Trying to Change Splunk Password via Splunk Syntax - Erroring

167 views
Skip to first unread message

Heather Luna

unread,
Jan 17, 2018, 5:02:05 PM1/17/18
to Ansible Project
Hello! 

My first playbook is just about complete. I just have a couple config changes to make with some .conf files and a password edit for the splunk user. 

Splunk documentation states to run this command at the command line to change the Splunk admin password:

Run the following command from: $SPLUNK_HOME \bin\
splunk edit user admin –password complexpasswordhere

I couldn't find a way around it with an Ansible module - I wasn't sure if this constituted a local password or not so I decided to opt for the following Ansible syntax using the win_shell module:

- name: Splunk Install, Upgrade, Removal Process
  hosts: windows
  gather_facts: yes
  tasks:
  - name: Changing Splunk admin password
    win_shell: splunk edit user admin -password passwordgoeshere
    args:
      chdir: "C://Program Files//SplunkUniversalForwarder//bin"

  1. fatal: [machinename.edu]: FAILED! => {"changed": true, "cmd": "splunk edit user admin -password passwordhere", "delta": "0:00:00.687515", "end": "2018-01-17 09:52:06.426731", "msg": "non-zero return code", "rc": 1, "start": "2018-01-17 09:52:05.739215", "stderr": "splunk : The term 'splunk' is not recognized as the name of a cmdlet, function, script file, or \r\noperable program. Check the spelling of the name, or if a path was included, verify that the path \r\nis correct and try again.\r\nAt line:1 char:65\r\n+ ... ::InputEncoding = New-Object Text.UTF8Encoding $false; splunk edit us ...\r\n+                                                            ~~~~~~\r\n    + CategoryInfo          : ObjectNotFound: (splunk:String) [], CommandNotFoundException\r\n    + FullyQualifiedErrorId : CommandNotFoundException", "stderr_lines": ["splunk : The term 'splunk' is not recognized as the name of a cmdlet, function, script file, or ", "operable program. Check the spelling of the name, or if a path was included, verify that the path ", "is correct and try again.", "At line:1 char:65", "+ ... ::InputEncoding = New-Object Text.UTF8Encoding $false; splunk edit us ...", "+            


  3. Am I using this module incorrectly? I thought I could just input the syntax I would have normally run into the win_shell module.

  1. Thanks for any tips! 



  4.  

Jordan Borean

unread,
Jan 17, 2018, 9:04:41 PM1/17/18
to Ansible Project
The win_shell module is used to run shell command, in the case of powershell they could be New-Item, Get-Item, .. or for cmd it would be things like dir, pwd and so on. You can technically run executables like splunk through win_shell by prefixing it with the call operator (powershell-ism) but you are better off using win_command which is designed to run executables directly without a shell.

Here is what I would do

- name: Changing Splunk admin password with base win_command
  win_command: '"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" edit user admin -password passwordgoeshere'

# or

- name: Changing Splunk admin password with specific working directory
  win_command: splunk.exe edit user admin -password passwordgoeshere
  args:
    chdir: C:\Program Files\SplunkUniversalForwarder\bin

# or if you really wanted to use win_shell

- name: Changing Splunk admin password with win_shell
  win_shell: &"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" @("edit", "user", "admin", "-password", "passwordgoeshere")

I'll explain each of the options in more details

1. base win_command
  • You need to quote the splunk path with double quotes so that it treats it as one argument with spaces
  • Because yaml rules state that each value that starts with a quote also needs to end with a quote, we will encapsulate the entire value with a single quote
2. win_command with specific working directory
  • This is pretty much the same as the above but it changes the working directory to C:\Program Files\SplunkUniversalForwarder\bin so you don't need to set the full path to the executable
  • This is useful when executing something that is dependent on the path you are running
3 win_shell
  • While this should still work, you need to tell PowerShell what to do, it was trying to find the cmdlet/function/script called splunk as it doesn't always run executables from the name
  • Because of the above, I enclose the full path to the executable in quotes and put it directly after the call operator (&)
  • This tells powershell to execute the following executable
  • The arguments are then set in a list, while not necessary most of the time, it helps to strictly define the arguments and useful when dealing with spaces
One more thing that is generic to all the 3 options, when dealing with backslashes in Windows paths, I would always avoid using forward slashes and only use back slashes when necessary. It comes down to these rules
  • Don't use the key=value Ansible definition and use the yaml structure
  • Avoid quoting values unless it is necessary, most of the time you only need to quote when dealing with : or you need to start with a literal quote value
  • Use \ for paths, e.g. C:\temp and not C:/temp
  • When quoting, use single quotes over double quotes, there are less escaping rules for single quotes compared to double quotes (see below)
  • When quoting, backslashes only need to be escaped when using double quotes, e.g. key: C:\temp == key: 'C:\temp' == key: "C:\\temp"
  • Unless otherwise instructed, if an option takes in a single path, you usually don't need to quote it. For example the chdir arg doesn't need quotes at all.
This page has more info on this https://docs.ansible.com/ansible/devel/windows_usage.html#path-formatting-for-windows.

Hopefully this helped you in some way.

Thanks

Jordan

Mike Eriksson

unread,
Jan 18, 2018, 2:29:38 AM1/18/18
to ansible...@googlegroups.com
Heather,

I run a similar thing in my environment and it works quite ok. What I do is as follows:

<- Cut ->
    - name: Set the new Splunk admin password
      action: shell /opt/splunkforwarder/bin/splunk edit user admin -auth admin:changeme -role admin -password {{splunk_new_pass}}
<- Cut ->

Where {{splunk_new_pass}} is the variable which holds the password.

Hopefully this could be of some use for you.

Cheers, Mike

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/75ffa20d-9b70-4d9f-8aaa-e94ad19d997e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--
Reply all
Reply to author
Forward
0 new messages