One of Sensu’s strong points is how it executes plugins stored on remote client machines. But it means you need to have an automated deployment mechanism, to ensure all clients are up to date with the latest revisions of your plugins.
The preferred way of deploying plugins with Sensu is using configuration management tools such as Chef, Puppet or Ansible. But if you don’t have any of those at hand, and you want to make yourself a simple lightweight solution, one alternative might be using Git.
This solution is perfect if you’re setting up a lab or something rudimentary. By using Git you get version control, the ability to deploy across any number of clients, and you can have it up and running in a matter of minutes.
The basic idea:
- All plugins are stored in a git repository
- Clients have got plugins which pull the repository and update their local Sensu /plugins folders
- A Sensu check executes the plugins on a set interval (i.e. every 15-30 mins)
Requirements:
- A git repository, preferably with an additional read-only user account
- All clients must have Git (or Git for Windows) installed
- On Linux, the “sensu” user must be owner of the /etc/sensu directory (this is Sensu default)
- Basic understanding of how to use Git
- Basic understanding of how Sensu works
(If you don’t have a Git server or service available, check out Gitlab.com for an unlimited number of free private (non-public) repositories.)
1. Prepare the repository
Start by creating a new repository and adding some plugins to it, along with these Bash and Powershell plugins in the root folder of your repo:
/fetch-sensu-plugins.sh
/fetch-sensu-plugins.ps1
Remember to check the file paths set in the variables below, to ensure they are set to the same paths used in your setup.
#!/bin/bash # Usage: # bash /etc/sensu/plugins/fetch-sensu-plugins.sh <https://user:[email protected]/repo.git> remote_repo=$1 plugin="/etc/sensu/fetch-sensu-plugins.sh" plugin_repo="/etc/sensu/plugins/fetch-sensu-plugins.sh" cd /etc/sensu/plugins/ git init &> /dev/null git remote remove origin &> /dev/null git remote add origin $remote_repo &> /dev/null git reset --hard HEAD &> /dev/null git clean -f -d &> /dev/null git pull origin master &> /dev/null #chmod a+x /etc/sensu/plugins/nagios/* &> /dev/null cp $plugin_repo $plugin echo Checked: $(date)
Note the commented line for the “nagios” subdirectory. If you are deploying executable Nagios plugins or any other executables, you might want to ensure they are executable. Specify which folders they reside in by simply adding them to the script as shown above, or exec rights will likely be overwritten every time the plugin runs.
# # fetch-sensu-plugins.ps1 # # DESCRIPTION: # Fetches Sensu plugins from git repository # # OUTPUT: # check # # PLATFORMS: # Windows # # DEPENDENCIES: # Powershell # # USAGE: # Powershell.exe -NonInteractive -NoProfile -ExecutionPolicy Bypass -NoLogo -File C:\\etc\\sensu\\fetch-sensu-plugins.ps1 <https://user:[email protected]/repo.git> # # NOTES: # Param( [Parameter(Mandatory=$True,Position=1)] [string]$RemoteRepo ) $ThisProcess = Get-Process -Id $pid $ThisProcess.PriorityClass = "BelowNormal" $ComputerName = $env:COMPUTERNAME.ToLower() $Time = [int64](([datetime]::UtcNow)-(get-date "1/1/1970")).TotalSeconds $PrettyTime = [System.DateTime]::Now $Plugin = "C:\etc\sensu\fetch-sensu-plugins.ps1" $PluginRepo = "C:\etc\sensu\plugins\fetch-sensu-plugins.ps1" $GitLocation = "C:\Program Files\Git\cmd\git.exe" cd C:\etc\sensu\plugins\ & $GitLocation init | out-null & $GitLocation remote remove origin | out-null & $GitLocation remote add origin $RemoteRepo | out-null & $GitLocation reset --hard HEAD | out-null & $GitLocation clean -f -d | out-null & $GitLocation pull origin master | out-null cp $PluginRepo $Plugin Write-Host -NoNewLine "Checked: $PrettyTime"
Also note the “plugin” and “plugin_repo” paths. When the scripts run, they also place a copy of the latest version of the update plugin to your root Sensu config folder.
2. Place the plugins in the Sensu folder on your client machines:
Simply move the same files you added to the repo to the root Sensu folders of the clients on which you want them to run. Note that this step is just to prepare for the initial repo pull. When the checks are up and running, these files will also be replaced automatically if changed.
I.e.:
Linux:
/etc/sensu/fetch-sensu-plugins.sh
Windows:
C:\etc\sensu\fetch-sensu-plugins.ps1
3. Configure a Sensu check
This check will run the plugins once every 15 minutes. Set the username, password and Git repo URL accordingly.
You would typically want to save this file to this location on your Sensu master server:
/etc/sensu/conf.d/fetch-sensu-plugins.json
{ "checks":{ "fetch-sensu-plugins-linux":{ "command":"bash /etc/sensu/fetch-sensu-plugins.sh https://<username>:<password>@gitlab.com/repo/repo.git", "subscribers":[ "linux" ], "interval":900, "handlers":[ "default" ] }, "fetch-sensu-plugins-windows":{ "command":"Powershell.exe -NonInteractive -NoProfile -ExecutionPolicy Bypass -NoLogo -File C:\\opt\\sensu\\fetch-sensu-plugins.ps1 https://<username>:<password>@gitlab.com/repo/repo.git", "subscribers":[ "windows" ], "interval":900, "handlers":[ "default" ] } } }
As you can see from the examples above, Windows and Linux servers subscribe to the “windows” and “linux” subscriptions, which determine which plugin to run.
4. Restart (or reload) Sensu to get it all up and running
Sensu Core:
sudo service sensu-server restart
Sensu Enterprise:
sudo service sensu-enterprise reload
That should be it!
Whenever you make changes to any of your plugins, simply push your changes to the repository, and in a few minutes (depending on your check interval) your client machines should be up to speed.
Tested on clients running Ubuntu 12.x/14.x/16.x and Windows 2008/2012r2.
Be First to Comment