feat: first version

This commit is contained in:
Adrien Waksberg 2019-01-01 20:44:04 +01:00
parent f915817b4c
commit c652b05797
28 changed files with 1741 additions and 0 deletions

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
.kitchen/*

27
.kitchen.yml Normal file
View file

@ -0,0 +1,27 @@
---
driver:
name: docker_cli
transport:
name: docker_cli
provisioner:
name: ansible_playbook
hosts: localhost
require_ansible_repo: false
require_ansible_omnibus: false
require_chef_for_busser: true
ansible_verbose: false
ansible_inventory: ./test/integration/inventory
platforms:
- name: debian-9
driver_config:
image: "nishiki/debian9:ansible-<%= ENV['ANSIBLE_VERSION'] ? ENV['ANSIBLE_VERSION'] : '2.7' %>"
command: /bin/systemd
volume:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
security_opt: seccomp=unconfined
suites:
- name: default

38
.rubocop.yml Normal file
View file

@ -0,0 +1,38 @@
---
AllCops:
Exclude:
- db/**/*
- config/**/*
- Vagrantfile
TargetRubyVersion: 2.4
Naming/AccessorMethodName:
Enabled: false
Lint/RescueWithoutErrorClass:
Enabled: false
Metrics/LineLength:
Max: 120
Metrics/CyclomaticComplexity:
Enabled: false
Metrics/PerceivedComplexity:
Enabled: false
Metrics/MethodLength:
Enabled: false
Metrics/BlockLength:
Enabled: false
Metrics/ClassLength:
Enabled: false
Metrics/AbcSize:
Enabled: false
Style/NumericLiteralPrefix:
Enabled: false
Style/FrozenStringLiteralComment:
Enabled: false
Style/CommandLiteral:
Enabled: true
EnforcedStyle: percent_x
Style/Documentation:
Enabled: false

12
.yamllint Normal file
View file

@ -0,0 +1,12 @@
---
extends: default
ignore: |
.kitchen/*
vendor/
rules:
line-length:
max: 120
level: warning
truthy: false

7
CHANGELOG.md Normal file
View file

@ -0,0 +1,7 @@
# CHANGELOG
This project adheres to [Semantic Versioning](http://semver.org/).
Which is based on [Keep A Changelog](http://keepachangelog.com/)
## [Unreleased]
- first version

8
Gemfile Normal file
View file

@ -0,0 +1,8 @@
source 'https://rubygems.org'
group :development do
gem 'kitchen-ansible'
gem 'kitchen-docker_cli'
gem 'rubocop', '0.50.0'
gem 'test-kitchen'
end

92
Gemfile.lock Normal file
View file

@ -0,0 +1,92 @@
GEM
remote: https://rubygems.org/
specs:
ast (2.4.0)
builder (3.2.3)
erubis (2.7.0)
ffi (1.9.25)
gssapi (1.2.0)
ffi (>= 1.0.1)
gyoku (1.3.1)
builder (>= 2.1.2)
httpclient (2.8.3)
kitchen-ansible (0.49.0)
net-ssh (>= 3)
test-kitchen (~> 1.4)
kitchen-docker_cli (0.19.0)
test-kitchen (>= 1.3)
little-plugger (1.1.4)
logging (2.2.2)
little-plugger (~> 1.1)
multi_json (~> 1.10)
mixlib-install (3.11.5)
mixlib-shellout
mixlib-versioning
thor
mixlib-shellout (2.4.4)
mixlib-versioning (1.2.7)
multi_json (1.13.1)
net-scp (1.2.1)
net-ssh (>= 2.6.5)
net-ssh (4.2.0)
net-ssh-gateway (1.3.0)
net-ssh (>= 2.6.5)
nori (2.6.0)
parallel (1.12.1)
parser (2.5.3.0)
ast (~> 2.4.0)
powerpack (0.1.2)
rainbow (2.2.2)
rake
rake (12.3.2)
rubocop (0.50.0)
parallel (~> 1.10)
parser (>= 2.3.3.1, < 3.0)
powerpack (~> 0.1)
rainbow (>= 2.2.2, < 3.0)
ruby-progressbar (~> 1.7)
unicode-display_width (~> 1.0, >= 1.0.1)
ruby-progressbar (1.10.0)
rubyntlm (0.6.2)
rubyzip (1.2.2)
test-kitchen (1.24.0)
mixlib-install (~> 3.6)
mixlib-shellout (>= 1.2, < 3.0)
net-scp (~> 1.1)
net-ssh (>= 2.9, < 5.0)
net-ssh-gateway (~> 1.2)
thor (~> 0.19)
winrm (~> 2.0)
winrm-elevated (~> 1.0)
winrm-fs (~> 1.1)
thor (0.20.3)
unicode-display_width (1.4.1)
winrm (2.3.1)
builder (>= 2.1.2)
erubis (~> 2.7)
gssapi (~> 1.2)
gyoku (~> 1.0)
httpclient (~> 2.2, >= 2.2.0.2)
logging (>= 1.6.1, < 3.0)
nori (~> 2.0)
rubyntlm (~> 0.6.0, >= 0.6.1)
winrm-elevated (1.1.1)
winrm (~> 2.0)
winrm-fs (~> 1.0)
winrm-fs (1.3.2)
erubis (~> 2.7)
logging (>= 1.6.1, < 3.0)
rubyzip (~> 1.1)
winrm (~> 2.0)
PLATFORMS
ruby
DEPENDENCIES
kitchen-ansible
kitchen-docker_cli
rubocop (= 0.50.0)
test-kitchen
BUNDLED WITH
1.16.0

201
LICENSE Normal file
View file

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2019 Adrien Waksberg
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

187
README.md Normal file
View file

@ -0,0 +1,187 @@
# Ansible role: Sensu
[![Version](https://img.shields.io/badge/latest_version-1.0.0_dev-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-sensu/releases)
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-sensu/src/branch/master/LICENSE)
Install and configure sensu-go backend and agent
## Requirements
* Ansible >= 2.7
* Debian Stretch
## Role variables
### General
* `sensu_repository_system` - system for package repository (default: `ansible_distribution`)
* `sensu_repository_release` - system release for package repository (default: `ansible_distribution_release`)
### Agent
* `sensu_agent` - enable sensu agent installation (default: `yes`)
* `sensu_agent_user` - the user for backend authentification (default: `agent`)
* `sensu_agent_password` - the password for backend authentification (default: `P@ssw0rd!`)
* `sensu_agent_plugins` - array with the [sensu ruby plugins](https://github.com/sensu-plugins) to intall
```
- name: sensu-plugins-http
version: 4.0.0
```
* `sensu_agent_subscriptions` - array with the subscriptions name
```
- debian
- mailserver
```
* `sensu_agent_labels` - hash with the labels
```
region: Europe
disk:
critical: 90
warning: 75
```
* `sensu_agent_backends` - array with the backends url
```
- ws://localhost:8081
```
* `sensu_agent_namespace` - the namespace for agent (default: `default`)
* `sensu_agent_config` - hash with the optional configuration ([see sensu configuration](https://docs.sensu.io/sensu-go/latest/reference/agent/))
### Backend
* `sensu_backend` - enable sensu backend installation (default: `no`)
* `sensu_backend_config` - hash with the optional configuration ([see sensu configuration](https://docs.sensu.io/sensu-go/latest/reference/backend/))
* `sensu_assets` - array with the asset definitions
```
- name: http-binary
namespace: default
url: http://host.local
sha512: XXXX
filters: []
```
* `sensu_namespaces` - array with the namespace definitions
```
- name: production
state: present
```
* `sensu_checks` - array with the check definitions
```
- name: load
namespace: default
command: /usr/bin/load -w 2 -c 5
handlers:
- mailer
subscriptions:
- linux
interval: 120
options:
ttl: 300
```
* `sensu_handlers` - array with the handler definitions
```
- name: mailer
namespace: default
type: pipe
command: /usr/local/bin/sensu-email-handler -t sensu@host.local
filters:
- is_incident
options:
timeout: 10
```
* `sensu_filters` - array with the filter definitions
```
- name: max_occurences
namespace: default
action: allow
expressions:
runtime_assets: []
state: present
```
* `sensu_users` - array with the user definitions
```
- name: john
groups:
- dev
password: secret
state: present
```
* `sensu_cluster_roles` - array with the cluster role definitions
```
- name: dev
rules:
- verbs:
- get
- list
resources:
- '*'
state: present
```
* `sensu_api_url` - url of sensu api (default: `http://127.0.0.1:8080`)
* `sensu_api_user` - user for sensu api (default: `admin`)
* `sensu_api_password` - password for sensu api (default: `P@ssw0rd!`)
## How to use
```
- hosts: monitoring
roles:
- sensu
```
## Development
### Test syntax with yamllint
* install `python` and `python-pip`
* install yamllint `pip install yamllint`
* run `yamllint .`
### Test syntax with ansible-lint
* install `python` and `python-pip`
* install yamllint `pip install ansible-lint`
* run `ansible-lint .`
### Tests with docker
* install [docker](https://docs.docker.com/engine/installation/)
* install ruby
* install bundler `gem install bundler`
* install dependencies `bundle install`
* run the tests `kitchen test`
## License
```
Copyright (c) 2019 Adrien Waksberg
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```

43
defaults/main.yml Normal file
View file

@ -0,0 +1,43 @@
---
sensu_agent: yes
sensu_backend: no
sensu_repository_system: '{{ ansible_distribution|lower }}'
sensu_repository_release: '{{ ansible_distribution_release }}'
sensu_api_url: http://127.0.0.1:8080
sensu_api_user: admin
sensu_api_password: 'P@ssw0rd!'
sensu_agent_user: agent
sensu_agent_password: 'P@ssw0rd!'
sensu_agent_plugins: []
sensu_agent_subscriptions: []
sensu_agent_labels: {}
sensu_agent_backends:
- 'ws://localhost:8081'
sensu_agent_namespace: default
sensu_agent_default_config:
name: '{{ inventory_hostname }}'
namespace: '{{ sensu_agent_namespace }}'
backend-url: '{{ sensu_agent_backends }}'
user: '{{ sensu_agent_user }}'
password: '{{ sensu_agent_password }}'
subscriptions: '{{ sensu_agent_subscriptions }}'
labels: '{{ sensu_agent_labels }}'
sensu_agent_config: {}
sensu_agent_full_config: '{{ sensu_agent_default_config|combine(sensu_agent_config) }}'
sensu_backend_default_config:
state-dir: /var/lib/sensu/sensu-backend
sensu_backend_config: {}
sensu_backend_full_config: '{{ sensu_backend_default_config|combine(sensu_backend_config) }}'
sensu_assets: []
sensu_namespaces: []
sensu_checks: []
sensu_handlers: []
sensu_filters: []
sensu_users: []
sensu_cluster_roles: []

View file

@ -0,0 +1,12 @@
[Unit]
Description= Docker compose for %i
After=network.target docker.service
[Service]
Type=simple
ExecStart=/usr/bin/docker-compose -f /etc/docker/compose/%i/docker-compose.yml up
ExecReload=/usr/bin/docker-compose -f /etc/docker/compose/%i/docker-compose.yml up --no-recreate -d
Restart=always
[Install]
WantedBy=multi-user.target

10
handlers/main.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: restart sensu-agent
systemd:
name: sensu-agent
state: restarted
- name: restart sensu-backend
systemd:
name: sensu-backend
state: restarted

85
library/sensugo_asset.py Normal file
View file

@ -0,0 +1,85 @@
#!/usr/bin/python
from ansible.module_utils.basic import *
from ansible.module_utils.sensu_api import *
class SensuAsset:
def __init__(self, api, name, namespace):
self.api = api
self.name = name
self.namespace = namespace
self.exist = False
def get_data(self):
status_code, data = self.api.get('namespaces/{}/assets/{}'.format(self.namespace, self.name))
if status_code == 200:
self.exist = True
self.options = {
'url': data['url'],
'sha512': data['sha512'],
'filters': data['filters']
}
def has_changed(self, options):
for option, value in self.options.iteritems():
if options[option] != value:
return True
return False
def create(self, options):
options.update({
'metadata': {
'name': self.name,
'namespace': self.namespace
}
})
self.api.put(
'namespaces/{}/assets/{}'.format(self.namespace, self.name),
options
)
def main():
fields = {
'name': { 'type': 'str', 'required': True },
'namespace': { 'type': 'str', 'default': 'default' },
'url': { 'type': 'str', 'required': True },
'sha512': { 'type': 'str', 'required': True },
'filters': { 'type': 'list', 'default': [] },
'api_url': { 'type': 'str', 'default': 'http://127.0.0.1:8080' },
'api_user': { 'type': 'str', 'default': 'admin' },
'api_password': { 'type': 'str', 'default': 'P@ssw0rd!' },
}
module = AnsibleModule(argument_spec=fields)
changed = True
options = {
'url': module.params['url'],
'sha512': module.params['sha512'],
'filters': module.params['filters']
}
api = SensuApi(
module.params['api_url'],
module.params['api_user'],
module.params['api_password']
)
api.auth()
asset = SensuAsset(
api,
module.params['name'],
module.params['namespace']
)
asset.get_data()
if not asset.exist or asset.has_changed(options):
asset.create(options)
else:
changed = False
module.exit_json(changed=changed)
if __name__ == '__main__':
main()

102
library/sensugo_check.py Normal file
View file

@ -0,0 +1,102 @@
#!/usr/bin/python
from ansible.module_utils.basic import *
from ansible.module_utils.sensu_api import *
class SensuCheck:
def __init__(self, api, name, namespace):
self.api = api
self.name = name
self.namespace = namespace
self.exist = False
def get_data(self):
status_code, data = self.api.get('namespaces/{}/checks/{}'.format(self.namespace, self.name))
if status_code == 200:
self.exist = True
self.options = data
self.options.pop('metadata')
def has_changed(self, options):
for option, value in self.options.iteritems():
if not option in options:
if value:
return True
elif options[option] != value:
return True
return False
def create(self, options):
options.update({
'metadata': {
'name': self.name,
'namespace': self.namespace
}
})
self.api.put(
'namespaces/{}/checks/{}'.format(self.namespace, self.name),
options
)
def delete(self):
self.api.delete(
'namespaces/{}/checks/{}'.format(self.namespace, self.name)
)
def main():
fields = {
'name': { 'type': 'str', 'required': True },
'namespace': { 'type': 'str', 'default': 'default' },
'command': { 'type': 'str', 'required': True },
'handlers': { 'type': 'list', 'default': [] },
'subscriptions': { 'type': 'list', 'required': True },
'interval': { 'type': 'int', 'default': 60 },
'options': { 'type': 'dict', 'default': {} },
'api_url': { 'type': 'str', 'default': 'http://127.0.0.1:8080' },
'api_user': { 'type': 'str', 'default': 'admin' },
'api_password': { 'type': 'str', 'default': 'P@ssw0rd!' },
'state': { 'type': 'str', 'default': 'present', 'choices': ['present', 'absent'] }
}
module = AnsibleModule(argument_spec=fields)
changed = False
options = {
'command': module.params['command'],
'handlers': module.params['handlers'],
'subscriptions': module.params['subscriptions'],
'interval': module.params['interval'],
'publish': True
}
options.update(module.params['options'])
if 'cron' in options:
options.pop('interval')
api = SensuApi(
module.params['api_url'],
module.params['api_user'],
module.params['api_password']
)
api.auth()
check = SensuCheck(
api,
module.params['name'],
module.params['namespace']
)
check.get_data()
if module.params['state'] == 'present':
if not check.exist or check.has_changed(options):
check.create(options)
changed = True
elif check.exist:
check.delete()
changed = True
module.exit_json(changed=changed)
if __name__ == '__main__':
main()

View file

@ -0,0 +1,100 @@
#!/usr/bin/python
from ansible.module_utils.basic import *
from ansible.module_utils.sensu_api import *
class SensuClusterRole:
def __init__(self, api, name):
self.api = api
self.name = name
self.exist = False
def get_data(self):
status_code, data = self.api.get('clusterroles/{}'.format(self.name))
if status_code == 200:
self.exist = True
self.options = {
'rules': data['rules'],
}
def has_changed(self, options):
if len(self.options['rules']) != len(options['rules']):
return True
for i in range(0, len(self.options['rules'])):
for rule, value in self.options['rules'][i].iteritems():
if not rule in options['rules'][i]:
if value:
return True
elif options['rules'][i][rule] != value:
return True
for rule, value in options['rules'][i].iteritems():
if not rule in self.options['rules'][i]:
if value:
return True
elif self.options['rules'][i][rule] != value:
return True
return False
def create(self, options):
options = {
'metadata': {
'name': self.name
},
'rules': options['rules']
}
self.api.put(
'clusterroles/{}'.format(self.name),
options
)
def delete(self):
self.api.delete(
'clusterroles/{}'.format(self.name)
)
def main():
fields = {
'name': { 'type': 'str', 'required': True },
'rules': { 'type': 'list', 'required': True },
'api_url': { 'type': 'str', 'default': 'http://127.0.0.1:8080' },
'api_user': { 'type': 'str', 'default': 'admin' },
'api_password': { 'type': 'str', 'default': 'P@ssw0rd!' },
'state': { 'type': 'str', 'default': 'present', 'choices': ['present', 'absent'] }
}
module = AnsibleModule(argument_spec=fields)
changed = False
options = {
'rules': module.params['rules']
}
api = SensuApi(
module.params['api_url'],
module.params['api_user'],
module.params['api_password']
)
api.auth()
clusterrole = SensuClusterRole(
api,
module.params['name']
)
clusterrole.get_data()
if module.params['state'] == 'present':
if not clusterrole.exist or clusterrole.has_changed(options):
clusterrole.create(options)
changed = True
elif clusterrole.exist:
clusterrole.delete()
changed = True
module.exit_json(changed=changed)
if __name__ == '__main__':
main()

95
library/sensugo_filter.py Normal file
View file

@ -0,0 +1,95 @@
#!/usr/bin/python
from ansible.module_utils.basic import *
from ansible.module_utils.sensu_api import *
class SensuFilter:
def __init__(self, api, name, namespace):
self.api = api
self.name = name
self.namespace = namespace
self.exist = False
def get_data(self):
status_code, data = self.api.get('namespaces/{}/filters/{}'.format(self.namespace, self.name))
if status_code == 200:
self.exist = True
self.options = data
self.options.pop('metadata')
def has_changed(self, options):
for option, value in self.options.iteritems():
if not option in options:
if value:
return True
elif options[option] != value:
return True
return False
def create(self, options):
options.update({
'metadata': {
'name': self.name,
'namespace': self.namespace
}
})
self.api.put(
'namespaces/{}/filters/{}'.format(self.namespace, self.name),
options
)
def delete(self):
self.api.delete(
'namespaces/{}/filters/{}'.format(self.namespace, self.name)
)
def main():
fields = {
'name': { 'type': 'str', 'required': True },
'namespace': { 'type': 'str', 'default': 'default' },
'action': { 'type': 'str', 'default': 'allow', 'choices': ['allow', 'deny'] },
'expressions': { 'type': 'list', 'required': True },
'runtime_assets': { 'type': 'list', 'default': [] },
'api_url': { 'type': 'str', 'default': 'http://127.0.0.1:8080' },
'api_user': { 'type': 'str', 'default': 'admin' },
'api_password': { 'type': 'str', 'default': 'P@ssw0rd!' },
'state': { 'type': 'str', 'default': 'present', 'choices': ['present', 'absent'] }
}
module = AnsibleModule(argument_spec=fields)
changed = False
options = {
'action': module.params['action'],
'expressions': module.params['expressions'],
'runtime_assets': module.params['runtime_assets']
}
api = SensuApi(
module.params['api_url'],
module.params['api_user'],
module.params['api_password']
)
api.auth()
filter = SensuFilter(
api,
module.params['name'],
module.params['namespace']
)
filter.get_data()
if module.params['state'] == 'present':
if not filter.exist or filter.has_changed(options):
filter.create(options)
changed = True
elif filter.exist:
filter.delete()
changed = True
module.exit_json(changed=changed)
if __name__ == '__main__':
main()

View file

@ -0,0 +1,97 @@
#!/usr/bin/python
from ansible.module_utils.basic import *
from ansible.module_utils.sensu_api import *
class SensuHandler:
def __init__(self, api, name, namespace):
self.api = api
self.name = name
self.namespace = namespace
self.exist = False
def get_data(self):
status_code, data = self.api.get('namespaces/{}/handlers/{}'.format(self.namespace, self.name))
if status_code == 200:
self.exist = True
self.options = data
self.options.pop('metadata')
def has_changed(self, options):
for option, value in self.options.iteritems():
if not option in options:
if value:
return True
elif options[option] != value:
return True
return False
def create(self, options):
options.update({
'metadata': {
'name': self.name,
'namespace': self.namespace
}
})
self.api.put(
'namespaces/{}/handlers/{}'.format(self.namespace, self.name),
options
)
def delete(self):
self.api.delete(
'namespaces/{}/handlers/{}'.format(self.namespace, self.name)
)
def main():
fields = {
'name': { 'type': 'str', 'required': True },
'namespace': { 'type': 'str', 'default': 'default' },
'type': { 'type': 'str', 'default': 'pipe', 'choices': ['pipe', 'tcp', 'udp', 'set'] },
'command': { 'type': 'str', 'required': True },
'filters': { 'type': 'list', 'default': [] },
'options': { 'type': 'dict', 'default': {} },
'api_url': { 'type': 'str', 'default': 'http://127.0.0.1:8080' },
'api_user': { 'type': 'str', 'default': 'admin' },
'api_password': { 'type': 'str', 'default': 'P@ssw0rd!' },
'state': { 'type': 'str', 'default': 'present', 'choices': ['present', 'absent'] }
}
module = AnsibleModule(argument_spec=fields)
changed = False
options = {
'type': module.params['type'],
'command': module.params['command'],
'filters': module.params['filters']
}
options.update(module.params['options'])
api = SensuApi(
module.params['api_url'],
module.params['api_user'],
module.params['api_password']
)
api.auth()
handler = SensuHandler(
api,
module.params['name'],
module.params['namespace']
)
handler.get_data()
if module.params['state'] == 'present':
if not handler.exist or handler.has_changed(options):
handler.create(options)
changed = True
elif handler.exist:
handler.delete()
changed = True
module.exit_json(changed=changed)
if __name__ == '__main__':
main()

View file

@ -0,0 +1,67 @@
#!/usr/bin/python
from ansible.module_utils.basic import *
from ansible.module_utils.sensu_api import *
class SensuNamespace:
def __init__(self, api, name):
self.api = api
self.name = name
self.exist = False
def get_data(self):
status_code, data = self.api.get('namespaces')
for namespace in data:
if namespace['name'] == self.name:
self.exist = True
def create(self):
self.api.put(
'namespaces/{}'.format(self.name),
{ 'name': self.name }
)
def delete(self):
self.api.delete(
'namespaces/{}'.format(self.name)
)
def main():
fields = {
'name': { 'type': 'str', 'required': True },
'api_url': { 'type': 'str', 'default': 'http://127.0.0.1:8080' },
'api_user': { 'type': 'str', 'default': 'admin' },
'api_password': { 'type': 'str', 'default': 'P@ssw0rd!' },
'state': { 'type': 'str', 'default': 'present', 'choices': ['present', 'absent'] }
}
module = AnsibleModule(argument_spec=fields)
changed = True
api = SensuApi(
module.params['api_url'],
module.params['api_user'],
module.params['api_password']
)
api.auth()
namespace = SensuNamespace(
api,
module.params['name']
)
namespace.get_data()
if module.params['state'] == 'present':
if not namespace.exist:
namespace.create()
else:
changed = False
else:
if namespace.exist:
namespace.delete()
else:
changed = False
module.exit_json(changed=changed)
if __name__ == '__main__':
main()

99
library/sensugo_user.py Normal file
View file

@ -0,0 +1,99 @@
#!/usr/bin/python
from ansible.module_utils.basic import *
from ansible.module_utils.sensu_api import *
class SensuUser:
def __init__(self, api, name):
self.api = api
self.name = name
self.exist = False
def get_data(self):
try:
status_code, data = self.api.get('users/{}'.format(self.name))
if status_code == 200 and not data['disabled']:
self.exist = True
self.options = {
'groups': data['groups']
}
except:
pass
def has_changed(self, options):
for option, value in self.options.iteritems():
if options[option] != value:
return True
return False
def password_has_changed(self, password):
try:
self.api.auth(self.name, password)
self.api.auth()
return False
except:
return True
def create(self, options):
options.update({
'username': self.name,
'disabled': False
})
self.api.put(
'users/{}'.format(self.name),
options
)
def delete(self):
self.api.delete(
'users/{}'.format(self.name)
)
def main():
fields = {
'name': { 'type': 'str', 'required': True },
'groups': { 'type': 'list', 'default': [] },
'password': { 'type': 'str', 'default': None },
'api_url': { 'type': 'str', 'default': 'http://127.0.0.1:8080' },
'api_user': { 'type': 'str', 'default': 'admin' },
'api_password': { 'type': 'str', 'default': 'P@ssw0rd!' },
'state': { 'type': 'str', 'default': 'present', 'choices': ['present', 'absent'] }
}
module = AnsibleModule(argument_spec=fields)
changed = True
options = {
'groups': module.params['groups'],
'password': module.params['password']
}
api = SensuApi(
module.params['api_url'],
module.params['api_user'],
module.params['api_password']
)
api.auth()
user = SensuUser(
api,
module.params['name']
)
user.get_data()
if module.params['state'] == 'present':
if not user.exist or user.has_changed(options) or user.password_has_changed(module.params['password']):
user.create(options)
else:
changed = False
else:
if user.exist:
user.delete()
else:
changed = False
module.exit_json(changed=changed)
if __name__ == '__main__':
main()

20
meta/main.yml Normal file
View file

@ -0,0 +1,20 @@
---
galaxy_info:
role_name: sensu
author: Adrien Waksberg
company: Adrien Waksberg
description: Install and configure sensu-go
license: Apache2
min_ansible_version: 2.7
platforms:
- name: Debian
versions:
- stretch
galaxy_tags:
- sensu
- monitoring
- alerting
dependencies: []

76
module_utils/sensu_api.py Normal file
View file

@ -0,0 +1,76 @@
#!/usr/bin/python
import requests
class SensuApi:
def __init__(self, url, user, password):
self.url = url
self.user = user
self.password = password
self.headers = {}
def auth(self, user = None, password = None):
user = user or self.user
password = password or self.password
r = requests.get(
'{}/auth'.format(self.url),
auth=requests.auth.HTTPBasicAuth(user, password)
)
if r.status_code == 401:
raise Exception('Authentification has failed')
self.headers = { 'Authorization': r.json()['access_token'] }
def get(self, path):
r = requests.get(
'{}/api/core/v2/{}'.format(self.url, path),
headers=self.headers
)
if r.status_code == 500:
raise Exception('Server return 500 error: {}'.format(r.text))
elif r.status_code == 401:
raise Exception('Authentification has failed')
return r.status_code, r.json()
def post(self, path, data):
r = requests.post(
'{}/api/core/v2/{}'.format(self.url, path),
headers=self.headers,
json=data
)
if r.status_code == 500:
raise Exception('Server return 500 error: {}'.format(r.text))
elif r.status_code == 401:
raise Exception('Authentification has failed')
elif r.status_code != 200:
raise Exception('Server return an unknown error: {}'.format(r.text))
def put(self, path, data):
r = requests.put(
'{}/api/core/v2/{}'.format(self.url, path),
headers=self.headers,
json=data
)
if r.status_code == 500:
raise Exception('Server return 500 error: {}'.format(r.text))
elif r.status_code == 401:
raise Exception('Authentification has failed')
elif r.status_code != 200:
raise Exception('Server return an unknown error: {}'.format(r.text))
def delete(self, path):
r = requests.delete(
'{}/api/core/v2/{}'.format(self.url, path),
headers=self.headers
)
if r.status_code == 500:
raise Exception('Server return 500 error: {}'.format(r.text))
elif r.status_code == 401:
raise Exception('Authentification has failed')
elif r.status_code != 204:
raise Exception('Server return an unknown error: {}'.format(r.text))

44
tasks/agent.yml Normal file
View file

@ -0,0 +1,44 @@
---
- name: install sensu-agent packages
apt:
name: '{{ packages }}'
vars:
packages:
- sensu-go-agent
- sensu-plugins-ruby
- monitoring-plugins-basic
register: result
retries: 3
delay: 1
until: result is success
tags: sensu
- name: copy agent configuration file
copy:
content: '{{ sensu_agent_full_config|to_nice_yaml }}'
dest: /etc/sensu/agent.yml
owner: root
group: sensu
mode: 0640
notify: restart sensu-agent
tags: sensu
- name: enable and start sensu-agent service
systemd:
name: sensu-agent
state: started
enabled: yes
tags: sensu
- name: install sensu plugins
gem:
name: '{{ item.name }}'
version: '{{ item.version }}'
executable: /opt/sensu-plugins-ruby/embedded/bin/gem
user_install: no
loop: '{{ sensu_agent_plugins }}'
register: result
retries: 3
delay: 1
until: result is success
tags: sensu

140
tasks/backend.yml Normal file
View file

@ -0,0 +1,140 @@
---
- name: install sensu-backend packages
apt:
name: '{{ packages }}'
vars:
packages:
- sensu-go-backend
- sensu-go-cli
register: result
retries: 3
delay: 1
until: result is success
tags: sensu
- name: copy backend configuration file
copy:
content: '{{ sensu_backend_full_config|to_nice_yaml }}'
dest: /etc/sensu/backend.yml
owner: root
group: sensu
mode: 0640
notify: restart sensu-backend
tags: sensu
- name: enable and start sensu-backend service
systemd:
name: sensu-backend
state: started
enabled: yes
tags: sensu
- name: wait sensu backend is started
wait_for:
port: '{{ sensu_api_url.split(":")[2]|default(80) }}'
delay: 5
tags: sensu
- name: manage users
sensugo_user:
name: '{{ item.name }}'
groups: '{{ item.groups }}'
password: '{{ item.password }}'
state: '{{ item.state|default("present") }}'
api_url: '{{ sensu_api_url }}'
api_user: '{{ sensu_api_user }}'
api_password: '{{ sensu_api_password }}'
loop: '{{ sensu_users }}'
run_once: true
no_log: true
tags: sensu
- name: manage cluster roles
sensugo_cluster_role:
name: '{{ item.name }}'
rules: '{{ item.rules }}'
state: '{{ item.state|default("present") }}'
api_url: '{{ sensu_api_url }}'
api_user: '{{ sensu_api_user }}'
api_password: '{{ sensu_api_password }}'
loop: '{{ sensu_cluster_roles }}'
run_once: true
no_log: true
tags: sensu
- name: manage namespaces
sensugo_namespace:
name: '{{ item.name }}'
state: '{{ item.state|default("present") }}'
api_url: '{{ sensu_api_url }}'
api_user: '{{ sensu_api_user }}'
api_password: '{{ sensu_api_password }}'
loop: '{{ sensu_namespaces }}'
run_once: true
no_log: true
tags: sensu
- name: manage assets
sensugo_asset:
name: '{{ item.name }}'
namespace: '{{ item.namespace|default("default") }}'
url: '{{ item.url }}'
sha512: '{{ item.sha512 }}'
filters: '{{ item.filters|default([]) }}'
api_url: '{{ sensu_api_url }}'
api_user: '{{ sensu_api_user }}'
api_password: '{{ sensu_api_password }}'
loop: '{{ sensu_assets }}'
run_once: true
no_log: true
tags: sensu
- name: manage filters
sensugo_filter:
name: '{{ item.name }}'
namespace: '{{ item.namespace|default("default") }}'
action: '{{ item.action|default("allow") }}'
expressions: '{{ item.expressions }}'
runtime_assets: '{{ item.runtime_assets|default([]) }}'
state: '{{ item.state|default("present") }}'
api_url: '{{ sensu_api_url }}'
api_user: '{{ sensu_api_user }}'
api_password: '{{ sensu_api_password }}'
loop: '{{ sensu_filters }}'
run_once: true
no_log: true
tags: sensu
- name: manage handlers
sensugo_handler:
name: '{{ item.name }}'
namespace: '{{ item.namespace|default("default") }}'
type: '{{ item.type|default("pipe") }}'
command: '{{ item.command }}'
filters: '{{ item.filters|default([]) }}'
options: '{{ item.options|default({}) }}'
api_url: '{{ sensu_api_url }}'
api_user: '{{ sensu_api_user }}'
api_password: '{{ sensu_api_password }}'
loop: '{{ sensu_handlers }}'
run_once: true
no_log: true
tags: sensu
- name: manage checks
sensugo_check:
name: '{{ item.name }}'
namespace: '{{ item.namespace|default("default") }}'
command: '{{ item.command }}'
handlers: '{{ item.handlers|default([]) }}'
subscriptions: '{{ item.subscriptions }}'
interval: '{{ item.interval|default(60) }}'
options: '{{ item.options|default({}) }}'
state: '{{ item.state|default("present") }}'
api_url: '{{ sensu_api_url }}'
api_user: '{{ sensu_api_user }}'
api_password: '{{ sensu_api_password }}'
loop: '{{ sensu_checks }}'
run_once: true
no_log: true
tags: sensu

8
tasks/main.yml Normal file
View file

@ -0,0 +1,8 @@
---
- import_tasks: repository.yml
- import_tasks: agent.yml
when: sensu_agent
- import_tasks: backend.yml
when: sensu_backend

37
tasks/repository.yml Normal file
View file

@ -0,0 +1,37 @@
---
- name: install dependencies packages
apt:
name: '{{ packages }}'
vars:
packages:
- apt-transport-https
- ca-certificates
- gnupg2
- software-properties-common
register: result
retries: 3
delay: 1
until: result is success
tags: sensu
- name: add gpg key for sensu repository
apt_key:
url: 'https://packagecloud.io/sensu/{{ item }}/gpgkey'
loop:
- stable
- community
register: result
retries: 3
delay: 1
until: result is success
tags: sensu
- name: add sensu repository
apt_repository:
repo: >
deb https://packagecloud.io/sensu/{{ item }}/{{ sensu_repository_system }}/
{{ sensu_repository_release }} main
loop:
- stable
- community
tags: sensu

View file

@ -0,0 +1,52 @@
---
- hosts: default
connection: local
vars:
sensu_backend: yes
sensu_repository_system: ubuntu
sensu_repository_release: xenial
sensu_agent_plugins:
- name: sensu-plugins-disk-checks
version: 3.1.1
sensu_agent_labels:
test: coucou
hello:
warning: 30
critical: 50
sensu_namespaces:
- name: supernamespace
sensu_users:
- name: johndoe
password: secret1234
groups:
- devops
- users
sensu_assets:
- name: superasset
url: http://localhost/test.sh
sha512: >
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce
47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
sensu_handlers:
- name: mail
command: echo test | mail -s coucou
sensu_filters:
- name: state_changed
expressions:
- event.check.occurrences == 1
sensu_checks:
- name: ping
command: ping -c 1 127.0.0.1
subscriptions:
- linux
sensu_cluster_roles:
- name: superview
rules:
- verbs:
- get
- list
resources:
- '*'
roles:
- ansible-role-sensu

View file

@ -0,0 +1,78 @@
require 'serverspec'
set :backend, :exec
puts
puts '================================'
puts %x(ansible --version)
puts '================================'
%w[
sensu-go-agent
sensu-go-cli
sensu-go-backend
monitoring-plugins-basic
].each do |package|
describe package(package) do
it { should be_installed }
end
end
%w[
sensu-agent
sensu-backend
].each do |service|
describe service(service) do
it { should be_enabled }
it { should be_running }
it { should be_running.under('systemd') }
end
end
[3000, 8080, 8081].each do |port|
describe port(port) do
it { should be_listening.with('tcp6') }
end
end
describe command(
'sensuctl configure -n --password "P@ssw0rd!" ' \
'--url http://127.0.0.1:8080 --username admin --format tabular'
) do
its(:exit_status) { should eq 0 }
end
describe command('sensuctl namespace list') do
its(:exit_status) { should eq 0 }
its(:stdout) { should match 'supernamespace' }
end
describe command('sensuctl user list') do
its(:exit_status) { should eq 0 }
its(:stdout) { should match(/johndoe.*\s+devops,users\s+.*true/) }
end
describe command('sensuctl asset list') do
its(:exit_status) { should eq 0 }
its(:stdout) { should match(/superasset.*\s+.*test.sh\s+cf83e13/) }
end
describe command('sensuctl handler list') do
its(:exit_status) { should eq 0 }
its(:stdout) { should match(/mail.*\s+pipe\s+.*echo test \| mail -s coucou\s+/) }
end
describe command('sensuctl filter list') do
its(:exit_status) { should eq 0 }
its(:stdout) { should match(/state_changed.*\s+allow\s+event\.check\.occurrences == 1/) }
end
describe command('sensuctl cluster-role list') do
its(:exit_status) { should eq 0 }
its(:stdout) { should match(/view.*\s+1/) }
end
describe command('sensuctl check list') do
its(:exit_status) { should eq 0 }
its(:stdout) { should match(/ping.*\s+ping -c 1 127.0.0.1\s+60\s+.*\s+linux\s+/) }
end

View file

@ -0,0 +1,2 @@
[default]
localhost