diff options
Diffstat (limited to 'splunkforwarder.install')
-rw-r--r-- | splunkforwarder.install | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/splunkforwarder.install b/splunkforwarder.install new file mode 100644 index 000000000000..d54b18740473 --- /dev/null +++ b/splunkforwarder.install @@ -0,0 +1,136 @@ +pre_install() { + SPLUNK_HOME="/opt/splunkforwarder" + + group_exists=no + # Try to test for group existence in a 'modern' fashion + if which getent >/dev/null; then + if getent group splunk >/dev/null; then + group_exists=yes + fi + # or fall back + elif grep '^splunk:' /etc/group >/dev/null; then + group_exists=yes + fi + + if [ "${group_exists}"x = nox ]; then + groupadd splunk + fi + if id splunk > /dev/null 2>&1; then + : #user already exists + else + useradd -c "Splunk Server" -d $SPLUNK_HOME -s /bin/bash -g splunk splunk + fi +} + +post_install() { + SPLUNK_HOME="/opt/splunkforwarder" + + if [ ! -f "$SPLUNK_HOME/etc/splunk-launch.conf" ]; then + sed "s%# SPLUNK_HOME=.*%SPLUNK_HOME=$SPLUNK_HOME%g" "$SPLUNK_HOME/etc/splunk-launch.conf.default" > "$SPLUNK_HOME/etc/splunk-launch.conf" + fi + + # Build the post-install message in steps: + touch "$SPLUNK_HOME/ftr" + echo "-------------------------------------------------------------------------" > "$SPLUNK_HOME/ftr" + echo "Splunk has been installed in:" >> "$SPLUNK_HOME/ftr" + echo " $SPLUNK_HOME" >> "$SPLUNK_HOME/ftr" + echo "" >> "$SPLUNK_HOME/ftr" + echo "To start Splunk, run the command:" >> "$SPLUNK_HOME/ftr" + echo " $SPLUNK_HOME/bin/splunk start" >> "$SPLUNK_HOME/ftr" + echo "" >> "$SPLUNK_HOME/ftr" + echo "" >> "$SPLUNK_HOME/ftr" + echo "To use the Splunk web interface, point your browser to:" >> "$SPLUNK_HOME/ftr" + echo " http://$HOSTNAME:8000" >> "$SPLUNK_HOME/ftr" + echo "" >> "$SPLUNK_HOME/ftr" + echo "" >> "$SPLUNK_HOME/ftr" + echo "Complete documentation is at http://docs.splunk.com/Documentation/Splunk" >> "$SPLUNK_HOME/ftr" + echo "-------------------------------------------------------------------------" >> "$SPLUNK_HOME/ftr" + + echo "Splunk forwarder has been installed to $SPLUNK_HOME" + echo "You can start Splunk by running 'systemctl start splunkforwarder'" + + chown -R splunk:splunk "$SPLUNK_HOME" +} + +pre_upgrade() { + SPLUNK_HOME="/opt/splunkforwarder" + echo "Attempting to stop the installed Splunk Server..." + $SPLUNK_HOME/bin/splunk stop + systemctl stop splunkforwarder + + group_exists=no + # Try to test for group existence in a 'modern' fashion + if which getent >/dev/null; then + if getent group splunk >/dev/null; then + group_exists=yes + fi + # or fall back + elif grep '^splunk:' /etc/group >/dev/null; then + group_exists=yes + fi + + if [ "${group_exists}"x = nox ]; then + groupadd splunk + fi + if id splunk > /dev/null 2>&1; then + : #user already exists + else + useradd -c "Splunk Server" -d $SPLUNK_HOME -s /bin/bash -g splunk splunk + fi +} + +post_upgrade() { + SPLUNK_HOME="/opt/splunkforwarder" + + # Build the post-upgrade message in steps: + touch "$SPLUNK_HOME/ftr" + echo "-------------------------------------------------------------------------" > "$SPLUNK_HOME/ftr" + echo "Splunk has been updated in:" >> "$SPLUNK_HOME/ftr" + echo " $SPLUNK_HOME" >> "$SPLUNK_HOME/ftr" + echo "" >> "$SPLUNK_HOME/ftr" + echo "To start Splunk, run the command:" >> "$SPLUNK_HOME/ftr" + echo " $SPLUNK_HOME/bin/splunk start" >> "$SPLUNK_HOME/ftr" + echo "" >> "$SPLUNK_HOME/ftr" + echo "" >> "$SPLUNK_HOME/ftr" + echo "To use the Splunk web interface, point your browser to:" >> "$SPLUNK_HOME/ftr" + echo " http://$HOSTNAME:8000" >> "$SPLUNK_HOME/ftr" + echo "" >> "$SPLUNK_HOME/ftr" + echo "" >> "$SPLUNK_HOME/ftr" + echo "Complete documentation is at http://docs.splunk.com/Documentation/Splunk" >> "$SPLUNK_HOME/ftr" + echo "-------------------------------------------------------------------------" >> "$SPLUNK_HOME/ftr" + + echo "Splunk forwarder has been upgraded in $SPLUNK_HOME" + echo "Run 'systemctl start splunkforwarder' to complete the upgrade." + + chown -R splunk:splunk "$SPLUNK_HOME" +} + +pre_remove() { + SPLUNK_HOME="/opt/splunkforwarder" + echo "Attempting to stop the installed Splunk Server..." + $SPLUNK_HOME/bin/splunk stop + systemctl stop splunkforwarder +} + +post_remove() { + if [ `pacman -Q | grep splunk | wc -l` -eq 1 ]; then + if id splunk > /dev/null 2>&1; then + userdel -r splunk + fi + + group_exists=no + # Try to test for group existence in a 'modern' fashion + if which getent >/dev/null; then + if getent group splunk >/dev/null; then + group_exists=yes + fi + # or fall back + elif grep '^splunk:' /etc/group >/dev/null; then + group_exists=yes + fi + + if [ "${group_exists}"x = yesx ]; then + groupdel splunk + fi + fi +} |