Select Supported Platforms

Select Supported Architectures

Select Tier

Github Name


sensu/sensu-ansible-handler (3) Versions 0.4.0 Enterprise Tier

A Sensu Go Handler for launching Ansible Tower Job Templates for automated remediation.

Downloads in last month
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
README
Release Notes

Sensu Ansible Handler

Overview

A Sensu Go Handler for launching Ansible Tower Job Templates for automated
remediation.

NOTE: this is an experimental pre-release of a commercially licensed Sensu Go
integration.

Usage example(s)

Coming soon...

Configuration

Sensu Go Handler configuration

---
type: Handler
api_version: core/v2
metadata:
  name: ansible-tower
  namespace: default
spec:
  type: pipe
  command: sensu-ansible-handler
  timeout: 10
  env_vars:
  - "ANSIBLE_HOST=127.0.0.1"
  - "ANSIBLE_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Sensu Go Check configuration

---
type: CheckConfig
api_version: core/v2
metadata:
  name: check_nginx
  namespace: default
  annotations:
    ansible_tower_launch_requests:
        '[
           {
             "template_name": "Start NGINX",
             "template_id": 7,
             "inventory_name": "Web Servers",
             "inventory_id": 2,
             "limit": "",
             "occurrences": [ 3 ],
             "severities": [ 1, 2 ]
           }
         ]'
spec:
  command: check_http -H 127.0.0.1
  publish: true
  interval: 10
  subscriptions:
  - nginx
  timeout: 10
  handlers:
  - ansible-tower

NOTE: the attributes "template_name" and "inventory_name" are currently
unused. Support for referencing job templates and inventories by name (rather
than ID) will come in a future update.

Ansible configuration

Sensu will require a valid auth token to communicate with the Ansible Tower API.
Please note the following instructions on how to generate/obtain a valid Ansible
Tower authorization token.

  1. Register Sensu as an Application in Ansible Tower.

    $ ANSIBLE_AUTH=$(curl -XPOST -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
      -d '{"organization": 1, "client_type": "confidential", "name": "Sensu Go", "authorization_grant_type": "implicit", "redirect_uris": "https://'${ANSIBLE_HOST}'/api/"}' \
      https://${ANSIBLE_HOST}/api/v2/applications/)
    
  2. Get an OAuth Token.

    $ ANSIBLE_CLIENT_ID=$(echo $ANSIBLE_AUTH | jq -r .client_id)
    $ ANSIBLE_CLIENT_SECRET=$(echo $ANSIBLE_AUTH | jq -r .client_secret)
    $ open "http://${ANSIBLE_HOST}/api/o/authorize/?response_type=token&scope=read%20write&client_id=${ANSIBLE_CLIENT_ID}"
    

References

Documentation

Development & Troubleshooting

  • Get a list of organizations by ID:

    $ curl -XGET -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
      "https://${ANSIBLE_HOST}/api/v2/organizations/"
    
  • Create an inventory:

    $ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
      -d '{"name": "Sensu Go", "organization": 1}' \
      "https://${ANSIBLE_HOST}/api/v2/inventories/"
    
  • Create a host:

    $ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
      -d '{"name": "server-01", "enabled": true, "instance_id": "", "variables": "{\"ansible_host\": \"10.0.1.101\"}"}' \
      "https://${ANSIBLE_HOST}/api/v2/inventories/2/hosts/"
    
  • Launch a job template:

    $ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
      -d '{"inventory": 2, "limit": "server-01"}' "https://${ANSIBLE_HOST}/api/v2/job_templates/7/launch/"
    
  • Delete an application:

    $ curl -XDELETE -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
      "https://${ANSIBLE_HOST}/api/v2/applications/1/"
    
  • Test an API Token:

    $ curl -XGET --insecure -I -H "Authorization: Bearer ${ANSIBLE_TOKEN}" \
      -H "Content-Type: application/json" \
      "https://${ANSIBLE_HOST}/api/v2/job_templates/"
    

Roadmap

  • TODO: look at Sensu => Ansible registration handler for maintaining
    "Smart Inventories"
  • TODO: validate job template launch readiness via the GET /api/v2/job_templates/{id}/launch/ endpoint
  • TODO: lookup inventory by subscription name via the GET /api/v2/inventories/ endpoint

Are you sure you want to report this asset?

Please describe the reason for reporting this asset. Our moderators will be notified and will disable the asset if it is found to be inappropriate.

×

You must be signed in to report this asset.

Sign In with Github