-
Notifications
You must be signed in to change notification settings - Fork 1
googlecp
PORS allows to deploy and manage your splunk/cribl/... instances. This way you can use the full potential of PORS:
- deploy a new VM
- configure VM hardware
- install splunk/cribl/.. on that new VM
- configure splunk/cribl (e.g. make this splunk install a masternode, lm, ..)
For the latest guide checkout: Ansible Google Platform Guide
Basically it should be just:
su - pors
pip3 install --user requests google-auth
cd /opt/pors
ansible-galaxy install -f -r roles/requirements_gcp.yml --force-with-deps
(PORS requires the more recent community version of GCP, i.e. not the builtin ansible implementation)
if you get an error with setuptools
installation this might can be solved with a specific version:
pip install --user "setuptools==44.1.1"
(just an example. v44.1.1 is the latest working version for python2)
see above guide.
Current available Ansible modules (only a small subset is used in PORS) can be found: here
In theory it is possible to use multiple hosts files but PORS depends on 1 hosts file for each inventory.
For GCP you have the choice between the classical static one or the dynamic one (choose one).
mv /opt/pors_data/inventories/production/hosts.example-static /opt/pors_data/inventories/production/hosts
edit --> /opt/pors_data/inventories/production/hosts
mv /opt/pors_data/inventories/production/hosts_dynamic.gcp.yml.example /opt/pors_data/inventories/production/hosts_dynamic.gcp.yml
edit --> /opt/pors_data/inventories/production/hosts_dynamic.gcp.yml
(replace <my-project>
in all variables you find there (region, id, ..)
If you choose the dynamic inventory do not forget to modify /etc/profile.d/pors.sh
to point to hosts_dynamic.gcp.yml
instead of hosts
/opt/pors_data/inventories/production/group_vars/all/vm_deploy.yml
ansible-vault edit /opt/pors_data/inventories/production/group_vars/all/vault.yml --ask-vault-pass
Follow:
to initialize the defaults and your custom hardware configuration settings.
Most important variable here is the GCP machine type defined in pors_hardware-config_<role>.config
:
VM_GOOGLECP_MTYPE
As the type depends on the splunk role it should be set in every role specific hardware-config file.
The PORS default is to take the VMCPU
value (n1-standard-${VMCPU}
) but it can be adjusted as you like (or set to any custom type).
The following are splunk's and PORS recommendations, types marked with a (*) are the most preferred ones while it always depends on your own requirements, of course.
splunk's recommendations:
Indexer:
-
n1-standard-16
-> Up to 100 GB / day -
n1-standard-32
* -> 100 -250 GB / day
Searchhead, Active Input (db-connect etc):
-
n1-standard-16
* -> Up to 100 concurrent(!) users (also depends on saved searches schedule) -
n1-standard-32
-> 100 -250 concurrent(!) users (also depends on saved searches schedule)
DeploymentServer, LicenseMaster, MasterNode, MonitoringConsole:
-
n1-standard-8
|n1-highcpu-8
*
SHC Deployer:
-
n1-standard-2
*
HeavyForwarder:
-
n1-standard-4
-> Up to 50 GB / day (highly depends on TA load) -
n1-highcpu-8
* -> 50 - 100 GB / day (highly depends on TA load) -
n1-standard-16
-> 100 -200 GB / day (highly depends on TA load)