cookbook 'sensu-go', '~> 1.4.0'
sensu-go (8) Versions 1.4.0 Follow0
Installs/Configures Sensu Go
cookbook 'sensu-go', '~> 1.4.0', :supermarket
knife supermarket install sensu-go
knife supermarket download sensu-go
sensu-go
[Under Construction] Chef Cookbook for The Sensu Go project
Community
Sensu is discussed in many places but typically the best place to get adhoc general help is through or community slack in #chef
channel.
Scope
This Chef Cookbook is for installing & configuring Sensu 5.x
See the sensu cookbook if you wish to manage Sensu 1.x via Chef.
Requirements
- Chef 15.0 or higher.
- Network accessible package repositories.
Platform Support
The following platforms have been tested with Test Kitchen. It will most likely work on other platforms as well.
Platform | Supported Version |
---|---|
0.0.1 | |
amazonlinux | X |
amazonlinux-2 | X |
centos-6 | X |
centos-7 | X |
fedora | X |
ubuntu-16.04 | X |
ubuntu-18.04 | X |
ubuntu-20.04 | X |
windows-2012r2 | Agent Only |
windows-2016 | Agent Only |
windows-2019 | Agent Only |
Cookbook Dependencies
Usage
This is a library style cookbook that provides a set of resources to install and configure the Sensu 5.x environment in a composable way. It is intended to be used in your own wrapper cookbook suited to your specific needs. You can see a very simple example usage in the default recipe of the sensu_test cookbook that is included in this repo. This recipe is used as part of integration testing.
- add
depends 'sensu-go'
to the metadata.rb for your cookbook. - use the provided resources in your cookbook
sensu_backend 'default' do action [:install, :init] end sensu_agent 'default' sensu_ctl 'default' do action [:install, :configure] end sensu_check 'cron' do command '/bin/true' cron '@hourly' subscriptions %w(dad_jokes production) handlers %w(pagerduty email) annotations(runbook: 'https://www.xkcd.com/378/') publish false ttl 100 high_flap_threshold 60 low_flap_threshold 20 action :create end # data bag contains url, checksum for asssets assets = data_bag_item('sensu', 'assets') assets.each do |name, property| next if name == 'id' sensu_asset name do url property['url'] sha512 property['checksum'] end end sensu_handler 'slack' do type 'pipe' command 'handler-slack --webhook-url https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX --channel monitoring' end sensu_filter 'production_filter' do filter_action 'allow' expressions [ "event.Entity.Environment == 'production'", ] end sensu_mutator 'example-mutator' do command 'example_mutator.rb' timeout 60 end
Testing
For more details look at the [TESTING.md](./TESTING.md).
Resource Overview
These resources primarily work by writing the Sensu 5.x object definitions to a local path and then using the sensuctl command line to reconfigure the definitions known to the sensu backend.
- sensu_backend: Install and configure the Sensu backend
- sensu_agent: Install and configure the Sensu agent
- sensu_ctl: Install and configure the sensuctl
- sensu_check: Configure Sensu checks
- sensu_handler: Configure check handlers
- sensu_hook: Configure Sensu hooks for use with checks
- sensu_filter: Configure Sensu filters
- sensu_mutator: Configure Sensu mutators
- sensu_asset: Configure Sensu assets for use with checks
- sensu_namespace: Configure Sensu namespaces
- sensu_entity: Configure Sensu entities
- sensu_role: Configure Sensu RBAC roles
- sensu_role_binding: Configure Sensu RBAC role bindings
- sensu_cluster_role: Configure Sensu RBAC cluster roles
- sensu_cluster_role_binding: Configure Sensu RBAC cluster role bindings
- sensu_postgres_config: Configure Sensu to use a Postgres DB for event storage
- sensu_active_directory: Configure Sensu to use Active Directory authentication
- sensu_auth_ldap: Configure Sensu to use LDAP Authentication
- sensu_auth_oidc: Configure Sensu to use OIDC Authentication
- sensu_secret: Configure Sensu secrets
- sensu_secrets_provider: Configure Sensu secrets providers
- sensu_etcd_replicator: Configure Sensu etcd replication
- sensu_search: Configure Sensu saved searches
- sensu_global_config: Configure Sensu global Web UI settings
- sensu_tessen_config: Configure Sensu analytics preferences
- sensu_user: Configure Sensu non SSO managed RBAC users
Resource Details
Common properties
Sensu resources that support metadata attributes share these common properties:
-
namespace
the Sensu RBAC namespace that this check belongs to, default: default -
labels
custom extended attributes to add to the check -
annotations
custom extended attributes to add to the check
name
metadata will be set automatically from the resource name
sensu_backend
The sensu backend resource can configure the core sensu backend service.
Properties
-
version
which version to install, default: latest -
repo
which repo to pull package from, default: sensu/stable. If using private yum or apt repository, this is the baseurl/uri. -
config_home
where to store the generated object definitions, default: /etc/sensu -
config
a hash of configuration, default: { 'state-dir': '/var/lib/sensu/sensu-backend'} -
distribution
possible values: commercial, source. Requires a valid yum or apt repository for installation. default: commercial -
gpgkey
To be used with a package built from source. The GPG key for the package. -
username
the username to initialize the backend with -
password
the password to initialize the backend with
Examples
sensu_backend 'default'
For using packages built from source:
sensu_backend 'default' do
distribution 'source'
repo 'https://my-custom-repo.com/yum/$releasever/$basearch/'
end
Optionally pass configuration values for the backend:
(insecure example, don't really do this)
sensu_backend 'default' do repo 'sensu/stable' config({'state-dir' => '/var/lib/sensu/sensu-backend', 'trusted-ca-file' => "/some/local/path.pem", 'insecure-skip-tls-verify' => true}) end
sensu_agent
The sensu agent resource will install and configure the agent. As of Sensu Go 6.0.0, it is no longer possible to update an existing agent configuration with this resource, and an agent entity should be made via sensu_entity.
NOTE: windows agent install is pinned to version 5.10 until available in a consumable package format (likely chocolately)
Properties
-
version
which version to install, default: latest -
repo
which repo to pull package from, default: sensu/stable -
config_home
where to store the generated object definitions, default: /etc/sensu -
config
a hash of configuration
Examples
sensu_agent 'default'
(insecure example, don't really do this)
sensu_agent 'default' do config( "name": node['fqdn'], "namespace": "default", "backend-url": ["wss://sensu-backend.example.com:8081"], "insecure-skip-tls-verify": true, "subscriptions": ["centos", "haproxy"], "labels": { "app_id": "mycoolapp", "app_tier": "loadbalancer" }, "annotations": { "color": "green" } ) end
sensu_ctl
Installs and configures the sensuctl cli
Properties
-
version
which version to install, default: latest -
repo
which repo to pull package from, default: sensu/nightly -
username
username for connecting to the sensu backend -
password
password for connecting to the sensu backend -
backend_url
url for the sensu backend, default:http://127.0.0.1:8080
Examples
sensu_ctl 'default'
sensu_ctl 'default' do backend_url 'https://sensu.startup.horse' end
sensu_check
The sensu_check resource is used to define check objects.
Properties
-
config_home
default: /etc/sensu -
check_hooks
an array of hook name to run in response to the check -
command
required the check command to execute -
cron
a schedule for the check, in cron format or a predefined schedule -
handlers
an array of handlers to run in response to the check, default: [] -
high_flap_threshold
The flap detection high threshold, in percent -
interval
The frequency in seconds the check is executed. -
low_flap_threshold
The flap detection low threshold, in percent -
namespace
the Sensu RBAC namespace that this check belongs to, default: default -
proxy_entity_name
Used to create a proxy entity for an external resource -
proxy_requests
A Sensu Proxy Request, representing Sensu entity attributes to match entities in the registry. -
publish
If check requests are published for the check -
round_robin
If the check should be executed in a round robin fashion -
runtime_assets
An array of Sensu assets required at runtime for the execution of thecommand
-
secrets
An array of hashes of name/secret pairs to use with command execution -
stdin
If the Sensu agent writes JSON serialized entity and check data to the command process' STDIN -
subscriptions
required an array of Sensu entity subscriptions that check requests will be sent to -
timeout
The check execution duration timeout in seconds -
ttl
The value in seconds until check results are considered stale -
output_metric_format
(optional) the metric format that the output of this check conforms to -
output_metric_handlers
(optional) an array of handlers for output metrics from this check
Examples
sensu_check 'cron' do command '/bin/true' cron '@hourly' subscriptions %w(dad_jokes) handlers %w(pagerduty email) annotations(runbook: 'https://www.xkcd.com/378/') publish false ttl 100 high_flap_threshold 60 low_flap_threshold 20 action :create end # Since this is a ruby based script, the check below defines two runtime_assets. # One is the ruby-runtime asset, the other is the actual disk usage asset sensu_check 'disk' do command 'check-disk-usage.rb -t xfs -w 95 -c 99' interval 60 subscriptions %w(linux) handlers %w(pagerduty splunk) publish true ttl 100 runtime_assets ['sensu-ruby-runtime', 'sensu-plugins-disk-checks'] action :create end
sensu_handler
Properties
-
command
the command to run only allowd if type is pipe -
env_vars
an array of environment variables to use with command execution only allowed if type is pipe -
filters
an array of Sensu event filter names to use -
handlers
an array of Sensu event handler names to use for events -
mutator
mutator to use to mutate event data for the handler -
namespace
the Sensu RBAC namespace that this check belongs to, default: default -
runtime_assets
An array of Sensu assets required at runtime for the execution of thecommand
-
secrets
an array of hashes of name/secret pairs to use with command execution -
socket
the socket definition scope, used to configure the TCP/UDP handler socket -
timeout
the handler execution duration timeout in seconds, only used with pipe and tcp types -
type
required handler type, one of pipe, tcp, udp or set
Examples
sensu_handler 'tcp_handler' do type 'tcp' socket({host: '10.0.1.99', port: 4444 }) timeout 30 end
sensu_hook
Used to define hooks for sensu checks
Properties
-
command
required command to be executed -
namespace
the Sensu RBAC namespace that this check belongs to, default: default -
timeout
duration timeout in seconds (hard stop) -
stdin
If the Sensu agent writes JSON serialized Sensu entity and check data to the command process’ STDIN. The command must expect the JSON data via STDIN, read it, and close STDIN. This attribute cannot be used with existing Sensu check plugins, nor Nagios plugins etc, as Sensu agent will wait indefinitely for the hook process to read and close STDIN
Examples
sensu_hook 'restart_nginx' do command 'sudo systemctl start nginx' timeout 60, stdin false end
sensu_hook 'process_tree' do command 'ps aux' timeout 60, stdin false end
sensu_filter
Used to define filters for sensu checks
Properties
-
filter_action
required action to take with the event if the filter statements match. One of:allow
,deny
-
expressions
required filter expressions to be compared with event data. -
namespace
the Sensu RBAC namespace that this check belongs to, default: default -
when
the when definition scope, used to determine when a filter is applied with time windows
Examples
sensu_filter 'production_filter' do filter_action 'allow' expressions [ "event.Entity.Environment == 'production'", ] end
sensu_filter 'state_change_only' do filter_action 'allow' expressions [ "event.Check.Occurrences == 1" ] end
sensu_mutator
A handler can specify a mutator to transform event data. This resource can define named resources to be used by handlers.
Properties
-
command
required the command to run -
env_vars
an array of environment variables to use with command execution -
namespace
the Sensu RBAC namespace that this check belongs to, default: default -
secrets
an array of hashes of name/secret pairs to use with command execution -
timeout
the execution duration timeout in seconds
Examples
The following defines a filter that uses a Sensu plugin called example_mutator.rb
to modify event data prior to handling the event.
sensu_mutator 'example-mutator' do command 'example_mutator.rb' timeout 60 end
sensu_asset
At runtime the agent can sequentially fetch assets and store them in its local cache but these must first be defined by name for the sensu backend.
Properties
-
filters
a set of filter criteria used by the agent to determine of the asset should be installed. -
sha512
required the checksum of the asset. -
url
required the URL location of the asset. -
namespace
the Sensu RBAC namespace that this check belongs to, default: default -
builds
List, defines multiple artifacts that provide the named asset. -
headers
Optional HTTP headers to apply to dynamic runtime asset retrieval
Examples
sensu_asset 'asset_example' do url 'http://example.com/asset/example.tar' sha512 '4f926bf4328fbad2b9cac873d117f771914f4b837c9c85584c38ccf55a3ef3c2e8d154812246e5dda4a87450576b2c58ad9ab40c9e2edc31b288d066b195b21b' filters [ "System.OS==linux" ] end
sensu_namespace
A Namespace partitions resources within Sensu, this replaces organizations/environments. The resource name is the namespace name.
Examples
sensu_namespace 'example_namespace' do action :create end
sensu_entity
An entity is a representation of anything that needs to be monitored. From Sensu Go 6.0.0 onward, updates of an existing agent entity's subscriptions, labels, annotations, and attributes should be done via this resource, as updating via sensu_agent
will be ignored.
Properties
-
entity_class
required the entity type, should be eitheragent
orproxy
. -
deregister
Whether or not the entity should be removed from Sensu once the Sensu agent process's keepalive dies. Not needed for proxy entities. -
deregistration
Hash of handlers for use when the entity is deregistered. Not needed for proxy entities. -
namespace
the Sensu RBAC namespace that this check belongs to, default: default -
redact
List of items to redact from log messages and dashboard. If a value is provided, it overwrites the default list of items to be redacted. -
sensu_agent_version
Version of the agent entity running on the machine. Not needed for proxy entities. -
subscriptions
An array of subscriptions. If no subscriptions are provided, it defaults to an entity-specific subscription list:[entity:{ID}]
. -
system
A hash of system information about the entity. A full list of attributes that can be used can be found here. -
user
Sensu RBAC username used by the entity.
Examples
This example assumes that you've designed your proxy check to look for subscriptions (e.g., "entity.subscriptions.indexOf('hypervisor') >= 0" for the proxy_requests
' entity_attributes
).
sensu_entity 'example-hypervisor-entity' do entity_class 'proxy' subscriptions ['hypervisor'] redact ['snmp_community_string'] system( 'hostname': 'example-hypervisor', 'platform': 'Citrix Hypervisor', 'platform_version': '8.1.0', 'network': { 'interfaces': [ { 'name': 'lo', 'addresses': ['127.0.0.1/8'], }, { 'name': 'xapi0', 'mac': '52:54:00:20:1b:3c', 'addresses': ['172.0.1.72/24'], }, ], }, ) end
This example provides a proxy check for the label where proxy_requests
entity_attributes
matches "entity.labels.proxy_type == 'website'"
. You must define both the entity and the check in your chef recipe.
Define the entity resource:
sensu_entity 'example-website-entity' do entity_class 'proxy' labels ( 'proxy_type': 'website', 'url': 'https://my-website-url.com' ) end
And define the corresponding proxy check resource:
sensu_check 'proxy_check_proxy_requests' do proxy_entity_name 'example-website-entity' proxy_requests(entity_attributes: [ "entity.labels.proxy_type == 'website'"]) subscriptions %w(proxy) handlers %w(pagerduty email) command 'http_check.sh {{ .labels.url }}' interval 60 publish true action :create end
Note that this check uses token substitution so the command must be in single quotes.
Consult the proxy check section of the checks reference documentation for further details.
sensu_role
The combination of Roles and RoleBindings grant users and groups permissions to resources within a namespace. Roles describe which resources and verbs a subject has access to.
Properties
-
rules
required an array of hashes, describing permissions granted by the role. See Role and Cluster Role Rule attribute specification for details.
sensu_role_binding
The combination of Roles and RoleBindings grant users and groups permissions to resources within a namespace. RoleBindings describe the association of a role with one or more subjects.
Properties
-
role_name
required the name of the role -
role_type
required the role type, eitherRole
orClusterRole
-
subjects
required an array of hashes, each describing thename
andtype
of a subject which is granted the permissions described by the named role.
See Role binding and Cluster Role binding specification for additional details.
sensu_cluster_role
The combination of ClusterRoles and ClusterRoleBindings grant users and groups permissions to resources across all namespaces. ClusterRoles describe which resources and verbs a subject has access to.
Properties
-
rules
required an array of hashes, describing permissions granted by the role. See Role and Cluster Role Rule attribute specification for details.
sensu_cluster_role_binding
The combination of ClusterRoles and ClusterRoleBindings grant users and groups permissions to resources within a namespace. ClusterRoleBindings describe the association of a role with one or more subjects.
Properties
-
role_name
required the name of the role -
role_type
required the role type, eitherRole
orClusterRole
-
subjects
required an array of hashes, each describing thename
andtype
of a subject which is granted the permissions described by the named role.
sensu_postgres_config
Configure Sensu to store events in a PostgreSQL database.
Properties
-
dsn
required A string specifying the data source names as a URL or PostgreSQL connection string. -
pool_size
An integer value for the maximum number of PostgreSQL connections to maintain.
See PostgreSQL docs for more information about connection strings.
Examples
sensu_postgres_config 'default' do dsn "postgresql://sensu:pgtesting123@127.0.0.1:5432/sensu_events?sslmode=disable" pool_size 10 end
sensu_active_directory
An active directory configuration to be applied to Sensu Go (commercial feature).
Properties
-
groups_prefix
Prefix for groups to include. -
username_prefix
Prefix for users to include. -
servers
required An array of active directory servers to connect to, including all of their properties.
Examples
sensu_active_directory 'active_directory' do servers [{ 'host': '127.0.0.1', 'group_search': { 'base_dn': 'dc=acme,dc=org', }, 'user_search': { 'base_dn': 'dc=acme,dc=org', }, }] end
sensu_auth_oidc
An OIDC configuration applied to Sensu Go (commercial feature). Configuring OIDC is beyond the scope of this document, consult the sensu documentation for OpenID Connect authentication and for Registering an OIDC application
-
additional_scopes
Scopes to include in the claims, in addition to the defaultopenid
scope. -
client_id
required -
client_secret
required The OIDC provider Client Secret. This value should be dynamically retrieved from a secret store such as chef-vault disable_offline_access
redirect_uri
-
server
required The location of the OIDC server you wish to authenticate against. groups_claim
groups_prefix
username_prefix
username_claim
resource_type
Examples
sensu_auth_oidc 'fake_okta' do additional_scopes ["groups", "email"] client_id "a8e43af034e7f2608780" # Demo only! The client secret value should come from somewhere like chef-vault client_secret "b63968394be6ed2edb61c93847ee792f31bf6216" redirect_uri "http://sensu-backend.example.com:8080/api/enterprise/authentication/v2/oidc/callback" server "https://oidc.example.com:9031" end
sensu_auth_ldap
An ldap configuration to be applied to Sensu Go (commercial feature).
Properties
-
groups_prefix
Prefix for groups to include. -
username_prefix
Prefix for users to include. -
servers
required An array of ldap servers to connect to, including all of their properties as hashes. See LDAP authentication
Examples
sensu_auth_ldap 'openldap' do servers [{ 'host': '127.0.0.1', 'group_search': { 'base_dn': 'dc=acme,dc=org', 'attribute': 'member' 'object_class': 'groupOfNames' }, 'user_search': { 'base_dn': 'dc=acme,dc=org', 'attribute': 'uid', 'name_attribute': 'cn', 'object_class': 'person' }, }] end
sensu_secret
Create a secret that Sensu can grab from a secret provider so that sensitive information is not exposed (commercial feature).
Properties
-
id
required The key to use to retrive the secret. For the Env secrets provider, this is the environment variable. For the Vault secrets provider, this is the path and key in the form ofsecret/path#key
. Currently, the Vault secrets provider does not support any base engine paths other than "secret/" for v2 K/V secrets engine. -
namespace
the Sensu RBAC namespace that this check belongs to, default: default -
secrets_provider
required Name of the provider, all in lowercase, ex:'env'
,'vault'
Examples
Environment secret referencing the environment variable CONSUL_TOKEN
on the backend server:
sensu_secret 'sensu-consul-token' do id 'CONSUL_TOKEN' secrets_provider 'env' end
Vault secret referencing the key token
at the path secret/consul
:
sensu_secret 'sensu-consul-token' do id 'secret/consul#token' secrets_provider 'vault' end
sensu_secrets_provider
Create a secret provider for Sensu to connect to for secrets (commercial feature). Currently supports only Vault integration or Sensu Go's built-in secrets provider.
Either a token or a TLS hash must be provided.
Properties
-
address
required Vault server address. -
max_retries
Maximum number of times to retry connecting to the Vault provider. -
provider_type
Secret provider to use. Default:'Env'
-
rate_limiter
Hash of rate and burst limits for the Vault API. -
timeout
Connection timeout for provider. -
tls
Hash of certificate information required to access Vault. -
token
Vault token to use for authentication. -
version
Version of the Vault KV secrets engine you're trying to access. Default:'v2'
Examples
Minimal with token:
sensu_secrets_provider 'vault' do address 'https://vaultserver.example.com:8200' end provider_type 'VaultProvider' token 'yourVaultToken'
Complete with TLS:
sensu_secrets_provider 'vault' do address 'https://vaultserver.example.com:8200' max_retries 2 provider_type 'VaultProvider' rate_limiter( 'limit': 10, 'burst': 100 ) tls('ca_cert': '/path/to/your/ca.pem', 'client_cert': '/path/to/backend/pem/for/vault.pem', 'client_key': '/path/to/backend/key/for/vault.pem', 'cname': 'sensu-backend.example.com' ) timeout '60s' version 'v2' end
sensu_etcd_replicator
Etcd replicators allow you to manage RBAC resources in one place and mirror the changes to follower clusters. This resource allows you to set up etcd mirrors for one-way key replication (commercial feature).
Properties
-
ca_cert
Path to an the PEM-format CA certificate to use for TLS client authentication. Required if using default transport security -
cert
Path to the PEM-format certificate to use for TLS client authentication. Required if using default transport security -
key
Path to the PEM-format key file associated with the cert to use for TLS client authentication. Required if using default transport security -
insecure
Set to true to disable transport security. Not Recommended. Default:false
-
url
Destination cluster URL. Use comma separated list in single quotes for more than one. -
api_version
API version of the resource to replicate. -
resource
Name of the resource to replicate. -
namespace
Namespace to replicate or all namespaces for a given resource type if not set. -
replication_interval_seconds
Interval in seconds for replication.
Examples
sensu_etcd_replicator 'insecure_role_replicator' do insecure true # NOTE: Disable transport security with care. url 'http://127.0.0.1:2379' resource 'Role' end sensu_etcd_replicator 'role_replicator' do cert '/etc/ssl/fake.pem' key '/etc/ssl/fake.key' url 'http://127.0.0.1:2379' resource 'Role' end sensu_etcd_replicator 'role_binding_replicator' do cert '/etc/ssl/fake.pem' key '/etc/ssl/fake.key' url 'http://127.0.0.1:2379' resource 'RoleBinding' end
sensu_search
Create a save search that can be used in the Sensu web interface (commercial feature).
Properties
-
namespace
namespace for the save search -
parameters
required parameters the search will apply -
resource
required fully qualified name of the resource
Examples
sensu_search 'check-config' do parameters [ "published:true", "subscription:linux", "labelSelector: region == \"us-west-1\"" ] resource 'core.v2/CheckConfig' end
sensu_global_config
Web UI configuration allows you to define certain display options for the Sensu web UI, such as which web UI theme to use, the number of items to list on each page, and which URLs and linked images to expand. You can define a single custom web UI configuration to federate to all, some, or only one of your clusters (commercial feature).
Properties
-
always_show_local_cluster
Display the current cluster in federated environments -
default_preferences
Global defaults for page size and theme -
link_policy
Policy for what domains are valid and invalid targets
Examples
sensu_global_config 'custom-web-ui' do default_preferences(page_size: 50, theme: "deuteranopia") link_policy(allow_list: true, urls: [ "https://example.com", "steamapp://34234234", "//google.com", "//*.google.com", "//bob.local" ]) end
sensu_tessen_config
Tessen sends anonymized data about Sensu instances to Sensu Inc., including the version, cluster size, number of events processed, and number of resources created. This resource allows users to control their preference for cluster analytics collection.
This does not affect licensed Sensu instances since Tessen is enabled by default and required in those cases.
Properties
-
opt_out
Set totrue
to opt out of default analytics collection
Examples
sensu_tessen_config 'default' do opt_out true end
sensu_user
Manage non SSO sensu users. This resource requires a bcrypt password hash, you can use sensuctl user hash-password
to generate one.
Properties
-
username
String, username to manage. -
password_hash
required, String. -
groups
Array of RBAC groups for the user -
disabled
enable or disable a user
Examples
# Disable someone who had their password exposed sensu_user 'doofus' do password_hash '$2y$12$OrEQ61blxyTFi3PJHeJ94ej/Z857eSAnAdlSD4Kn7ywItTLrzTqVy' groups %w(view admin managers) disabled true end # Add a user with only view rights. sensu_user 'reinstated' do password_hash '$2y$12$yga83H/KqKFKDYnLogQ6CeN3xrFmhVwMdVkh.hRPX/BhF2NJfYq8O' groups %w(view) end
License & Authors
If you would like to see the detailed LICENSE click [here](./LICENSE).
- Author:: Sensu support@sensuapp.com
Copyright (c) 2020 Sensu Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Dependent cookbooks
packagecloud >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Change Log
This project adheres to Semantic Versioning.
This CHANGELOG follows the format located here
Unreleased
1.4.0 - 2020-03-10
Fixed
- Added empty systemd unit file to auto reload the unit configuration before we restart (@ValkyrieOps) - #131
Added
- Introduced CI/CD testing for windows for agent and ctl (@derekgroh)
1.3.0 - 2020-10-28
Fixed
- Fixed outfile for sensuctl install for Windows, as well as preventing unnecessary downloads for install. Fixed configure action for Windows that was unable to parse array. (@kovukono)
- Fixed
sensu_ctl
resource to only extract downloads on new versions, not every chef run (@webframp)
Added
-
sensu_auth_oidc
resource added (@webframp) -
sensu_auth_ldap
resource for ldap integration. (@webframp) -
sensu_etcd_replicator
resource for managing cluster RBAC federation (@webframp) -
sensu_search
resource added (@webframp) -
sensu_global_config
resource to manage web ui configuration (@webframp) -
sensu_tessen_config
resource to manage tessen analytics preference (@webframp) -
sensu_user
resource to manage non SSO users (@webframp)
Changed
- Rename
:ad_servers
property ofsensu_active_diretory
resource to:auth_servers
. For consistency withsensu_auth_ldap
resource this property was renamed and will be removed in a future cookbook version. (@webframp) - Refactored
sensu_ctl
to use builtin (Chef 15+)archive_file
resource and remove 3rd partyseven_zip
cookbook dependency. (@webframp)
1.2.0 - 2020-10-17
Fixed
- Fix yaml rendering for agent and backend with Chef 16.x (@webframp)
Added
- Add
header
property support tosensu_asset
resource. (@webframp)
Changed
- Updated the attributes for
agent
andctl
(windows only) to version6.1.0
. On linux the behavior is unchanged; installed by a single package and default tolatest
unless a version is specified. (@derekgroh)
1.1.0 - 2020-09-27
Added
- The following resources,
sensu_check
,sensu_entity
,sensu_filter
,sensu_handler
,sensu_hook
,sensu_mutator
, andsensu_secret
now expose anamespace
attribute for controlling where the resource is created. Default is thedefault
namespace. @joe-armstrong) - Minor README change for Sensu 6.0.0 handling of agent configs. (@kovukono)
1.0.0 - 2020-07-24
Breaking Changes
-
sensu_check
now does not provide defaults forcommand
andsubscriptions
, and they must be required as per the upstream specs. (@kovukono) - declare chef supported versions to use match current chef support (15+) (@majormoses)
Fixed
- Chef 16+ support (@kovukono)
-
sensu_entity
support for missing attributes (@kovukono)
Added
-
sensu_active_directory
resource for active directory integration. (@kovukono) -
sensu_secrets_provider
andsensu_secret
resource for Vault integration, along with secret support for checks, handlers, and mutators. (@kovukono) -
sensu_asset
now exposes anamespace
attribute for controlling where the asset is created, by default it will usedefault
. Default is thedefault
namespace. @joe-armstrong) -
sensu_asset
now supports multi-built assets using thebuilds
key and accepts an array of hashes for each filter. By default no filters are passed. (@cwjohnston) - all of the following resources:
asset
,check
,filter
,handler
, andmutator
have had new aliases added to the providers with an optional namespace to ease migration issues where a resource exists in bothsensu
andsensu-go
the generic schema issensu_go_$COMPONENT
. For examplesensu_check
can be referenced also viasensu_go_check
. (@majoemoses)
0.3.0 - 2020-05-13
Fixed
- agent service will restart when its config changes (@kovukono)
Added
-
sensu-backend
action :init adding returns to account for possible return codes. exit code 3 is returned when already init. This allows chef-client runs to not fail when running idempotently. (@tarcinil) -
sensu-backend
now supports specifying an apt or yum repository for packages built from source. (@kovukono)
0.2.0 - 2020-01-05
Breaking Changes
-
sensu-backend
property:config
Readme incorrectly documented the wrong (@tmonk42) path. Called out as a breaking change in case anyone had begun using the incorrect setting but as this has not been released it will be versioned as a patch. (@tmonk42) - #66
Added
-
filters
resource now supportsruntime_assets
being passed (@majormoses) - Added support for
postgres_config
resource (@cwjohnston) - #70 - Added support for
role
,role_binding
,cluster_role
andcluster_role_binding
resources (@cwjohnston) - #71 - Added init action to sensu-backend to allow functionality added in 5.16.0 (@kovukono) - #77
Changed
- Refactored resource helpers to reduce duplication. (@cwjohnston) - #72
0.1.0 - 2019-09-16
Added
- Most resources now support metadata specific properties (@webframp)
- add
sensu_hook
resource (@derekgroh) - add
debug
option forsensu_ctl
resource to help debug (@majormoses) - add support for sensu-go-agent on windows platform (@derekgroh)
- fix symbols in annotations and labels (@scalp42)
- add sensu_ctl resource for windows platforms (@derekgroh) - #59
Changed
- sensuctl cli args for asset updates now uses
--namespace
- sensuctl cli args are escaped properly (@beeerd)
- sensuctl cli commands are marked sensitive by default (@beeerd)
Breaking Changes
- Use stable package channels (@webframp)
- Temporarily remove Debian support until stable packages are available (@webframp)
-
sensu_organization
resource removed to match upstream (@webframp) - Switched to beta package repository as default (@webframp)
-
sensu_environment
is nowsensu_namespace
(@webframp) -
extended_attributes
property renamed toannotations
as part of metadata (@webframp) - Filter
statements
property renamed toexpressions
(@webframp) - Entity
class
property renamed toentity_class
0.0.3 - 2018-09-12
Added
- new
sensu_entity
resource (@mercul3s) - new
sensu_organization
resource (@mercul3s) - new
sensu_environment
resource (@mercul3s)
0.0.2 - 2018-08-29
Added
- Adding
output_metric
settings to thesensu_check
resource
0.0.1
Added
- new
.editorconfig
to help users who have editors that support editor config - new PR and issue templates (@majormoses)
- links to community slack (@majormoses)
- new
sensu_mutator
resource (@webframp) - new
sensu_filter
resource (@webframp) - new
sensu_handler
resource (@webframp) - new
sensu_check
resource (@webframp) - new
sensu_ctl
resource to install and configure (@webframp) - Created repo with initial commit (@mbbroberg)
- Added CODEOWNERS (@majormoses)
- Added skel files from Chef Partners cookbook generator (@thomasriley)
Changed
- Updated contributing instruction (@majormoses)
- use
@sensu/chef-cookbooks
forCODEOWNERS
rather than individual users now that there is a team to refer to instead (@majormoses)
Fixed
- moved
CODEOWNERS
into the correct location (@majormoses) - updated development dependencies (@majormoses)
- using a version of
'latest'
for backend and agent providers will now upgrade to the test version
Collaborator Number Metric
1.4.0 passed this metric
Contributing File Metric
1.4.0 passed this metric
Foodcritic Metric
1.4.0 passed this metric
No Binaries Metric
1.4.0 passed this metric
Testing File Metric
1.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.4.0 passed this metric
1.4.0 passed this metric
1.4.0 passed this metric
Foodcritic Metric
1.4.0 passed this metric
No Binaries Metric
1.4.0 passed this metric
Testing File Metric
1.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.4.0 passed this metric
1.4.0 passed this metric
1.4.0 passed this metric
Testing File Metric
1.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.4.0 passed this metric
1.4.0 failed this metric
1.4.0 passed this metric