License
Unknown
v0.3.0 · public · Published about 5 years ago
A Sensu Go Handler for launching Ansible Tower Job Templates for automated
remediation.
NOTE: this is an experimental pre-release of a commercially licensed Sensu Go
integration.
Coming soon...
---
type: Handler
api_version: core/v2
metadata:
name: ansible-tower
namespace: default
annotations: |
[
{
"template_name": "Start NGINX",
"template_id": 7,
"inventory_name": "Web Servers",
"inventory_id": 2,
"limit": "",
"occurrences": [ 3 ],
"severities": [ 1, 2 ]
}
]
spec:
type: pipe
command: sensu-ansible-handler
timeout: 10
env_vars:
- "ANSIBLE_HOST=127.0.0.1"
- "ANSIBLE_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
NOTE: the attributes "template_name"
and "inventory_name"
are currently
unused. Support for referencing job templates and inventories by name (rather
than ID) will come in a future update.
Sensu will require a valid auth token to communicate with the Ansible Tower API.
Please note the following instructions on how to generate/obtain a valid Ansible
Tower authorization token.
Register Sensu as an Application in Ansible Tower.
$ ANSIBLE_AUTH=$(curl -XPOST -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
-d '{"organization": 1, "client_type": "confidential", "name": "Sensu Go", "authorization_grant_type": "implicit", "redirect_uris": "https://'${ANSIBLE_HOST}'/api/"}' \
https://${ANSIBLE_HOST}/api/v2/applications/)
Get an OAuth Token.
$ ANSIBLE_CLIENT_ID=$(echo $ANSIBLE_AUTH | jq -r .client_id)
$ ANSIBLE_CLIENT_SECRET=$(echo $ANSIBLE_AUTH | jq -r .client_secret)
$ open "http://${ANSIBLE_HOST}/api/o/authorize/?response_type=token&scope=read%20write&client_id=${ANSIBLE_CLIENT_ID}"
Get a list of organizations by ID:
$ curl -XGET -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
"https://${ANSIBLE_HOST}/api/v2/organizations/"
Create an inventory:
$ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
-d '{"name": "Sensu Go", "organization": 1}' \
"https://${ANSIBLE_HOST}/api/v2/inventories/"
Create a host:
$ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
-d '{"name": "server-01", "enabled": true, "instance_id": "", "variables": "{\"ansible_host\": \"10.0.1.101\"}"}' \
"https://${ANSIBLE_HOST}/api/v2/inventories/2/hosts/"
Launch a job template:
$ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
-d '{"inventory": 2, "limit": "server-01"}' "https://${ANSIBLE_HOST}/api/v2/job_templates/7/launch/"
Delete an application:
$ curl -XDELETE -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
"https://${ANSIBLE_HOST}/api/v2/applications/1/"
Test an API Token:
$ curl -XGET --insecure -I -H "Authorization: Bearer ${ANSIBLE_TOKEN}" \
-H "Content-Type: application/json" \
"https://${ANSIBLE_HOST}/api/v2/job_templates/"
GET /api/v2/job_templates/{id}/launch/
endpointGET /api/v2/inventories/
endpointPlease describe the reason for reporting this asset. Our moderators will be notified and will disable the asset if it is found to be inappropriate.
×