SplunkForwarder UF Installation
设置参数
#!/bin/bash
#Argumentlist
SPLUNK_HOME=/opt/splunkforwarder
SPLUNK_USER=splunker
#SPLUNK_GRP=splunker
SPLUNK_BIN=$SPLUNK_HOME/bin
SPLUNK_VER="$SPLUNK_HOME/splunkforwarder-9*"
SPLUNK_UNIT_NAME=splunk
CON_DIR=$SPLUNK_HOME/etc/apps
CON_FOLDER=pwc-uf-mac-deploymentclient
_silent="--accept-license --answer-yes --no-prompt"
SCRIPT_PATH=$(dirname "$0")
检测是否使用Root账号运行此脚本
# Check for root
if [ "$(id -u)" != "0" ]; then
echo "Relaunching this script as root user."
exec sudo "$0" "$@"
fi
检测设置路径下是否存在SplunkForwarder
- T:检测当前SplunkForwarder版本是否为目标版本
- T:替换配置文件,并重启服务splunk
- F:暂停Service,覆盖安装,添加配置文件
- F:检测是否存在splunker用户,没有则进行添加;进行安装SplunkForwarder,替换配置文件后需要重启服务splunk
if [ -d $SPLUNK_HOME ]; then
echo "Splunkforwarder exists!"
if ls $SPLUNK_VER 1> /dev/null 2>&1; then
echo "Splunkforwarder is the lastest."
if [ -d $CON_DIR/Backup ]; then
for dir in $CON_DIR/pwc*; do
dir_name=$(basename ${dir})
if [[ "${dir_name}" != $CON_FOLDER && "${dir_name}" != *cn ]]; then
mv -f $CON_DIR/pwc* $CON_DIR/Backup
echo "Success to delete old configuration-pwc*"
fi
done
#Replace configuration
cd $SCRIPT_PATH
sudo cp -r $CON_FOLDER $CON_DIR
echo "Success to copy $CON_FOLDER!"
RESTART_COMMNAD="$SPLUNK_BIN/splunk restart $_silent"
CHECK_COMMAND="$SPLUNK_BIN/splunk status"
while true; do
${RESTART_COMMNAD}
sleep 10
if ${CHECK_COMMAND} | grep -q "splunkd is running" ; then
echo "Restart successfully"
break
else
echo "Fail to restart. Trying again."
fi
done
$SPLUNK_BIN/splunk restart $_silent
echo "Success to restart splunk!"
else
for dir in $CON_DIR/pwc*; do
dir_name=$(basename ${dir})
if [[ "${dir_name}" != $CON_FOLDER && "${dir_name}" != *cn ]]; then
mkdir -p $CON_DIR/Backup
mv -f $CON_DIR/pwc* $CON_DIR/Backup
echo "Success to delete old configuration-pwc*"
fi
done
#Replace configuration
cd $SCRIPT_PATH
sudo cp -r $CON_FOLDER $CON_DIR
echo "Success to copy $CON_FOLDER!"
while true; do
${RESTART_COMMNAD}
sleep 10
if ${CHECK_COMMAND} | grep -q "splunkd is running" ; then
echo "Restart successfully"
break
else
echo "Fail to restart. Trying again."
fi
done
fi
else
$SPLUNK_BIN/splunk stop
tar -xzf splunkforwarder-9.0.3-darwin-universal.tgz -C /opt
if [ -d $CON_DIR/Backup ]; then
for dir in $CON_DIR/pwc*; do
dir_name=$(basename ${dir})
if [[ "${dir_name}" != $CON_FOLDER && "${dir_name}" != *cn ]]; then
mv -f $CON_DIR/pwc* $CON_DIR/Backup
echo "Success to delete old configuration-pwc*"
fi
done
#Replace configuration
cd $SCRIPT_PATH
sudo cp -r $CON_FOLDER $CON_DIR
echo "Success to copy $CON_FOLDER!"
RESTART_COMMNAD="$SPLUNK_BIN/splunk restart $_silent"
CHECK_COMMAND="$SPLUNK_BIN/splunk status"
while true; do
${RESTART_COMMNAD}
sleep 10
if ${CHECK_COMMAND} | grep -q "splunkd is running" ; then
echo "Restart successfully"
break
else
echo "Fail to restart. Trying again."
fi
done
else
for dir in $CON_DIR/pwc*; do
dir_name=$(basename ${dir})
if [[ "${dir_name}" != $CON_FOLDER && "${dir_name}" != *cn ]]; then
mkdir -p $CON_DIR/Backup
mv -f $CON_DIR/pwc* $CON_DIR/Backup
echo "Success to delete old configuration-pwc*"
fi
done
#Replace configuration
cd $SCRIPT_PATH
sudo cp -r $CON_FOLDER $CON_DIR
echo "Success to copy $CON_FOLDER!"
RESTART_COMMNAD="$SPLUNK_BIN/splunk restart $_silent"
CHECK_COMMAND="$SPLUNK_BIN/splunk status"
while true; do
${RESTART_COMMNAD}
sleep 10
if ${CHECK_COMMAND} | grep -q "splunkd is running" ; then
echo "Restart successfully"
break
else
echo "Fail to restart. Trying again."
fi
done
fi
fi
else
# Does not exist. Then, Installation for splunk
cd $SCRIPT_PATH
tar -xzf splunkforwarder-9.0.3-darwin-universal.tgz -C /opt
if [ -d $SPLUNK_HOME ]; then
echo "Success to install Splunk."
#Create a new folder for backup configuration
mkdir -p $CON_DIR/Backup
mv -f $CON_DIR/pwc* $CON_DIR/Backup
echo "Success to delete old configuration-pwc*"
#Replace configuration [pwc-uf-mac-deploymentclient]
cd $SCRIPT_PATH
sudo cp -r $CON_FOLDER $CON_DIR
echo "Success to copy $CON_FOLDER!"
# Change ownership of splunk
if ! id -u splunker >/dev/null 2>&1; then
# Create user: splunker
sudo dscl . -create /Users/splunker
sudo dscl . -create /Users/splunker UserShell /bin/bash
sudo dscl . -create /Users/splunker RealName "splunker"
sudo dscl . -create /Users/splunker UniqueID "9980"
sudo dscl . -create /Users/splunker PrimaryGroupID "9980"
sudo dscl . -create /Users/splunker NFSHomeDirectory /Users/splunker
sudo mkdir /Users/splunker
sudo chown splunker:splunker /Users/splunker
# Create group: splunker
sudo dscl . -create /Groups/splunker
sudo dscl . -create /Groups/splunker RealName "splunker"
sudo dscl . -create /Groups/splunker gid "9980"
# Add user to group
sudo dseditgroup -o edit -a splunker -t user splunker
fi
sudo chown -R splunker:splunker $SPLUNK_HOME/
echo "Change successfully"
# Start Splunk as non-root SPLUNK_USER
sudo -u splunker $SPLUNK_BIN/splunk start $_silent
# ENABLE BOOT START SECTION
sudo -u splunker $SPLUNK_BIN/splunk enable boot-start
# Restarting Splunk...
sudo -u splunker $SPLUNK_BIN/splunk restart $_silent
echo "restart successfully"
fi
fi
