Default admin password and updates to make the cookbook work with Splunk 4.3

README.md

@@ -34,6 +34,8 @@ Attributes
 
 `splunk[:proxy_pass]` - Sets the hashed password for basic HTTP authentication when using `splunk::apache_proxy`. Default is hashed value for 'changeme' matching the default splunk password.
 
+`splunk[:admin_password]` - Sets the default admin password. The default value is Splunk's default `changeme`.
+
 Future Plans
 ============
 * Consider using tarball install to simplify support for all distributions.

attributes/default.rb

@@ -1,5 +1,7 @@
 default[:splunk][:root] = "/opt/splunk"
-default[:splunk][:version] = "4.2.4-110225"
+default[:splunk][:admin_password] = "changeme"
+default[:splunk][:version] = "4.3-115073"
 default[:splunk][:proxy_user] = "admin"
 default[:splunk][:proxy_pass] = "{SHA}+pvrmeQCmtWmYVOZ57uuITVghrM="
 default[:splunk][:alt_htpasswd] = false
+default[:splunk][:bind_all_interfaces] = true

metadata.rb

@@ -2,7 +2,7 @@
 maintainer_email  "cameron@needle.com"
 license           "Apache 2.0"
 description       "Installs and configures splunk"
-version           "0.1.1"
+version           "0.1.2"
 depends           "apache2" # for apache_proxy recipe
 recipe            "splunk", "Default splunk indexer configuration"
 recipe            "splunk::apache_proxy", "Configures Apache to proxy for splunk on port 80 with HTTP basic auth"
@@ -31,3 +31,8 @@
   :display_name => "Apache proxy htpasswd path",
   :description => "Path to an alternate htpasswd file for authenticating to splunk when using splunk::apache_proxy recipe",
   :default => "false"
+
+attribute         "splunk/bind_all_interfaces",
+  :display_name => "Bind splunk to all interfaces",
+  :description => "If true, splunk will be listening on all interfaces, if false, only on localhost (127.0.0.1)",
+  :default => "true"

recipes/apache_proxy.rb

@@ -27,9 +27,18 @@
   end
 end
 
-execute "Update bind settings in #{node[:splunk][:root]}/etc/splunk-launch.conf" do
-  command "echo '\nSPLUNK_BINDIP=127.0.0.1\n' >> #{node[:splunk][:root]}/etc/splunk-launch.conf"
-  notifies :restart, resources(:service => "splunk")
-  not_if "grep SPLUNK_BINDIP=127.0.0.1 #{node[:splunk][:root]}/etc/splunk-launch.conf"
-end
-
+if node[:splunk][:bind_all_interfaces]
+  # if bind to localhost is present, remove it
+  execute "Update bind settings in #{node[:splunk][:root]}/etc/splunk-launch.conf to allow bind on all interfaces" do
+    command "mv #{node[:splunk][:root]}/etc/splunk-launch.conf #{node[:splunk][:root]}/etc/splunk-launch.conf.backup; sed '/SPLUNK_BINDIP=127.0.0.1/d' #{node[:splunk][:root]}/etc/splunk-launch.conf.backup > #{node[:splunk][:root]}/etc/splunk-launch.conf"
+    notifies :restart, resources(:service => "splunk")
+    only_if "grep '^[[:space:]]*SPLUNK_BINDIP=127.0.0.1' #{node[:splunk][:root]}/etc/splunk-launch.conf"
+  end
+else
+  # if bind to localhost is not present, add it
+  execute "Update bind settings in #{node[:splunk][:root]}/etc/splunk-launch.conf to allow bind only on 127.0.0.1" do
+    command "echo '\nSPLUNK_BINDIP=127.0.0.1\n' >> #{node[:splunk][:root]}/etc/splunk-launch.conf"
+    notifies :restart, resources(:service => "splunk")
+    not_if "grep '^[[:space:]]*SPLUNK_BINDIP=127.0.0.1' #{node[:splunk][:root]}/etc/splunk-launch.conf"
+  end
+end  

recipes/default.rb

@@ -12,7 +12,7 @@
   raise "seems that your system's architecture is neither i686 nor amd64; no dice."
 end
 
-short_ver=node[:splunk][:version].match(/\d.\d.\d/).to_s
+short_ver=node[:splunk][:version].match(/(.*)-/)[1]
 
 remote_file "/usr/src/splunk-#{node[:splunk][:version]}-linux-2.6-#{pkg_arch}.deb" do
   source "http://www.splunk.com/index.php/download_track?file=#{short_ver}/splunk/linux/splunk-#{node[:splunk][:version]}-linux-2.6-#{pkg_arch}.deb&ac=wiki_download&wget=true&name=wget&typed=releases"
@@ -24,6 +24,14 @@
   source "/usr/src/splunk-#{node[:splunk][:version]}-linux-2.6-#{pkg_arch}.deb"
 end
 
+template "#{node[:splunk][:root]}/etc/system/default/user-seed.conf" do
+  action :create
+  source "user-seed.conf.erb"
+  owner "root"
+  group "root"
+  mode "600"
+end
+
 service "splunk" do
   supports :status => true, :restart => true, :reload => false
   start_command "#{node[:splunk][:root]}/bin/splunk start --accept-license --answer-yes --no-prompt"

templates/default/splunk_proxy.erb

@@ -12,12 +12,4 @@
   Order deny,allow
   Deny from all
   Allow from all
-  AuthName "<%= node[:fqdn] %>"
-  AuthType Basic
-<% if node[:splunk][:alt_htpasswd] %>
-  AuthUserFile <%= node[:splunk][:alt_htpasswd] %>
-<% else %>
-  AuthUserFile <%= node[:splunk][:root] %>/.htpasswd
-<% end %>
-  Require valid-user
 </Proxy>

templates/default/user-seed.conf.erb

@@ -0,0 +1,17 @@
+# Copyright (C) 2005-2011 Splunk Inc. All Rights Reserved.  Version 4.2.5 
+#
+# This is an example user-seed.conf.  Use this file to create an initial login.
+#
+# NOTE: To change the default start up login and password, this file must be in 
+# $SPLUNK_HOME/etc/system/default/ prior to starting Splunk for the first time.
+#
+# To use this configuration, copy the configuration block into user-seed.conf 
+# in $SPLUNK_HOME/etc/system/local/. You must restart Splunk to enable configurations.
+#
+# To learn more about configuration files (including precedence) please see the documentation 
+# located at http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
+
+
+[user_info]
+USERNAME = admin
+PASSWORD = <%= node[:splunk][:admin_password] %>