday 05 February 2024 16:39:22 +0000 (0:00:00.056) 0:00:12.556 *******
  456. Monday 05 February 2024 16:39:22 +0000 (0:00:00.039) 0:00:12.595 *******
  457.  
  458. TASK [splunk_common : include_tasks] *******************************************
  459. included: /opt/ansible/roles/splunk_common/tasks/enable_admin_auth.yml for localhost
  460. Monday 05 February 2024 16:39:22 +0000 (0:00:00.122) 0:00:12.718 *******
  461. Monday 05 February 2024 16:39:22 +0000 (0:00:00.072) 0:00:12.790 *******
  462. Monday 05 February 2024 16:39:22 +0000 (0:00:00.076) 0:00:12.867 *******
  463. Monday 05 February 2024 16:39:23 +0000 (0:00:00.072) 0:00:12.940 *******
  464. Monday 05 February 2024 16:39:23 +0000 (0:00:00.078) 0:00:13.018 *******
  465. Monday 05 February 2024 16:39:23 +0000 (0:00:00.074) 0:00:13.093 *******
  466. Monday 05 February 2024 16:39:23 +0000 (0:00:00.074) 0:00:13.168 *******
  467. Monday 05 February 2024 16:39:23 +0000 (0:00:00.039) 0:00:13.207 *******
  468.  
  469. TASK [splunk_common : include_tasks] *******************************************
  470. included: /opt/ansible/roles/splunk_common/tasks/pre_splunk_start_commands.yml for localhost
  471. Monday 05 February 2024 16:39:23 +0000 (0:00:00.101) 0:00:13.309 *******
  472. Monday 05 February 2024 16:39:23 +0000 (0:00:00.053) 0:00:13.362 *******
  473.  
  474. TASK [splunk_common : include_tasks] *******************************************
  475. included: /opt/ansible/roles/splunk_common/tasks/enable_s2s.yml for localhost
  476. Monday 05 February 2024 16:39:23 +0000 (0:00:00.115) 0:00:13.477 *******
  477. Monday 05 February 2024 16:39:23 +0000 (0:00:00.074) 0:00:13.552 *******
  478.  
  479. TASK [splunk_common : include_tasks] *******************************************
  480. included: /opt/ansible/roles/splunk_common/tasks/s2s/configure_splunktcp.yml for localhost
  481. Monday 05 February 2024 16:39:23 +0000 (0:00:00.110) 0:00:13.662 *******
  482.  
  483. TASK [splunk_common : Enable splunktcp input] **********************************
  484. ok: [localhost]
  485. Monday 05 February 2024 16:39:24 +0000 (0:00:00.700) 0:00:14.363 *******
  486.  
  487. TASK [splunk_common : Remove splunktcp-ssl input] ******************************
  488. changed: [localhost]
  489. Monday 05 February 2024 16:39:24 +0000 (0:00:00.460) 0:00:14.824 *******
  490.  
  491. TASK [splunk_common : Remove input SSL settings] *******************************
  492. changed: [localhost]
  493. Monday 05 February 2024 16:39:25 +0000 (0:00:00.483) 0:00:15.307 *******
  494.  
  495. TASK [splunk_common : Reset root CA] *******************************************
  496. ok: [localhost]
  497. Monday 05 February 2024 16:39:25 +0000 (0:00:00.453) 0:00:15.761 *******
  498.  
  499. TASK [splunk_common : include_tasks] *******************************************
  500. included: /opt/ansible/roles/splunk_common/tasks/trigger_restart.yml for localhost
  501. Monday 05 February 2024 16:39:25 +0000 (0:00:00.085) 0:00:15.846 *******
  502.  
  503. TASK [splunk_common : include_tasks] *******************************************
  504. included: /opt/ansible/roles/splunk_common/tasks/get_splunk_status.yml for localhost
  505. Monday 05 February 2024 16:39:25 +0000 (0:00:00.064) 0:00:15.911 *******
  506.  
  507. TASK [splunk_common : Restrict permissions on splunk.key for Status] ***********
  508. included: /opt/ansible/roles/splunk_common/tasks/restrict_permissions.yml for localhost => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key)
  509. Monday 05 February 2024 16:39:26 +0000 (0:00:00.073) 0:00:15.985 *******
  510.  
  511. TASK [splunk_common : Check if /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key exists] ***
  512. ok: [localhost]
  513. Monday 05 February 2024 16:39:26 +0000 (0:00:00.455) 0:00:16.440 *******
  514.  
  515. TASK [splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key] ***
  516. ok: [localhost]
  517. Monday 05 February 2024 16:39:26 +0000 (0:00:00.491) 0:00:16.932 *******
  518.  
  519. TASK [splunk_common : Get Splunk status] ***************************************
  520. ok: [localhost]
  521. Monday 05 February 2024 16:39:28 +0000 (0:00:01.477) 0:00:18.409 *******
  522.  
  523. TASK [splunk_common : Trigger restart] *****************************************
  524. ok: [localhost]
  525. Monday 05 February 2024 16:39:28 +0000 (0:00:00.454) 0:00:18.863 *******
  526. Monday 05 February 2024 16:39:28 +0000 (0:00:00.054) 0:00:18.918 *******
  527. Monday 05 February 2024 16:39:29 +0000 (0:00:00.077) 0:00:18.996 *******
  528.  
  529. TASK [splunk_common : include_tasks] *******************************************
  530. included: /opt/ansible/roles/splunk_common/tasks/set_mgmt_port.yml for localhost
  531. Monday 05 February 2024 16:39:29 +0000 (0:00:00.109) 0:00:19.105 *******
  532.  
  533. TASK [splunk_common : Set mgmt port] *******************************************
  534. ok: [localhost]
  535. Monday 05 February 2024 16:39:29 +0000 (0:00:00.463) 0:00:19.569 *******
  536. Monday 05 February 2024 16:39:29 +0000 (0:00:00.050) 0:00:19.620 *******
  537. Monday 05 February 2024 16:39:29 +0000 (0:00:00.039) 0:00:19.659 *******
  538. Monday 05 February 2024 16:39:29 +0000 (0:00:00.081) 0:00:19.741 *******
  539. Monday 05 February 2024 16:39:29 +0000 (0:00:00.076) 0:00:19.818 *******
  540. Monday 05 February 2024 16:39:29 +0000 (0:00:00.085) 0:00:19.903 *******
  541.  
  542. TASK [splunk_common : include_tasks] *******************************************
  543. included: /opt/ansible/roles/splunk_common/tasks/enable_splunkd_ssl.yml for localhost
  544. Monday 05 February 2024 16:39:30 +0000 (0:00:00.122) 0:00:20.026 *******
  545.  
  546. TASK [splunk_common : Enable Splunkd SSL] **************************************
  547. ok: [localhost]
  548. Monday 05 February 2024 16:39:30 +0000 (0:00:00.489) 0:00:20.515 *******
  549. Monday 05 February 2024 16:39:30 +0000 (0:00:00.041) 0:00:20.557 *******
  550. Monday 05 February 2024 16:39:30 +0000 (0:00:00.039) 0:00:20.597 *******
  551. Monday 05 February 2024 16:39:30 +0000 (0:00:00.039) 0:00:20.637 *******
  552. Monday 05 February 2024 16:39:30 +0000 (0:00:00.039) 0:00:20.676 *******
  553. Monday 05 February 2024 16:39:30 +0000 (0:00:00.084) 0:00:20.761 *******
  554. Monday 05 February 2024 16:39:30 +0000 (0:00:00.086) 0:00:20.848 *******
  555. Monday 05 February 2024 16:39:30 +0000 (0:00:00.040) 0:00:20.888 *******
  556.  
  557. TASK [splunk_common : include_tasks] *******************************************
  558. included: /opt/ansible/roles/splunk_common/tasks/start_splunk.yml for localhost
  559. Monday 05 February 2024 16:39:31 +0000 (0:00:00.123) 0:00:21.011 *******
  560.  
  561. TASK [splunk_common : include_tasks] *******************************************
  562. included: /opt/ansible/roles/splunk_common/tasks/get_splunk_status.yml for localhost
  563. Monday 05 February 2024 16:39:31 +0000 (0:00:00.059) 0:00:21.070 *******
  564.  
  565. TASK [splunk_common : Restrict permissions on splunk.key for Status] ***********
  566. included: /opt/ansible/roles/splunk_common/tasks/restrict_permissions.yml for localhost => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key)
  567. Monday 05 February 2024 16:39:31 +0000 (0:00:00.070) 0:00:21.141 *******
  568.  
  569. TASK [splunk_common : Check if /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key exists] ***
  570. ok: [localhost]
  571. Monday 05 February 2024 16:39:31 +0000 (0:00:00.449) 0:00:21.590 *******
  572.  
  573. TASK [splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key] ***
  574. ok: [localhost]
  575. Monday 05 February 2024 16:39:32 +0000 (0:00:00.459) 0:00:22.050 *******
  576.  
  577. TASK [splunk_common : Get Splunk status] ***************************************
  578. ok: [localhost]
  579. Monday 05 February 2024 16:39:32 +0000 (0:00:00.460) 0:00:22.510 *******
  580.  
  581. TASK [splunk_common : Cleanup Splunk runtime files] ****************************
  582. ok: [localhost] => (item=/opt/splunk/var/run/splunk/splunkd.pid)
  583. changed: [localhost] => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/mongod.lock)
  584. Monday 05 February 2024 16:39:33 +0000 (0:00:00.867) 0:00:23.378 *******
  585.  
  586. TASK [splunk_common : Restrict permissions on splunk.key] **********************
  587. included: /opt/ansible/roles/splunk_common/tasks/restrict_permissions.yml for localhost => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key)
  588. Monday 05 February 2024 16:39:33 +0000 (0:00:00.075) 0:00:23.454 *******
  589.  
  590. TASK [splunk_common : Check if /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key exists] ***
  591. ok: [localhost]
  592. Monday 05 February 2024 16:39:33 +0000 (0:00:00.462) 0:00:23.916 *******
  593.  
  594. TASK [splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key] ***
  595. ok: [localhost]
  596. Monday 05 February 2024 16:39:34 +0000 (0:00:00.485) 0:00:24.401 *******
  597.  
  598. TASK [splunk_common : Start Splunk via CLI] ************************************
  599. changed: [localhost]
  600. Monday 05 February 2024 16:40:08 +0000 (0:00:33.780) 0:00:58.182 *******
  601. Monday 05 February 2024 16:40:08 +0000 (0:00:00.044) 0:00:58.226 *******
  602. Monday 05 February 2024 16:40:08 +0000 (0:00:00.064) 0:00:58.291 *******
  603.  
  604. TASK [splunk_common : Wait for splunkd management port] ************************
  605. ok: [localhost]
  606. Monday 05 February 2024 16:40:09 +0000 (0:00:00.737) 0:00:59.028 *******
  607. Monday 05 February 2024 16:40:09 +0000 (0:00:00.023) 0:00:59.052 *******
  608.  
  609. TASK [splunk_common : include_tasks] *******************************************
  610. included: /opt/ansible/roles/splunk_common/tasks/set_certificate_prefix.yml for localhost
  611. Monday 05 February 2024 16:40:09 +0000 (0:00:00.140) 0:00:59.193 *******
  612.  
  613. TASK [splunk_common : Test basic https endpoint] *******************************
  614. ok: [localhost]
  615. Monday 05 February 2024 16:40:10 +0000 (0:00:01.303) 0:01:00.496 *******
  616.  
  617. TASK [splunk_common : Set url prefix for future REST calls] ********************
  618. ok: [localhost]
  619. Monday 05 February 2024 16:40:10 +0000 (0:00:00.111) 0:01:00.608 *******
  620.  
  621. TASK [splunk_common : include_tasks] *******************************************
  622. included: /opt/ansible/roles/splunk_common/tasks/clean_user_seed.yml for localhost
  623. Monday 05 February 2024 16:40:10 +0000 (0:00:00.127) 0:01:00.736 *******
  624.  
  625. TASK [splunk_common : Remove user-seed.conf] ***********************************
  626. ok: [localhost]
  627. Monday 05 February 2024 16:40:11 +0000 (0:00:00.496) 0:01:01.232 *******
  628.  
  629. TASK [splunk_common : include_tasks] *******************************************
  630. included: /opt/ansible/roles/splunk_common/tasks/add_splunk_license.yml for localhost
  631. Monday 05 February 2024 16:40:11 +0000 (0:00:00.126) 0:01:01.359 *******
  632.  
  633. TASK [splunk_common : Initialize licenses array] *******************************
  634. ok: [localhost]
  635. Monday 05 February 2024 16:40:11 +0000 (0:00:00.104) 0:01:01.463 *******
  636.  
  637. TASK [splunk_common : Determine available licenses] ****************************
  638. ok: [localhost] => (item=splunk.lic)
  639. Monday 05 February 2024 16:40:11 +0000 (0:00:00.145) 0:01:01.609 *******
  640.  
  641. TASK [splunk_common : Apply licenses] ******************************************
  642. included: /opt/ansible/roles/splunk_common/tasks/apply_licenses.yml for localhost => (item=splunk.lic)
  643. Monday 05 February 2024 16:40:11 +0000 (0:00:00.132) 0:01:01.741 *******
  644. Monday 05 February 2024 16:40:11 +0000 (0:00:00.073) 0:01:01.815 *******
  645. Monday 05 February 2024 16:40:11 +0000 (0:00:00.074) 0:01:01.889 *******
  646. Monday 05 February 2024 16:40:11 +0000 (0:00:00.040) 0:01:01.930 *******
  647.  
  648. TASK [splunk_common : include_tasks] *******************************************
  649. included: /opt/ansible/roles/splunk_common/tasks/licenses/add_license.yml for localhost
  650. Monday 05 February 2024 16:40:12 +0000 (0:00:00.107) 0:01:02.037 *******
  651. Monday 05 February 2024 16:40:12 +0000 (0:00:00.052) 0:01:02.090 *******
  652.  
  653. TASK [splunk_common : Ensure license path] *************************************
  654. ok: [localhost]
  655. Monday 05 February 2024 16:40:12 +0000 (0:00:00.447) 0:01:02.537 *******
  656. Monday 05 February 2024 16:40:12 +0000 (0:00:00.039) 0:01:02.577 *******
  657. Monday 05 February 2024 16:40:12 +0000 (0:00:00.040) 0:01:02.617 *******
  658. Monday 05 February 2024 16:40:12 +0000 (0:00:00.021) 0:01:02.638 *******
  659. Monday 05 February 2024 16:40:12 +0000 (0:00:00.147) 0:01:02.786 *******
  660.  
  661. TASK [splunk_standalone : include_tasks] ***************************************
  662. included: /opt/ansible/roles/splunk_standalone/tasks/../../splunk_common/tasks/set_as_hec_receiver.yml for localhost
  663. Monday 05 February 2024 16:40:13 +0000 (0:00:00.183) 0:01:02.970 *******
  664.  
  665. TASK [splunk_standalone : Setup global HEC] ************************************
  666. fatal: [localhost]: FAILED! => {
  667. "cache_control": "private",
  668. "changed": false,
  669. "connection": "Close",
  670. "content_length": "130",
  671. "content_type": "text/xml; charset=UTF-8",
  672. "date": "Mon, 05 Feb 2024 16:40:14 GMT",
  673. "elapsed": 0,
  674. "redirected": false,
  675. "server": "Splunkd",
  676. "status": 401,
  677. "url": "https://127.0.0.1:8089/services/data/inputs/http/http",
  678. "vary": "Cookie, Authorization",
  679. "warnings": [
  680. 0=M 1=o 2=d 3=u 4=l 5=e 6= 7=d 8=i 9=d 10= 11=n 12=o 13=t 14= 15=s 16=e 17=t 18= 19=n 20=o 21=_ 22=l 23=o 24=g 25= 26=f 27=o 28=r 29= 30=p 31=a 32=s 33=s 34=w 35=o 36=r 37=d
  681. ],
  682. "www_authenticate": "Basic realm=\"/splunk\"",
  683. "x_content_type_options": "nosniff",
  684. "x_frame_options": "SAMEORIGIN"
  685. }
  686.  
  687. MSG:
  688.  
  689. Status code was 401 and not [200]: HTTP Error 401: Unauthorized
  690.  
  691. PLAY RECAP *********************************************************************
  692. localhost : ok=68 changed=4 unreachable=0 failed=1 skipped=58 rescued=0 ignored=0
  693.  
  694. Monday 05 February 2024 16:40:14 +0000 (0:00:01.592) 0:01:04.562 *******
  695. ===============================================================================
  696. splunk_common : Start Splunk via CLI ----------------------------------- 33.78s
  697. splunk_common : Update Splunk directory owner --------------------------- 3.80s
  698. splunk_standalone : Setup global HEC ------------------------------------ 1.59s
  699. splunk_common : Get Splunk status --------------------------------------- 1.48s
  700. Gathering Facts --------------------------------------------------------- 1.47s
  701. splunk_common : Test basic https endpoint ------------------------------- 1.30s
  702. splunk_common : Cleanup Splunk runtime files ---------------------------- 0.87s
  703. splunk_common : Wait for splunkd management port ------------------------ 0.74s
  704. splunk_common : Find manifests ------------------------------------------ 0.71s
  705. splunk_common : Enable splunktcp input ---------------------------------- 0.70s
  706. splunk_common : Update /opt/splunk/etc ---------------------------------- 0.68s
  707. splunk_common : Check for scloud ---------------------------------------- 0.60s
  708. splunk_common : Create .ui_login ---------------------------------------- 0.54s
  709. splunk_common : Remove user-seed.conf ----------------------------------- 0.50s
  710. splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key --- 0.49s
  711. splunk_common : Enable Splunkd SSL -------------------------------------- 0.49s
  712. splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key --- 0.49s
  713. splunk_common : Remove input SSL settings ------------------------------- 0.48s
  714. splunk_common : Set mgmt port ------------------------------------------- 0.46s
  715. splunk_common : Check if /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key exists --- 0.46s
  716. [DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the
  717. controller starting with Ansible 2.12. Current version: 3.7.16 (default, Feb 1
  718. 2024, 00:27:11) [GCC 8.5.0 20210514 (Red Hat 8.5.0-20)]. This feature will be
  719. removed from ansible-core in version 2.12. Deprecation warnings can be disabled
  720. by setting deprecation_warnings=False in ansible.cfg.
  721. [DEPRECATION WARNING]: COMMAND_WARNINGS option, the command warnings feature is
  722. being removed. This feature will be removed from ansible-core in version 2.14.
  723. Deprecation warnings can be disabled by setting deprecation_warnings=False in
  724. ansible.cfg.
  725. [DEPRECATION WARNING]: [defaults]callback_whitelist option, normalizing names
  726. to new standard, use callbacks_enabled instead. This feature will be removed
  727. from ansible-core in version 2.15. Deprecation warnings can be disabled by
  728. setting deprecation_warnings=False in ansible.cfg.
  729.  
  730. PLAY [Run default Splunk provisioning] *****************************************
  731. Monday 05 February 2024 16:40:17 +0000 (0:00:00.220) 0:00:00.220 *******
  732.  
  733. TASK [Gathering Facts] *********************************************************
  734. ok: [localhost]
  735. Monday 05 February 2024 16:40:19 +0000 (0:00:01.500) 0:00:01.720 *******
  736. Monday 05 February 2024 16:40:19 +0000 (0:00:00.074) 0:00:01.795 *******
  737.  
  738. TASK [Provision role] **********************************************************
  739. Monday 05 February 2024 16:40:19 +0000 (0:00:00.148) 0:00:01.944 *******
  740.  
  741. TASK [splunk_common : include_tasks] *******************************************
  742. included: /opt/ansible/roles/splunk_common/tasks/get_facts.yml for localhost
  743. Monday 05 February 2024 16:40:19 +0000 (0:00:00.115) 0:00:02.059 *******
  744.  
  745. TASK [splunk_common : Set privilege escalation user] ***************************
  746. ok: [localhost]
  747. Monday 05 February 2024 16:40:19 +0000 (0:00:00.097) 0:00:02.157 *******
  748.  
  749. TASK [splunk_common : Check for scloud] ****************************************
  750. ok: [localhost]
  751. Monday 05 February 2024 16:40:20 +0000 (0:00:00.611) 0:00:02.768 *******
  752. Monday 05 February 2024 16:40:20 +0000 (0:00:00.052) 0:00:02.821 *******
  753. Monday 05 February 2024 16:40:20 +0000 (0:00:00.037) 0:00:02.859 *******
  754.  
  755. TASK [splunk_common : Check for existing installation] *************************
  756. ok: [localhost]
  757. Monday 05 February 2024 16:40:20 +0000 (0:00:00.462) 0:00:03.322 *******
  758.  
  759. TASK [splunk_common : Set splunk install fact] *********************************
  760. ok: [localhost]
  761. Monday 05 February 2024 16:40:21 +0000 (0:00:00.108) 0:00:03.430 *******
  762.  
  763. TASK [splunk_common : Check for existing splunk secret] ************************
  764. ok: [localhost]
  765. Monday 05 February 2024 16:40:21 +0000 (0:00:00.449) 0:00:03.879 *******
  766.  
  767. TASK [splunk_common : Set first run fact] **************************************
  768. ok: [localhost]
  769. Monday 05 February 2024 16:40:21 +0000 (0:00:00.099) 0:00:03.978 *******
  770.  
  771. TASK [splunk_common : Set splunk_build_type fact] ******************************
  772. included: /opt/ansible/roles/splunk_common/tasks/get_facts_build_type.yml for localhost
  773. Monday 05 February 2024 16:40:21 +0000 (0:00:00.075) 0:00:04.054 *******
  774. Monday 05 February 2024 16:40:21 +0000 (0:00:00.037) 0:00:04.092 *******
  775. Monday 05 February 2024 16:40:21 +0000 (0:00:00.057) 0:00:04.150 *******
  776. Monday 05 February 2024 16:40:21 +0000 (0:00:00.084) 0:00:04.234 *******
  777. Monday 05 February 2024 16:40:21 +0000 (0:00:00.063) 0:00:04.298 *******
  778. Monday 05 February 2024 16:40:21 +0000 (0:00:00.053) 0:00:04.352 *******
  779.  
  780. TASK [splunk_common : Set target version fact] *********************************
  781. included: /opt/ansible/roles/splunk_common/tasks/get_facts_target_version.yml for localhost
  782. Monday 05 February 2024 16:40:22 +0000 (0:00:00.096) 0:00:04.449 *******
  783. Monday 05 February 2024 16:40:22 +0000 (0:00:00.050) 0:00:04.500 *******
  784. Monday 05 February 2024 16:40:22 +0000 (0:00:00.050) 0:00:04.551 *******
  785. Monday 05 February 2024 16:40:22 +0000 (0:00:00.049) 0:00:04.600 *******
  786.  
  787. TASK [splunk_common : Find manifests] ******************************************
  788. ok: [localhost]
  789. Monday 05 February 2024 16:40:22 +0000 (0:00:00.664) 0:00:05.265 *******
  790.  
  791. TASK [splunk_common : Set current version fact] ********************************
  792. ok: [localhost]
  793. Monday 05 February 2024 16:40:23 +0000 (0:00:00.114) 0:00:05.379 *******
  794.  
  795. TASK [splunk_common : Setting upgrade fact] ************************************
  796. ok: [localhost]
  797. Monday 05 February 2024 16:40:23 +0000 (0:00:00.109) 0:00:05.488 *******
  798.  
  799. TASK [splunk_common : Setting indexer cluster fact from config] ****************
  800. ok: [localhost]
  801. Monday 05 February 2024 16:40:23 +0000 (0:00:00.097) 0:00:05.586 *******
  802.  
  803. TASK [splunk_common : Setting search head cluster fact from config] ************
  804. ok: [localhost]
  805. Monday 05 February 2024 16:40:23 +0000 (0:00:00.098) 0:00:05.684 *******
  806. Monday 05 February 2024 16:40:23 +0000 (0:00:00.037) 0:00:05.722 *******
  807. Monday 05 February 2024 16:40:23 +0000 (0:00:00.051) 0:00:05.774 *******
  808. Monday 05 February 2024 16:40:23 +0000 (0:00:00.052) 0:00:05.826 *******
  809.  
  810. TASK [splunk_common : Detect service name] *************************************
  811. included: /opt/ansible/roles/splunk_common/tasks/get_facts_service_name.yml for localhost
  812. Monday 05 February 2024 16:40:23 +0000 (0:00:00.088) 0:00:05.915 *******
  813.  
  814. TASK [splunk_common : Setting service_name fact from config] *******************
  815. ok: [localhost]
  816. Monday 05 February 2024 16:40:23 +0000 (0:00:00.100) 0:00:06.016 *******
  817. Monday 05 February 2024 16:40:23 +0000 (0:00:00.052) 0:00:06.068 *******
  818. Monday 05 February 2024 16:40:23 +0000 (0:00:00.052) 0:00:06.121 *******
  819. Monday 05 February 2024 16:40:23 +0000 (0:00:00.053) 0:00:06.174 *******
  820. Monday 05 February 2024 16:40:23 +0000 (0:00:00.053) 0:00:06.228 *******
  821. Monday 05 February 2024 16:40:23 +0000 (0:00:00.054) 0:00:06.282 *******
  822.  
  823. TASK [splunk_common : include_tasks] *******************************************
  824. included: /opt/ansible/roles/splunk_common/tasks/change_splunk_directory_owner.yml for localhost
  825. Monday 05 February 2024 16:40:24 +0000 (0:00:00.147) 0:00:06.429 *******
  826.  
  827. TASK [splunk_common : Update Splunk directory owner] ***************************
  828. ok: [localhost]
  829. Monday 05 February 2024 16:40:27 +0000 (0:00:03.820) 0:00:10.249 *******
  830.  
  831. TASK [splunk_common : include_tasks] *******************************************
  832. included: /opt/ansible/roles/splunk_common/tasks/update_etc.yml for localhost
  833. Monday 05 February 2024 16:40:27 +0000 (0:00:00.120) 0:00:10.370 *******
  834.  
  835. TASK [splunk_common : Check if /sbin/updateetc.sh exists] **********************
  836. ok: [localhost]
  837. Monday 05 February 2024 16:40:28 +0000 (0:00:00.474) 0:00:10.844 *******
  838.  
  839. TASK [splunk_common : Update /opt/splunk/etc] **********************************
  840. ok: [localhost]
  841. Monday 05 February 2024 16:40:29 +0000 (0:00:00.663) 0:00:11.508 *******
  842. Monday 05 February 2024 16:40:29 +0000 (0:00:00.082) 0:00:11.591 *******
  843. Monday 05 February 2024 16:40:29 +0000 (0:00:00.124) 0:00:11.715 *******
  844. Monday 05 February 2024 16:40:29 +0000 (0:00:00.076) 0:00:11.791 *******
  845. Monday 05 February 2024 16:40:29 +0000 (0:00:00.077) 0:00:11.869 *******
  846.  
  847. TASK [splunk_common : include_tasks] *******************************************
  848. included: /opt/ansible/roles/splunk_common/tasks/remove_first_login.yml for localhost
  849. Monday 05 February 2024 16:40:29 +0000 (0:00:00.091) 0:00:11.960 *******
  850.  
  851. TASK [splunk_common : Create .ui_login] ****************************************
  852. ok: [localhost]
  853. Monday 05 February 2024 16:40:30 +0000 (0:00:00.490) 0:00:12.451 *******
  854. Monday 05 February 2024 16:40:30 +0000 (0:00:00.050) 0:00:12.501 *******
  855.  
  856. TASK [splunk_common : include_tasks] *******************************************
  857. included: /opt/ansible/roles/splunk_common/tasks/set_splunk_secret.yml for localhost
  858. Monday 05 February 2024 16:40:30 +0000 (0:00:00.103) 0:00:12.605 *******
  859. Monday 05 February 2024 16:40:30 +0000 (0:00:00.053) 0:00:12.658 *******
  860. Monday 05 February 2024 16:40:30 +0000 (0:00:00.039) 0:00:12.697 *******
  861.  
  862. TASK [splunk_common : include_tasks] *******************************************
  863. included: /opt/ansible/roles/splunk_common/tasks/enable_admin_auth.yml for localhost
  864. Monday 05 February 2024 16:40:30 +0000 (0:00:00.122) 0:00:12.820 *******
  865. Monday 05 February 2024 16:40:30 +0000 (0:00:00.071) 0:00:12.892 *******
  866. Monday 05 February 2024 16:40:30 +0000 (0:00:00.079) 0:00:12.972 *******
  867. Monday 05 February 2024 16:40:30 +0000 (0:00:00.082) 0:00:13.054 *******
  868. Monday 05 February 2024 16:40:30 +0000 (0:00:00.075) 0:00:13.130 *******
  869. Monday 05 February 2024 16:40:30 +0000 (0:00:00.076) 0:00:13.206 *******
  870. Monday 05 February 2024 16:40:30 +0000 (0:00:00.085) 0:00:13.292 *******
  871. Monday 05 February 2024 16:40:30 +0000 (0:00:00.042) 0:00:13.334 *******
  872.  
  873. TASK [splunk_common : include_tasks] *******************************************
  874. included: /opt/ansible/roles/splunk_common/tasks/pre_splunk_start_commands.yml for localhost
  875. Monday 05 February 2024 16:40:31 +0000 (0:00:00.102) 0:00:13.436 *******
  876. Monday 05 February 2024 16:40:31 +0000 (0:00:00.064) 0:00:13.501 *******
  877.  
  878. TASK [splunk_common : include_tasks] *******************************************
  879. included: /opt/ansible/roles/splunk_common/tasks/enable_s2s.yml for localhost
  880. Monday 05 February 2024 16:40:31 +0000 (0:00:00.115) 0:00:13.616 *******
  881. Monday 05 February 2024 16:40:31 +0000 (0:00:00.074) 0:00:13.691 *******
  882.  
  883. TASK [splunk_common : include_tasks] *******************************************
  884. included: /opt/ansible/roles/splunk_common/tasks/s2s/configure_splunktcp.yml for localhost
  885. Monday 05 February 2024 16:40:31 +0000 (0:00:00.112) 0:00:13.803 *******
  886.  
  887. TASK [splunk_common : Enable splunktcp input] **********************************
  888. ok: [localhost]
  889. Monday 05 February 2024 16:40:32 +0000 (0:00:00.695) 0:00:14.498 *******
  890.  
  891. TASK [splunk_common : Remove splunktcp-ssl input] ******************************
  892. changed: [localhost]
  893. Monday 05 February 2024 16:40:32 +0000 (0:00:00.455) 0:00:14.954 *******
  894.  
  895. TASK [splunk_common : Remove input SSL settings] *******************************
  896. changed: [localhost]
  897. Monday 05 February 2024 16:40:33 +0000 (0:00:00.450) 0:00:15.404 *******
  898.  
  899. TASK [splunk_common : Reset root CA] *******************************************
  900. ok: [localhost]
  901. Monday 05 February 2024 16:40:33 +0000 (0:00:00.458) 0:00:15.863 *******
  902.  
  903. TASK [splunk_common : include_tasks] *******************************************
  904. included: /opt/ansible/roles/splunk_common/tasks/trigger_restart.yml for localhost
  905. Monday 05 February 2024 16:40:33 +0000 (0:00:00.087) 0:00:15.951 *******
  906.  
  907. TASK [splunk_common : include_tasks] *******************************************
  908. included: /opt/ansible/roles/splunk_common/tasks/get_splunk_status.yml for localhost
  909. Monday 05 February 2024 16:40:33 +0000 (0:00:00.063) 0:00:16.014 *******
  910.  
  911. TASK [splunk_common : Restrict permissions on splunk.key for Status] ***********
  912. included: /opt/ansible/roles/splunk_common/tasks/restrict_permissions.yml for localhost => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key)
  913. Monday 05 February 2024 16:40:33 +0000 (0:00:00.073) 0:00:16.088 *******
  914.  
  915. TASK [splunk_common : Check if /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key exists] ***
  916. ok: [localhost]
  917. Monday 05 February 2024 16:40:34 +0000 (0:00:00.439) 0:00:16.528 *******
  918.  
  919. TASK [splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key] ***
  920. ok: [localhost]
  921. Monday 05 February 2024 16:40:34 +0000 (0:00:00.485) 0:00:17.014 *******
  922.  
  923. TASK [splunk_common : Get Splunk status] ***************************************
  924. ok: [localhost]
  925. Monday 05 February 2024 16:40:36 +0000 (0:00:01.498) 0:00:18.512 *******
  926.  
  927. TASK [splunk_common : Trigger restart] *****************************************
  928. ok: [localhost]
  929. Monday 05 February 2024 16:40:36 +0000 (0:00:00.464) 0:00:18.977 *******
  930. Monday 05 February 2024 16:40:36 +0000 (0:00:00.054) 0:00:19.031 *******
  931. Monday 05 February 2024 16:40:36 +0000 (0:00:00.077) 0:00:19.109 *******
  932.  
  933. TASK [splunk_common : include_tasks] *******************************************
  934. included: /opt/ansible/roles/splunk_common/tasks/set_mgmt_port.yml for localhost
  935. Monday 05 February 2024 16:40:36 +0000 (0:00:00.109) 0:00:19.218 *******
  936.  
  937. TASK [splunk_common : Set mgmt port] *******************************************
  938. ok: [localhost]
  939. Monday 05 February 2024 16:40:37 +0000 (0:00:00.475) 0:00:19.694 *******
  940. Monday 05 February 2024 16:40:37 +0000 (0:00:00.049) 0:00:19.743 *******
  941. Monday 05 February 2024 16:40:37 +0000 (0:00:00.039) 0:00:19.782 *******
  942. Monday 05 February 2024 16:40:37 +0000 (0:00:00.077) 0:00:19.860 *******
  943. Monday 05 February 2024 16:40:37 +0000 (0:00:00.077) 0:00:19.937 *******
  944. Monday 05 February 2024 16:40:37 +0000 (0:00:00.085) 0:00:20.022 *******
  945.  
  946. TASK [splunk_common : include_tasks] *******************************************
  947. included: /opt/ansible/roles/splunk_common/tasks/enable_splunkd_ssl.yml for localhost
  948. Monday 05 February 2024 16:40:37 +0000 (0:00:00.123) 0:00:20.145 *******
  949.  
  950. TASK [splunk_common : Enable Splunkd SSL] **************************************
  951. ok: [localhost]
  952. Monday 05 February 2024 16:40:38 +0000 (0:00:00.490) 0:00:20.636 *******
  953. Monday 05 February 2024 16:40:38 +0000 (0:00:00.039) 0:00:20.675 *******
  954. Monday 05 February 2024 16:40:38 +0000 (0:00:00.039) 0:00:20.715 *******
  955. Monday 05 February 2024 16:40:38 +0000 (0:00:00.039) 0:00:20.755 *******
  956. Monday 05 February 2024 16:40:38 +0000 (0:00:00.039) 0:00:20.794 *******
  957. Monday 05 February 2024 16:40:38 +0000 (0:00:00.085) 0:00:20.879 *******
  958. Monday 05 February 2024 16:40:38 +0000 (0:00:00.091) 0:00:20.971 *******
  959. Monday 05 February 2024 16:40:38 +0000 (0:00:00.040) 0:00:21.011 *******
  960.  
  961. TASK [splunk_common : include_tasks] *******************************************
  962. included: /opt/ansible/roles/splunk_common/tasks/start_splunk.yml for localhost
  963. Monday 05 February 2024 16:40:38 +0000 (0:00:00.123) 0:00:21.135 *******
  964.  
  965. TASK [splunk_common : include_tasks] *******************************************
  966. included: /opt/ansible/roles/splunk_common/tasks/get_splunk_status.yml for localhost
  967. Monday 05 February 2024 16:40:38 +0000 (0:00:00.060) 0:00:21.195 *******
  968.  
  969. TASK [splunk_common : Restrict permissions on splunk.key for Status] ***********
  970. included: /opt/ansible/roles/splunk_common/tasks/restrict_permissions.yml for localhost => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key)
  971. Monday 05 February 2024 16:40:38 +0000 (0:00:00.070) 0:00:21.266 *******
  972.  
  973. TASK [splunk_common : Check if /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key exists] ***
  974. ok: [localhost]
  975. Monday 05 February 2024 16:40:39 +0000 (0:00:00.467) 0:00:21.733 *******
  976.  
  977. TASK [splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key] ***
  978. ok: [localhost]
  979. Monday 05 February 2024 16:40:39 +0000 (0:00:00.456) 0:00:22.189 *******
  980.  
  981. TASK [splunk_common : Get Splunk status] ***************************************
  982. ok: [localhost]
  983. Monday 05 February 2024 16:40:40 +0000 (0:00:00.462) 0:00:22.651 *******
  984.  
  985. TASK [splunk_common : Cleanup Splunk runtime files] ****************************
  986. ok: [localhost] => (item=/opt/splunk/var/run/splunk/splunkd.pid)
  987. changed: [localhost] => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/mongod.lock)
  988. Monday 05 February 2024 16:40:41 +0000 (0:00:00.863) 0:00:23.515 *******
  989.  
  990. TASK [splunk_common : Restrict permissions on splunk.key] **********************
  991. included: /opt/ansible/roles/splunk_common/tasks/restrict_permissions.yml for localhost => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key)
  992. Monday 05 February 2024 16:40:41 +0000 (0:00:00.082) 0:00:23.597 *******
  993.  
  994. TASK [splunk_common : Check if /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key exists] ***
  995. ok: [localhost]
  996. Monday 05 February 2024 16:40:41 +0000 (0:00:00.451) 0:00:24.049 *******
  997.  
  998. TASK [splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key] ***
  999. ok: [localhost]
  1000. Monday 05 February 2024 16:40:42 +0000 (0:00:00.483) 0:00:24.532 *******
  1001.  
Tags: splunk
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!