blob: d54b18740473acaeedeaad6b2529d00622fc3a26 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
pre_install() {
SPLUNK_HOME="/opt/splunkforwarder"
group_exists=no
# Try to test for group existence in a 'modern' fashion
if which getent >/dev/null; then
if getent group splunk >/dev/null; then
group_exists=yes
fi
# or fall back
elif grep '^splunk:' /etc/group >/dev/null; then
group_exists=yes
fi
if [ "${group_exists}"x = nox ]; then
groupadd splunk
fi
if id splunk > /dev/null 2>&1; then
: #user already exists
else
useradd -c "Splunk Server" -d $SPLUNK_HOME -s /bin/bash -g splunk splunk
fi
}
post_install() {
SPLUNK_HOME="/opt/splunkforwarder"
if [ ! -f "$SPLUNK_HOME/etc/splunk-launch.conf" ]; then
sed "s%# SPLUNK_HOME=.*%SPLUNK_HOME=$SPLUNK_HOME%g" "$SPLUNK_HOME/etc/splunk-launch.conf.default" > "$SPLUNK_HOME/etc/splunk-launch.conf"
fi
# Build the post-install message in steps:
touch "$SPLUNK_HOME/ftr"
echo "-------------------------------------------------------------------------" > "$SPLUNK_HOME/ftr"
echo "Splunk has been installed in:" >> "$SPLUNK_HOME/ftr"
echo " $SPLUNK_HOME" >> "$SPLUNK_HOME/ftr"
echo "" >> "$SPLUNK_HOME/ftr"
echo "To start Splunk, run the command:" >> "$SPLUNK_HOME/ftr"
echo " $SPLUNK_HOME/bin/splunk start" >> "$SPLUNK_HOME/ftr"
echo "" >> "$SPLUNK_HOME/ftr"
echo "" >> "$SPLUNK_HOME/ftr"
echo "To use the Splunk web interface, point your browser to:" >> "$SPLUNK_HOME/ftr"
echo " http://$HOSTNAME:8000" >> "$SPLUNK_HOME/ftr"
echo "" >> "$SPLUNK_HOME/ftr"
echo "" >> "$SPLUNK_HOME/ftr"
echo "Complete documentation is at http://docs.splunk.com/Documentation/Splunk" >> "$SPLUNK_HOME/ftr"
echo "-------------------------------------------------------------------------" >> "$SPLUNK_HOME/ftr"
echo "Splunk forwarder has been installed to $SPLUNK_HOME"
echo "You can start Splunk by running 'systemctl start splunkforwarder'"
chown -R splunk:splunk "$SPLUNK_HOME"
}
pre_upgrade() {
SPLUNK_HOME="/opt/splunkforwarder"
echo "Attempting to stop the installed Splunk Server..."
$SPLUNK_HOME/bin/splunk stop
systemctl stop splunkforwarder
group_exists=no
# Try to test for group existence in a 'modern' fashion
if which getent >/dev/null; then
if getent group splunk >/dev/null; then
group_exists=yes
fi
# or fall back
elif grep '^splunk:' /etc/group >/dev/null; then
group_exists=yes
fi
if [ "${group_exists}"x = nox ]; then
groupadd splunk
fi
if id splunk > /dev/null 2>&1; then
: #user already exists
else
useradd -c "Splunk Server" -d $SPLUNK_HOME -s /bin/bash -g splunk splunk
fi
}
post_upgrade() {
SPLUNK_HOME="/opt/splunkforwarder"
# Build the post-upgrade message in steps:
touch "$SPLUNK_HOME/ftr"
echo "-------------------------------------------------------------------------" > "$SPLUNK_HOME/ftr"
echo "Splunk has been updated in:" >> "$SPLUNK_HOME/ftr"
echo " $SPLUNK_HOME" >> "$SPLUNK_HOME/ftr"
echo "" >> "$SPLUNK_HOME/ftr"
echo "To start Splunk, run the command:" >> "$SPLUNK_HOME/ftr"
echo " $SPLUNK_HOME/bin/splunk start" >> "$SPLUNK_HOME/ftr"
echo "" >> "$SPLUNK_HOME/ftr"
echo "" >> "$SPLUNK_HOME/ftr"
echo "To use the Splunk web interface, point your browser to:" >> "$SPLUNK_HOME/ftr"
echo " http://$HOSTNAME:8000" >> "$SPLUNK_HOME/ftr"
echo "" >> "$SPLUNK_HOME/ftr"
echo "" >> "$SPLUNK_HOME/ftr"
echo "Complete documentation is at http://docs.splunk.com/Documentation/Splunk" >> "$SPLUNK_HOME/ftr"
echo "-------------------------------------------------------------------------" >> "$SPLUNK_HOME/ftr"
echo "Splunk forwarder has been upgraded in $SPLUNK_HOME"
echo "Run 'systemctl start splunkforwarder' to complete the upgrade."
chown -R splunk:splunk "$SPLUNK_HOME"
}
pre_remove() {
SPLUNK_HOME="/opt/splunkforwarder"
echo "Attempting to stop the installed Splunk Server..."
$SPLUNK_HOME/bin/splunk stop
systemctl stop splunkforwarder
}
post_remove() {
if [ `pacman -Q | grep splunk | wc -l` -eq 1 ]; then
if id splunk > /dev/null 2>&1; then
userdel -r splunk
fi
group_exists=no
# Try to test for group existence in a 'modern' fashion
if which getent >/dev/null; then
if getent group splunk >/dev/null; then
group_exists=yes
fi
# or fall back
elif grep '^splunk:' /etc/group >/dev/null; then
group_exists=yes
fi
if [ "${group_exists}"x = yesx ]; then
groupdel splunk
fi
fi
}
|