Fix issues with fleet, ansible, and splunk

2020-11-16 13:07:14 -05:00
parent cf336b578a
commit 4d04dafdb6
1 changed files with 3 additions and 3 deletions
--- a/ESXi/ansible/roles/logger/tasks/main.yml
+++ b/ESXi/ansible/roles/logger/tasks/main.yml
@@ -384,7 +384,7 @@
    /usr/bin/yq w -i /tmp/options.yaml 'spec.config.options.enroll_secret' 'enrollmentsecret'
    /usr/bin/yq w -i /tmp/options.yaml 'spec.config.options.logger_snapshot_event_type' 'true'
    # Fleet 3.0 requires the "kind" to be "options" instead of "option"
-    sed -i 's/kind: option/kind: options/g' /tmp/options.yaml
+    # sed -i 's/kind: option/kind: options/g' /tmp/options.yaml # Not needed with change to fleetdm/fleet
    fleetctl apply -f /tmp/options.yaml

    # Use fleetctl to import YAML files
@@ -398,8 +398,8 @@
    # Files must exist before splunk will add a monitor
    touch /var/log/fleet/osquery_result
    touch /var/log/fleet/osquery_status
-    /opt/splunk/bin/splunk add monitor "/var/log/fleet/osquery_result" -index osquery -sourcetype 'osquery:json' -auth 'admin:changeme'
-    /opt/splunk/bin/splunk add monitor "/var/log/fleet/osquery_status" -index osquery-status -sourcetype 'osquery:status' -auth 'admin:changeme'
+    /opt/splunk/bin/splunk add monitor "/var/log/fleet/osquery_result" -index osquery -sourcetype 'osquery:json' -auth 'admin:changeme' --accept-license --answer-yes --no-prompt
+    /opt/splunk/bin/splunk add monitor "/var/log/fleet/osquery_status" -index osquery-status -sourcetype 'osquery:status' -auth 'admin:changeme' --accept-license --answer-yes --no-prompt
  register: fleet_osquery_config
  failed_when: "'error' in fleet_osquery_config.stderr"
  changed_when: "'Fleet login successful and context configured!' in fleet_osquery_config.stdout"