Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x
- Puppet >= 6.1.0 < 8.0.0
- , , , , ,
Tasks:
- agent_event
- apikey
- assets_outdated
- backend_upgrade
Start using this module
Add this module to your Puppetfile:
mod 'sensu-sensu', '5.11.1'
Learn more about managing modules with a PuppetfileDocumentation
Sensu-Puppet
Table of Contents
- Module Description
- Setup - The basics of getting started with Sensu
- Usage - Configuration options and additional functionality
- Location of Resources
- Basic Sensu backend
- Basic Sensu agent
- Basic Sensu CLI
- API Providers
- Manage Windows Agent
- Advanced agent
- Advanced agent - Subscriptions
- Advanced agent - Annotations and Labels
- Advanced agent - Custom config entries
- Advanced SSL
- Enterprise support
- Contact routing
- PostgreSQL datastore support
- Installing Plugins
- Installing Extensions
- Exported resources
- Hiera resources
- Resource purging
- Sensu backend cluster
- Sensu backend federation
- Large Environment Considerations
- Composite Names for Namespaces
- Installing Bonsai Assets
- Bolt Tasks
- Reference
- Examples
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
- License
Module description
Installs and manages Sensu Go, the open source monitoring framework.
Please note, that this is a Partner Supported module, which means that technical customer support for this module is solely provided by Sensu. Puppet does not provide support for any Partner Supported modules. Technical support for this module is provided by Sensu at https://sensu.io/support.
Documented with Puppet Strings
Compatibility - supported Sensu versions
If not explicitly stated it should always support the latest Sensu release. Beginning with v5.0.0 this module will only support Sensu Go 6.0+. Please log an issue if you identify any incompatibilities.
Sensu Go Version | Recommended Puppet Module Version |
---|---|
5.0 - 5.15 | latest v3 |
5.16+ | latest v4 |
6.0 | v5.0.0 |
6.1+ | v5.1.0+ |
Upgrade note
Sensu Go 5.x is a rewrite of Sensu and no longer depends on redis and rabbitmq. Version 3 of this module supports Sensu Go >= 5.0.0 to < 5.16.0. Version 4 of this module supports Sensu Go >= 5.16.0 < 6.0.0. Version 5.0.0 of this module supports Sensu Go >= 6.0.0 < 6.1.0. Version 5.1.0+ of this module supports Sensu Go >= 6.1.0 < 7.0.0.
Users wishing to use the previous Ruby based Sensu should use the sensu/sensuclassic module.
Updating this module from 4.x to 5.x
This module begins supporting Sensu Go 6 with version >= 5.0.0
NOTE Upgrading to support Sensu Go 6 requires backends have Puppet applied before agents will begin to work as there is an agent specifc Sensu user and role added to support modifying agent entities via the API.
Class parameter changes:
- Remove deprecated
sensu::old_password
andsensu::old_agent_password
, these parameters are no longer needed and were removed
Type property changes:
- Remove deprecated
url
,sha512
andfilters
properties fromsensu_asset
, usebuilds
property instead
Changes for backend
There is a manual step to perform to upgrade the sensu-backend after upgrading the backend to 6.x.
This module provides the sensu::backend_upgrade
bolt task as a way to execute the necessary sensu-backend upgrade
command.
Changes for agents
Beginning with Sensu Go 6, some changes to agent.yml
will only bootstrap an agent entity, they will not update the entity.
If you wish to make changes to values such as subscriptions
, labels
or annotations
after a host is added to Sensu this must be done
via the Sensu Go API. To support this it's now required that agents have the ability to make API calls.
In order to ensure agents can make API calls either via API or sensuctl the agent must be told about the admin password and API host:
class { 'sensu':
api_host => 'sensu-backend.example.com',
agent_entity_config_password => 'supersecret',
}
class { 'sensu::agent':
...
}
See API Providers for example Hiera that can be used in a file like common.yaml
to easily share the admin password with agents.
This module will still continue to write subscriptions and other agent configurations to agent.yml
so that if an agent entity is deleted it can be recreated
by restarting the sensu-agent
service.
Beginning with Sensu Go 6.2.0 you can go back to making agent.yml
the authoritative source for an agent's config by setting sensu::agent::agent_managed_entity
to true
.
Updating this module from 3.x to 4.x
Class parameter changes:
- Move
sensu::backend::cli_package_name
tosensu::cli::package_name
- Move
sensu::backend::sensuctl_chunk_size
tosensu::cli::sensuctl_chunk_size
- Move
sensu::backend::url_host
tosensu::api_host
- Move
sensu::backend::url_port
tosensu::api_port
- Move
sensu::backend::password
tosensu::password
- Move
sensu::backend::old_password
tosensu::old_password
- Move
sensu::backend::agent_password
tosensu::agent_password
- Move
sensu::backend::agent_old_password
tosensu::agent_old_password
- The following parameters were moved from
sensu::backend
class tosensu::resources
class. (Example:sensu::backend::checks
becomessensu::resources::checks
)ad_auths
assets
bonsai_assets
checks
cluster_members
cluster_role_bindings
cluster_roles
configs
(removed)entities
etcd_replicators
filters
handlers
hooks
ldap_auths
mutators
namespaces
oidc_auths
role_bindings
roles
users
Type property changes:
- Replace
sensu_check
proxy_requests*
properties withproxy_requests
Hash - Replace
sensu_entity
deregistration_handler
withderegistration
Hash - Replace
sensu_handler
socket_*
properties withsocket
Hash - Refactor
sensu_ldap_auth
andsensu_ad_auth
on how properties are defined.- Move
server_binding
,server_group_search
andserver_user_search
intoservers
property
- Move
Breaking changes:
- Remove
sensu_event
type, replaced withsensu::event
Bolt task - Remove
sensu_silenced
type, replaced withsensu::silenced
Bolt task - Remove
sensu_config
type, replaced withsensu::cli::config_format
andsensu::cli::config_namespace
parameters
Setup
What sensu affects
This module will install packages, create configuration and start services necessary to manage Sensu agents and backend.
Setup requirements
Plugin sync is required if the custom sensu types and providers are used.
Soft module dependencies
For systems using apt
:
- puppetlabs/apt module (
>= 5.0.1 < 9.0.0
)
For systems using yum
and Puppet >= 6.0.0:
- puppetlabs/yumrepo_core module (
>= 1.0.1 < 2.0.0
)
For Windows:
- puppetlabs/chocolatey module (
>= 3.0.0 < 7.0.0
) - puppet/windows_env module (
>= 3.0.0 < 5.0.0
) - puppet/archive module (
>= 3.0.0 < 5.0.0
)
Beginning with Sensu
This module provides Vagrant definitions that can be used to get started with Sensu.
vagrant up sensu-backend
vagrant ssh sensu-backend
Beginning with a Sensu cluster
Multiple Vagrant boxes are available for testing a sensu-backend cluster.
vagrant up sensu-backend-peer1 sensu-backend-peer2
vagrant provision sensu-backend-peer1 sensu-backend-peer2
Beginning with a Sensu federated cluster
Multiple Vagrant boxes are available for testing a Sensu Go federated cluster. First build and provision both then provision the first a second time to view that the custom role was replicated.
vagrant up sensu-backend-federated1 sensu-backend-federated2
vagrant provision sensu-backend-federated1
The provision
command should output from sensuctl
the test
Sensu Go Role that was created on the other backend.
The output should look like the following:
sensu-backend-federated1: Name Namespace Rules
sensu-backend-federated1: ────── ─────────── ───────
sensu-backend-federated1: test default 1
Usage
Location of Resources
Sensu Go is designed to have resources like checks and assets defined on the backend host.
For Puppet this means that the simplest configuration will be one where checks and other resources are defined on the host using sensu::backend
class.
Hosts with only the sensu::agent
class do not need to have checks defined on them, rather just have to have a subscription assigned that matches a check.
Basic Sensu backend
The following example will configure sensu-backend, sensu-agent on backend and add a check.
By default this module will configure the backend to use Puppet's SSL certificate and CA.
It is advisable to not rely on the default password.
NOTE When changing the password value, it's necessary to run Puppet on the backend first to update the admin
password.
class { 'sensu':
password => 'supersecret',
}
include sensu::backend
include sensu::agent
sensu_check { 'check-cpu':
ensure => 'present',
command => 'check-cpu.sh -w 75 -c 90',
interval => 60,
subscriptions => ['linux'],
}
Basic Sensu agent
The following example will manage resources necessary to configure a sensu-agent to communicate with a sensu-backend and
associated to linux
and apache-servers
subscriptions.
class { 'sensu':
api_host => 'sensu-backend.example.com',
agent_entity_config_password => 'supersecret',
}
class { 'sensu::agent':
backends => ['sensu-backend.example.com:8081'],
subscriptions => ['linux', 'apache-servers'],
}
Basic Sensu CLI
The following example will manage the resources necessary to use sensuctl
.
class { 'sensu':
api_host => 'sensu-backend.example.com',
password => 'supersecret',
}
include sensu::cli
NOTE: The sensu::backend
class calls the sensu::cli
class so it is only necessary to directly call the sensu::cli
class on hosts not using the sensu::backend
class.
For Windows the install_source
parameter must be provided:
class { 'sensu':
api_host => 'sensu-backend.example.com',
password => 'supersecret',
}
class { 'sensu::cli':
install_source => 'https://s3-us-west-2.amazonaws.com/sensu.io/sensu-go/5.14.1/sensu-go_5.14.1_windows_amd64.zip',
}
API Providers
All the core resources have a provider that manages resources using the Sensu Go API.
The new provider can be used by setting provider
parameter on a resource to sensu_api
.
The default provider is still sensuctl
but it's possible to change the provider when defining a resource.
For example the following will create a check which can be defined on an host that's not the sensu-backend
.
include ::sensu::api
sensu_check { "check-cpu-${facts['hostname']}":
ensure => 'present',
command => 'check-cpu.sh -w 75 -c 90',
interval => 60,
subscriptions => ["entity:${facts['hostname']}"],
provider => 'sensu_api',
}
The sensu::api
class is required in order to configure the credentials and URL used to communicate with the Sensu backend API.
The API URL, username and password used for the API are set in the sensu
class and can be set easily with Hiera:
sensu::api_host: sensu-backend.example.com
sensu::api_port: 8080
sensu::username: admin
sensu::password: supersecret
sensu::agent_entity_config_password: supersecret
Manage Windows Agent
This module supports Windows Sensu Go agent via chocolatey beginning with version 5.12.0.
class { 'sensu':
api_host => 'sensu-backend.example.com',
agent_entity_config_password => 'supersecret',
}
class { 'sensu::agent':
backends => ['sensu-backend.example.com:8081'],
subscriptions => ['windows'],
}
If you do not wish to install using chocolatey then you must define package_source
as either a URL, a Puppet source or a filesystem path.
Install sensu-go-agent on Windows from URL:
class { 'sensu::agent':
package_name => 'Sensu Agent',
package_source => 'https://s3-us-west-2.amazonaws.com/sensu.io/sensu-go/5.13.1/sensu-go-agent_5.13.1.5957_en-US.x64.msi',
}
Install sensu-go-agent on Windows from Puppet source:
class { 'sensu::agent':
package_name => 'Sensu Agent',
package_source => 'puppet:///modules/profile/sensu/sensu-go-agent.msi',
}
If a system already has the necessary MSI present it can be installed without downloading from an URL:
class { 'sensu::agent':
package_name => 'Sensu Agent',
package_source => 'C:\Temp\sensu-go-agent.msi',
}
Advanced agent
If you wish to have the agent.yml
be authoritative for agent entity configs:
class { 'sensu::agent':
agent_managed_entity => true,
}
If you wish to change the agent
password you must provide the new and old password.
It is advisable to set show_diff
to false
to avoid exposing the agent password.
class { 'sensu':
agent_password => 'supersecret',
}
class { 'sensu::agent':
show_diff => false,
}
The config_hash
parameter allows custom configuration for agent.yml
outside the sensu::agent
class parameters.
class { 'sensu::agent':
config_hash => {
'log-level' => 'debug',
},
}
The following parameters in sensu::agent
class are used to populate agent.yml
:
- entity_name - Passed to
name
key inagent.yml
- subscriptions
- annotations
- labels
- namespace
- redact
Agent configurations can also be set via sensu::agent::config_entry
. See Advanced agent - Custom config entries.
Advanced agent - Subscriptions
It is possible to define subscriptions in many locations and the values merged into agent.yml
:
class { 'sensu::agent':
subscriptions => ['base'],
}
Then in a profile class for Apache you could define the following:
sensu::agent::subscription { 'apache': }
The resulting agent.yml
would contain subscriptions for both base
and apache
.
NOTE: Subscriptions defined using the sensu::agent
class and sensu::agent::subscription
are merged to produce the final subscription array.
Advanced agent - Annotations and Labels
It is possible to define annotations and labels in many locations and the values merged into agent.yml
:
class { 'sensu::agent':
labels => { 'location' => 'uswest', 'contacts' => 'ops@example.com' },
annotations => { 'cpu.warning' => '90', 'cpu.critical' => '100' },
}
Then in a profile class you can define the following:
sensu::agent::label { 'contacts': value => 'devs@example.com' }
sensu::agent::label { 'environment': value => 'dev' }
sensu::agent::annotation { 'cpu.warning': value => '75' }
sensu::agent::annotation { 'fatigue_check/occurrences': value => '2' }
The resulting agent.yml
will contain the following:
labels:
location: uswest
contacts: devs@example.com
environment: dev
annotations:
cpu.warning: '75'
cpu.critical: '100'
fatigue_check/occurrences: '2'
NOTE sensu::agent::annotation
and sensu::agent::label
take precedence over values set by the class sensu::agent
If you wish to redact a label or annotation you can use the redact
parameter and the key will be added to the redact
list in agent.yml
:
sensu::agent::label { 'secret':
value => 'mysecret',
redact => true,
}
sensu::agent::annotation { 'ec2_access_key':
value => 'some-key',
redact => true,
}
Advanced agent - Disable validations
In some cases it might be desired to disable API and entity validations when agents are managing their own entity.
class { 'sensu':
validate_api => false,
}
class { 'sensu::agent':
agent_managed_entity => true,
validate_entity => false,
}
Advanced agent - Custom config entries
It is possible to define config entries for agent.yml
in many locations in Puppet:
sensu::agent::config_entry { 'keepalive-interval': value => 20 }
This would add the following to agent.yml
:
keepalive-interval: 20
NOTE sensu::agent::config_entry
takes precendence over values defined in sensu::agent
class.
Advanced SSL
By default this module uses Puppet's SSL certificates and CA.
If you would prefer to use different certificates override the ssl_ca_source
, ssl_cert_source
and ssl_key_source
parameters.
The value for api_host
must be valid for the provided certificate and the value used for agent's backends
must also match the certificate used by the specified backend.
If the certificates and keys are already installed then define the source parameters as filesystem paths.
class { 'sensu':
ssl_ca_source => 'puppet:///modules/profile/sensu/ca.pem',
api_host => 'sensu-backend.example.com',
}
class { 'sensu::backend':
ssl_cert_source => 'puppet:///modules/profile/sensu/cert.pem',
ssl_key_source => 'puppet:///modules/profile/sensu/key.pem',
}
class { 'sensu':
ssl_ca_source => 'puppet:///modules/profile/sensu/ca.pem',
}
class { 'sensu::agent':
backends => ['sensu-backend.example.com:8081'],
subscriptions => ['linux', 'apache-servers'],
}
To disable SSL support:
class { 'sensu':
use_ssl => false,
}
Enterprise Support
In order to activate enterprise support the license file needs to be added:
class { 'sensu::backend':
license_source => 'puppet:///modules/profile/sensu/license.json',
}
The types sensu_ad_auth
and sensu_ldap_auth
require a valid enterprise license.
Contact routing
See Sensu Go - Route alerts with event filters for details. The following is one way to configure contact routing in Puppet.
Add the sensu-go-has-contact-filter bonsai asset:
sensu_bonsai_asset { 'sensu/sensu-go-has-contact-filter':
ensure => 'present',
version => '0.2.0',
}
Add the filters for the defined contacts
sensu_filter { 'contact_dev':
ensure => 'present',
action => 'allow',
runtime_assets => ['sensu/sensu-go-has-contact-filter'],
expressions => ['has_contact(event, "dev")'],
}
sensu_filter { 'contact_ops':
ensure => 'present',
action => 'allow',
runtime_assets => ['sensu/sensu-go-has-contact-filter'],
expressions => ['has_contact(event, "ops")'],
}
Add the handlers asset and handlers for each contact
sensu_bonsai_asset { 'sensu/sensu-email-handler':
ensure => 'present',
version => '0.2.0',
}
sensu_handler { 'email_dev':
ensure => 'present',
type => 'pipe',
command => 'sensu-email-handler -f root@localhost -t dev@example.com -s localhost -i',
timeout => 10,
runtime_assets => ['sensu/sensu-email-handler'],
filters => ['is_incident','not_silenced','contact_dev'],
}
sensu_handler { 'email_ops':
ensure => 'present',
type => 'pipe',
command => 'sensu-email-handler -f root@localhost -t ops@example.com -s localhost -i',
timeout => 10,
runtime_assets => ['sensu/sensu-email-handler'],
filters => ['is_incident','not_silenced','contact_ops'],
}
Create a handler set to centralize handler management for emails
sensu_handler { 'email':
ensure => 'present',
type => 'set',
handlers => ['email_dev','email_ops'],
}
Lastly define a service that use the contact and the email handler:
sensu_check { 'check_cpu':
ensure => 'present',
labels => {
'contacts' => 'dev, ops',
},
command => 'check-cpu.rb -w 75 -c 90',
handlers => ['email'],
interval => 30,
publish => true,
subscriptions => ['linux'],
runtime_assets => ['sensu-plugins-cpu-checks','sensu-ruby-runtime'],
}
Agents can also have contacts defined:
class { 'sensu::agent':
labels => {
'contacts' => 'dev, ops',
},
}
PostgreSQL datastore support
NOTE: This features require a valid Sensu Go enterprise license.
The following example will add a PostgreSQL server and database to the sensu-backend host and configure Sensu Go to use PostgreSQL as the event datastore.
class { 'postgresql::globals':
manage_package_repo => true,
version => '11',
}
class { 'postgresql::server': }
class { 'sensu::backend':
license_source => 'puppet:///modules/profile/sensu/license.json',
datastore => 'postgresql',
postgresql_password => 'secret',
}
Refer to the puppetlabs/postgresql module documentation for details on how to manage PostgreSQL with Puppet.
The following example uses an external PostgreSQL server.
class { 'sensu::backend':
license_source => 'puppet:///modules/profile/sensu/license.json',
datastore => 'postgresql',
postgresql_password => 'secret',
postgresql_host => 'postgresql.example.com',
manage_postgresql_db => false,
}
NOTE Set postgresql_password
to false
if you want the DSN to only contain a username.
Installing Plugins
Plugin management is handled by the sensu::plugins
class.
Example installing plugins on agent:
class { 'sensu::agent':
backends => ['sensu-backend.example.com:8081'],
subscriptions => ['linux', 'apache-servers'],
}
class { 'sensu::plugins':
plugins => ['disk-checks'],
}
The plugins
parameter can also be a Hash that sets the version:
class { 'sensu::agent':
backends => ['sensu-backend.example.com:8081'],
subscriptions => ['linux', 'apache-servers'],
}
class { 'sensu::plugins':
plugins => {
'disk-checks' => { 'version' => 'latest' },
},
}
Set dependencies
to an empty Array to disable the sensu::plugins
dependency management.
class { 'sensu::plugins':
dependencies => [],
}
If gems are required and not pulled in as gem dependencies they can also be installed.
class { 'sensu::plugins':
plugins => ['memory-checks'],
gem_dependencies => ['vmstat'],
}
You can uninstall plugins by passing ensure
as absent
.
class { 'sensu::agent':
backends => ['sensu-backend.example.com:8081'],
subscriptions => ['linux', 'apache-servers'],
}
class { 'sensu::plugins':
plugins => {
'disk-checks' => { 'ensure' => 'absent' },
},
}
Installing Extensions
Extension management is handled by the sensu::plugins
class.
Example installing extension on backend:
class { 'sensu':
password => 'supersecret',
}
include sensu::backend
class { 'sensu::plugins':
extensions => ['graphite'],
}
The extensions
parameter can also be a Hash that sets the version:
class { 'sensu':
password => 'supersecret',
}
include sensu::backend
class { 'sensu::plugins':
extensions => {
'graphite' => { 'version' => 'latest' },
},
}
You can uninstall extensions by passing ensure
as absent
.
class { 'sensu':
password => 'supersecret',
}
include sensu::backend
class { 'sensu::plugins':
extensions => {
'graphite' => { 'ensure' => 'absent' },
},
}
Exported resources
One possible approach to defining checks is having agents export their checks to the sensu-backend using Exported Resources.
The following example would be defined for agents:
@@sensu_check { 'check-cpu':
ensure => 'present',
command => 'check-cpu.sh -w 75 -c 90',
interval => 60,
subscriptions => ['linux'],
}
The backend system would collect all sensu_check
resources.
Sensu_check <<||>>
Hiera resources
All the types provided by this module can have their resources defined via Hiera. A type such as sensu_check
would be defined via sensu::resources::checks
.
The sensu
class must be included either directly or via sensu::agent
or sensu::backend
.
The following example adds an asset, filter, handler and checks via Hiera:
sensu::resources::assets:
sensu-email-handler:
ensure: present
url: 'https://github.com/sensu/sensu-email-handler/releases/download/0.1.0/sensu-email-handler_0.1.0_linux_amd64.tar.gz'
sha512: '755c7a673d94997ab9613ec5969666e808f8b4a8eec1ba998ee7071606c96946ca2947de5189b24ac34a962713d156619453ff7ea43c95dae62bf0fcbe766f2e'
filters:
- "entity.system.os == 'linux'"
- "entity.system.arch == 'amd64'"
sensu::resources::filters:
hourly:
ensure: present
action: allow
expressions:
- 'event.check.occurrences == 1 || event.check.occurrences % (3600 / event.check.interval) == 0'
sensu::resources::handlers:
email:
ensure: present
type: pipe
command: "sensu-email-handler -f root@localhost -t user@example.com -s localhost -i"
timeout: 10
runtime_assets:
- sensu-email-handler
filters:
- is_incident
- not_silenced
- hourly
sensu::resources::checks:
check-cpu:
ensure: present
command: check-cpu.sh -w 75 -c 90
interval: 60
subscriptions:
- linux
handlers:
- email
publish: true
check-disks:
ensure: present
command: "/opt/sensu-plugins-ruby/embedded/bin/check-disk-usage.rb -t '(xfs|ext4)'"
subscriptions:
- linux
handlers:
- email
interval: 1800
publish: true
Resource purging
All the types provided by this module support purging except sensu_config
.
This example will remove all unmanaged Sensu checks:
sensu_resources { 'sensu_check':
purge => true,
}
To selectively purge sensu_agent_entity_config
entries, you can specify the type of config to purge.
If agent_entity_configs
is omitted then all unmanaged sensu_agent_entity_config
resources will be purged.
The following example will only purge subscriptions:
sensu_resources { 'sensu_agent_entity_config':
purge => true,
agent_entity_configs => ['subscriptions'],
}
NOTE: The Puppet built-in resources
can also be used for purging but you must ensure that resources that support namespaces are defined using composite names in the form of $name in $namespace
. See Composite Names for Namespaces for details on composite names.
Using the Puppet built-in resources
would look like this:
resources { 'sensu_check':
purge => true,
}
Sensu backend cluster
A sensu-backend
cluster can be defined for fresh installs by defining the necessary config_hash
values.
The following examples are using Hiera and assume the sensu::backend
class is included.
# data/fqdn/sensu-backend1.example.com.yaml
---
sensu::backend::config_hash:
etcd-advertise-client-urls: "http://%{facts.ipaddress}:2379"
etcd-listen-client-urls: "http://%{facts.ipaddress}:2379"
etcd-listen-peer-urls: 'http://0.0.0.0:2380'
etcd-initial-cluster: 'backend1=http://192.168.0.1:2380,backend2=http://192.168.0.2:2380'
etcd-initial-advertise-peer-urls: "http://%{facts.ipaddress}:2380"
etcd-initial-cluster-state: 'new'
etcd-initial-cluster-token: ''
etcd-name: 'backend1'
# data/fqdn/sensu-backend2.example.com.yaml
---
sensu::backend::config_hash:
etcd-advertise-client-urls: "http://%{facts.ipaddress}:2379"
etcd-listen-client-urls: "http://%{facts.ipaddress}:2379"
etcd-listen-peer-urls: 'http://0.0.0.0:2380'
etcd-initial-cluster: 'backend1=http://192.168.0.1:2380,backend2=http://192.168.0.2:2380'
etcd-initial-advertise-peer-urls: "http://%{facts.ipaddress}:2380"
etcd-initial-cluster-state: 'new'
etcd-initial-cluster-token: ''
etcd-name: 'backend2'
Adding backend members to an existing cluster
Adding new members to an existing cluster requires two steps.
First, add the member to the catalog on one of the existing cluster backends with the sensu_cluster_member
type.
sensu_cluster_member { 'backend3':
peer_urls => ['http://192.168.0.3:2380'],
}
Second, configure and start sensu-backend
to interact with the existing cluster.
The output from Puppet when a new sensu_cluster_member
is applied will print some of the values needed.
# data/fqdn/sensu-backend3.example.com.yaml
---
sensu::backend::config_hash:
etcd-advertise-client-urls: "http://%{facts.ipaddress}:2379"
etcd-listen-client-urls: "http://%{facts.ipaddress}:2379"
etcd-listen-peer-urls: 'http://0.0.0.0:2380'
etcd-initial-cluster: 'backend1=http://192.168.0.1:2380,backend2=http://192.168.0.2:2380,backend3=http://192.168.0.3:2380'
etcd-initial-advertise-peer-urls: "http://%{facts.ipaddress}:2380"
etcd-initial-cluster-state: 'existing'
etcd-initial-cluster-token: ''
etcd-name: 'backend3'
The first step will not fully add the node to the cluster until the second step is performed.
Sensu backend federation
This module supports defining Etcd replicators which allows resources to be sent from one Sensu cluster to another cluster. It is necessary that Etcd be listening on an interface that can be accessed by other Sensu backends. First configure backend Etcd to listen on an interface besides localhost and also use SSL:
class { 'sensu::backend':
config_hash => {
'etcd-listen-client-urls' => "https://0.0.0.0:2379",
'etcd-advertise-client-urls' => "https://0.0.0.0:2379",
'etcd-cert-file' => "/etc/sensu/etcd-ssl/${facts['fqdn'].pem",
'etcd-key-file' => "/etc/sensu/etcd-ssl/${facts['fqdn']}-key.pem",
'etcd-trusted-ca-file' => "/etc/sensu/etcd-ssl/ca.pem",
'etcd-client-cert-auth' => true,
},
}
Next configure the Etcd replicator on the backend you wish to push resources from.
In the following example all defined Role
resources will be replicated to the backend at the IP address 192.168.52.30.
sensu_etcd_replicator { 'role_replicator':
ensure => 'present',
ca_cert => '/etc/sensu/etcd-ssl/ca.pem',
cert => '/etc/sensu/etcd-ssl/client.pem',
key => '/etc/sensu/etcd-ssl/client-key.pem',
url => 'https://192.168.52.30:2379',
resource_name => 'Role',
}
sensu_role { 'test':
ensure => 'present',
rules => [{'verbs' => ['get','list'], 'resources' => ['checks'], 'resource_names' => ['']}],
}
This module also supports defining a federated cluster:
sensu_cluster_federation { 'us-west-2a':
ensure => 'present',
api_urls => [
'https://sensu-backend-site1.example.com:8080',
'https://sensu-backend-site2.example.com:8080',
],
}
It is also possible to add a backend to an existing Sensu federated cluster. The following example adds the API URL https://sensu-backend-site3.example.com:8080 to the federated cluster named us-west-2a.
sensu_cluster_federation_member { 'https://sensu-backend-site3.example.com:8080 in us-west-2a':
ensure => 'present',
}
The above can also be defined using the following example:
sensu_cluster_federation_member { 'https://sensu-backend-site3.example.com:8080':
ensure => 'present',
cluster => 'us-west-2a',
}
Large Environment Considerations
If the backend system has a large number of resources it may be necessary to query resources using chunk size added in Sensu Go 5.8.
class { 'sensu::backend':
sensuctl_chunk_size => 100,
}
If many thousands of resources such as sensu_check
are defined there will be an execution of sensuctl namespace list
for each check to validate
the namespace exists if the namespace is not defined in Puppet.
A similar validation is performed with sensu_api
provider. To avoid this extra overhead it may be necessary to disable this validation if you
are defining namespaces outside of Puppet.
NOTE: If namespace validation is disabled it's necessary to ensure a namespace is defined in Puppet in order to assign resources to that namespace.
class { 'sensu':
validate_namespaces => false,
}
Composite Names for Namespaces
All resources that support having a namespace
also support a composite name to define the namespace.
For example, the sensu_check
with name check-cpu in team1
would be named check-cpu
and put into the team1
namespace.
Using composite names is necessary if you wish to have multiple resources with the same name but in different namespaces.
For example to define the same check in two namespaces using the same check name:
sensu_check { 'check-cpu in default':
ensure => 'present',
command => 'check-cpu.sh -w 75 -c 90',
interval => 60,
subscriptions => ['linux'],
}
sensu_check { 'check-cpu in team1':
ensure => 'present',
command => 'check-cpu.sh -w 75 -c 90',
interval => 60,
subscriptions => ['linux'],
}
The example above would add the check-cpu
check to both the default
and team1
namespaces.
NOTE: If you use composite names for namespaces, the namespace
property takes precedence.
Installing Bonsai Assets
Install a bonsai asset. The latest version will be installed but not automatically upgraded.
sensu_bonsai_asset { 'sensu/sensu-pagerduty-handler':
ensure => 'present',
}
Install specific version of a bonsai asset.
sensu_bonsai_asset { 'sensu/sensu-pagerduty-handler':
ensure => 'present',
version => '1.2.0',
}
Install latest version of a bonsai asset. Puppet will update the Bonsai asset if a new version is released.
sensu_bonsai_asset { 'sensu/sensu-pagerduty-handler':
ensure => 'present',
version => 'latest',
}
Bolt Tasks
The following Bolt tasks are provided by this Module:
sensu::backend_upgrade: Perform backend upgrade via sensu-backend upgrade
command.
Example: bolt task run sensu::backend_upgrade --targets sensu_backend
sensu::agent_event: Create a Sensu Go agent event via the agent API
Example: bolt task run sensu::agent_event name=bolttest status=1 output=test --targets sensu_agent
sensu::apikey: Manage Sensu Go API keys
Example: bolt task run sensu::apikey action=create username=foobar --targets sensu_backend
Example: bolt task run sensu::apikey action=list --targets sensu_backend
Example: bolt task run sensu::apikey action=delete key=replace-with-uuid-key --targets sensu_backend
sensu::assets_outdated: Retreive outdated Sensu Go assets
Example: bolt task run sensu::assets_outdated --targets sensu_backend
sensu::check_execute: Execute a Sensu Go check
Example: bolt task run sensu::check_execute check=test subscription=entity:sensu_agent --targets sensu_backend
sensu::event.json: Manage Sensu Go events
Example: bolt task run sensu::event action=resolve entity=sensu_agent check=test --targets sensu_backend
Example: bolt task run sensu::event action=delete entity=sensu_agent check=test --targets sensu_backend
sensu::silenced: Manage Sensu Go silencings
Example: bolt task run sensu::silenced action=create subscription=entity:sensu_agent expire_on_resolve=true --targets sensu_backend
Example: bolt task run sensu::silenced action=delete subscription=entity:sensu_agent --targets sensu_backend
sensu::install_agent: Install Sensu Go agent (Windows and Linux)
Example: bolt task run sensu::install_agent backend=sensu_backend:8081 subscription=linux output=true --targets linux
Example: bolt task run sensu::install_agent backend=sensu_backend:8081 subscription=windows output=true --targets windows
Bolt Inventory
This module provides a plugin to populate Bolt v2 inventory targets.
In order to use the sensu
inventory plugin the host executing Bolt must have sensuctl
configured, see Basic Sensu CLI.
Example of configuring the Bolt inventory with two groups. The linux
group pulls Sensu Go entities in the default
namespace with the linux
subscription. The linux-qa
group is the same as linux
group but instead pulling entities from the qa
namespace.
version: 2
groups:
- name: linux
targets:
- _plugin: sensu
namespace: default
subscription: linux
- name: linux-qa
targets:
- _plugin: sensu
namespace: qa
subscription: linux
If your entities have more than one network interface it may be necessary to specify the order of interfaces to search when looking for the IP address:
version: 2
groups:
- name: linux
targets:
- _plugin: sensu
namespace: default
subscription: linux
interface_list:
- eth0
- eth1
The following rules for interface matching determine the value used for uri
.
- If
interface_list
was defined then find first match - If
interface_list
not defined and only one interface, use that as ipaddress - If
interface_list
is not defined and more than one interface, use name
Reference
Facts
sensu_agent
The sensu_agent
fact returns the Sensu agent version information by the sensu-agent
binary.
facter -p sensu_agent
{
version => "5.1.0",
build => "b2ea9fcdb21e236e6e9a7de12225a6d90c786c57",
built => "2018-12-18T21:31:11+0000"
}
sensu_backend
The sensu_backend
fact returns the Sensu backend version information by the sensu-backend
binary.
facter -p sensu_backend
{
version => "5.1.0",
build => "b2ea9fcdb21e236e6e9a7de12225a6d90c786c57",
built => "2018-12-18T21:31:11+0000"
}
sensuctl
The sensuctl
fact returns the sensuctl version information by the sensuctl
binary.
facter -p sensuctl
{
version => "5.1.0",
build => "b2ea9fcdb21e236e6e9a7de12225a6d90c786c57",
built => "2018-12-18T21:31:11+0000"
}
Examples
Examples can be found in the examples directory.
- Contact Routing - Example of contact routing
- Email Alerts - Example of setting up e-mail alerts
- InfluxDB Handler - Example of setting up InfluxDB handler
- LDAP - Example of setting up LDAP authentication
- Logging - Example of setting up improved logging
- Pagerduty with Secrets Env Vars - Setting up Pagerduty using environment variable secrets
- Pagerduty with Secrets vault - Setting up Pagerduty using secrets vault
- PostgreSQL with Replication - Contains example manifests of setting up Sensu backend and PostgreSQL with PostgreSQL replication.
- PostgreSQL with SSL - Contains example manifests of setting up Sensu backend and PostgreSQL to communicate using SSL.
- Slack Alerts - Example of setting up Slack alerts
Limitations
Changing sensu::etc_dir
is only supported on systems using systemd.
The type sensu_user
does not at this time support ensure => absent
due to a limitation with sensuctl, see sensu-go#2540.
When changing the sensu::password
value, it's necessary to run Puppet on the backend first to update the admin
password.
Notes regarding support
This module is built for use with Puppet versions 6 and 7 and the ruby
versions associated with those releases. See .travis.yml
for an exact
matrix of Puppet releases and ruby versions.
This module targets the latest release of the current major Puppet version and the previous major version. Platform support will be removed when a platform is no longer supported by Puppet, Sensu or the platform maintainer has signaled that it is end of life (EOL).
Though Amazon does not announce end of life (EOL) for its releases, it does encourage you to use the latest releases. This module will support the current release and the previous release. Since AWS does not release Vagrant boxes and the intent of those platforms is to run in AWS, we will not maintain Vagrant systems for local development for Amazon Linux.
Supported Platforms
- EL 6
- EL 7
- EL 8
- Debian 9
- Debian 10
- Ubuntu 16.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 20.04 LTS
- Amazon 2018.03
- Amazon 2
- Windows Server 2008 R2
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
Development
See CONTRIBUTING.md
License
See LICENSE file.
Reference
Table of Contents
Classes
Public Classes
sensu
: Base Sensu classsensu::agent
: Manage Sensu agentsensu::api
: Manage Sensu APIsensu::backend
: Manage Sensu backendsensu::cli
: Manage Sensu CLIsensu::plugins
: Manage Sensu pluginssensu::resources
: Define sensu resources
Private Classes
sensu::backend::agent_resources
: Default sensu agent resourcessensu::backend::datastore::postgresql
: Manage Sensu backend PostgreSQL datastoresensu::backend::default_resources
: Default sensu resourcessensu::common
: Sensu class for common resourcessensu::repo
: Private class to manage sensu repository resourcessensu::repo::community
: Private class to manage sensu community repository resourcessensu::ssl
: Private class to manage sensu SSL resources
Defined types
sensu::agent::annotation
: Add agent annotationsensu::agent::config_entry
sensu::agent::label
: Add agent labelsensu::agent::subscription
: Add agent subscription
Resource types
sensu_ad_auth
: Manages Sensu AD auth.sensu_agent_entity_config
: Manages a Sensu agent subscriptionsensu_agent_entity_setup
: Abstract type to configure other typessensu_agent_entity_validator
: NOTE This is a private type not intended to be used directly. Verify the specified agent entity exists.sensu_api_config
: Abstract type to configure other typessensu_api_validator
: NOTE This is a private type not intended to be used directly. Verify that a connection can be successfully established between a node ansensu_asset
: Manages Sensu assetssensu_bonsai_asset
: Manages Sensu Bonsai assetssensu_check
: Manages Sensu checkssensu_cluster_federation
: Manages Sensu clusters federationsensu_cluster_federation_member
: Manages Sensu clusters federation membersensu_cluster_member
: Manages Sensu cluster memberssensu_cluster_role
: Manages Sensu cluster rolessensu_cluster_role_binding
: Manages Sensu cluster role bindingssensu_command
: Manage sensuctl command resourcessensu_entity
: Manages Sensu entitiessensu_etcd_replicator
: Manages Sensu etcd replicatorssensu_filter
: Manages Sensu filterssensu_handler
: Manages Sensu handlerssensu_hook
: Manages Sensu hookssensu_ldap_auth
: Manages Sensu LDAP auth.sensu_license
: Manage a sensu licensesensu_mutator
: Manages Sensu mutatorssensu_namespace
: Manages Sensu namespacessensu_oidc_auth
: Manages Sensu OIDC auth.sensu_plugin
: Manages Sensu pluginssensu_postgres_config
: Manages Sensu postgres configsensu_resources
: Metatype for sensu resourcessensu_role
: Manages Sensu rolessensu_role_binding
: Manages Sensu role bindingssensu_secret
: Manages Sensu Secretssensu_secrets_vault_provider
: Manages Sensu Secrets providersensu_tessen
: Manages Sensu Tessensensu_user
: Manages Sensu userssensuctl_config
: Abstract type to configure other typessensuctl_configure
: Manages 'sensuctl configure'
Data types
Sensu::Backend_URL
: Sensu Backend URL's require protocol of ws:// or wss://. A port is also required. There is logic in sensu::agent class to add the protocol so
Tasks
agent_event
: Create a Sensu Go agent event via the agent APIapikey
: Manage Sensu Go API keysassets_outdated
: Retreive outdated Sensu Go assetsbackend_upgrade
: Execute Sensu Go backend upgradecheck_execute
: Execute a Sensu Go checkevent
: Manage Sensu Go eventsinstall_agent
: Install Sensu Go agentinstall_agent_linux
: Install Sensu Go agent on Linuxinstall_agent_windows
: Install Sensu Go agent on Windowsresolve_reference
: Generate targets from Sensu Gosilenced
: Manage Sensu Go silencings
Classes
sensu
This is the main Sensu class
Parameters
The following parameters are available in the sensu
class:
version
etc_dir
ssl_dir
manage_user
user
manage_group
group
etc_dir_purge
ssl_dir_purge
manage_repo
use_ssl
ssl_ca_source
ssl_ca_content
api_host
api_port
password
agent_password
agent_entity_config_password
validate_namespaces
validate_api
version
Data type: String
Version of Sensu to install. Defaults to installed
to support
Windows MSI packaging and to avoid surprising upgrades.
Default value: 'installed'
etc_dir
Data type: Stdlib::Absolutepath
Absolute path to the Sensu etc directory.
Default value: '/etc/sensu'
ssl_dir
Data type: Stdlib::Absolutepath
Absolute path to the Sensu ssl directory.
Default value: '/etc/sensu/ssl'
manage_user
Data type: Boolean
Boolean that determines if sensu user should be managed
Default value: true
user
Data type: String
User used by sensu services
Default value: 'sensu'
manage_group
Data type: Boolean
Boolean that determines if sensu group should be managed
Default value: true
group
Data type: String
User group used by sensu services
Default value: 'sensu'
etc_dir_purge
Data type: Boolean
Boolean to determine if the etc_dir should be purged such that only Puppet managed files are present.
Default value: true
ssl_dir_purge
Data type: Boolean
Boolean to determine if the ssl_dir should be purged such that only Puppet managed files are present.
Default value: true
manage_repo
Data type: Boolean
Boolean to determine if software repository for Sensu should be managed.
Default value: true
use_ssl
Data type: Boolean
Sensu backend service uses SSL
Default value: true
ssl_ca_source
Data type: Optional[String]
Source of SSL CA used by sensu services This parameter is mutually exclusive with ssl_ca_content
Default value: $facts['puppet_localcacert']
ssl_ca_content
Data type: Optional[String]
Content of SSL CA used by sensu services This parameter is mutually exclusive with ssl_ca_source
Default value: undef
api_host
Data type: String
Sensu backend host used to configure sensuctl and verify API access.
Default value: $trusted['certname']
api_port
Data type: Stdlib::Port
Sensu backend port used to configure sensuctl and verify API access.
Default value: 8080
password
Data type: String
Sensu backend admin password used to confiure sensuctl.
Default value: 'P@ssw0rd!'
agent_password
Data type: String
The sensu agent password
Default value: 'P@ssw0rd!'
agent_entity_config_password
Data type: Optional[String]
The password used when configuring Sensu Agent entity config items
Defaults to value used for agent_password
.
Default value: undef
validate_namespaces
Data type: Boolean
Determines if sensuctl and sensu_api types will validate their namespace exists
Default value: true
validate_api
Data type: Boolean
Determines if Sensu API is validated
Default value: true
sensu::agent
Class to manage the Sensu agent.
Examples
class { 'sensu::agent':
backends => ['sensu-backend.example.com:8081'],
subscriptions => ['linux', 'apache-servers'],
config_hash => {
'log-level' => 'info',
},
}
Parameters
The following parameters are available in the sensu::agent
class:
version
package_source
package_download_path
package_name
service_env_vars_file
service_env_vars
service_name
service_ensure
service_enable
service_path
config_hash
agent_managed_entity
backends
entity_name
subscriptions
annotations
labels
namespace
redact
show_diff
log_file
agent_entity_config_provider
validate_entity
version
Data type: Optional[String]
Version of sensu agent to install. Defaults to installed
to support
Windows MSI packaging and to avoid surprising upgrades.
Default value: undef
package_source
Data type: Optional[String[1]]
Source of package for installing Windows. Paths with http:// or https:// will be downloaded Paths with puppet:// or absolute filesystem paths will also be installed.
Default value: undef
package_download_path
Data type: Optional[Stdlib::Absolutepath]
Where to download the MSI for Windows. Defaults to C:\
.
This parameter only used when package_source
is an URL or when it's a puppet source (puppet://
).
Default value: undef
package_name
Data type: String
Name of Sensu agent package.
Default value: 'sensu-go-agent'
service_env_vars_file
Data type: Optional[Stdlib::Absolutepath]
Path to the agent service ENV variables file.
Debian based default: /etc/default/sensu-agent
RedHat based default: /etc/sysconfig/sensu-agent
Default value: undef
service_env_vars
Data type: Hash
Hash of environment variables loaded by sensu-agent service
Default value: {}
service_name
Data type: String
Name of the Sensu agent service.
Default value: 'sensu-agent'
service_ensure
Data type: String
Sensu agent service ensure value.
Default value: 'running'
service_enable
Data type: Boolean
Sensu agent service enable value.
Default value: true
service_path
Data type: Stdlib::Absolutepath
The path to sensu-agent service executable
Default value: '/usr/sbin/sensu-agent'
config_hash
Data type: Hash
Sensu agent configuration hash used to define agent.yml.
Default value: {}
agent_managed_entity
Data type: Boolean
Manage agent entity using agent.yml rather than API
Default value: false
backends
Data type: Optional[Array[Sensu::Backend_URL]]
Array of sensu backends to pass to backend-url
config option.
Default is ["${sensu::api_host}:8081"]
The protocol prefix of ws://
or wss://
are optional and will be determined
based on sensu::use_ssl
parameter by default.
Passing backend-url
as part of config_hash
takes precedence over this parameter.
Default value: undef
entity_name
Data type: String[1]
The value for agent.yml name
.
Passing name
as part of config_hash
takes precedence
Default value: $facts['networking']['fqdn']
subscriptions
Data type: Optional[Array[String[1]]]
The agent subscriptions to define in agent.yml
Passing subscriptions
as part of config_hash
takes precedence
Default value: undef
annotations
Data type: Optional[Hash[String[1],String]]
The agent annotations value for agent.yml
Passing annotations
as part of config_hash
takes precedence
Default value: undef
labels
Data type: Optional[Hash[String[1],String]]
The agent labels value for agent.yml
Passing labels
as part of config_hash
takes precedence
Default value: undef
namespace
Data type: String[1]
The agent namespace
Passing namespace
as part of config_hash
takes precedence
Default value: 'default'
redact
Data type: Array[String[1]]
The agent entity redact list
Passing redact
as part of config_hash
takes precedence
Defaults come from Sensu documentation:
https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/agent/#security-configuration-flags
Default value: ['password','passwd','pass','api_key','api_token','access_key','secret_key','private_key','secret']
show_diff
Data type: Boolean
Sets show_diff parameter for agent.yml configuration file
Default value: true
log_file
Data type: Optional[Stdlib::Absolutepath]
Path to agent log file, only for Windows.
Defaults to C:\ProgramData\sensu\log\sensu-agent.log
Default value: undef
agent_entity_config_provider
Data type: Enum['sensuctl','sensu_api']
The provider to use when managing sensu_agent_entity_config resources
Default value: 'sensu_api'
validate_entity
Data type: Boolean
Sets whether to validate the agent's entity before attempting to configure the entity
Default value: true
sensu::api
Class to manage the Sensu API.
Examples
include sensu::api
sensu::backend
Class to manage the Sensu backend.
Examples
include sensu::backend
Parameters
The following parameters are available in the sensu::backend
class:
version
package_name
service_env_vars_file
service_env_vars
service_name
service_ensure
service_enable
service_path
state_dir
config_hash
ssl_cert_source
ssl_cert_content
ssl_key_source
ssl_key_content
include_default_resources
include_agent_resources
manage_agent_user
agent_user_disabled
show_diff
license_source
license_content
manage_tessen
tessen_ensure
datastore
datastore_ensure
manage_postgresql_db
postgresql_name
postgresql_user
postgresql_password
postgresql_host
postgresql_port
postgresql_dbname
postgresql_sslmode
postgresql_ssl_dir
postgresql_ssl_ca_source
postgresql_ssl_ca_content
postgresql_ssl_crl_source
postgresql_ssl_crl_content
postgresql_ssl_cert_source
postgresql_ssl_cert_content
postgresql_ssl_key_source
postgresql_ssl_key_content
postgresql_pool_size
postgresql_strict
postgresql_batch_buffer
postgresql_batch_size
postgresql_batch_workers
postgresql_enable_round_robin
version
Data type: Optional[String]
Version of sensu backend to install. Defaults to installed
to support
Windows MSI packaging and to avoid surprising upgrades.
Default value: undef
package_name
Data type: String
Name of Sensu backend package.
Default value: 'sensu-go-backend'
service_env_vars_file
Data type: Optional[Stdlib::Absolutepath]
Path to the backend service ENV variables file.
Debian based default: /etc/default/sensu-backend
RedHat based default: /etc/sysconfig/sensu-backend
Default value: undef
service_env_vars
Data type: Hash
Hash of environment variables loaded by sensu-backend service
Default value: {}
service_name
Data type: String
Name of the Sensu backend service.
Default value: 'sensu-backend'
service_ensure
Data type: String
Sensu backend service ensure value.
Default value: 'running'
service_enable
Data type: Boolean
Sensu backend service enable value.
Default value: true
service_path
Data type: Stdlib::Absolutepath
The path to sensu-backend service executable
Default value: '/usr/sbin/sensu-backend'
state_dir
Data type: Stdlib::Absolutepath
Sensu backend state directory path.
Default value: '/var/lib/sensu/sensu-backend'
config_hash
Data type: Hash
Sensu backend configuration hash used to define backend.yml.
Default value: {}
ssl_cert_source
Data type: Optional[String]
The SSL certificate source This parameter is mutually exclusive with ssl_cert_content
Default value: $facts['puppet_hostcert']
ssl_cert_content
Data type: Optional[String]
The SSL certificate content This parameter is mutually exclusive with ssl_cert_source
Default value: undef
ssl_key_source
Data type: Optional[String]
The SSL private key source This parameter is mutually exclusive with ssl_key_content
Default value: $facts['puppet_hostprivkey']
ssl_key_content
Data type: Optional[String]
The SSL private key content This parameter is mutually exclusive with ssl_key_source
Default value: undef
include_default_resources
Data type: Boolean
Sets if default sensu resources should be included
Default value: true
include_agent_resources
Data type: Boolean
Sets if agent RBAC resources should be included
Default value: true
manage_agent_user
Data type: Boolean
Sets if the Sensu agent user should be managed
Default value: true
agent_user_disabled
Data type: Boolean
Sets if the Sensu agent user should be disabled
Not applicable if manage_agent_user
is false
This is useful if using agent TLS authentication
See Sensu Go - Secure Sensu
Default value: false
show_diff
Data type: Boolean
Sets show_diff parameter for backend.yml configuration file
Default value: true
license_source
Data type: Optional[String]
The source of sensu-go enterprise license. Supports any valid Puppet File sources such as absolute paths or puppet:/// Do not define with license_content
Default value: undef
license_content
Data type: Optional[String]
The content of sensu-go enterprise license Do not define with license_source
Default value: undef
manage_tessen
Data type: Boolean
Boolean that determines if Tessen is managed
Default value: true
tessen_ensure
Data type: Enum['present','absent']
Determine if Tessen is opt-in (present) or opt-out (absent)
Default value: 'present'
datastore
Data type: Optional[Enum['postgresql']]
Datastore to configure for sensu events
Default value: undef
datastore_ensure
Data type: Enum['present','absent']
The datastore ensure property. If set to absent
all
datastore parameters must still be defined.
Default value: 'present'
manage_postgresql_db
Data type: Boolean
Boolean that sets of postgresql database should be managed
Default value: true
postgresql_name
Data type: String
Name of PostgresConfig that is configured with sensuctl
Default value: 'postgresql'
postgresql_user
Data type: String
The PostgreSQL database user
Default value: 'sensu'
postgresql_password
Data type: Variant[String, Boolean]
The PostgreSQL database password
Default value: 'changeme'
postgresql_host
Data type: Stdlib::Host
The PostgreSQL host
Default value: 'localhost'
postgresql_port
Data type: Stdlib::Port
The PostgreSQL port
Default value: 5432
postgresql_dbname
Data type: String
The name of the PostgreSQL database
Default value: 'sensu'
postgresql_sslmode
Data type: Enum['disable','require','verify-ca','verify-full']
The PostgreSQL sslmode value
Default value: 'require'
postgresql_ssl_dir
Data type: Stdlib::Absolutepath
The path to store SSL related files for PostgreSQL connections
Default value: '/var/lib/sensu/.postgresql'
postgresql_ssl_ca_source
Data type: Optional[String]
The source of PostgreSQL SSL CA Do not define with postgresql_ssl_ca_content
Default value: undef
postgresql_ssl_ca_content
Data type: Optional[String]
The content of PostgreSQL SSL CA Do not define with postgresql_ssl_ca_source
Default value: undef
postgresql_ssl_crl_source
Data type: Optional[String]
The source of PostgreSQL SSL CRL Do not define with postgresql_ssl_crl_content
Default value: undef
postgresql_ssl_crl_content
Data type: Optional[String]
The content of PostgreSQL SSL CRL Do not define with postgresql_ssl_crl_source
Default value: undef
postgresql_ssl_cert_source
Data type: Optional[String]
The source of PostgreSQL SSL certificate Do not define with postgresql_ssl_cert_content
Default value: undef
postgresql_ssl_cert_content
Data type: Optional[String]
The content of PostgreSQL SSL certificate Do not define with postgresql_ssl_cert_source
Default value: undef
postgresql_ssl_key_source
Data type: Optional[String]
The source of PostgreSQL SSL private key Do not define with postgresql_ssl_key_content
Default value: undef
postgresql_ssl_key_content
Data type: Optional[String]
The content of PostgreSQL SSL private key Do not define with postgresql_ssl_key_source
Default value: undef
postgresql_pool_size
Data type: Integer
The PostgreSQL pool size
Default value: 20
postgresql_strict
Data type: Boolean
Enables strict configuration checks for PostgreSQL
Default value: false
postgresql_batch_buffer
Data type: Integer
PostgreSQL batch buffer size
Default value: 0
postgresql_batch_size
Data type: Integer
PostgreSQL batch size
Default value: 1
postgresql_batch_workers
Data type: Integer
PostgreSQL batch workers
Default value: 20
postgresql_enable_round_robin
Data type: Boolean
PostgreSQL enable round robin
Default value: false
sensu::cli
Class to manage the Sensu CLI.
Examples
class { 'sensu::cli':
password => 'secret',
}
Parameters
The following parameters are available in the sensu::cli
class:
version
package_name
install_source
install_path
configure
sensuctl_chunk_size
config_format
config_namespace
version
Data type: Optional[String]
Version of sensu-go-cli to install. Defaults to installed
to support
Windows MSI packaging and to avoid surprising upgrades.
Default value: undef
package_name
Data type: String
Name of Sensu CLI package.
Default value: 'sensu-go-cli'
install_source
Data type: Optional[Variant[Stdlib::HTTPSUrl, Stdlib::HTTPUrl, Pattern[/^(file|puppet):/]]]
Source of Sensu Go CLI download for installing on Windows. Paths with http:// or https:// will be downloaded Paths with puppet:// or file:// paths will also be installed.
Default value: undef
install_path
Data type: Optional[Stdlib::Absolutepath]
Where to install sensuctl for Windows. Default to C:\Program Files\Sensu
.
Default value: undef
configure
Data type: Boolean
Determines if sensuctl should be configured
Default value: true
sensuctl_chunk_size
Data type: Optional[Integer]
Chunk size to use when listing sensuctl resources
Default value: undef
config_format
Data type: Optional[Enum['tabular','json','wrapped-json','yaml']]
Default format for sensuctl
Default value: undef
config_namespace
Data type: Optional[String]
Default namespace for sensuctl
Default value: undef
sensu::plugins
Class to manage the Sensu plugins.
Examples
class { 'sensu::plugins':
plugins => ['disk-checks'],
extensions => ['graphite'],
}
class { 'sensu::plugins':
plugins => {
'disk-checks' => { 'version' => 'latest' },
},
extensions => {
'graphite' => { 'version' => 'latest' },
},
}
Parameters
The following parameters are available in the sensu::plugins
class:
manage_repo
Data type: Optional[Boolean]
Determines if plugin repo should be managed.
Defaults to value for sensu::manage_repo
.
Default value: undef
package_ensure
Data type: String
Ensure property for sensu plugins package.
Default value: 'installed'
package_name
Data type: String
Name of the Sensu plugins ruby package.
Default value: 'sensu-plugins-ruby'
dependencies
Data type: Array
Package dependencies needed to install plugins and extensions. Default is OS dependent.
Default value: []
gem_dependencies
Data type: Array
Gem dependencies.
Default value: []
plugins
Data type: Variant[Array, Hash]
Plugins to install
Default value: []
extensions
Data type: Variant[Array, Hash]
Extensions to install
Default value: []
sensu::resources
Define sensu resources
Parameters
The following parameters are available in the sensu::resources
class:
ad_auths
assets
bonsai_assets
checks
cluster_federations
cluster_federation_members
cluster_members
cluster_role_bindings
cluster_roles
configs
entities
etcd_replicators
filters
handlers
hooks
ldap_auths
mutators
namespaces
oidc_auths
role_bindings
roles
secrets
secrets_vault_providers
users
ad_auths
Data type: Hash
Hash of sensu_ad_auth resources
Default value: {}
assets
Data type: Hash
Hash of sensu_asset resources
Default value: {}
bonsai_assets
Data type: Hash
Hash of sensu_bonsai_asset resources
Default value: {}
checks
Data type: Hash
Hash of sensu_check resources
Default value: {}
cluster_federations
Data type: Hash
Hash of sensu_cluster_federation resources
Default value: {}
cluster_federation_members
Data type: Hash
Hash of sensu_cluster_federation_member resources
Default value: {}
cluster_members
Data type: Hash
Hash of sensu_cluster_member resources
Default value: {}
cluster_role_bindings
Data type: Hash
Hash of sensu_cluster_role_binding resources
Default value: {}
cluster_roles
Data type: Hash
Hash of sensu_cluster_role resources
Default value: {}
configs
Data type: Hash
Hash of sensu_config resources
Default value: {}
entities
Data type: Hash
Hash of sensu_entity resources
Default value: {}
etcd_replicators
Data type: Hash
Hash of sensu_etcd_replicator resources
Default value: {}
filters
Data type: Hash
Hash of sensu_filter resources
Default value: {}
handlers
Data type: Hash
Hash of sensu_handler resources
Default value: {}
hooks
Data type: Hash
Hash of sensu_hook resources
Default value: {}
ldap_auths
Data type: Hash
Hash of sensu_ldap_auth resources
Default value: {}
mutators
Data type: Hash
Hash of sensu_mutator resources
Default value: {}
namespaces
Data type: Hash
Hash of sensu_namespace resources
Default value: {}
oidc_auths
Data type: Hash
Hash of sensu_oidc_auth resources
Default value: {}
role_bindings
Data type: Hash
Hash of sensu_role_binding resources
Default value: {}
roles
Data type: Hash
Hash of sensu_role resources
Default value: {}
secrets
Data type: Hash
Hash of secrets
Default value: {}
secrets_vault_providers
Data type: Hash
Hash of sensu_secrets_vault_providers
Default value: {}
users
Data type: Hash
Hash of sensu_user resources
Default value: {}
Defined types
sensu::agent::annotation
Add agent annotation
Examples
sensu::agent::annotation { 'fatigue_check/occurrences:': value => '2' }
Parameters
The following parameters are available in the sensu::agent::annotation
defined type:
ensure
Data type: Enum['present','absent']
Ensure property of the annotation
Default value: 'present'
key
Data type: String[1]
Key of the annotation to add to agent.yml, defaults to $name
.
Default value: $name
value
Data type: String
Label value to add to agent.yml
redact
Data type: Boolean
Boolean that sets if this entry should be added to redact list
Default value: false
order
Data type: String[1]
Order of the datacat fragment
Default value: '50'
entity
Data type: Optional[String[1]]
Entity where to manage this annotation
Default value: undef
namespace
Data type: Optional[String[1]]
Namespace of entity to manage this annotation
Default value: undef
sensu::agent::config_entry
The sensu::agent::config_entry class.
Parameters
The following parameters are available in the sensu::agent::config_entry
defined type:
key
Data type: String[1]
Key of the config entry to add to agent.yml, defaults to $name
.
Default value: $name
value
Data type: Any
Config entry value to add to agent.yml
order
Data type: String[1]
Order of the datacat fragment
Default value: '50'
sensu::agent::label
Add agent label
Examples
sensu::agent::label { 'contacts': value => 'ops@example.com' }
Parameters
The following parameters are available in the sensu::agent::label
defined type:
ensure
Data type: Enum['present', 'absent']
Ensure property for the label
Default value: 'present'
key
Data type: String[1]
Key of the label to add to agent.yml, defaults to $name
.
Default value: $name
value
Data type: String
Label value to add to agent.yml
redact
Data type: Boolean
Boolean that sets if this entry should be added to redact list
Default value: false
order
Data type: String[1]
Order of the datacat fragment
Default value: '50'
entity
Data type: Optional[String[1]]
Entity where to manage this label
Default value: undef
namespace
Data type: Optional[String[1]]
Namespace of entity to manage this label
Default value: undef
sensu::agent::subscription
Add agent subscription
Examples
sensu::agent::subscription { 'mysql': }
Parameters
The following parameters are available in the sensu::agent::subscription
defined type:
subscription
Data type: String[1]
Name of the subscription to add to agent.yml, defaults to $name
.
Default value: $name
order
Data type: String[1]
Order of the datacat fragment
Default value: '50'
entity
Data type: Optional[String[1]]
Entity where to manage this subscription
Default value: undef
namespace
Data type: Optional[String[1]]
Namespace of entity to manage this subscription
Default value: undef
Resource types
sensu_ad_auth
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
Examples
Add a AD auth
sensu_ldap_auth { 'ad':
ensure => 'present',
servers => [
{
'host' => '127.0.0.1',
'port' => 389,
'binding' => {
'user_dn' => 'cn=binder,dc=acme,dc=org',
'password' => 'P@ssw0rd!'
},
'group_search' => {
'base_dn' => 'dc=acme,dc=org',
},
'user_search' => {
'base_dn' => 'dc=acme,dc=org',
},
},
],
}
Add an AD auth that uses memberOf attribute by omitting group_search
sensu_ldap_auth { 'ad':
ensure => 'present',
servers => [
{
'host' => '127.0.0.1',
'port' => 389,
'binding' => {
'user_dn' => 'cn=binder,dc=acme,dc=org',
'password' => 'P@ssw0rd!'
},
'user_search' => {
'base_dn' => 'dc=acme,dc=org',
},
},
],
}
Properties
The following properties are available in the sensu_ad_auth
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
groups_prefix
The prefix added to all LDAP groups.
servers
AD servers as Array of Hashes
Keys:
- host: required
- port: required
- group_search: optional (omit to use memberOf)
- user_search: required
- binding: optional Hash
- insecure: default is
false
- security: default is
tls
- trusted_ca_file: default is
""
- client_cert_file: default is
""
- client_key_file: default is
""
- default_upn_domain: default is
""
- include_nested_groups: Boolean
group_search keys:
- base_dn: required
- attribute: default is
member
- name_attribute: default is
cn
- object_class: default is
group
user_search Keys:
- base_dn: required
- attribute: default is
sAMAccountName
- name_attribute: default is
displayName
- object_class: default is
person
binding keys:
- user_dn: required
- password: required
username_prefix
The prefix added to all LDAP usernames.
Parameters
The following parameters are available in the sensu_ad_auth
type.
name
namevar
The name of the AD auth.
provider
The specific backend to use for this sensu_ad_auth
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
sensu_agent_entity_config
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Service[sensu-agent]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
sensu_namespace
- Puppet will autorequiresensu_namespace
resource defined innamespace
property.
Examples
Add a subscription to an agent using composite names
sensu_agent_entity_config { 'subscription value linux on sensu-agent.example.org in dev':
ensure => 'present',
}
Add an annotation to an agent using composite names
sensu_agent_entity_config { 'annotations key contacts on sensu-agent.example.org in dev':
ensure => 'present',
value => 'dev@example.com',
}
Add a subscription to an agent
sensu_agent_entity_config { 'subscription':
ensure => 'present',
config => 'subscription',
value => 'linux',
entity => 'sensu-agent.example.org',
namespace => 'dev',
}
Add an annotation to an agent
sensu_agent_entity_config { 'annotation-contacts':
ensure => 'present',
config => 'annotation',
key => 'contacts',
value => 'dev@example.com',
entity => 'sensu-agent.example.org',
namespace => 'dev',
}
Properties
The following properties are available in the sensu_agent_entity_config
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
value
The value of the config for agent entity
Parameters
The following parameters are available in the sensu_agent_entity_config
type.
agent_managed_entity
Valid values: true
, false
PRIVATE - determined by looking at agent entity labels
Default value: false
config
The name of the config to set.
entity
The entity to manage subscription
key
Key of config entry set, for labels and annotations
name
namevar
The name of the agent subscription.
The name supports composite names that can define the entity and namespace.
An example composite name to define subscription named test
on entity 'agent' in namespace dev
: test on agent in dev
namespace
The Sensu RBAC namespace that this entity belongs to.
Default value: default
provider
The specific backend to use for this sensu_agent_entity_config
resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
sensu_agent_entity_setup
NOTE This is a private type not intended to be used directly.
Parameters
The following parameters are available in the sensu_agent_entity_setup
type.
agent_managed_entity
Valid values: true
, false
Agent entity managed by agent.yml
Default value: false
name
namevar
The name of the resource.
password
Sensu API password
url
Sensu API URL
username
Sensu API username
sensu_agent_entity_validator
NOTE This is a private type not intended to be used directly.
Verify the specified agent entity exists.
Examples
Verify agent entity 'sensu-agent' exists
sensu_api_validator { 'sensu-agent':
namespace => 'dev',
}
Properties
The following properties are available in the sensu_agent_entity_validator
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the sensu_agent_entity_validator
type.
name
namevar
An entity to verify
namespace
Namespace of entity
Default value: default
provider
The specific backend to use for this sensu_agent_entity_validator
resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
timeout
The max number of seconds that the validator should wait before giving up and deciding that entity does not exist
Default value: 10
sensu_api_config
NOTE This is a private type not intended to be used directly.
Parameters
The following parameters are available in the sensu_api_config
type.
name
namevar
The name of the resource.
password
Sensu API password
url
Sensu API URL
username
Sensu API username
validate_namespaces
Valid values: true
, false
Determines of namespaces should be validated with Sensu API
Default value: true
sensu_api_validator
NOTE This is a private type not intended to be used directly.
Verify that a connection can be successfully established between a node and the sensu-backend server. Its primary use is as a precondition to prevent configuration changes from being applied if the sensu_backend server cannot be reached, but it could potentially be used for other purposes such as monitoring.
Examples
Verify API connectivity to localhost:8080
sensu_api_validator { 'sensu':
sensu_api_server => 'localhost',
sensu_api_port => 8080,
}
Properties
The following properties are available in the sensu_api_validator
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the sensu_api_validator
type.
name
namevar
An arbitrary name used as the identity of the resource.
provider
The specific backend to use for this sensu_api_validator
resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
sensu_api_port
The port that the sensu_api server should be listening on.
Default value: 8080
sensu_api_server
The DNS name or IP address of the server where sensu_api should be running.
Default value: localhost
test_url
URL to use for testing if the Sensu backend is up
Default value: /version
timeout
The max number of seconds that the validator should wait before giving up and deciding that sensu_api is not running; defaults to 30 seconds.
Default value: 30
use_ssl
Whether the connection will be attemped using https
Default value: false
sensu_asset
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
sensu_namespace
- Puppet will autorequiresensu_namespace
resource defined innamespace
property.
Examples
Create an asset with multiple builds
sensu_asset { 'test':
ensure => 'present',
builds => [
{
"url" => "https://assets.bonsai.sensu.io/981307deb10ebf1f1433a80da5504c3c53d5c44f/sensu-go-cpu-check_0.0.3_linux_amd64.tar.gz",
"sha512" => "487ab34b37da8ce76d2657b62d37b35fbbb240c3546dd463fa0c37dc58a72b786ef0ca396a0a12c8d006ac7fa21923e0e9ae63419a4d56aec41fccb574c1a5d3",
"filters" => [
"entity.system.os == 'linux'",
"entity.system.arch == 'amd64'"
],
"headers" => {
"Authorization" => "Bearer $TOKEN",
"X-Forwarded-For" => "client1, proxy1, proxy2",
}
},
{
"url" => "https://assets.bonsai.sensu.io/981307deb10ebf1f1433a80da5504c3c53d5c44f/sensu-go-cpu-check_0.0.3_linux_armv7.tar.gz",
"sha512" => "70df8b7e9aa36cf942b972e1781af04815fa560441fcdea1d1538374066a4603fc5566737bfd6c7ffa18314edb858a9f93330a57d430deeb7fd6f75670a8c68b",
"filters" => [
"entity.system.os == 'linux'",
"entity.system.arch == 'arm'",
"entity.system.arm_version == 7"
],
"headers" => {
"Authorization" => "Bearer $TOKEN",
"X-Forwarded-For" => "client1, proxy1, proxy2",
}
},
{
"url" => "https://assets.bonsai.sensu.io/981307deb10ebf1f1433a80da5504c3c53d5c44f/sensu-go-cpu-check_0.0.3_windows_amd64.tar.gz",
"sha512" => "10d6411e5c8bd61349897cf8868087189e9ba59c3c206257e1ebc1300706539cf37524ac976d0ed9c8099bdddc50efadacf4f3c89b04a1a8bf5db581f19c157f",
"filters" => [
"entity.system.os == 'windows'",
"entity.system.arch == 'amd64'"
],
"headers" => {
"Authorization" => "Bearer $TOKEN",
"X-Forwarded-For" => "client1, proxy1, proxy2",
}
}
],
}
Create an asset with composite name in dev
namespace
sensu_asset { 'test in dev':
ensure => 'present',
builds => ...
}
Properties
The following properties are available in the sensu_asset
type.
annotations
Arbitrary, non-identifying metadata to include with event data.
builds
A list of asset builds used to define multiple artifacts which provide the named asset.
Keys:
- url: required
- sha512: required
- filters: optional Array
- headers: optional Hash
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
headers
HTTP headers to appy to asset retrieval requests.
labels
Custom attributes to include with event data, which can be queried like regular attributes.
namespace
The Sensu RBAC namespace that this asset belongs to.
Default value: default
Parameters
The following parameters are available in the sensu_asset
type.
bonsai
Valid values: true
, false
Private property used by sensu_bonsai_asset type
name
namevar
The name of the asset.
The name supports composite names that can define the namespace.
An example composite name to define resource named test
in namespace dev
: test in dev
provider
The specific backend to use for this sensu_asset
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
resource_name
The name of the asset.
sensu_bonsai_asset
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
sensu_namespace
- Puppet will autorequiresensu_namespace
resource defined innamespace
property.
Examples
Install a bonsai asset
sensu_bonsai_asset { 'sensu/sensu-pagerduty-handler':
ensure => 'present',
}
Install specific version of a bonsai asset
sensu_bonsai_asset { 'sensu/sensu-pagerduty-handler':
ensure => 'present',
version => '1.2.0',
}
Install latest version of a bonsai asset
sensu_bonsai_asset { 'sensu/sensu-pagerduty-handler':
ensure => 'present',
version => 'latest',
}
Install a bonsai asset into dev
namespace using composite names
sensu_bonsai_asset { 'sensu/sensu-pagerduty-handler in dev':
ensure => 'present',
}
Properties
The following properties are available in the sensu_bonsai_asset
type.
ensure
Valid values: present
, absent
Bonsai asset state for Sensu Go asset
Default value: present
version
Valid values: latest
, /^(v)?[0-9\.]+$/
Specific version to install, or latest
Parameters
The following parameters are available in the sensu_bonsai_asset
type.
bonsai_http_proxy
Proxy to use for Bonsai HTTP requests
bonsai_name
Bonsai asset name
bonsai_namespace
Bonsai asset namespace
bonsai_no_proxy
Addresses to not proxy when making bonsai HTTP requests
name
namevar
Bonsai asset name
namespace
The Sensu RBAC namespace that this asset belongs to.
Default value: default
provider
The specific backend to use for this sensu_bonsai_asset
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
rename
Name for Sensu Go asset
sensu_check
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
sensu_namespace
- Puppet will autorequiresensu_namespace
resource defined innamespace
property.sensu_handler
- Puppet will autorequiesensu_handler
resources defined inhandlers
property.sensu_asset
- Puppet will autorequiresensu_asset
resources defined inruntime_assets
property.sensu_hook
- Puppet will autorequiresensu_hook
resources defined incheck_hooks
property.
Examples
Create a check
sensu_check { 'test':
ensure => 'present',
command => 'check-http.rb',
subscriptions => ['demo'],
handlers => ['email'],
interval => 60,
}
Create a check that has a hook
sensu_check { 'test':
ensure => 'present',
command => 'check-cpu.sh -w 75 -c 90',
subscriptions => ['linux'],
check_hooks => [
{ 'critical' => ['ps'] },
{ 'warning' => ['ps'] },
],
interval => 60,
}
Create a check with namespace dev
in the name
sensu_check { 'test in dev':
ensure => 'present',
command => 'check-http.rb',
subscriptions => ['demo'],
handlers => ['email'],
interval => 60,
}
Properties
The following properties are available in the sensu_check
type.
annotations
Arbitrary, non-identifying metadata to include with event data.
check_hooks
An array of check response types with respective arrays of Sensu hook names.
command
The check command to be executed.
cron
Valid values: /.*/
, absent
When the check should be executed, using the Cron syntax.
discard_output
Valid values: true
, false
Discard check output after extracting metrics.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
env_vars
Valid values: /.*/
, absent
An array of environment variables to use with command execution.
handlers
An array of Sensu event handlers (names) to use for events created by the check.
high_flap_threshold
Valid values: /^[0-9]+$/
, absent
The flap detection high threshold (% state change) for the check
interval
Valid values: /^[0-9]+$/
, absent
The frequency in seconds the check is executed.
labels
Custom attributes to include with event data, which can be queried like regular attributes.
low_flap_threshold
Valid values: /^[0-9]+$/
, absent
The flap detection low threshold (% state change) for the check
max_output_size
Maximum size, in bytes, of stored check outputs.
namespace
The Sensu RBAC namespace that this check belongs to.
Default value: default
output_metric_format
Valid values: nagios_perfdata
, graphite_plaintext
, influxdb_line
, opentsdb_line
, prometheus_text
, absent
The metric format generated by the check command.
output_metric_handlers
Valid values: /.*/
, absent
An array of Sensu handlers to use for events created by the check.
output_metric_tags
Custom tags you can apply to enrich metric points produced by check output metric extraction."
Consists of Array of Hashes, each Hash must contain name
and value
keys.
proxy_entity_name
Valid values: /^[\w\.\-]+$/
, absent
The entity name, used to create a proxy entity for an external resource (i.e., a network switch).
proxy_requests
Proxy requests attributes
Valid keys:
- entity_attributes - Optional Array
- splay - Optional Boolean (default: false)
- splay_coverage - Optional Integer (default: 0)
publish
Valid values: true
, false
If check requests are published for the check.
Default value: true
round_robin
Valid values: true
, false
If the check should be executed on a single entity within a subscription in a round-robin fashion.
runtime_assets
Valid values: /.*/
, absent
An array of Sensu assets (names), required at runtime for the execution of the command
secrets
Array of the name/secret pairs to use with command execution. Example: [{'name' => 'ANSIBLE_HOST', 'secret' => 'sensu-ansible-host' }]
silenced
Valid values: true
, false
If the event is to be silenced.
stdin
Valid values: true
, false
If the Sensu agent writes JSON serialized Sensu entity and check data to the command process' STDIN
Default value: false
subscriptions
An array of Sensu entity subscriptions that check requests will be sent to.
timeout
Valid values: /^[0-9]+$/
, absent
The check execution duration timeout in seconds (hard stop).
ttl
Valid values: /^[0-9]+$/
, absent
The time to live (TTL) in seconds until check results are considered stale.
Parameters
The following parameters are available in the sensu_check
type.
name
namevar
The name of the check.
The name supports composite names that can define the namespace.
An example composite name to define resource named test
in namespace dev
: test in dev
provider
The specific backend to use for this sensu_check
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
resource_name
The name of the check.
sensu_cluster_federation
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
Examples
Create a federated cluster
sensu_cluster_federation { 'us-west-2a':
ensure => 'present',
api_urls => ['http://10.0.0.1:8080','http://10.0.0.2:8080','http://10.0.0.3:8080'],
}
Properties
The following properties are available in the sensu_cluster_federation
type.
api_urls
Federated cluster backend API URLs
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the sensu_cluster_federation
type.
name
namevar
The name of the federated cluster
provider
The specific backend to use for this sensu_cluster_federation
resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
sensu_cluster_federation_member
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
Examples
Add to a federated cluster
sensu_cluster_federation_member { 'http://10.0.0.1:8080':
ensure => 'present',
cluster => 'us-west-2a',
}
Add to a federated cluster to us-west-2a
cluster using composite name
sensu_cluster_federation_member { 'http://10.0.0.1:8080 in us-west-2a':
ensure => 'present',
}
Properties
The following properties are available in the sensu_cluster_federation_member
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the sensu_cluster_federation_member
type.
api_url
API URL to add to the federated cluster, defaults to name
cluster
Federated cluster name
name
namevar
The name of the resource
provider
The specific backend to use for this sensu_cluster_federation_member
resource. You will seldom need to specify this
--- Puppet will usually discover the appropriate provider for your platform.
sensu_cluster_member
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
Examples
Add a cluster member
sensu_cluster_member { 'backend2':
ensure => 'present',
peer_urls => ['http://192.168.52.12:2380'],
}
Properties
The following properties are available in the sensu_cluster_member
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
peer_urls
Array of cluster peer URLs
Parameters
The following parameters are available in the sensu_cluster_member
type.
id
Cluster member ID - read-only
name
namevar
The name of the cluster member.
provider
The specific backend to use for this sensu_cluster_member
resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
sensu_cluster_role
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
Examples
Add a cluster role
sensu_cluster_role { 'test':
ensure => 'present',
rules => [{'verbs' => ['get','list'], 'resources' => ['checks'], 'resource_names' => ['']}],
}
Properties
The following properties are available in the sensu_cluster_role
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
rules
The rulesets that a role applies.
Parameters
The following parameters are available in the sensu_cluster_role
type.
name
namevar
The name of the role.
provider
The specific backend to use for this sensu_cluster_role
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
sensu_cluster_role_binding
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
sensu_cluster_role
- Puppet will autorequiresensu_cluster_role
resource defined inrole_ref
property.sensu_user
- Puppet will autorequiresensu_user
resources based on users and groups defined for thesubjects
property.
Examples
Add a cluster role binding
sensu_cluster_role_binding { 'test':
ensure => 'present',
role_ref => {'type' => 'ClusterRole', 'name' => 'test-role'},
subjects => [
{ 'type' => 'User', 'name' => 'test-user' }
],
}
Add a cluster role binding for a Role
sensu_cluster_role_binding { 'test':
ensure => 'present',
role_ref => {'type' => 'Role', 'name' => 'test-role'},
subjects => [
{ 'type' => 'User', 'name' => 'test-user' }
],
}
Properties
The following properties are available in the sensu_cluster_role_binding
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
role_ref
References a role in the current namespace or a cluster role.
subjects
The users or groups being assigned.
Parameters
The following parameters are available in the sensu_cluster_role_binding
type.
name
namevar
The name of the role binding.
provider
The specific backend to use for this sensu_cluster_role_binding
resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
sensu_command
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensu_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
Examples
Add sensuctl command from Bonsai asset
sensu_command { 'command-test':
ensure => 'present',
bonsai_name => 'sensu/command-test',
}
Add command from specific version of a Bonsai asset
sensu_command { 'command-test':
ensure => 'present',
bonsai_name => 'sensu/command-test',
bonsai_version => '0.4.0',
}
Add command from URL
sensu_command { 'command-test':
ensure => 'present',
url => 'https://github.com/amdprophet/command-test/releases/download/v0.0.4/command-test_0.0.4_linux_amd64.tar.gz',
sha512 => '67aeba3652def271b1921bc1b4621354ad254c89946ebc8d1e39327f69a902d91f4b0326c9020a4a03e4cfbb718b454b6180f9c39aaff1e60daf6310be66244f'
}
Properties
The following properties are available in the sensu_command
type.
bonsai_version
Valid values: latest
, /[0-9\.]+/
Specific Bonsai asset version to install, or latest
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
sha512
The checksum of the asset
url
The URL location of the asset.
Parameters
The following parameters are available in the sensu_command
type.
bonsai_name
Bonsai asset name
name
namevar
command name
provider
The specific backend to use for this sensu_command
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
sensu_entity
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
sensu_namespace
- Puppet will autorequiresensu_namespace
resource defined innamespace
property.sensu_handler
- Puppet will autorequiesensu_handler
resource defined inderegistration.handler
property.
Examples
Create an entity
sensu_entity { 'test':
ensure => 'present',
entity_class => 'proxy',
}
Create an entity with namespace dev
in the name
sensu_entity { 'test in dev':
ensure => 'present',
entity_class => 'proxy',
}
Properties
The following properties are available in the sensu_entity
type.
annotations
Arbitrary, non-identifying metadata to include with event data.
deregister
Valid values: true
, false
If the entity should be removed when it stops sending keepalive messages.
Default value: false
deregistration
A map containing a handler name, for use when an entity is deregistered.
Valid keys:
- handler - Opional - The name of the handler to be called when an entity is deregistered.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
entity_class
The entity type
labels
Custom attributes to include with event data, which can be queried like regular attributes.
last_seen
Timestamp the entity was last seen, in epoch time.
namespace
The Sensu RBAC namespace that this entity belongs to.
Default value: default
redact
List of items to redact from log messages.
subscriptions
A list of subscription names for the entity
system
System information about the entity, such as operating system and platform.
Parameters
The following parameters are available in the sensu_entity
type.
name
namevar
The name of the entity.
The name supports composite names that can define the namespace.
An example composite name to define resource named test
in namespace dev
: test in dev
provider
The specific backend to use for this sensu_entity
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
resource_name
The name of the entity.
sensu_etcd_replicator
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
Examples
Create an Etcd Replicator
sensu_etcd_replicator { 'role_replicator':
ensure => 'present',
ca_cert => '/path/to/ssl/trusted-certificate-authorities.pem',
cert => '/path/to/ssl/cert.pem',
key => '/path/to/ssl/key.pem',
insecure => false,
url => 'http://127.0.0.1:2379',
api_version => 'core/v2',
resource_name => 'Role',
replication_interval_seconds => 30,
}
Properties
The following properties are available in the sensu_etcd_replicator
type.
api_version
Sensu API version of the resource to replicate
Default value: core/v2
ca_cert
Path to an the PEM-format CA certificate to use for TLS client authentication.
cert
Path to the PEM-format certificate to use for TLS client authentication.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
insecure
Valid values: true
, false
true to disable transport security.
Default value: false
key
Path to the PEM-format key file associated with the cert to use for TLS client authentication.
namespace
Namespace to constrain replication to. If you do not include namespace, all namespaces for a given resource are replicated.
replication_interval_seconds
Valid values: /^[0-9]+$/
, absent
The interval at which the resource will be replicated
Default value: 30
resource_name
Name of the resource to replicate
url
Destination cluster URL. If specifying more than one, use a comma to separate.
Parameters
The following parameters are available in the sensu_etcd_replicator
type.
name
namevar
The name of the Etcd Replicator.
provider
The specific backend to use for this sensu_etcd_replicator
resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
sensu_filter
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
sensu_namespace
- Puppet will autorequiresensu_namespace
resource defined innamespace
property.sensu_asset
- Puppet will autorequiresensu_asset
resources defined inruntime_assets
property.
Examples
Create a filter
sensu_filter { 'test':
ensure => 'present',
action => 'allow',
expressions => ["event.entity.labels.environment == 'production'"],
}
Create a filter with namespace dev
in the name
sensu_filter { 'test in dev':
ensure => 'present',
action => 'allow',
expressions => ["event.entity.labels.environment == 'production'"],
}
Properties
The following properties are available in the sensu_filter
type.
action
Valid values: allow
, deny
Action to take with the event if the filter expressions match.
annotations
Arbitrary, non-identifying metadata to include with event data.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
expressions
Filter expressions to be compared with event data.
labels
Custom attributes to include with event data, which can be queried like regular attributes.
namespace
The Sensu RBAC namespace that this filter belongs to.
Default value: default
runtime_assets
Valid values: /.*/
, absent
Assets to be applied to the filter's execution context.
Parameters
The following parameters are available in the sensu_filter
type.
name
namevar
The name of the filter.
The name supports composite names that can define the namespace.
An example composite name to define resource named test
in namespace dev
: test in dev
provider
The specific backend to use for this sensu_filter
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
resource_name
The name of the filter.
sensu_handler
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
sensu_namespace
- Puppet will autorequiresensu_namespace
resource defined innamespace
property.sensu_filter
- Puppet will autorequiresensu_filter
resources defined infilters
property.sensu_mutator
- Puppet will autorequiresensu_mutator
resource defined formutator
property.sensu_handler
- Puppet will autorequiresensu_handler
resources defined forhandlers
property.sensu_asset
- Puppet will autorequiresensu_asset
resources defined inruntime_assets
property.
Examples
Create a handler
sensu_handler { 'test':
ensure => 'present',
type => 'pipe',
command => 'notify.rb'
}
Create a handler with namespace dev
in the name
sensu_handler { 'test in dev':
ensure => 'present',
type => 'pipe',
command => 'notify.rb'
}
Properties
The following properties are available in the sensu_handler
type.
annotations
Arbitrary, non-identifying metadata to include with event data.
command
Valid values: /.*/
, absent
The handler command to be executed.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
env_vars
Valid values: /.*/
, absent
An array of environment variables to use with command execution.
filters
Valid values: /.*/
, absent
An array of Sensu event filters (names) to use when filtering events for the handler.
handlers
Valid values: /.*/
, absent
An array of Sensu event handlers (names) to use for events using the handler set.
labels
Custom attributes to include with event data, which can be queried like regular attributes.
mutator
Valid values: /.*/
, absent
The Sensu event mutator (name) to use to mutate event data for the handler.
namespace
The Sensu RBAC namespace that this handler belongs to.
Default value: default
runtime_assets
Valid values: /.*/
, absent
An array of Sensu assets (names), required at runtime for the execution of the command
secrets
Array of the name/secret pairs to use with command execution. Example: [{'name' => 'ANSIBLE_HOST', 'secret' => 'sensu-ansible-host' }]
socket
The socket definition scope, used to configure the TCP/UDP handler socket.
Valid keys:
- host - Required - The socket host address (IP or hostname) to connect to.
- port - Required - The socket port to connect to.
timeout
Valid values: /^[0-9]+$/
, absent
The handler execution duration timeout in seconds (hard stop)
type
Valid values: pipe
, tcp
, udp
, set
The handler type.
Parameters
The following parameters are available in the sensu_handler
type.
name
namevar
The name of the handler.
The name supports composite names that can define the namespace.
An example composite name to define resource named test
in namespace dev
: test in dev
provider
The specific backend to use for this sensu_handler
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
resource_name
The name of the handler.
sensu_hook
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
sensu_namespace
- Puppet will autorequiresensu_namespace
resource defined innamespace
property.sensu_asset
- Puppet will autorequiresensu_asset
resources defined inruntime_assets
property.
Examples
Create a hook
sensu_hook { 'test':
ensure => 'present',
command => 'ps aux',
}
Create a hook with namespace dev
in the name
sensu_hook { 'test in dev':
ensure => 'present',
command => 'ps aux',
}
Properties
The following properties are available in the sensu_hook
type.
annotations
Arbitrary, non-identifying metadata to include with event data.
command
The hook command to be executed.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
labels
Custom attributes to include with event data, which can be queried like regular attributes.
namespace
The Sensu RBAC namespace that this hook belongs to.
Default value: default
runtime_assets
Valid values: /.*/
, absent
An array of Sensu assets (names), required at runtime for the execution of the command
stdin
Valid values: true
, false
If the Sensu agent writes JSON serialized Sensu entity and check data to the command process' STDIN.
Default value: false
timeout
The hook execution duration timeout in seconds (hard stop)
Default value: 60
Parameters
The following parameters are available in the sensu_hook
type.
name
namevar
The name of the hook.
The name supports composite names that can define the namespace.
An example composite name to define resource named test
in namespace dev
: test in dev
provider
The specific backend to use for this sensu_hook
resource. You will seldom need to specify this --- Puppet will usually
discover the appropriate provider for your platform.
resource_name
The name of the hook.
sensu_ldap_auth
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
Examples
Add a LDAP auth
sensu_ldap_auth { 'openldap':
ensure => 'present',
servers => [
{
'host' => '127.0.0.1',
'port' => 389,
'binding' => {
'user_dn' => 'cn=binder,dc=acme,dc=org',
'password' => 'P@ssw0rd!'
},
'group_search' => {
'base_dn' => 'dc=acme,dc=org',
},
'user_search' => {
'base_dn' => 'dc=acme,dc=org',
},
},
],
}
Add an LDAP auth that uses memberOf attribute by omitting group_search
sensu_ldap_auth { 'openldap':
ensure => 'present',
servers => [
{
'host' => '127.0.0.1',
'port' => 389,
'binding' => {
'user_dn' => 'cn=binder,dc=acme,dc=org',
'password' => 'P@ssw0rd!'
},
'user_search' => {
'base_dn' => 'dc=acme,dc=org',
},
},
],
}
Properties
The following properties are available in the sensu_ldap_auth
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
groups_prefix
The prefix added to all LDAP groups.
servers
LDAP servers as Array of Hashes
Keys:
- host: required
- port: required
- group_search: optional (omit to use memberOf)
- user_search: required
- binding: optional Hash
- insecure: default is
false
- security: default is
tls
- trusted_ca_file: default is
""
- client_cert_file: default is
""
- client_key_file: default is
""
- default_upn_domain: default is
""
group_search keys:
- base_dn: required
- attribute: default is
member
- name_attribute: default is
cn
- object_class: default is
groupOfNames
user_search Keys:
- base_dn: required
- attribute: default is
uid
- name_attribute: default is
cn
- object_class: default is
person
binding keys:
- user_dn: required
- password: required
username_prefix
The prefix added to all LDAP usernames.
Parameters
The following parameters are available in the sensu_ldap_auth
type.
name
namevar
The name of the LDAP auth.
provider
The specific backend to use for this sensu_ldap_auth
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
sensu_license
NOTE This is a private type not intended to be used directly.
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensu_api_validator[sensu]
Sensu_user[admin]
file
- Puppet will autorequirefile
resources defined infile
property.
Properties
The following properties are available in the sensu_license
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the sensu_license
type.
file
Path to license file
name
namevar
The name of the resource.
provider
The specific backend to use for this sensu_license
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
sensu_mutator
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
sensu_namespace
- Puppet will autorequiresensu_namespace
resource defined innamespace
property.sensu_asset
- Puppet will autorequiresensu_asset
resources defined inruntime_assets
property.
Examples
Create a mutator
sensu_mutator { 'example':
ensure => 'present',
command => 'example-mutator.rb',
}
Create a mutator with namespace dev
in the name
sensu_mutator { 'example in dev':
ensure => 'present',
command => 'example-mutator.rb',
}
Properties
The following properties are available in the sensu_mutator
type.
annotations
Arbitrary, non-identifying metadata to include with event data.
command
The mutator command to be executed.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
env_vars
Valid values: /.*/
, absent
An array of environment variables to use with command execution.
labels
Custom attributes to include with event data, which can be queried like regular attributes.
namespace
The Sensu RBAC namespace that this mutator belongs to.
Default value: default
runtime_assets
Valid values: /.*/
, absent
An array of Sensu assets (names), required at runtime for the execution of the command
secrets
Array of the name/secret pairs to use with command execution. Example: [{'name' => 'ANSIBLE_HOST', 'secret' => 'sensu-ansible-host' }]
timeout
Valid values: /^[0-9]+$/
, absent
The mutator execution duration timeout in seconds (hard stop)
Parameters
The following parameters are available in the sensu_mutator
type.
name
namevar
The name of the mutator.
The name supports composite names that can define the namespace.
An example composite name to define resource named test
in namespace dev
: test in dev
provider
The specific backend to use for this sensu_mutator
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
resource_name
The name of the mutator.
sensu_namespace
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
Examples
Add an namespace
sensu_namespace { 'test':
ensure => 'present',
}
Properties
The following properties are available in the sensu_namespace
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the sensu_namespace
type.
name
namevar
The name of the namespace.
provider
The specific backend to use for this sensu_namespace
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
sensu_oidc_auth
Autorequires:
Package[sensu-go-cli]
Service[sensu-backend]
Sensuctl_configure[puppet]
Sensu_api_validator[sensu]
Sensu_user[admin]
Examples
Add an Active Directory auth
sensu_oidc_auth { 'oidc':
ensure => 'present',
additional_scopes => ['email','groups'],
client_id => '0oa13ry4ypeDDBpxF357',
client_secret => 'DlArQRfND4BKBUyO0mE-TL2PWOVwyGjIO1fdk9gX',
groups_claim => 'groups',
groups_prefix => 'oidc:',
redirect_uri => 'https://sensu-backend.example.com:8080/api/enterprise/authentication/v2/oidc/callback',
server => 'https://idp.example.com',
username_claim => 'email',
username_prefix => 'oidc:'
}
Properties
The following properties are available in the sensu_oidc_auth
type.
additional_scopes
Scopes to include in the claims
client_id
The OIDC provider application "Client ID"
client_secret
The OIDC provider application "Client Secret"
disable_offline_access
What are tasks?
Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.
Tasks in this module release
Changelog
v5.11.1 (2023-03-24)
Fixed
v5.11.0 (2023-03-16)
Added
v5.10.1 (2023-03-01)
Fixed
v5.10.0 (2023-02-27)
Added
v5.9.0 (2022-10-28)
Added
Merged Pull Requests
- Remove namespace validation for agents #1327 (treydock)
- Fix sensu_api_port spelling in sensu_api_validator example #1317 (robmcelhinney)
- Fix beaker acceptance tests #1316 (treydock)
- Set SensuAPIValidator timeout comments to 30 seconds #1315 (robmcelhinney)
- Update links to Sensu docs pages in README and REFERENCE #1311 (hillaryfraley)
- Add Dependabot #1310 (ghoneycutt)
v5.8.0 (2021-03-15)
Added
v5.7.0 (2021-02-17)
Added
Fixed
v5.6.0 (2021-01-23)
Added
Merged Pull Requests
v5.5.1 (2020-12-31)
Fixed
Merged Pull Requests
- Vagrant #1294 (ghoneycutt)
v5.5.0 (2020-12-15)
Added
v5.4.0 (2020-12-09)
Added
- Add token_file parameter to sensu_secrets_vault_provider #1291 (treydock)
- Remove Debian 8 support, is EOL #1290 (treydock)
- [ci skip] README updates for where to define resources #1287 (treydock)
Fixed
- Remove EL6 acceptance tests that fail after EOL #1293 (treydock)
- Update documentation for secrets property #1289 (treydock)
v5.3.1 (2020-11-06)
Fixed
Merged Pull Requests
- [ci skip] Style updates to puppet code in README #1285 (ghoneycutt)
v5.3.0 (2020-10-28)
Added
Fixed
v5.2.1 (2020-10-17)
Fixed
- Fix for when version query returns malformed version #1279 (treydock)
- Document breaking changes upgrading to 5.x #1277 (treydock)
v5.2.0 (2020-10-12)
Added
v5.1.0 (2020-10-08)
Added
v5.0.0 (2020-09-08)
Changed
Added
- Remove acceptance test skipping for plugins #1272 (treydock)
- Make sensu_ad_auth group_search optional #1266 (treydock)
- Add sensu::backend_upgrade task #1265 (treydock)
v4.13.1 (2020-08-13)
Fixed
v4.13.0 (2020-08-10)
Added
Fixed
v4.12.0 (2020-07-05)
Added
v4.11.0 (2020-06-29)
Added
- READ DESCRIPTION: Improved handling of passwords for sensu_user #1251 (treydock)
- Add check name to ArgumentError #1249 (amccrea)
Merged Pull Requests
- Fix Windows acceptance tests and update Postgresql dependency range #1252 (treydock)
- Fix acceptance tests #1250 (treydock)
v4.10.0 (2020-04-19)
Added
- Improved validations around labels and annotations #1245 (treydock)
- Better support for agent redact #1241 (treydock)
Fixed
Merged Pull Requests
- Change how it's determined when to run specific acceptance tests #1243 (treydock)
- Attempt to speed up acceptance tests #1242 (treydock)
v4.8.0 (2020-04-13)
Added
v4.7.1 (2020-04-07)
Fixed
Merged Pull Requests
v4.7.0 (2020-03-21)
Added
Merged Pull Requests
- Avoid facter 4, breaks unit tests #1232 (treydock)
- Add example usage for LDAP #1231 (ghoneycutt)
- Fix acceptance tests #1229 (treydock)
v4.6.0 (2020-03-07)
Added
Fixed
Merged Pull Requests
v4.5.1 (2020-02-12)
v4.5.0 (2020-02-08)
v4.4.1 (2020-02-01)
v4.4.0 (2020-01-31)
v4.3.0 (2020-01-29)
v4.2.1 (2020-01-29)
v4.2.0 (2020-01-20)
v4.1.0 (2020-01-15)
v4.0.0 (2020-01-10)
v3.14.0 (2019-12-01)
v3.13.0 (2019-11-26)
v3.12.0 (2019-11-25)
v3.11.0 (2019-11-12)
v3.10.0 (2019-10-31)
v3.9.0 (2019-10-10)
v3.8.0 (2019-09-02)
v3.7.0 (2019-08-26)
v3.6.0 (2019-08-16)
v3.5.0 (2019-07-22)
v3.4.1 (2019-07-19)
v3.4.0 (2019-07-11)
v3.3.0 (2019-05-18)
v3.2.0 (2019-05-06)
v3.1.0 (2019-04-19)
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/stdlib (>= 5.1.0 < 7.0.0)
- richardc/datacat (>= 0.6.0 < 2.0.0)
- puppetlabs/postgresql (>= 6.4.0 < 8.0.0)
- camptocamp/systemd (>= 2.0.0 < 4.0.0)
Copyright (c) 2013 James Turnbull, Jeremy Carroll, Justin Lambert, Tim Sharpe Copyright (C) 2017-2021 Garrett Honeycutt <code@garretthoneycutt.com> Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.