summarylogtreecommitdiffstats
path: root/splunkforwarder.install
diff options
context:
space:
mode:
Diffstat (limited to 'splunkforwarder.install')
-rw-r--r--splunkforwarder.install136
1 files changed, 136 insertions, 0 deletions
diff --git a/splunkforwarder.install b/splunkforwarder.install
new file mode 100644
index 000000000000..d54b18740473
--- /dev/null
+++ b/splunkforwarder.install
@@ -0,0 +1,136 @@
+pre_install() {
+ SPLUNK_HOME="/opt/splunkforwarder"
+
+ group_exists=no
+ # Try to test for group existence in a 'modern' fashion
+ if which getent >/dev/null; then
+ if getent group splunk >/dev/null; then
+ group_exists=yes
+ fi
+ # or fall back
+ elif grep '^splunk:' /etc/group >/dev/null; then
+ group_exists=yes
+ fi
+
+ if [ "${group_exists}"x = nox ]; then
+ groupadd splunk
+ fi
+ if id splunk > /dev/null 2>&1; then
+ : #user already exists
+ else
+ useradd -c "Splunk Server" -d $SPLUNK_HOME -s /bin/bash -g splunk splunk
+ fi
+}
+
+post_install() {
+ SPLUNK_HOME="/opt/splunkforwarder"
+
+ if [ ! -f "$SPLUNK_HOME/etc/splunk-launch.conf" ]; then
+ sed "s%# SPLUNK_HOME=.*%SPLUNK_HOME=$SPLUNK_HOME%g" "$SPLUNK_HOME/etc/splunk-launch.conf.default" > "$SPLUNK_HOME/etc/splunk-launch.conf"
+ fi
+
+ # Build the post-install message in steps:
+ touch "$SPLUNK_HOME/ftr"
+ echo "-------------------------------------------------------------------------" > "$SPLUNK_HOME/ftr"
+ echo "Splunk has been installed in:" >> "$SPLUNK_HOME/ftr"
+ echo " $SPLUNK_HOME" >> "$SPLUNK_HOME/ftr"
+ echo "" >> "$SPLUNK_HOME/ftr"
+ echo "To start Splunk, run the command:" >> "$SPLUNK_HOME/ftr"
+ echo " $SPLUNK_HOME/bin/splunk start" >> "$SPLUNK_HOME/ftr"
+ echo "" >> "$SPLUNK_HOME/ftr"
+ echo "" >> "$SPLUNK_HOME/ftr"
+ echo "To use the Splunk web interface, point your browser to:" >> "$SPLUNK_HOME/ftr"
+ echo " http://$HOSTNAME:8000" >> "$SPLUNK_HOME/ftr"
+ echo "" >> "$SPLUNK_HOME/ftr"
+ echo "" >> "$SPLUNK_HOME/ftr"
+ echo "Complete documentation is at http://docs.splunk.com/Documentation/Splunk" >> "$SPLUNK_HOME/ftr"
+ echo "-------------------------------------------------------------------------" >> "$SPLUNK_HOME/ftr"
+
+ echo "Splunk forwarder has been installed to $SPLUNK_HOME"
+ echo "You can start Splunk by running 'systemctl start splunkforwarder'"
+
+ chown -R splunk:splunk "$SPLUNK_HOME"
+}
+
+pre_upgrade() {
+ SPLUNK_HOME="/opt/splunkforwarder"
+ echo "Attempting to stop the installed Splunk Server..."
+ $SPLUNK_HOME/bin/splunk stop
+ systemctl stop splunkforwarder
+
+ group_exists=no
+ # Try to test for group existence in a 'modern' fashion
+ if which getent >/dev/null; then
+ if getent group splunk >/dev/null; then
+ group_exists=yes
+ fi
+ # or fall back
+ elif grep '^splunk:' /etc/group >/dev/null; then
+ group_exists=yes
+ fi
+
+ if [ "${group_exists}"x = nox ]; then
+ groupadd splunk
+ fi
+ if id splunk > /dev/null 2>&1; then
+ : #user already exists
+ else
+ useradd -c "Splunk Server" -d $SPLUNK_HOME -s /bin/bash -g splunk splunk
+ fi
+}
+
+post_upgrade() {
+ SPLUNK_HOME="/opt/splunkforwarder"
+
+ # Build the post-upgrade message in steps:
+ touch "$SPLUNK_HOME/ftr"
+ echo "-------------------------------------------------------------------------" > "$SPLUNK_HOME/ftr"
+ echo "Splunk has been updated in:" >> "$SPLUNK_HOME/ftr"
+ echo " $SPLUNK_HOME" >> "$SPLUNK_HOME/ftr"
+ echo "" >> "$SPLUNK_HOME/ftr"
+ echo "To start Splunk, run the command:" >> "$SPLUNK_HOME/ftr"
+ echo " $SPLUNK_HOME/bin/splunk start" >> "$SPLUNK_HOME/ftr"
+ echo "" >> "$SPLUNK_HOME/ftr"
+ echo "" >> "$SPLUNK_HOME/ftr"
+ echo "To use the Splunk web interface, point your browser to:" >> "$SPLUNK_HOME/ftr"
+ echo " http://$HOSTNAME:8000" >> "$SPLUNK_HOME/ftr"
+ echo "" >> "$SPLUNK_HOME/ftr"
+ echo "" >> "$SPLUNK_HOME/ftr"
+ echo "Complete documentation is at http://docs.splunk.com/Documentation/Splunk" >> "$SPLUNK_HOME/ftr"
+ echo "-------------------------------------------------------------------------" >> "$SPLUNK_HOME/ftr"
+
+ echo "Splunk forwarder has been upgraded in $SPLUNK_HOME"
+ echo "Run 'systemctl start splunkforwarder' to complete the upgrade."
+
+ chown -R splunk:splunk "$SPLUNK_HOME"
+}
+
+pre_remove() {
+ SPLUNK_HOME="/opt/splunkforwarder"
+ echo "Attempting to stop the installed Splunk Server..."
+ $SPLUNK_HOME/bin/splunk stop
+ systemctl stop splunkforwarder
+}
+
+post_remove() {
+ if [ `pacman -Q | grep splunk | wc -l` -eq 1 ]; then
+ if id splunk > /dev/null 2>&1; then
+ userdel -r splunk
+ fi
+
+ group_exists=no
+ # Try to test for group existence in a 'modern' fashion
+ if which getent >/dev/null; then
+ if getent group splunk >/dev/null; then
+ group_exists=yes
+ fi
+ # or fall back
+ elif grep '^splunk:' /etc/group >/dev/null; then
+ group_exists=yes
+ fi
+
+ if [ "${group_exists}"x = yesx ]; then
+ groupdel splunk
+ fi
+ fi
+}