#!/bin/sh# This script provides an example of how to deploy the Splunk unive

1. #!/bin/sh
2.  
3. # This script provides an example of how to deploy the Splunk universal forwarder
4. # to many remote hosts via ssh and common Unix commands.
5. #
6. # Note that this script will only work unattended if you have SSH host keys
7. # setup & unlocked.
8. # To learn more about this subject, do a web search for "openssh key management".
9.  
10.  
11. # ----------- Adjust the variables below -----------
12.  
13. # Populate this file with a list of hosts that this script should install to,
14. # with one host per line. You may use hostnames or IP addresses, as
15. # applicable. You can also specify a user to login as, for example, "foo@host".
16. #
17. # Example file contents:
18. # server1
19. # server2.foo.lan
20. # you@server3
21. # 10.2.3.4
22.  
23. HOSTS_FILE="/home/deodion/splunk.install.list"
24.  
25. # This is the path to the Splunk tarball that you wish to push out. You may
26. # wish to make this a symlink to a versioned Splunk tarball, so as to minimize
27. # updates to this script in the future.
28.  
29. SPLUNK_FILE="/home/deodion/splunkforwarder-4.3-115073-Linux-i686.tgz"
30.  
31. # This is where the Splunk tarball will be stored on the remote host during
32. # installation. The file will be removed after installation. You normally will
33. # not need to set this variable, as $NEW_PARENT will be used by default.
34. #
35. # SCRATCH_DIR="/home/your_dir/temp"
36.  
37. # The location in which to unpack the new Splunk tarball on the destination
38. # host. This can be the same parent dir as for your existing Splunk
39. # installation (if any). This directory will be created at runtime, if it does
40. # not exist.
41.  
42. NEW_PARENT="/opt"
43.  
44. # After installation, the forwarder will become a deployment client of this
45. # host. Specify the host and management (not web) port of the deployment server
46. # that will be managing these forwarder instances. If you do not wish to use
47. # a deployment server, you may leave this unset.
48. #
49. DEPLOY_SERV="10.10.10.40:8089"
50.  
51. # A directory on the current host in which the output of each installation
52. # attempt will be logged. This directory need not exist, but the user running
53. # the script must be able to create it. The output will be stored as
54. # $LOG_DIR/<[user@]destination host>. If installation on a host fails, a
55. # corresponding file will also be created, as
56. # $LOG_DIR/<[user@]destination host>.failed.
57.  
58. LOG_DIR="/tmp/splunkua.install"
59.  
60. # For conversion from normal Splunk installs to the Splunk Universal Agent:
61. # After installation, records of Splunk's progress in indexing files (monitor)
62. # and filesystem change events (fschange) can be imported from an existing
63. # Splunk (non-forwarder) installation. Specify the path to that installation here.
64. # If there is no prior Splunk instance, you may leave this variable empty ("").
65. #
66. # NOTE: THIS SCRIPT WILL STOP THE SPLUNK INSTANCE SPECIFIED HERE.
67. #
68. # OLD_SPLUNK="/opt/splunk"
69.  
70. # If you use a non-standard SSH port on the remote hosts, you must set this.
71. # SSH_PORT=1234
72.  
73. # You must remove this line, or the script will refuse to run. This is to
74. # ensure that all of the above has been read and set. :)
75.  
76. # UNCONFIGURED=1
77.  
78. # ----------- End of user adjustable settings -----------
79.  
80.  
81. # helpers.
82.  
83. faillog() {
84. echo "$1" >&2
85. }
86.  
87. fail() {
88. faillog "ERROR: $@"
89. exit 1
90. }
91.  
92. # error checks.
93.  
94. test "$UNCONFIGURED" -eq 1 && \
95. fail "This script has not been configured. Please see the notes in the script."
96. test -z "$HOSTS_FILE" && \
97. fail "No hosts configured! Please populate HOSTS_FILE."
98. test -z "$NEW_PARENT" && \
99. fail "No installation destination provided! Please set NEW_PARENT."
100. test -z "$SPLUNK_FILE" && \
101. fail "No splunk package path provided! Please populate SPLUNK_FILE."
102. if [ ! -d "$LOG_DIR" ]; then
103. mkdir -p "$LOG_DIR" || fail "Cannot create log dir at \"$LOG_DIR\"!"
104. fi
105.  
106. # some setup.
107.  
108. if [ -z "$SCRATCH_DIR" ]; then
109. SCRATCH_DIR="$NEW_PARENT"
110. fi
111. if [ -n "$SSH_PORT" ]; then
112. SSH_PORT_ARG="-p${SSH_PORT}"
113. SCP_PORT_ARG="-P${SSH_PORT}"
114. fi
115.  
116. NEW_INSTANCE="$NEW_PARENT/splunkforwarder" # this would need to be edited for non-UA...
117. DEST_FILE="${SCRATCH_DIR}/splunkforwarder-4.3-115073-Linux-i686.tgz"
118.  
119. #
120. #
121. # create script to run remotely.
122. #
123. #
124.  
125. REMOTE_SCRIPT="
126. fail() {
127. echo ERROR: \"\$@\" >&2
128. test -f \"$DEST_FILE\" && rm -f \"$DEST_FILE\"
129. exit 1
130. }
131. "
132.  
133. ### try untarring tarball.
134. REMOTE_SCRIPT="$REMOTE_SCRIPT
135. (cd \"$NEW_PARENT\" && tar -zxf \"$DEST_FILE\") || fail \"could not untar /$DEST_FILE to $NEW_PARENT.\"
136. "
137.  
138. ### setup seed file to migrate input records from old instance, and stop old instance.
139. if [ -n "$OLD_SPLUNK" ]; then
140. REMOTE_SCRIPT="$REMOTE_SCRIPT
141. echo \"$OLD_SPLUNK\" > \"$NEW_INSTANCE/old_splunk.seed\" || fail \"could not create seed file.\"
142. \"$OLD_SPLUNK/bin/splunk\" stop || fail \"could not stop existing splunk.\"
143. "
144. fi
145.  
146. ### setup deployment client if requested.
147. if [ -n "$DEPLOY_SERV" ]; then
148. REMOTE_SCRIPT="$REMOTE_SCRIPT
149. \"$NEW_INSTANCE/bin/splunk\" set deploy-poll \"$DEPLOY_SERV\" --accept-license --answer-yes \
150. --auto-ports --no-prompt || fail \"could not setup deployment client\"
151. "
152. fi
153.  
154. ### start new instance.
155. REMOTE_SCRIPT="$REMOTE_SCRIPT
156. \"$NEW_INSTANCE/bin/splunk\" start --accept-license --answer-yes --auto-ports --no-prompt || \
157. fail \"could not start new splunk instance!\"
158. "
159.  
160. ### remove downloaded file.
161. REMOTE_SCRIPT="$REMOTE_SCRIPT
162. rm -f "$DEST_FILE" || fail \"could not delete downloaded file $DEST_FILE!\"
163. "
164.  
165. #
166. #
167. # end of remote script.
168. #
169. #
170.  
171. exec 5>&1 # save stdout.
172. exec 6>&2 # save stderr.
173.  
174. echo "In 5 seconds, will copy install file and run the following script on each"
175. echo "remote host:"
176. echo
177. echo "===================="
178. echo "$REMOTE_SCRIPT"
179. echo "===================="
180. echo
181. echo "Press Ctrl-C to cancel..."
182. test -z "$MORE_FASTER" && sleep 5
183. echo "Starting."
184.  
185. # main loop. install on each host.
186.  
187. for DST in `cat "$HOSTS_FILE"`; do
188. if [ -z "$DST" ]; then
189. continue;
190. fi
191.  
192. LOG="$LOG_DIR/$DST"
193. FAILLOG="${LOG}.failed"
194. echo "Installing on host $DST, logging to $LOG."
195.  
196. # redirect stdout/stderr to logfile.
197. exec 1> "$LOG"
198. exec 2> "$LOG"
199.  
200. if ! ssh $SSH_PORT_ARG "$DST" \
201. "if [ ! -d \"$NEW_PARENT\" ]; then mkdir -p \"$NEW_PARENT\"; fi"; then
202. touch "$FAILLOG"
203. # restore stdout/stderr.
204. exec 1>&5
205. exec 2>&6
206. continue
207. fi
208.  
209. # copy tarball to remote host.
210. if ! scp $SCP_PORT_ARG "$SPLUNK_FILE" "${DST}:${DEST_FILE}"; then
211. touch "$FAILLOG"
212. # restore stdout/stderr.
213. exec 1>&5
214. exec 2>&6
215. continue
216. fi
217.  
218. # run script on remote host and log appropriately.
219. if ! ssh $SSH_PORT_ARG "$DST" "$REMOTE_SCRIPT"; then
220. touch "$FAILLOG" # remote script failed.
221. else
222. test -e "$FAILLOG" && rm -f "$FAILLOG" # cleanup any past attempt log.
223. fi
224.  
225. # restore stdout/stderr.
226. exec 1>&5
227. exec 2>&6
228.  
229. if [ -e "$FAILLOG" ]; then
230. echo " --> FAILED <--"
231. else
232. echo " SUCCEEDED"
233. fi
234. done
235.  
236. FAIL_COUNT=`ls "${LOG_DIR}" | grep -c '\.failed$'`
237. if [ "$FAIL_COUNT" -gt 0 ]; then
238. echo "There were $FAIL_COUNT remote installation failures."
239. echo " ( see ${LOG_DIR}/*.failed )"
240. else
241. echo
242. echo "Done."
243. fi
244.  
245. # Voila.