diff --git a/README.md b/README.md index 81ca836..8f1284b 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ A saltstack formula to install and configure the open source monitoring framewor >Note: See the full [Salt Formulas installation and usage instructions](http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html). This formula only manages Sensu. You are responsible for installing/configuring RabbitMQ and Redis as appropriate. -Sensu can be configured/scaled with the individual states installed on multiple servers. All states are configured via the pillar file. Sane defaults are set in pillar_map.jinja and can be over-written in the pillar. The `sensu.client` state currently supports Ubuntu, CentOS and Windows. The `sensu.server`, `sensu.api` and `sensu.uchiwa` states currently support Ubuntu and CentOS. +Sensu can be configured/scaled with the individual states installed on multiple servers. All states are configured via the pillar file. Sane defaults are set in pillar_map.jinja and can be over-written in the pillar. The `sensu.client` state currently supports Ubuntu, CentOS and Windows. The `sensu.server`, `sensu.api` and `sensu.uchiwa` states currently support Ubuntu and CentOS. Thank you to the SaltStack community for the continued improvement of this formula! @@ -125,6 +125,17 @@ sensu: critical: 99 ``` +If you would like to use the [redact](https://sensuapp.org/docs/latest/clients) feature in your checks you can add a section under client as shown here: + +``` +sensu: + client: + redact: + - password +``` + +This will redact any command token value who's key is defined as "password" from check configurations and logs. Command token substitution should be used in check configurations when redacting sensitive information such as passwords. + If you are adding plugins/checks which have additional gem dependencies. You can add them to the pillar data and they will be installed on your Sensu clients. ``` sensu: diff --git a/pillar.example b/pillar.example index 202407d..1322dba 100644 --- a/pillar.example +++ b/pillar.example @@ -3,9 +3,15 @@ sensu: install_gems: - mail - timeout + - name: aws-sdk + version: 2.2.6 client: embedded_ruby: true nagios_plugins: true + # environment is required by sensu + environment: production + redact: + - password rabbitmq: host: 10.0.0.1 user: sensu diff --git a/sensu/api_conf.sls b/sensu/api_conf.sls index 720a63c..4e13272 100644 --- a/sensu/api_conf.sls +++ b/sensu/api_conf.sls @@ -14,7 +14,5 @@ include: - dataset: api: host: {{ sensu.api.host }} - password: {{ sensu.api.password }} port: {{ sensu.api.port }} - user: {{ sensu.api.user }} diff --git a/sensu/client.sls b/sensu/client.sls index 8637bde..51ce241 100644 --- a/sensu/client.sls +++ b/sensu/client.sls @@ -21,6 +21,7 @@ sensu_enable_windows_service: - name: 'sc create sensu-client start= delayed-auto binPath= c:\opt\sensu\bin\sensu-client.exe DisplayName= "Sensu Client"' - unless: 'sc query sensu-client' {% endif %} + /etc/sensu/conf.d/client.json: file.serialize: - formatter: json @@ -36,9 +37,18 @@ sensu_enable_windows_service: address: {{ sensu.client.address }} subscriptions: {{ sensu.client.subscriptions }} safe_mode: {{ sensu.client.safe_mode }} -{% if sensu.client.get("command_tokens") %} + {% if sensu.client.get('keepalive') %} + keepalive: {{ sensu.client.keepalive }} + {% endif %} + {% if sensu.client.get("command_tokens") %} command_tokens: {{ sensu.client.command_tokens }} -{% endif %} + {% endif %} + {% if sensu.client.get("redact") %} + redact: {{ sensu.client.redact }} + {% endif %} + {% if sensu.client.get("environment") %} + environment: {{ sensu.client.environment }} + {% endif %} - require: - pkg: sensu @@ -88,14 +98,37 @@ sensu-client: {% set gem_list = salt['pillar.get']('sensu:client:install_gems', []) %} {% for gem in gem_list %} -install_{{ gem }}: +{% if gem is mapping %} +{% set gem_name = gem.name %} +{% else %} +{% set gem_name = gem %} +{% endif %} +install_{{ gem_name }}: gem.installed: - - name: {{ gem }} + - name: {{ gem_name }} {% if sensu.client.embedded_ruby %} - gem_bin: /opt/sensu/embedded/bin/gem {% else %} - gem_bin: None {% endif %} + {% if gem.version is defined %} + - version: {{ gem.version }} + {% endif %} - rdoc: False - ri: False {% endfor %} + +{%- if salt['pillar.get']('sensu:checks') %} + +sensu_checks_file: + file.serialize: + - name: {{ sensu.paths.checks_file }} + - dataset: + checks: {{ salt['pillar.get']('sensu:checks') }} + - formatter: json + - require: + - pkg: sensu + - watch_in: + - service: sensu-client + +{%- endif %} diff --git a/sensu/pillar_map.jinja b/sensu/pillar_map.jinja index 00c4056..43907c1 100644 --- a/sensu/pillar_map.jinja +++ b/sensu/pillar_map.jinja @@ -3,7 +3,7 @@ 'client': { 'embedded_ruby': False, 'nagios_plugins': False, - 'name': salt['grains.get']('fqdn'), + 'name': salt['grains.get']('id'), 'address': salt['grains.get']('ipv4')[0], 'subscriptions': ['all'], 'safe_mode': False diff --git a/sensu/server.sls b/sensu/server.sls index e2668c7..16f185f 100644 --- a/sensu/server.sls +++ b/sensu/server.sls @@ -15,21 +15,6 @@ include: - watch_in: - service: sensu-server -{%- if salt['pillar.get']('sensu:checks') %} - -sensu_checks_file: - file.serialize: - - name: {{ sensu.paths.checks_file }} - - dataset: - checks: {{ salt['pillar.get']('sensu:checks') }} - - formatter: json - - require: - - pkg: sensu - - watch_in: - - service: sensu-server - -{%- endif %} - {%- if salt['pillar.get']('sensu:handlers') %} sensu_handlers_file: @@ -75,10 +60,22 @@ sensu_handlers_file: {% set gem_list = salt['pillar.get']('sensu:server:install_gems', []) %} {% for gem in gem_list %} -install_{{ gem }}: +{% if gem is mapping %} +{% set gem_name = gem.name %} +{% else %} +{% set gem_name = gem %} +{% endif %} +install_{{ gem_name }}: gem.installed: - - name: {{ gem }} + - name: {{ gem_name }} + {% if sensu.client.embedded_ruby %} - gem_bin: /opt/sensu/embedded/bin/gem + {% else %} + - gem_bin: None + {% endif %} + {% if gem.version is defined %} + - version: {{ gem.version }} + {% endif %} - rdoc: False - ri: False {% endfor %}