splunk · sbylica-splunk · Jan 24, 2025 · Jan 24, 2025 · Jan 28, 2025 · Jan 28, 2025
@@ -1,16 +1,17 @@
 # install requirements in venv
 FROM python:3.10 AS venv_builder
-RUN pip install ansible~=6.1.0 --no-cache-dir
-RUN pip install pywinrm>=0.4.2 --no-cache-dir
-RUN pip install ansible-lint>=6.0.0 --no-cache-dir
+RUN pip install ansible~=6.1.0 --no-cache-dir \
+    && pip install pywinrm>=0.4.2 --no-cache-dir \
+    && pip install ansible-lint>=6.0.0 --no-cache-dir
 
 WORKDIR /opt
 COPY ./ansible .
 COPY ./charts .
 
-RUN apt-get update -y
-RUN apt-get install parallel -y
-RUN apt-get install sshpass
+RUN apt-get update -y \
+    && apt-get --no-install-recommends install parallel -y build-essential \
+    && apt-get --no-install-recommends install sshpass -y build-essential \
+    && apt-get clean
 
 ENV ANSIBLE_CONFIG /opt/ansible.cfg
 ENV ANSIBLE_HOST_KEY_CHECKING False
@@ -1,3 +1,4 @@
+---
 version: "3.7"
 services:
   sc4s:
@@ -7,18 +8,18 @@ services:
         condition: on-failure
     image: ghcr.io/splunk/splunk-connect-for-syslog/container3:latest
     ports:
-       - target: 514
-         published: 514
-         protocol: tcp
-       - target: 514
-         published: 514
-         protocol: udp
-       - target: 601
-         published: 601
-         protocol: tcp
-       - target: 6514
-         published: 6514
-         protocol: tcp
+      - target: 514
+        published: 514
+        protocol: tcp
+      - target: 514
+        published: 514
+        protocol: udp
+      - target: 601
+        published: 601
+        protocol: tcp
+      - target: 6514
+        published: 6514
+        protocol: tcp
     env_file:
       - /opt/sc4s/env_file
     volumes:
@@ -28,6 +29,3 @@ services:
 #     - /opt/sc4s/archive:/var/lib/syslog-ng/archive:z
 # Map location of TLS custom TLS
 #     - /opt/sc4s/tls:/etc/syslog-ng/tls:z
-
-volumes:
-  splunk-sc4s-var:
@@ -3,9 +3,9 @@
 ## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
 ##
 ##
+---
 version: "3.7"
 services:
-
   ansible_sc4s:
     build:
       context: ../

@@ -1,7 +1,8 @@
+---
 all:
   hosts:
   children:
     node:
       hosts:
         node_1:
-          ansible_host:
+          ansible_host:
@@ -1,3 +1,4 @@
+---
 all:
   hosts:
   children:

@@ -1,3 +1,4 @@
+---
 all:
   hosts:
   children:

@@ -1,3 +1,4 @@
+---
 all:
   hosts:
   children:

@@ -1,6 +1,6 @@
 ---
 - hosts: node_1
-  become: yes
+  become: true
   vars:
     iface: "{{ swarm_iface | default('eth0') }}"
   tasks:

@@ -1,6 +1,6 @@
 ---
 - hosts: manager[0]
-  become: yes
+  become: true
   vars:
     iface: "{{ swarm_iface | default('eth0') }}"
   tasks:
@@ -10,7 +10,7 @@
     - include_tasks: ../tasks/docker_swarm/create_swarm.yml
 
 - hosts: manager, !manager[0]
-  become: yes
+  become: true
   vars:
     iface: "{{ swarm_iface | default('eth0') }}"
   tasks:
@@ -20,14 +20,14 @@
     - include_tasks: ../tasks/docker_swarm/join_managers.yml
 
 - hosts: worker
-  become: yes
+  become: true
   tasks:
     - name: Docker installation role
       include_role:
         name: install_docker
     - include_tasks: ../tasks/docker_swarm/join_workers.yml
 
 - hosts: manager[0]
-  become: yes
+  become: true
   tasks:
     - include_tasks: ../tasks/docker_swarm/deploy_stack.yml
@@ -1,9 +1,10 @@
 ---
 - hosts: node_1
-  become: yes
+  become: true
   vars:
     microk8s_plugins:
-    # Do not provide here metallb here as the installation process is different to standard plugins
+      # Do not provide here metallb here as the installation process
+      # is different to standard plugins
       helm3: true
       dns: true
       community: true

@@ -1,9 +1,10 @@
 ---
 - hosts: manager
-  become: yes
+  become: true
   vars:
     microk8s_plugins:
-      # Do not provide here metallb here as the installation process is different to standard plugins
+      # Do not provide here metallb here as the installation process
+      # is different to standard plugins
       helm3: true
       dns: true
       community: true
@@ -19,10 +20,11 @@
     - include_tasks: ../tasks/mk8s/update_etc_hosts.yml
 
 - hosts: workers
-  become: yes
+  become: true
   vars:
     microk8s_plugins:
-      # Do not provide here metallb here as the installation process is different to standard plugins
+      # Do not provide here metallb here as the installation process
+      # is different to standard plugins
       helm3: true
       dns: true
       community: true

@@ -1,6 +1,6 @@
 ---
 - hosts: node_1
-  become: yes
+  become: true
   tasks:
     - name: Podman installation role
       include_role:

@@ -1,7 +1,7 @@
 ---
 - name: Ensure dependencies are installed
   apt:
-    update-cache: yes
+    update-cache: true
     name:
       - ca-certificates
       - curl

@@ -13,9 +13,10 @@
 - name: Add Docker Repository (RedHat, centOS)
   shell: |
     dnf install -y yum-utils
-    yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+    yum-config-manager --add-repo
+    https://download.docker.com/linux/centos/docker-ce.repo
   args:
-    warn: no
+    warn: false
 
 - name: Install docker-ce (RedHat, CentOS)
   yum:

@@ -3,7 +3,7 @@
   file:
     path: "{{ item }}"
     state: directory
-    mode: 0755
+    mode: 0750
   loop:
     - /opt/sc4s
     - /opt/sc4s/tls
@@ -16,15 +16,15 @@
     dest: "/lib/systemd/system/sc4s.service"
     owner: "{{ ansible_user }}"
     group: "{{ ansible_user }}"
-    mode: u=rw,g=rw,o=r
+    mode: u=rw,g=rw
 
 - name: Copying env_file file on the server
   copy:
     src: "/opt/ansible/resources/env_file"
     dest: "/opt/sc4s/env_file"
     owner: "{{ ansible_user }}"
     group: "{{ ansible_user }}"
-    mode: u=rw,g=rw,o=r
+    mode: u=rw,g=rw
 
 - name: Create a volume
   docker_volume:
@@ -33,7 +33,6 @@
 - name: Enable sc4s service
   ansible.builtin.systemd:
     name: sc4s
-    enabled: yes
-    daemon_reload: yes
+    enabled: true
+    daemon_reload: true
     state: started
-
@@ -30,4 +30,4 @@
 
     - name: "set fact: join_token_worker"
       set_fact:
-        join_token_worker: "{{ join_token_worker_command['stdout'] }}"
+        join_token_worker: "{{ join_token_worker_command['stdout'] }}"
@@ -5,13 +5,13 @@
     dest: "/home/{{ ansible_user }}/docker-compose.yml"
     owner: "{{ ansible_user }}"
     group: "{{ ansible_user }}"
-    mode: u=rw,g=rw,o=r
+    mode: u=rw,g=rw
 
 - name: Create sc4s dependency directories
   file:
     path: "{{ item }}"
     state: directory
-    mode: 0755
+    mode: 0750
   loop:
     - /opt/sc4s
     - /opt/sc4s/tls
@@ -24,7 +24,7 @@
     dest: "/opt/sc4s/env_file"
     owner: "{{ ansible_user }}"
     group: "{{ ansible_user }}"
-    mode: u=rw,g=rw,o=r
+    mode: u=rw,g=rw
 
 - name: Create a volume
   docker_volume:
@@ -36,4 +36,3 @@
     name: SC4S
     compose:
       - "/home/{{ ansible_user }}/docker-compose.yml"
-
@@ -7,7 +7,8 @@
 
 - name: v2
   add_host:
-    hostname: "{{ groups['manager'] | map('extract', hostvars, ['ansible_host']) | join(':2377,') }}:2377"
+    hostname: "{{ groups['manager'] |
+      map('extract', hostvars, ['ansible_host']) | join(':2377,') }}:2377"
     groups: main_nodes_ips_with_port
   with_items: "{{ ansible_play_hosts | default(play_hosts) }}"
 
@@ -17,4 +18,4 @@
     state: join
     timeout: 60
     join_token: "{{ hostvars[first_swarm_manager_host].join_token_manager }}"
-    remote_addrs:  "{{ groups['main_nodes_ips_with_port'][0] }}:2377"
+    remote_addrs: "{{ groups['main_nodes_ips_with_port'][0] }}:2377"
@@ -5,7 +5,8 @@
 
 - name: v2
   add_host:
-    hostname: "{{ groups['manager'] | map('extract', hostvars, ['ansible_host']) | join(':3000,') }}:3000"
+    hostname: "{{ groups['manager'] | map('extract', hostvars,
+      ['ansible_host']) | join(':3000,') }}:3000"
     groups: main_nodes_ips_with_port
   with_items: "{{ ansible_play_hosts | default(play_hosts) }}"
 
@@ -14,4 +15,4 @@
     state: join
     timeout: 60
     join_token: "{{ hostvars[first_swarm_manager_host].join_token_worker }}"
-    remote_addrs:  "{{ groups['main_nodes_ips_with_port'][0] }}:2377"
+    remote_addrs: "{{ groups['main_nodes_ips_with_port'][0] }}:2377"
@@ -1,7 +1,7 @@
 ---
 - name: Ensure dependencies are installed (Debian)
   apt:
-    update-cache: yes
+    update-cache: true
     name:
       - ca-certificates
       - curl
@@ -42,9 +42,10 @@
 - name: Add Docker Repository (RedHat, centOS)
   shell: |
     dnf install -y yum-utils
-    yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+    yum-config-manager --add-repo
+    https://download.docker.com/linux/centos/docker-ce.repo
   args:
-    warn: no
+    warn: false
   when: ansible_os_family == "RedHat"
 
 - name: install docker-ce (Debian, Ubuntu)

@@ -5,16 +5,20 @@
     dest: "/home/{{ ansible_user }}/values.yaml"
     owner: "{{ ansible_user }}"
     group: "{{ ansible_user }}"
-    mode: u=rw,g=rw,o=r
+    mode: u=rw,g=rw
 
 - name: Deploy app or update it with new values if already deployed
   block:
     - name: Deploy sc4s app from templates with overwrites from values.yml
-      ansible.builtin.shell: microk8s helm3 install sc4s splunk-connect-for-syslog/splunk-connect-for-syslog -f values.yaml
+      ansible.builtin.shell: |
+        microk8s helm3 install sc4s
+        splunk-connect-for-syslog/splunk-connect-for-syslog -f values.yaml
       args:
         chdir: "/home/{{ ansible_user }}/"
   rescue:
-      - name: Update app with new values.yml
-        ansible.builtin.shell: microk8s helm3 upgrade sc4s splunk-connect-for-syslog/splunk-connect-for-syslog -f values.yaml
-        args:
-          chdir: "/home/{{ ansible_user }}/"
+    - name: Update app with new values.yml
+      ansible.builtin.shell: |
+        microk8s helm3 upgrade sc4s
+        splunk-connect-for-syslog/splunk-connect-for-syslog -f values.yaml
+      args:
+        chdir: "/home/{{ ansible_user }}/"
@@ -4,8 +4,8 @@
     file: "{{ item }}"
   with_first_found:
     - files:
-      - /opt/ansible/resources/k8s_secrets.yaml
-      - /opt/charts/splunk-connect-for-syslog/secrets.yaml
+        - /opt/ansible/resources/k8s_secrets.yaml
+        - /opt/charts/splunk-connect-for-syslog/secrets.yaml
 
 - name: Create mTLS secret
   ansible.builtin.shell: |

@@ -1,6 +1,6 @@
 ---
 - name: Get registration token
-  become: yes
+  become: true
   command:
     cmd: microk8s add-node --token-ttl 3600
   register: init_cluster
-Original file line number
+Diff line change
@@ -1,3 +1,4 @@
+    ---
     all:
       hosts:
       children:
@@ Expand Down @@