diff --git a/ansible/inventory/inventory_rke2.yml b/ansible/inventory/inventory_rke2.yml new file mode 100644 index 0000000000..0d350106f6 --- /dev/null +++ b/ansible/inventory/inventory_rke2.yml @@ -0,0 +1,5 @@ +control_nodes: + hosts: + token_node: + ansible_host: + config_file: \ No newline at end of file diff --git a/ansible/inventory/inventory_rke2_ha.yml b/ansible/inventory/inventory_rke2_ha.yml new file mode 100644 index 0000000000..5ea6206035 --- /dev/null +++ b/ansible/inventory/inventory_rke2_ha.yml @@ -0,0 +1,40 @@ +#control_nodes: +# hosts: +# token_node: +# ansible_host: +# config_file: +# optional_control_node_1: +# ansible_host: +# config_file: +# optional_control_node_2: +# ansible_host: +# config_file: +# +#agent_nodes: +# hosts: +# optional_agent_1: +# ansible_host: +# config_file: +# optional_agent_2: +# ansible_host: +# config_file: +# optional_agent_3: +# ansible_host: +# config_file: +control_nodes: + hosts: + token_node: + ansible_host: 18.117.9.0 + config_file: /Users/wzya/Desktop/Wojtek/git_repos/splunk-connect-for-syslog/c1.yml + optional_control_node_1: + ansible_host: 13.59.236.185 + config_file: /Users/wzya/Desktop/Wojtek/git_repos/splunk-connect-for-syslog/c2.yml + +agent_nodes: + hosts: + optional_agent_1: + ansible_host: 18.117.72.151 + config_file: /Users/wzya/Desktop/Wojtek/git_repos/splunk-connect-for-syslog/a1.yml + optional_agent_2: + ansible_host: 18.224.53.10 + config_file: /Users/wzya/Desktop/Wojtek/git_repos/splunk-connect-for-syslog/a2.yml \ No newline at end of file diff --git a/ansible/playbooks/rke2.yml b/ansible/playbooks/rke2.yml new file mode 100644 index 0000000000..73bf27e1d4 --- /dev/null +++ b/ansible/playbooks/rke2.yml @@ -0,0 +1,65 @@ +--- +- name: Copy rke2 configuration files + hosts: all + become: true + tasks: + - include_tasks: ../tasks/rke2/copy_config.yml + +- name: Install and run rke2-server.service on first control node + hosts: control_nodes + become: true + tasks: + - include_tasks: ../tasks/rke2/install_first_server.yml + +- name: Get node-token from a control node + hosts: control_nodes + become: true + tasks: + - include_tasks: ../tasks/rke2/get_registration_token.yml + +- name: Add node-token to other control nodes and agent nodes configuration + hosts: control_nodes:agent_nodes + become: true + tasks: + - include_tasks: ../tasks/rke2/add_token_to_config.yml + +- name: Install and run rke2-server.service on rest of the control nodes + hosts: control_nodes + become: true + tasks: + - include_tasks: ../tasks/rke2/install_other_servers.yml + +- name: Install and run rke2-agent.service on agent nodes + hosts: agent_nodes + become: true + tasks: + - include_tasks: ../tasks/rke2/install_agents.yml + +- name: Make kubectl executable available for ansible_user + hosts: control_nodes + become: true + tasks: + - include_tasks: ../tasks/rke2/provide_kubectl.yml + +- name: Deploy k8s secrets + hosts: control_nodes + become: true + tasks: + - include_tasks: ../tasks/rke2/deploy_secrets.yml + +- name: Install metallb + hosts: control_nodes + tasks: + - include_tasks: ../tasks/rke2/install_metallb.yml + +- name: Install SC4S helm repo + hosts: control_nodes + tasks: + - include_tasks: ../tasks/rke2/install_helm_repo.yml + +- name: Deploy SC4S app + hosts: control_nodes + tasks: + - include_tasks: ../tasks/rke2/deploy_app.yml + + diff --git a/ansible/resources/metallb-config.yaml b/ansible/resources/metallb-config.yaml new file mode 100644 index 0000000000..6adde98b1a --- /dev/null +++ b/ansible/resources/metallb-config.yaml @@ -0,0 +1,15 @@ +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + namespace: metallb + name: my-ip-pool +spec: + addresses: + # Configure address pool for metallb + #- 1.2.3.4/32 +--- +apiVersion: metallb.io/v1beta1 +kind: L2Advertisement +metadata: + namespace: metallb + name: l2-advertisement diff --git a/ansible/tasks/rke2/add_token_to_config.yml b/ansible/tasks/rke2/add_token_to_config.yml new file mode 100644 index 0000000000..b002a84e29 --- /dev/null +++ b/ansible/tasks/rke2/add_token_to_config.yml @@ -0,0 +1,8 @@ +--- +- name: Add rke2 token to config + lineinfile: + path: /etc/rancher/rke2/config.yaml + regexp: '^token:' + line: "token: {{ hostvars['token_node'].rke2_token }}" + create: yes + when: inventory_hostname != "token_node" \ No newline at end of file diff --git a/ansible/tasks/rke2/copy_config.yml b/ansible/tasks/rke2/copy_config.yml new file mode 100644 index 0000000000..ab580383d1 --- /dev/null +++ b/ansible/tasks/rke2/copy_config.yml @@ -0,0 +1,14 @@ +--- +- name: Create /etc/rancher/rke2 directory + file: + path: /etc/rancher/rke2 + state: directory + mode: u=rw,g=rw,o=r + +- name: Copy the configuration file to the remote location + copy: + src: "{{ config_file }}" + dest: /etc/rancher/rke2/config.yaml + owner: "{{ ansible_user }}" + group: "{{ ansible_user }}" + mode: u=rw,g=rw,o=r \ No newline at end of file diff --git a/ansible/tasks/rke2/deploy_app.yml b/ansible/tasks/rke2/deploy_app.yml new file mode 100644 index 0000000000..506062fbb7 --- /dev/null +++ b/ansible/tasks/rke2/deploy_app.yml @@ -0,0 +1,21 @@ +--- +- name: Copying values.yml file on the server + copy: + src: /opt/charts/splunk-connect-for-syslog/values.yaml + dest: "/home/{{ ansible_user }}/values.yaml" + owner: "{{ ansible_user }}" + group: "{{ ansible_user }}" + mode: u=rw,g=rw,o=r + +- name: Deploy app or update it with new values if already deployed + block: + - name: Deploy sc4s app from templates with overwrites from values.yml + ansible.builtin.shell: helm install sc4s splunk-connect-for-syslog/splunk-connect-for-syslog -f values.yaml + args: + chdir: "/home/{{ ansible_user }}/" + rescue: + - name: Update app with new values.yml + ansible.builtin.shell: helm upgrade sc4s splunk-connect-for-syslog/splunk-connect-for-syslog -f values.yaml + args: + chdir: "/home/{{ ansible_user }}/" + when: inventory_hostname == "token_node" \ No newline at end of file diff --git a/ansible/tasks/rke2/deploy_secrets.yml b/ansible/tasks/rke2/deploy_secrets.yml new file mode 100644 index 0000000000..ed71e4a233 --- /dev/null +++ b/ansible/tasks/rke2/deploy_secrets.yml @@ -0,0 +1,29 @@ +--- +- name: Load k8s secrets + include_vars: + file: "{{ item }}" + with_first_found: + - files: + - /opt/ansible/resources/k8s_secrets.yaml + - /opt/charts/splunk-connect-for-syslog/secrets.yaml + +- name: Export kubectl bin path + shell: export PATH=$PATH:/var/lib/rancher/rke2/bin/ + +- name: Create mTLS secret + ansible.builtin.shell: | + /var/lib/rancher/rke2/bin/kubectl apply -f - < --ask-pass path/to/playbooks/rke2.yml +``` + +* To authenitcate if you are running a high-availability cluster: +``` bash +ansible-playbook -i path/to/inventory_rke2_ha.yaml -u --ask-pass path/to/playbooks/rke2.yml +``` + +* To authenticate using a key pair: +``` bash +ansible-playbook -i path/to/inventory_rke2.yaml -u --key-file path/to/playbooks/rke2.yml +``` + +## Step 3: Validate your configuration + +SC4S performs checks to ensure that the container starts properly and that the syntax of the underlying syslog-ng +configuration is correct. Once the checks are complete, validate that SC4S properly communicates with Splunk. To do this, execute the following search in Splunk: + +```ini +index=* sourcetype=sc4s:events "starting up" +``` + +This should yield an event similar to the following: + +```ini +syslog-ng starting up; version='3.28.1' +``` + +You can verify whether all services in the cluster work by checking the ```sc4s_container``` in Splunk. Each service should have a different container ID. All other fields should be the same. + +The startup process should proceed normally without syntax errors. If it does not, +follow the steps below before proceeding to deeper-level troubleshooting: + +1. Verify that the URL, token, and TLS/SSL settings are correct, and that the appropriate firewall ports are open (8088 or 443). +2. Verify that your indexes are created in Splunk, and that your token has access to them. +3. If you are using a load balancer, verify that it is operating properly. +4. Execute the following command to check the SC4S startup process running in the container. + +```bash +kubectl get pods +kubectl logs +``` + +You should see events similar to those below in the output: + +```ini +SC4S_ENV_CHECK_HEC: Splunk HEC connection test successful to index=main for sourcetype=sc4s:fallback... +SC4S_ENV_CHECK_HEC: Splunk HEC connection test successful to index=main for sourcetype=sc4s:events... +syslog-ng checking config +sc4s version=v1.36.0 +starting syslog-ng +``` diff --git a/mkdocs.yml b/mkdocs.yml index 54f426b628..cefe30386e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -52,6 +52,7 @@ nav: - Docker Swarm: "gettingstarted/ansible-docker-swarm.md" - Podman/Docker: "gettingstarted/ansible-docker-podman.md" - mk8s: "gettingstarted/ansible-mk8s.md" + - RKE2: "gettingstarted/ansible-rke2.md" - Create a parser: "create-parser.md" - Configuration: "configuration.md" - Destinations: "destinations.md"