Select Supported Platforms

Select Supported Architectures

Select Tier

Github Name


v0.3.0 · public · Published over 1 year ago

README
Asset Definition
Release Notes
Release Assets

Sensu Ansible Handler

Overview

A Sensu Go Handler for launching Ansible Tower Job Templates for automated
remediation.

NOTE: this is an experimental pre-release of a commercially licensed Sensu Go
integration.

Usage example(s)

Coming soon...

Configuration

Sensu configuration

---
type: Handler
api_version: core/v2
metadata:
  name: ansible-tower
  namespace: default
  annotations: |
    [
      {
        "template_name": "Start NGINX",
        "template_id": 7,
        "inventory_name": "Web Servers",
        "inventory_id": 2,
        "limit": "",
        "occurrences": [ 3 ],
        "severities": [ 1, 2 ]
      }
    ]
spec:
  type: pipe
  command: sensu-ansible-handler
  timeout: 10
  env_vars:
  - "ANSIBLE_HOST=127.0.0.1"
  - "ANSIBLE_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

NOTE: the attributes "template_name" and "inventory_name" are currently
unused. Support for referencing job templates and inventories by name (rather
than ID) will come in a future update.

Ansible configuration

Sensu will require a valid auth token to communicate with the Ansible Tower API.
Please note the following instructions on how to generate/obtain a valid Ansible
Tower authorization token.

  1. Register Sensu as an Application in Ansible Tower.

    $ ANSIBLE_AUTH=$(curl -XPOST -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
      -d '{"organization": 1, "client_type": "confidential", "name": "Sensu Go", "authorization_grant_type": "implicit", "redirect_uris": "https://'${ANSIBLE_HOST}'/api/"}' \
      https://${ANSIBLE_HOST}/api/v2/applications/)
    
  2. Get an OAuth Token.

    $ ANSIBLE_CLIENT_ID=$(echo $ANSIBLE_AUTH | jq -r .client_id)
    $ ANSIBLE_CLIENT_SECRET=$(echo $ANSIBLE_AUTH | jq -r .client_secret)
    $ open "http://${ANSIBLE_HOST}/api/o/authorize/?response_type=token&scope=read%20write&client_id=${ANSIBLE_CLIENT_ID}"
    

References

Documentation

Development & Troubleshooting

  • Get a list of organizations by ID:

    $ curl -XGET -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
      "https://${ANSIBLE_HOST}/api/v2/organizations/"
    
  • Create an inventory:

    $ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
      -d '{"name": "Sensu Go", "organization": 1}' \
      "https://${ANSIBLE_HOST}/api/v2/inventories/"
    
  • Create a host:

    $ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
      -d '{"name": "server-01", "enabled": true, "instance_id": "", "variables": "{\"ansible_host\": \"10.0.1.101\"}"}' \
      "https://${ANSIBLE_HOST}/api/v2/inventories/2/hosts/"
    
  • Launch a job template:

    $ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
      -d '{"inventory": 2, "limit": "server-01"}' "https://${ANSIBLE_HOST}/api/v2/job_templates/7/launch/"
    
  • Delete an application:

    $ curl -XDELETE -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
      "https://${ANSIBLE_HOST}/api/v2/applications/1/"
    
  • Test an API Token:

    $ curl -XGET --insecure -I -H "Authorization: Bearer ${ANSIBLE_TOKEN}" \
      -H "Content-Type: application/json" \
      "https://${ANSIBLE_HOST}/api/v2/job_templates/"
    

Roadmap

  • TODO: look at Sensu => Ansible registration handler for maintaining
    "Smart Inventories"
  • TODO: validate job template launch readiness via the GET /api/v2/job_templates/{id}/launch/ endpoint
  • TODO: lookup inventory by subscription name via the GET /api/v2/inventories/ endpoint

Are you sure you want to report this asset?

Please describe the reason for reporting this asset. Our moderators will be notified and will disable the asset if it is found to be inappropriate.

×

You must be signed in to report this asset.

Sign In with Github

Download

×

This asset is enterprise only and requires an enterprise license. By clicking download, you agree to the Sensu terms and conditions and license agreement.