diff --git a/inventory/environ.py b/inventory/environ.py index e79f081e..d36a835d 100755 --- a/inventory/environ.py +++ b/inventory/environ.py @@ -574,6 +574,7 @@ def overrideEnvironmentVars(vars_scope): vars_scope["splunk"]["root_endpoint"] = os.environ.get('SPLUNK_ROOT_ENDPOINT', vars_scope["splunk"]["root_endpoint"]) vars_scope["splunk"]["svc_port"] = os.environ.get('SPLUNK_SVC_PORT', vars_scope["splunk"]["svc_port"]) vars_scope["splunk"]["splunk_http_enabled"] = os.environ.get('ENABLE_TCP_MODE', vars_scope["splunk"]["enable_tcp_mode"]) + vars_scope["splunk"]["resource_limits_source"] = os.environ.get('SPLUNK_RESOURCE_LIMITS_SOURCE', vars_scope["splunk"]["resource_limits_source"]) vars_scope["splunk"]["s2s"]["port"] = int(os.environ.get('SPLUNK_S2S_PORT', vars_scope["splunk"]["s2s"]["port"])) vars_scope["splunk"]["enable_service"] = os.environ.get('SPLUNK_ENABLE_SERVICE', vars_scope["splunk"]["enable_service"]) vars_scope["splunk"]["service_name"] = os.environ.get('SPLUNK_SERVICE_NAME', vars_scope["splunk"]["service_name"]) @@ -584,6 +585,8 @@ def overrideEnvironmentVars(vars_scope): if vars_scope["splunk"]["splunk_http_enabled"] == "false" and "forwarder" not in vars_scope["splunk"]["role"].lower(): vars_scope["splunk"]["splunk_http_enabled"] = "true" + if vars_scope["splunk"]["resource_limits_source"] not in ["hardware", "container_sok"]: + vars_scope["splunk"]["resource_limits_source"] = "hardware" # Set set_search_peers to False to disable peering to indexers when creating multisite topology if os.environ.get("SPLUNK_SET_SEARCH_PEERS", "").lower() == "false": vars_scope["splunk"]["set_search_peers"] = False diff --git a/inventory/splunk_defaults_linux.yml b/inventory/splunk_defaults_linux.yml index c82bc9ac..4e4161cf 100644 --- a/inventory/splunk_defaults_linux.yml +++ b/inventory/splunk_defaults_linux.yml @@ -42,6 +42,7 @@ splunk: secret: pass4SymmKey: svc_port: 8089 + resource_limits_source: "hardware" ssl: enable: True cert: diff --git a/inventory/splunk_defaults_windows.yml b/inventory/splunk_defaults_windows.yml index 72fbcfab..c5f3585a 100644 --- a/inventory/splunk_defaults_windows.yml +++ b/inventory/splunk_defaults_windows.yml @@ -41,6 +41,7 @@ splunk: secret: pass4SymmKey: svc_port: 8089 + resource_limits_source: "hardware" ssl: enable: True cert: diff --git a/inventory/splunkforwarder_defaults_linux.yml b/inventory/splunkforwarder_defaults_linux.yml index 6f040479..40694111 100644 --- a/inventory/splunkforwarder_defaults_linux.yml +++ b/inventory/splunkforwarder_defaults_linux.yml @@ -41,6 +41,7 @@ splunk: secret: pass4SymmKey: svc_port: 8089 + resource_limits_source: "hardware" ssl: enable: True cert: diff --git a/inventory/splunkforwarder_defaults_windows.yml b/inventory/splunkforwarder_defaults_windows.yml index c93a4fb6..b452d715 100644 --- a/inventory/splunkforwarder_defaults_windows.yml +++ b/inventory/splunkforwarder_defaults_windows.yml @@ -41,6 +41,7 @@ splunk: secret: pass4SymmKey: svc_port: 8089 + resource_limits_source: "hardware" ssl: enable: True cert: diff --git a/roles/splunk_common/tasks/main.yml b/roles/splunk_common/tasks/main.yml index 37dd6d71..160b9823 100644 --- a/roles/splunk_common/tasks/main.yml +++ b/roles/splunk_common/tasks/main.yml @@ -122,6 +122,8 @@ - include_tasks: enable_dsp.yml when: "'dsp' in splunk and 'enable' in splunk.dsp and splunk.dsp.enable" +- include_tasks: set_resource_limits.yml + - include_tasks: start_splunk.yml - include_tasks: set_certificate_prefix.yml diff --git a/roles/splunk_common/tasks/set_resource_limits.yml b/roles/splunk_common/tasks/set_resource_limits.yml new file mode 100644 index 00000000..fe0804ee --- /dev/null +++ b/roles/splunk_common/tasks/set_resource_limits.yml @@ -0,0 +1,9 @@ +--- +- name: Configure Resource Limits as {{ splunk.resource_limits_source }} + ini_file: + dest: "{{ splunk.home }}/etc/system/local/limits.conf" + option: "resource_limits_source" + section: "system_checks" + value: "{{ splunk.resource_limits_source }}" + owner: "{{ splunk.user }}" + group: "{{ splunk.group }}"