License
Unknown
v1.0.0-2 · public · Published about 5 years ago
A Sensu Go Handler for launching Ansible Tower Job Templates for automated
remediation.
$ sensuctl asset add sensu/sensu-ansible-handler
$ sensuctl handler create ansible --type pipe \
--runtime-assets sensu/sensu-ansible-handler \
--command "sensu-ansible-handler --host 127.0.0.1 --output-log-file=/var/log/sensu/sensu-backend/sensu-ansible-handler.log" \
--timeout 10 --env-vars "ANSIBLE_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
NOTE: please take care to modify the --host
and --output-log-file
configuration flags and the ANSIBLE_TOKEN
environment variable, as needed.
For more information, please consult the --help
output:
$ ./sensu-ansible-handler --help
The Sensu Go Ansible Tower handler for automated remediation.
Usage:
sensu-ansible-handler [flags]
Flags:
-h, --help help for sensu-ansible-handler
-H, --host string The Ansible Tower API hostname or IP address. Can also be set via the $ANSIBLE_HOST environment variable. (default "127.0.0.1")
-i, --inventory string The Ansible Tower Inventory name (includes Smart Inventories), used to lookup an Inventory ID; ignored if --inventory-id or $ANSIBLE_INVENTORY_ID are set.
-I, --inventory-id string The Ansible Tower Inventory ID (includes Smart Inventories). Can also be set via the $ANSIBLE_INVENTORY_ID environment variable.
-L, --inventory-limit string The Ansible Tower Inventory limit (defaults to the Sensu entity name). Can also be set via the $ANSIBLE_INVENTORY_LIMIT environment variable.
-j, --job-template string The Ansible Tower Job Template name, used to lookup a Job Template ID; ignored if if --job-template-id or $ANSIBLE_JOB_TEMPLATE_ID are set.
-J, --job-template-id string The Ansible Tower Job Template ID. Can also be set via the $ANSIBLE_JOB_TEMPLATE_ID environment variable.
-o, --output-log-file string Write handler output to a log file. Can also be set via the $ANSIBLE_HANDLER_LOGFILE environment variable. Defaults to stdout if not set.
-p, --port string The Ansible Tower API port number. Can also be set via the $ANSIBLE_PORT environment variable. (default "443")
--protocol string The Ansible Tower API protocol (http or https). Can also be set via the $ANSIBLE_PROTO environment variable. (default "https")
-t, --token string The Ansible Tower API token. Can also be set via the $ANSIBLE_TOKEN environment variable. (default "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
{"level":"info","msg":"INFO: No inventory host \"limit\" configured; defaulting to the Sensu Entity name: \"server-01\".\n","time":"2019-10-21T12:44:30-04:00"}
{"level":"info","msg":"INFO: requesting Job Template ID for the template named: \"Start Nginx\".\n","time":"2019-10-21T12:44:30-04:00"}
{"level":"info","msg":"INFO: 200 OK (https://127.0.0.1:443/api/v2/job_templates/).\n","time":"2019-10-21T12:44:31-04:00"}
{"level":"info","msg":"SUCCESS: found matching job template for \"Start Nginx\" with ID: \"7\".","time":"2019-10-21T12:44:31-04:00"}
{"level":"info","msg":"INFO: requesting Inventory ID for the inventory named: \"Sensu Go\".\n","time":"2019-10-21T12:44:31-04:00"}
{"level":"info","msg":"INFO: 200 OK (https://127.0.0.1:443/api/v2/inventories/).\n","time":"2019-10-21T12:44:31-04:00"}
{"level":"info","msg":"SUCCESS: found matching inventory \"Sensu Go\" with ID: \"2\".","time":"2019-10-21T12:44:31-04:00"}
{"level":"info","msg":"INFO: Launching the \"Start Nginx\" job template, targeting the \"server-01\" host (via the \"Sensu Go\" inventory).","time":"2019-10-21T12:44:31-04:00"}
{"level":"info","msg":"SUCCESS: 201 Created (https://127.0.0.1:443/api/v2/job_templates/7/launch/).\n","time":"2019-10-21T12:44:32-04:00"}
---
type: Handler
api_version: core/v2
metadata:
name: ansible
namespace: default
spec:
type: pipe
command: sensu-ansible-handler --host 127.0.0.1 --output-log-file /var/log/sensu/sensu-backend/sensu-ansible-handler.json.log
timeout: 10
env_vars:
- "ANSIBLE_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
---
type: CheckConfig
api_version: core/v2
metadata:
name: check_nginx
namespace: default
annotations:
io.sensu.ansible.config.actions: |
[
{
"template_name": "Start NGINX",
"template_id": 7,
"inventory_name": "Web Servers",
"inventory_id": 2,
"limit": "",
"occurrences": [ 3 ],
"severities": [ 1, 2 ]
}
]
spec:
command: check_http -H 127.0.0.1
publish: true
interval: 10
subscriptions:
- nginx
timeout: 10
handlers:
- ansible
Sensu will require a valid auth token to communicate with the Ansible Tower API.
Please note the following instructions on how to generate/obtain a valid Ansible
Tower authorization token.
Register Sensu as an Application in Ansible Tower.
$ ANSIBLE_AUTH=$(curl -XPOST -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
-d '{"organization": 1, "client_type": "confidential", "name": "Sensu Go", "authorization_grant_type": "implicit", "redirect_uris": "https://'${ANSIBLE_HOST}'/api/"}' \
https://${ANSIBLE_HOST}/api/v2/applications/)
Get an OAuth Token.
$ ANSIBLE_CLIENT_ID=$(echo $ANSIBLE_AUTH | jq -r .client_id)
$ ANSIBLE_CLIENT_SECRET=$(echo $ANSIBLE_AUTH | jq -r .client_secret)
$ open "http://${ANSIBLE_HOST}/api/o/authorize/?response_type=token&scope=read%20write&client_id=${ANSIBLE_CLIENT_ID}"
Get a list of organizations by ID:
$ curl -XGET -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
"https://${ANSIBLE_HOST}/api/v2/organizations/"
Get a list of inventories:
$ curl -XGET -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
"https://${ANSIBLE_HOST}/api/v2/inventories/"
Get a list of job_templates:
$ curl -XGET -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
"https://${ANSIBLE_HOST}/api/v2/job_templates/"
Test an API Token:
$ curl -XGET --insecure -I -H "Authorization: Bearer ${ANSIBLE_TOKEN}" \
-H "Content-Type: application/json" \
"https://${ANSIBLE_HOST}/api/v2/job_templates/"
Create an inventory:
$ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
-d '{"name": "Sensu Go", "organization": 1}' \
"https://${ANSIBLE_HOST}/api/v2/inventories/"
Create a host:
$ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
-d '{"name": "server-01", "enabled": true, "instance_id": "", "variables": "{\"ansible_host\": \"10.0.1.101\"}"}' \
"https://${ANSIBLE_HOST}/api/v2/inventories/2/hosts/"
Launch a job template:
$ curl -XPOST -H "Authorization: Bearer ${ANSIBLE_TOKEN}" -H "Content-Type: application/json" \
-d '{"inventory": 2, "limit": "server-01"}' "https://${ANSIBLE_HOST}/api/v2/job_templates/7/launch/"
Delete an application:
$ curl -XDELETE -sku ${ANSIBLE_USER}:${ANSIBLE_PASS} -H "Content-Type: application/json" \
"https://${ANSIBLE_HOST}/api/v2/applications/1/"
GET /api/v2/job_templates/{id}/launch/
endpointPlease describe the reason for reporting this asset. Our moderators will be notified and will disable the asset if it is found to be inappropriate.
×