Select Supported Platforms

Select Supported Architectures

Select Tier

Github Name

sensu-ansible-handler (1) Versions 0.3.0 Enterprise Tier

A Sensu Go Handler for launching Ansible Tower Job Templates for automated remediation.

Downloads in last month
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
README
Release Notes

Sensu Ansible Handler

Overview

A Sensu Go Handler for launching Ansible Tower Job Templates for automated remediation.

NOTE: this is an experimental pre-release of a commercially licensed Sensu Go integration.

Usage example(s)

Coming soon...

Configuration

Sensu configuration

---
type: Handler
api_version: core/v2
metadata:
  name: ansible-tower
  namespace: default
  annotations: |
    [
      {
        "template_name": "Start NGINX",
        "template_id": 7,
        "inventory_name": "Web Servers",
        "inventory_id": 2,
        "limit": "",
        "occurrences": [ 3 ],
        "severities": [ 1, 2 ]
      }
    ]
spec:
  type: pipe
  command: sensu-ansible-handler
  timeout: 10
  env_vars:
  - "ANSIBLE_HOST=127.0.0.1"
  - "ANSIBLE_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

NOTE: the attributes "template_name" and "inventory_name" are currently unused. Support for referencing job templates and inventories by name (rather than ID) will come in a future update.

Ansible configuration

Sensu will require a valid auth token to communicate with the Ansible Tower API. Please note the following instructions on how to generate/obtain a valid Ansible Tower authorization token.

  1. Register Sensu as an Application in Ansible Tower.

    $ ANSIBLE_AUTH=$(curl -XPOST -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
      -d '{"organization": 1, "client_type": "confidential", "name": "Sensu Go", "authorization_grant_type": "implicit", "redirect_uris": "https://'${ANSIBLE_HOST}'/api/"}' \
      https://${ANSIBLE_HOST}/api/v2/applications/)
    
  2. Get an OAuth Token.

    $ ANSIBLE_CLIENT_ID=$(echo $ANSIBLE_AUTH | jq -r .client_id)
    $ ANSIBLE_CLIENT_SECRET=$(echo $ANSIBLE_AUTH | jq -r .client_secret)
    $ open "http://${ANSIBLE_HOST}/api/o/authorize/?response_type=token&scope=read%20write&client_id=${ANSIBLE_CLIENT_ID}"
    

References

Documentation

Development & Troubleshooting

  • Get a list of organizations by ID:

    $ curl -XGET -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
      "https://${ANSIBLE_HOST}/api/v2/organizations/"
    
  • Create an inventory:

    $ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
      -d '{"name": "Sensu Go", "organization": 1}' \
      "https://${ANSIBLE_HOST}/api/v2/inventories/"
    
  • Create a host:

    $ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
      -d '{"name": "server-01", "enabled": true, "instance_id": "", "variables": "{\"ansible_host\": \"10.0.1.101\"}"}' \
      "https://${ANSIBLE_HOST}/api/v2/inventories/2/hosts/"
    
  • Launch a job template:

    $ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
      -d '{"inventory": 2, "limit": "server-01"}' "https://${ANSIBLE_HOST}/api/v2/job_templates/7/launch/"
    
  • Delete an application:

    $ curl -XDELETE -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
      "https://${ANSIBLE_HOST}/api/v2/applications/1/"
    
  • Test an API Token:

    $ curl -XGET --insecure -I -H "Authorization: Bearer ${ANSIBLE_TOKEN}" \
      -H "Content-Type: application/json" \
      "https://${ANSIBLE_HOST}/api/v2/job_templates/"
    

Roadmap

  • TODO: look at Sensu => Ansible registration handler for maintaining "Smart Inventories"
  • TODO: validate job template launch readiness via the GET /api/v2/job_templates/{id}/launch/ endpoint
  • TODO: lookup inventory by subscription name via the GET /api/v2/inventories/ endpoint

Are you sure you want to report this asset?

Please describe the reason for reporting this asset. Our moderators will be notified and will disable the asset if it is found to be inappropriate.

×

You must be signed in to report this asset.

Sign In with Github