PORS – powered by Ansible

secure diversITy / Software / PORS – powered by Ansible

About

PORS (Playbooks On Rails for splunk) is a collection of Ansible playbooks, roles & tasks for installing, configuring & managing your whole Splunk infrastructure – including Apps using the Splunk deployment process.
But the icing on the cake is that PORS comes with a terminal UI that does all this with the snap of a finger!

Why “PORS”?
When starting this project in 2017 it was named “Ansible Engine” and used that way some time.
At the end of 2015 RedHat acquired Ansible and somewhen later started an own product line “RedHat Ansible Engine” which of course caused a conflict – so the name “PORS” was born.

Features

  • Manage all your App deployments in one single location
  • Deploy Apps to your splunk servers by using the official splunk process and commands – just automated
  • Remove deployed apps
  • Supports github, gitlab and local repositories to push / update your Apps
  • Deploy your splunk server by hardware profiles (the whole VM setup, disks, CPU, RAM…):
    • vSphere
    • Proxmox VE
    • Google Cloud (GCP)
    • using your existing mechanisms and start on top of that
    • supporting IaC (Infrastructure as Code) approach allowing to re-play the exact same VM again
    • (more to come)
  • Install
    • splunk
    • Universal Forwarder
    • CRIBL Logstream
  • System operations (if you like):
    • upgrade kernel
    • upgrade OS
  • Configure any system as a splunk:
    • Licensemaster
    • Masternode
    • Peernode
    • DeploymentServer
    • Single Searchhead
    • SH Cluster Member
    • Heavy Forwarder
    • Deployer
    • Monitoring Console
  • Configure any system as a Cribl Logstream:
    • Leader
    • Worker
  • Download, Stage & Upgrade tasks for:
    • splunk Enterprise
    • splunk Universal Forwarder
    • splunkhelper
    • cribl logstream
  • Configure system/local on any connected system in a central location
  • Execute many tasks without even needing to restart spunk by using the full integrated splunkhelper
  • Execute splunk stop, start, restart commands remotely
  • Companion splunk app available: PORA
  • Commandline API available: automate App deployments (e.g. by a gitlab runner) by using the batch mode (./pors –help will reveal the options)
  • Extend it to your liking  -> use custom Ansible playbooks and integrate them easily by the PORS hooks mechanism
  • … more!

Use Cases

So for whom is this useful? PORS itself is flexible by design. If you just want to use the App management and nothing else, not a problem. If you just want to use it for upgrading splunk, so what, no issue. Use what you like and ignore the rest. Well to be honest I would say give the rest a chance and look if it might be useful for you ;)

TL;DR

PORS can do a lot for you – or just a few – up to you.

Get it

PORS can run everywhere (as long as it is a modern Linux OS) so no excuses you can even install it in parallel on an existing system (read the documentation first).

The documentation will guide you through the simple steps and if you get stuck feel free to create an issue on the official bug tracker.

Official support and installation offers are available as well, just contact me and ask for a quote.

Back to Top