Skip to content

Sensu plugin deployment using Git and regular checks (Linux/Windows)

Reading time: 3 minutes

One of Sensu’s strong points is how it executes plugins stored on remote client machines. But it means you need to have an automated deployment mechanism, to ensure all clients are up to date with the latest revisions of your plugins.

The preferred way of deploying plugins with Sensu is using configuration management tools such as Chef, Puppet or Ansible. But if you don’t have any of those at hand, and you want to make yourself a simple lightweight solution, one alternative might be using Git.

This solution is perfect if you’re setting up a lab or something rudimentary. By using Git you get version control, the ability to deploy across any number of clients, and you can have it up and running in a matter of minutes.

 
The basic idea:

  • All plugins are stored in a git repository
  • Clients have got plugins which pull the repository and update their local Sensu /plugins folders
  • A Sensu check executes the plugins on a set interval (i.e. every 15-30 mins)

 
Requirements:

  • A git repository, preferably with an additional read-only user account
  • All clients must have Git (or Git for Windows) installed
  • On Linux, the “sensu” user must be owner of the /etc/sensu directory (this is Sensu default)
  • Basic understanding of how to use Git
  • Basic understanding of how Sensu works

 
(If you don’t have a Git server or service available, check out Gitlab.com for an unlimited number of free private (non-public) repositories.)
 

1. Prepare the repository

Start by creating a new repository and adding some plugins to it, along with these Bash and Powershell plugins in the root folder of your repo:

/fetch-sensu-plugins.sh
/fetch-sensu-plugins.ps1

Remember to check the file paths set in the variables below, to ensure they are set to the same paths used in your setup.

#!/bin/bash
# Usage:
# bash /etc/sensu/plugins/fetch-sensu-plugins.sh <https://user:[email protected]/repo.git>

remote_repo=$1
plugin="/etc/sensu/fetch-sensu-plugins.sh"
plugin_repo="/etc/sensu/plugins/fetch-sensu-plugins.sh"

cd /etc/sensu/plugins/
git init &> /dev/null
git remote remove origin &> /dev/null
git remote add origin $remote_repo &> /dev/null
git reset --hard HEAD &> /dev/null
git clean -f -d &> /dev/null
git pull origin master &> /dev/null
#chmod a+x /etc/sensu/plugins/nagios/* &> /dev/null
cp $plugin_repo $plugin

echo Checked: $(date)

 

Note the commented line for the “nagios” subdirectory. If you are deploying executable Nagios plugins or any other executables, you might want to ensure they are executable. Specify which folders they reside in by simply adding them to the script as shown above, or exec rights will likely be overwritten every time the plugin runs.

 

#
#   fetch-sensu-plugins.ps1
#
# DESCRIPTION:
#   Fetches Sensu plugins from git repository
#
# OUTPUT:
#   check
#
# PLATFORMS:
#   Windows
#
# DEPENDENCIES:
#   Powershell
#
# USAGE:
#   Powershell.exe -NonInteractive -NoProfile -ExecutionPolicy Bypass -NoLogo -File C:\\etc\\sensu\\fetch-sensu-plugins.ps1 <https://user:[email protected]/repo.git>
#
# NOTES:
#

Param(
  [Parameter(Mandatory=$True,Position=1)]
   [string]$RemoteRepo
)

$ThisProcess = Get-Process -Id $pid
$ThisProcess.PriorityClass = "BelowNormal"

$ComputerName = $env:COMPUTERNAME.ToLower()
$Time = [int64](([datetime]::UtcNow)-(get-date "1/1/1970")).TotalSeconds
$PrettyTime = [System.DateTime]::Now

$Plugin = "C:\etc\sensu\fetch-sensu-plugins.ps1"
$PluginRepo = "C:\etc\sensu\plugins\fetch-sensu-plugins.ps1"

$GitLocation = "C:\Program Files\Git\cmd\git.exe"

cd C:\etc\sensu\plugins\
& $GitLocation init | out-null
& $GitLocation remote remove origin | out-null
& $GitLocation remote add origin $RemoteRepo | out-null
& $GitLocation reset --hard HEAD | out-null
& $GitLocation clean -f -d | out-null
& $GitLocation pull origin master | out-null
cp $PluginRepo $Plugin

Write-Host -NoNewLine "Checked: $PrettyTime"

 
Also note the “plugin” and “plugin_repo” paths. When the scripts run, they also place a copy of the latest version of the update plugin to your root Sensu config folder.

 

2. Place the plugins in the Sensu folder on your client machines:

Simply move the same files you added to the repo to the root Sensu folders of the clients on which you want them to run. Note that this step is just to prepare for the initial repo pull. When the checks are up and running, these files will also be replaced automatically if changed.

I.e.:
Linux:

/etc/sensu/fetch-sensu-plugins.sh

Windows:

C:\etc\sensu\fetch-sensu-plugins.ps1

 

3. Configure a Sensu check

This check will run the plugins once every 15 minutes. Set the username, password and Git repo URL accordingly.

You would typically want to save this file to this location on your Sensu master server:
/etc/sensu/conf.d/fetch-sensu-plugins.json

{
   "checks":{
      "fetch-sensu-plugins-linux":{
         "command":"bash /etc/sensu/fetch-sensu-plugins.sh https://<username>:<password>@gitlab.com/repo/repo.git",
         "subscribers":[
            "linux"
         ],
         "interval":900,
         "handlers":[
            "default"
         ]
      },
      "fetch-sensu-plugins-windows":{
         "command":"Powershell.exe -NonInteractive -NoProfile -ExecutionPolicy Bypass -NoLogo -File C:\\opt\\sensu\\fetch-sensu-plugins.ps1 https://<username>:<password>@gitlab.com/repo/repo.git",
         "subscribers":[
            "windows"
         ],
         "interval":900,
         "handlers":[
            "default"
         ]
      }
   }
}

As you can see from the examples above, Windows and Linux servers subscribe to the “windows” and “linux” subscriptions, which determine which plugin to run.

 
 

4. Restart (or reload) Sensu to get it all up and running

Sensu Core:

sudo service sensu-server restart

Sensu Enterprise:

sudo service sensu-enterprise reload

 
 

That should be it!

Whenever you make changes to any of your plugins, simply push your changes to the repository, and in a few minutes (depending on your check interval) your client machines should be up to speed.

Tested on clients running Ubuntu 12.x/14.x/16.x and Windows 2008/2012r2.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.