Organize tasks Phase 1

roles/splunk/tasks/check_splunk.yml

@@ -17,7 +17,7 @@
 
   # Configure auditd for both fresh and old installs
 - name: Configure Auditd
-  ansible.builtin.include_tasks: configure_auditd.yml
+  ansible.builtin.include_tasks: os_common/configure_auditd.yml
   when: splunk_auditd_configure
 
 - name: Execute this block only if splunk is already installed

roles/splunk/tasks/configure_dmc.yml

@@ -1,6 +1,6 @@
 ---
 - name: Check splunk
-  ansible.builtin.include_task: check_splunk.yml
+  ansible.builtin.include_tasks: check_splunk.yml
 
 - name: Configure DMC as a IDXC member
   ansible.builtin.include_tasks: configure_idxc_sh.yml

roles/splunk/tasks/install_apps.yml

@@ -79,7 +79,7 @@
     recursive: true
     delete: true
     checksum: true
-    private_key: "{{ rsync_private_key|default(omit) }}"
+    private_key: "{{ rsync_private_key | default(omit) }}"
     rsync_opts:
       - "--prune-empty-dirs"
       - "--itemize-changes"

roles/splunk/tasks/install_splunk.yml

@@ -1,39 +1,20 @@
 ---
 #  This task should be used for fresh installations of Splunk, refer to upgrade_splunk.yml for upgrades
-- name: Install Required Packages
-  ansible.builtin.include_tasks: prereqs.yml
-
 - name: Block for non-root splunk user setup
   block:
-    - name: Add nix splunk group
-      ansible.builtin.group:
-        name: "{{ splunk_nix_group }}"
-        state: present
-        local: "{{ local_os_group }}"
-      become: true
-
-    - name: Add nix splunk user
-      ansible.builtin.user:
-        name: "{{ splunk_nix_user }}"
-        group: "{{ splunk_nix_group }}"
-        groups: "{{ splunk_nix_groups | default(omit) }}"
-        home: "{{ splunk_nix_home }}"
-        state: present
-        shell: /bin/bash
-        local: "{{ local_os_user }}"
-        append: "{{ true if (splunk_nix_groups | default([]) | length > 0) else omit }}"
-      become: true
+    - name: Configure user and group for Splunk
+      ansible.builtin.include_tasks: os_common/configure_user.yml
 
-    - name: Allow splunk user to read /var/log
-      ansible.builtin.include_tasks: configure_facl.yml
+    - name: Configure permission for system logs
+      ansible.builtin.include_tasks: os_common/configure_logs.yml
+      when: least_privileged == false
 
     - name: Configure .bash_profile and .bashrc for splunk user
-      ansible.builtin.include_tasks: configure_bash.yml
-
+      ansible.builtin.include_tasks: os_common/configure_bash.yml
   when: splunk_nix_user != 'root'
 
 - name: Configure OS to disable THP and increase ulimits for splunk process
-  ansible.builtin.include_tasks: configure_os.yml
+  ansible.builtin.include_tasks: os_common/configure_os.yml
 
 - name: Include download and unarchive task
   ansible.builtin.include_tasks: download_and_unarchive.yml

roles/splunk/tasks/main.yml

@@ -7,9 +7,6 @@
     - "{{ ansible_distribution }}.yml"
     - "{{ ansible_os_family }}.yml"
 
-- name: Include prerequisites
-  ansible.builtin.include_tasks: prereqs.yml
-
 - name: Reset value of start_splunk_handler_fired and configure_boot_start
   tags: always
   ansible.builtin.set_fact:

roles/splunk/tasks/configure_facl.yml → roles/splunk/tasks/os_common/configure_logs.yml

@@ -1,4 +1,10 @@
 ---
+- name: install acl package
+  ansible.builtin.package:
+    name: acl
+    state: present
+  become: true
+
 - name: Configure file access control list (facl) settings for splunk user
   block:
     - name: Install acl package
@@ -29,7 +35,7 @@
     - name: Set use_logrotate fact based on file existence
       ansible.builtin.set_fact:
         use_logrotate: "{{ logrotate_stat.stat.exists | default(false) }}"
-        
+
     - name: Add setfacl to logrotate script
       ansible.builtin.lineinfile:
         path: "{{ logrotate_file }}"
@@ -55,5 +61,3 @@
         - restart redhat auditd service
         - restart non-redhat auditd service
       when: result_auditd_conf.stat.exists
-
-  when: not least_privileged

roles/splunk/tasks/os_common/configure_user.yml

@@ -0,0 +1,22 @@
+---
+- name: Block for non-root splunk user setup
+  block:
+    - name: Add nix splunk group
+      ansible.builtin.group:
+        name: "{{ splunk_nix_group }}"
+        state: present
+        local: "{{ local_os_group }}"
+      become: true
+
+    - name: Add nix splunk user
+      ansible.builtin.user:
+        name: "{{ splunk_nix_user }}"
+        group: "{{ splunk_nix_group }}"
+        groups: "{{ splunk_nix_groups | default(omit) }}"
+        home: "{{ splunk_nix_home }}"
+        state: present
+        shell: /bin/bash
+        local: "{{ local_os_user }}"
+        append: "{{ true if (splunk_nix_groups | default([]) | length > 0) else omit }}"
+      become: true
+  when: splunk_nix_user != 'root'

roles/splunk/tasks/post_install.yml

@@ -28,5 +28,5 @@
   when: add_pstack_script
 
 - name: Install additional utilities and troubleshooting tools
-  ansible.builtin.include_tasks: install_utilities.yml
+  ansible.builtin.include_tasks: os_common/install_utilities.yml
   when: install_utilities

roles/splunk/tasks/upgrade_splunk.yml

@@ -1,11 +1,11 @@
 ---
 # This task is called by check_splunk.yml to perform splunk upgrades. Do not run this task directly as check_splunk.yml will stop splunk first.
 - name: Configure .bash_profile and .bashrc for splunk user
-  ansible.builtin.include_tasks: configure_bash.yml
+  ansible.builtin.include_tasks: os_common/configure_bash.yml
   when: splunk_nix_user != 'root'
 
 - name: Configure OS to disable THP and increase ulimits for splunk process
-  ansible.builtin.include_tasks: configure_os.yml
+  ansible.builtin.include_tasks: os_common/configure_os.yml
 
 - name: Include task to kill any stale splunkd processes
   ansible.builtin.include_tasks: adhoc_kill_splunkd.yml