From 58e460cd82a761d89472a1dbd57d621ace0fbb9c Mon Sep 17 00:00:00 2001 From: Aditya Pingle Date: Wed, 6 Mar 2024 13:03:52 -0800 Subject: [PATCH 1/3] set resource_limits for limits.conf --- inventory/environ.py | 1 + inventory/splunk_defaults_linux.yml | 1 + inventory/splunk_defaults_windows.yml | 1 + inventory/splunkforwarder_defaults_linux.yml | 1 + inventory/splunkforwarder_defaults_windows.yml | 1 + roles/splunk_common/tasks/main.yml | 2 ++ roles/splunk_common/tasks/set_resource_limits.yml | 9 +++++++++ 7 files changed, 16 insertions(+) create mode 100644 roles/splunk_common/tasks/set_resource_limits.yml diff --git a/inventory/environ.py b/inventory/environ.py index e79f081e..e75489f6 100755 --- a/inventory/environ.py +++ b/inventory/environ.py @@ -574,6 +574,7 @@ def overrideEnvironmentVars(vars_scope): vars_scope["splunk"]["root_endpoint"] = os.environ.get('SPLUNK_ROOT_ENDPOINT', vars_scope["splunk"]["root_endpoint"]) vars_scope["splunk"]["svc_port"] = os.environ.get('SPLUNK_SVC_PORT', vars_scope["splunk"]["svc_port"]) vars_scope["splunk"]["splunk_http_enabled"] = os.environ.get('ENABLE_TCP_MODE', vars_scope["splunk"]["enable_tcp_mode"]) + vars_scope["splunk"]["resource_limits_source"] = os.environ.get('SPLUNK_RESOURCE_LIMITS_SOURCE', vars_scope["splunk"]["resource_limits_source"]) vars_scope["splunk"]["s2s"]["port"] = int(os.environ.get('SPLUNK_S2S_PORT', vars_scope["splunk"]["s2s"]["port"])) vars_scope["splunk"]["enable_service"] = os.environ.get('SPLUNK_ENABLE_SERVICE', vars_scope["splunk"]["enable_service"]) vars_scope["splunk"]["service_name"] = os.environ.get('SPLUNK_SERVICE_NAME', vars_scope["splunk"]["service_name"]) diff --git a/inventory/splunk_defaults_linux.yml b/inventory/splunk_defaults_linux.yml index c82bc9ac..d7a0e115 100644 --- a/inventory/splunk_defaults_linux.yml +++ b/inventory/splunk_defaults_linux.yml @@ -42,6 +42,7 @@ splunk: secret: pass4SymmKey: svc_port: 8089 + resource_limits_source: "container_sok" ssl: enable: True cert: diff --git a/inventory/splunk_defaults_windows.yml b/inventory/splunk_defaults_windows.yml index 72fbcfab..00857114 100644 --- a/inventory/splunk_defaults_windows.yml +++ b/inventory/splunk_defaults_windows.yml @@ -41,6 +41,7 @@ splunk: secret: pass4SymmKey: svc_port: 8089 + resource_limits_source: "container_sok" ssl: enable: True cert: diff --git a/inventory/splunkforwarder_defaults_linux.yml b/inventory/splunkforwarder_defaults_linux.yml index 6f040479..24dc55af 100644 --- a/inventory/splunkforwarder_defaults_linux.yml +++ b/inventory/splunkforwarder_defaults_linux.yml @@ -41,6 +41,7 @@ splunk: secret: pass4SymmKey: svc_port: 8089 + resource_limits_source: "container_sok" ssl: enable: True cert: diff --git a/inventory/splunkforwarder_defaults_windows.yml b/inventory/splunkforwarder_defaults_windows.yml index c93a4fb6..6d2cc7e1 100644 --- a/inventory/splunkforwarder_defaults_windows.yml +++ b/inventory/splunkforwarder_defaults_windows.yml @@ -41,6 +41,7 @@ splunk: secret: pass4SymmKey: svc_port: 8089 + resource_limits_source: "container_sok" ssl: enable: True cert: diff --git a/roles/splunk_common/tasks/main.yml b/roles/splunk_common/tasks/main.yml index 37dd6d71..160b9823 100644 --- a/roles/splunk_common/tasks/main.yml +++ b/roles/splunk_common/tasks/main.yml @@ -122,6 +122,8 @@ - include_tasks: enable_dsp.yml when: "'dsp' in splunk and 'enable' in splunk.dsp and splunk.dsp.enable" +- include_tasks: set_resource_limits.yml + - include_tasks: start_splunk.yml - include_tasks: set_certificate_prefix.yml diff --git a/roles/splunk_common/tasks/set_resource_limits.yml b/roles/splunk_common/tasks/set_resource_limits.yml new file mode 100644 index 00000000..5a20722f --- /dev/null +++ b/roles/splunk_common/tasks/set_resource_limits.yml @@ -0,0 +1,9 @@ +--- +- name: Set Resource Limits + ini_file: + dest: "{{ splunk.home }}/etc/system/local/limits.conf" + option: "resource_limits_source" + section: "system_checks" + value: "container_sok" + owner: "{{ splunk.user }}" + group: "{{ splunk.group }}" From 0ef187942823372cd0843e51df8619411d4e08dc Mon Sep 17 00:00:00 2001 From: Aditya Pingle Date: Thu, 7 Mar 2024 09:28:17 -0800 Subject: [PATCH 2/3] updated default value for resource_limits_source --- inventory/environ.py | 2 ++ inventory/splunk_defaults_linux.yml | 2 +- inventory/splunk_defaults_windows.yml | 2 +- inventory/splunkforwarder_defaults_linux.yml | 2 +- inventory/splunkforwarder_defaults_windows.yml | 2 +- 5 files changed, 6 insertions(+), 4 deletions(-) diff --git a/inventory/environ.py b/inventory/environ.py index e75489f6..d36a835d 100755 --- a/inventory/environ.py +++ b/inventory/environ.py @@ -585,6 +585,8 @@ def overrideEnvironmentVars(vars_scope): if vars_scope["splunk"]["splunk_http_enabled"] == "false" and "forwarder" not in vars_scope["splunk"]["role"].lower(): vars_scope["splunk"]["splunk_http_enabled"] = "true" + if vars_scope["splunk"]["resource_limits_source"] not in ["hardware", "container_sok"]: + vars_scope["splunk"]["resource_limits_source"] = "hardware" # Set set_search_peers to False to disable peering to indexers when creating multisite topology if os.environ.get("SPLUNK_SET_SEARCH_PEERS", "").lower() == "false": vars_scope["splunk"]["set_search_peers"] = False diff --git a/inventory/splunk_defaults_linux.yml b/inventory/splunk_defaults_linux.yml index d7a0e115..4e4161cf 100644 --- a/inventory/splunk_defaults_linux.yml +++ b/inventory/splunk_defaults_linux.yml @@ -42,7 +42,7 @@ splunk: secret: pass4SymmKey: svc_port: 8089 - resource_limits_source: "container_sok" + resource_limits_source: "hardware" ssl: enable: True cert: diff --git a/inventory/splunk_defaults_windows.yml b/inventory/splunk_defaults_windows.yml index 00857114..c5f3585a 100644 --- a/inventory/splunk_defaults_windows.yml +++ b/inventory/splunk_defaults_windows.yml @@ -41,7 +41,7 @@ splunk: secret: pass4SymmKey: svc_port: 8089 - resource_limits_source: "container_sok" + resource_limits_source: "hardware" ssl: enable: True cert: diff --git a/inventory/splunkforwarder_defaults_linux.yml b/inventory/splunkforwarder_defaults_linux.yml index 24dc55af..40694111 100644 --- a/inventory/splunkforwarder_defaults_linux.yml +++ b/inventory/splunkforwarder_defaults_linux.yml @@ -41,7 +41,7 @@ splunk: secret: pass4SymmKey: svc_port: 8089 - resource_limits_source: "container_sok" + resource_limits_source: "hardware" ssl: enable: True cert: diff --git a/inventory/splunkforwarder_defaults_windows.yml b/inventory/splunkforwarder_defaults_windows.yml index 6d2cc7e1..b452d715 100644 --- a/inventory/splunkforwarder_defaults_windows.yml +++ b/inventory/splunkforwarder_defaults_windows.yml @@ -41,7 +41,7 @@ splunk: secret: pass4SymmKey: svc_port: 8089 - resource_limits_source: "container_sok" + resource_limits_source: "hardware" ssl: enable: True cert: From 2742afec5651566b0ac43e3aa6ded0c468eb2160 Mon Sep 17 00:00:00 2001 From: Aditya Pingle Date: Tue, 26 Mar 2024 14:58:36 -0700 Subject: [PATCH 3/3] updated play; --- roles/splunk_common/tasks/set_resource_limits.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/splunk_common/tasks/set_resource_limits.yml b/roles/splunk_common/tasks/set_resource_limits.yml index 5a20722f..fe0804ee 100644 --- a/roles/splunk_common/tasks/set_resource_limits.yml +++ b/roles/splunk_common/tasks/set_resource_limits.yml @@ -1,9 +1,9 @@ --- -- name: Set Resource Limits +- name: Configure Resource Limits as {{ splunk.resource_limits_source }} ini_file: dest: "{{ splunk.home }}/etc/system/local/limits.conf" option: "resource_limits_source" section: "system_checks" - value: "container_sok" + value: "{{ splunk.resource_limits_source }}" owner: "{{ splunk.user }}" group: "{{ splunk.group }}"