Skip to content

Latest commit

 

History

History
2442 lines (1432 loc) · 44.1 KB

REFERENCE.md

File metadata and controls

2442 lines (1432 loc) · 44.1 KB
Raw

Reference

Table of Contents

Classes

Public Classes

Private Classes

  • sensu::backend::default_resources: Default sensu resources
  • sensu::backend::resources: Define sensu resources
  • sensu::backend::tessen: Manage tessen phone home
  • sensu::repo: Private class to manage sensu repository resources
  • sensu::repo::community: Private class to manage sensu community repository resources
  • sensu::ssl: Private class to manage sensu SSL resources

Resource types

Classes

sensu

This is the main Sensu class

Parameters

The following parameters are available in the sensu class.

version

Data type: String

Version of Sensu to install. Defaults to installed to support Windows MSI packaging and to avoid surprising upgrades.

Default value: 'installed'

etc_dir

Data type: Stdlib::Absolutepath

Absolute path to the Sensu etc directory.

Default value: '/etc/sensu'

ssl_dir

Data type: Stdlib::Absolutepath

Absolute path to the Sensu ssl directory.

Default value: '/etc/sensu/ssl'

user

Data type: String

User used by sensu services

Default value: 'sensu'

group

Data type: String

User group used by sensu services

Default value: 'sensu'

etc_dir_purge

Data type: Boolean

Boolean to determine if the etc_dir should be purged such that only Puppet managed files are present.

Default value: true

ssl_dir_purge

Data type: Boolean

Boolean to determine if the ssl_dir should be purged such that only Puppet managed files are present.

Default value: true

manage_repo

Data type: Boolean

Boolean to determine if software repository for Sensu should be managed.

Default value: true

use_ssl

Data type: Boolean

Sensu backend service uses SSL

Default value: true

ssl_ca_source

Data type: Optional[String]

Source of SSL CA used by sensu services

Default value: $facts['puppet_localcacert']

sensu::agent

Class to manage the Sensu agent.

Examples

class { 'sensu::agent':
  backends    => ['sensu-backend.example.com:8081'],
  config_hash => {
    'subscriptions => ['linux', 'apache-servers'],
  },
}

Parameters

The following parameters are available in the sensu::agent class.

version

Data type: Optional[String]

Version of sensu agent to install. Defaults to installed to support Windows MSI packaging and to avoid surprising upgrades.

Default value: undef

package_source

Data type: Optional[String[1]]

Source of package for installing Windows. Paths with http:// or https:// will be downloaded Paths with puppet:// or absolute filesystem paths will also be installed.

Default value: undef

package_download_path

Data type: Optional[Stdlib::Absolutepath]

Where to download the MSI for Windows. Defaults to C:\. This parameter only used when package_source is an URL or when it's a puppet source (puppet://).

Default value: undef

package_name

Data type: String

Name of Sensu agent package.

Default value: 'sensu-go-agent'

service_name

Data type: String

Name of the Sensu agent service.

Default value: 'sensu-agent'

service_ensure

Data type: String

Sensu agent service ensure value.

Default value: 'running'

service_enable

Data type: Boolean

Sensu agent service enable value.

Default value: true

config_hash

Data type: Hash

Sensu agent configuration hash used to define agent.yml.

Default value: {}

backends

Data type: Array[Sensu::Backend_URL]

Array of sensu backends to pass to backend-url config option. The protocol prefix of ws:// or wss:// are optional and will be determined based on sensu::use_ssl parameter by default. Passing backend-url as part of config_hash takes precedence.

Default value: ['localhost:8081']

show_diff

Data type: Boolean

Sets show_diff parameter for agent.yml configuration file

Default value: true

log_file

Data type: Optional[Stdlib::Absolutepath]

Path to agent log file, only for Windows. Defaults to C:\ProgramData\sensu\log\sensu-agent.log

Default value: undef

sensu::backend

Class to manage the Sensu backend.

Examples

class { 'sensu::backend':
  password => 'secret',
}

Parameters

The following parameters are available in the sensu::backend class.

version

Data type: Optional[String]

Version of sensu backend to install. Defaults to installed to support Windows MSI packaging and to avoid surprising upgrades.

Default value: undef

package_name

Data type: String

Name of Sensu backend package.

Default value: 'sensu-go-backend'

cli_package_name

Data type: String

Name of Sensu CLI package.

Default value: 'sensu-go-cli'

service_name

Data type: String

Name of the Sensu backend service.

Default value: 'sensu-backend'

service_ensure

Data type: String

Sensu backend service ensure value.

Default value: 'running'

service_enable

Data type: Boolean

Sensu backend service enable value.

Default value: true

state_dir

Data type: Stdlib::Absolutepath

Sensu backend state directory path.

Default value: '/var/lib/sensu/sensu-backend'

config_hash

Data type: Hash

Sensu backend configuration hash used to define backend.yml.

Default value: {}

url_host

Data type: String

Sensu backend host used to configure sensuctl and verify API access.

Default value: $trusted['certname']

url_port

Data type: Stdlib::Port

Sensu backend port used to configure sensuctl and verify API access.

Default value: 8080

ssl_cert_source

Data type: Optional[String]

The SSL certificate source

Default value: $facts['puppet_hostcert']

ssl_key_source

Data type: Optional[String]

The SSL private key source

Default value: $facts['puppet_hostprivkey']

password

Data type: String

Sensu backend admin password used to confiure sensuctl.

Default value: 'P@ssw0rd!'

old_password

Data type: Optional[String]

Sensu backend admin old password needed when changing password.

Default value: undef

agent_password

Data type: String

The sensu agent password

Default value: 'P@ssw0rd!'

agent_old_password

Data type: Optional[String]

The sensu agent old password needed when changing agent_password

Default value: undef

include_default_resources

Data type: Boolean

Sets if default sensu resources should be included

Default value: true

show_diff

Data type: Boolean

Sets show_diff parameter for backend.yml configuration file

Default value: true

license_source

Data type: Optional[String]

The source of sensu-go enterprise license. Supports any valid Puppet File sources such as absolute paths or puppet:/// Do not define with license_content

Default value: undef

license_content

Data type: Optional[String]

The content of sensu-go enterprise license Do not define with license_source

Default value: undef

manage_tessen

Data type: Boolean

Boolean that determines if Tessen is managed

Default value: true

tessen_ensure

Data type: Enum['present','absent']

Determine if Tessen is opt-in (present) or opt-out (absent)

Default value: 'present'

ad_auths

Data type: Hash

Hash of sensu_ad_auth resources

Default value: {}

assets

Data type: Hash

Hash of sensu_asset resources

Default value: {}

checks

Data type: Hash

Hash of sensu_check resources

Default value: {}

cluster_members

Data type: Hash

Hash of sensu_cluster_member resources

Default value: {}

cluster_role_bindings

Data type: Hash

Hash of sensu_cluster_role_binding resources

Default value: {}

cluster_roles

Data type: Hash

Hash of sensu_cluster_role resources

Default value: {}

configs

Data type: Hash

Hash of sensu_config resources

Default value: {}

entities

Data type: Hash

Hash of sensu_entitie resources

Default value: {}

events

Data type: Hash

Hash of sensu_event resources

Default value: {}

filters

Data type: Hash

Hash of sensu_filter resources

Default value: {}

handlers

Data type: Hash

Hash of sensu_handler resources

Default value: {}

hooks

Data type: Hash

Hash of sensu_hook resources

Default value: {}

ldap_auths

Data type: Hash

Hash of sensu_ldap_auth resources

Default value: {}

mutators

Data type: Hash

Hash of sensu_mutator resources

Default value: {}

namespaces

Data type: Hash

Hash of sensu_namespace resources

Default value: {}

role_bindings

Data type: Hash

Hash of sensu_role_binding resources

Default value: {}

roles

Data type: Hash

Hash of sensu_role resources

Default value: {}

silencings

Data type: Hash

Hash of sensu_silenced resources

Default value: {}

users

Data type: Hash

Hash of sensu_user resources

Default value: {}

sensu::plugins

Class to manage the Sensu plugins.

Examples

class { 'sensu::plugins':
  plugins    => ['disk-checks'],
  extensions => ['graphite'],
}
class { 'sensu::plugins':
  plugins    => {
    'disk-checks' => { 'version' => 'latest' },
  },
  extensions => {
    'graphite' => { 'version' => 'latest' },
  },
}

Parameters

The following parameters are available in the sensu::plugins class.

package_ensure

Data type: String

Ensure property for sensu plugins package.

Default value: 'installed'

package_name

Data type: String

Name of the Sensu plugins ruby package.

Default value: 'sensu-plugins-ruby'

dependencies

Data type: Array

Package dependencies needed to install plugins and extensions. Default is OS dependent.

Default value: []

plugins

Data type: Variant[Array, Hash]

Plugins to install

Default value: []

extensions

Data type: Variant[Array, Hash]

Extensions to install

Default value: []

Resource types

sensu_ad_auth

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]
  • Exec[sensu-add-license]

Examples

Add an Active Directory auth
sensu_ad_auth { 'ad':
  ensure              => 'present',
  servers             => [
    {
      'host' => '127.0.0.1',
      'port' => 636,
    },
  ],
  server_binding      => {
    '127.0.0.1' => {
      'user_dn' => 'cn=binder,dc=acme,dc=org',
      'password' => 'P@ssw0rd!'
    }
  },
  server_group_search => {
    '127.0.0.1' => {
      'base_dn' => 'dc=acme,dc=org',
    }
  },
  server_user_search  => {
    '127.0.0.1' => {
      'base_dn' => 'dc=acme,dc=org',
    }
  },
}

Properties

The following properties are available in the sensu_ad_auth type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

servers

AD servers Defaults:

  • insecure: false
  • security: tls
  • trusted_ca_file: ""
  • client_cert_file: ""
  • client_key_file: ""
server_binding

AD server bindings

server_group_search

Search configuration for groups. Defaults:

  • attribute: member
  • name_attribute: cn
  • object_class: group
server_user_search

Search configuration for users. Defaults:

  • attribute: sAMAccountName
  • name_attribute: displayName
  • object_class: person
groups_prefix

The prefix added to all AD groups.

username_prefix

The prefix added to all AD usernames.

Parameters

The following parameters are available in the sensu_ad_auth type.

name

namevar

The name of the AD auth.

sensu_api_validator

Verify that a connection can be successfully established between a node and the sensu-backend server. Its primary use is as a precondition to prevent configuration changes from being applied if the sensu_backend server cannot be reached, but it could potentially be used for other purposes such as monitoring.

Examples

Verify API connectivity to localhost:8080
sensu_api_validator { 'sensu':
  sensu_api_server => 'localhost',
  sensu_api_ort    => 8080,
}

Properties

The following properties are available in the sensu_api_validator type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

Parameters

The following parameters are available in the sensu_api_validator type.

name

namevar

An arbitrary name used as the identity of the resource.

sensu_api_server

The DNS name or IP address of the server where sensu_api should be running.

Default value: localhost

sensu_api_port

The port that the sensu_api server should be listening on.

Default value: 8080

use_ssl

Whether the connection will be attemped using https

Default value: false

test_url

URL to use for testing if the Sensu backend is up

Default value: /health

timeout

The max number of seconds that the validator should wait before giving up and deciding that sensu_api is not running; defaults to 15 seconds.

Default value: 30

sensu_asset

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]
  • sensu_namespace - Puppet will autorequire sensu_namespace resource defined in namespace property.

Examples

Create an asset
sensu_asset { 'test':
  ensure  => 'present',
  url     => 'http://example.com/asset/example.tar',
  sha512  => '4f926bf4328fbad2b9cac873d117f771914f4b837c9c85584c38ccf55a3ef3c2e8d154812246e5dda4a87450576b2c58ad9ab40c9e2edc31b288d066b195b21b',
  filters => ['System.OS==linux'],
}

Properties

The following properties are available in the sensu_asset type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

url

The URL location of the asset.

sha512

The checksum of the asset

filters

Valid values: /.*/, absent

A set of filters used by the agent to determine of the asset should be installed.

namespace

The Sensu RBAC namespace that this asset belongs to.

Default value: default

labels

Custom attributes to include with event data, which can be queried like regular attributes.

annotations

Arbitrary, non-identifying metadata to include with event data.

Parameters

The following parameters are available in the sensu_asset type.

name

namevar

The name of the asset.

sensu_check

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]
  • sensu_namespace - Puppet will autorequire sensu_namespace resource defined in namespace property.
  • sensu_handler - Puppet will autorequie sensu_handler resources defined in handlers property.
  • sensu_asset - Puppet will autorequire sensu_asset resources defined in runtime_assets property.
  • sensu_hook - Puppet will autorequire sensu_hook resources defined in check_hooks property.

Examples

Create a check
sensu_check { 'test':
  ensure        => 'present',
  command       => 'check-http.rb',
  subscriptions => ['demo'],
  handlers      => ['email'],
  interval      => 60,
}
Create a check that has a hook
sensu_check { 'test':
  ensure        => 'present',
  command       => 'check-cpu.sh -w 75 -c 90',
  subscriptions => ['linux'],
  check_hooks   => [
    { 'critical' => ['ps'] },
    { 'warning'  => ['ps'] },
  ],
  interval      => 60,
}

Properties

The following properties are available in the sensu_check type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

command

The check command to be executed.

subscriptions

An array of Sensu entity subscriptions that check requests will be sent to.

handlers

An array of Sensu event handlers (names) to use for events created by the check.

interval

Valid values: /^[0-9]+$/, absent

The frequency in seconds the check is executed.

cron

Valid values: /.*/, absent

When the check should be executed, using the Cron syntax.

publish

Valid values: true, false

If check requests are published for the check.

Default value: true

timeout

Valid values: /^[0-9]+$/, absent

The check execution duration timeout in seconds (hard stop).

ttl

Valid values: /^[0-9]+$/, absent

The time to live (TTL) in seconds until check results are considered stale.

stdin

Valid values: true, false

If the Sensu agent writes JSON serialized Sensu entity and check data to the command process' STDIN

Default value: false

low_flap_threshold

Valid values: /^[0-9]+$/, absent

The flap detection low threshold (% state change) for the check

high_flap_threshold

Valid values: /^[0-9]+$/, absent

The flap detection high threshold (% state change) for the check

runtime_assets

Valid values: /.*/, absent

An array of Sensu assets (names), required at runtime for the execution of the command

check_hooks

An array of check response types with respective arrays of Sensu hook names.

proxy_entity_name

Valid values: /^[\w.-]+$/, absent

The entity name, used to create a proxy entity for an external resource (i.e., a network switch).

round_robin

Valid values: true, false

If the check should be executed on a single entity within a subscription in a round-robin fashion.

proxy_requests_entity_attributes

Sensu entity attributes to match entities in the registry, using Sensu Query Expressions

proxy_requests_splay

Valid values: true, false

If proxy check requests should be splayed

proxy_requests_splay_coverage

The splay coverage percentage use for proxy check request splay calculation.

silenced

Valid values: true, false

If the event is to be silenced.

env_vars

Valid values: /.*/, absent

An array of environment variables to use with command execution.

output_metric_format

Valid values: nagios_perfdata, graphite_plaintext, influxdb_line, opentsdb_line, absent

The metric format generated by the check command.

output_metric_handlers

Valid values: /.*/, absent

An array of Sensu handlers to use for events created by the check.

max_output_size

Maximum size, in bytes, of stored check outputs.

discard_output

Valid values: true, false

Discard check output after extracting metrics.

namespace

The Sensu RBAC namespace that this check belongs to.

Default value: default

labels

Custom attributes to include with event data, which can be queried like regular attributes.

annotations

Arbitrary, non-identifying metadata to include with event data.

Parameters

The following parameters are available in the sensu_check type.

name

namevar

The name of the check.

sensu_cluster_member

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]

Examples

Add a cluster member
sensu_cluster_member { 'backend2':
  ensure    => 'present',
  peer_urls => ['http://192.168.52.12:2380'],
}

Properties

The following properties are available in the sensu_cluster_member type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

peer_urls

Array of cluster peer URLs

Parameters

The following parameters are available in the sensu_cluster_member type.

name

namevar

The name of the cluster member.

id

Cluster member ID - read-only

sensu_cluster_role

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]

Examples

Add a cluster role
sensu_cluster_role { 'test':
  ensure => 'present',
  rules  => [{'verbs' => ['get','list'], 'resources' => ['checks'], 'resource_names' => ['']}],
}

Properties

The following properties are available in the sensu_cluster_role type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

rules

The rulesets that a role applies.

Parameters

The following parameters are available in the sensu_cluster_role type.

name

namevar

The name of the role.

sensu_cluster_role_binding

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]
  • sensu_cluster_role - Puppet will autorequire sensu_cluster_role resource defined in role_ref property.
  • sensu_user - Puppet will autorequire sensu_user resources based on users and groups defined for the subjects property.

Examples

Add a cluster role binding
sensu_cluster_role_binding { 'test':
  ensure   => 'present',
  role_ref => 'test-role',
  subjects => [
    { 'type' => 'User', 'name' => 'test-user' }
  ],
}

Properties

The following properties are available in the sensu_cluster_role_binding type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

role_ref

References a cluster role.

subjects

The users or groups being assigned.

Parameters

The following parameters are available in the sensu_cluster_role_binding type.

name

namevar

The name of the role binding.

sensu_config

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]

Examples

Manage a config
sensu_config { 'format':
  value => 'json',
}

Properties

The following properties are available in the sensu_config type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

value

The value of the config.

Parameters

The following parameters are available in the sensu_config type.

name

namevar

The name of the config.

sensu_configure

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_api_validator[sensu]
  • file - Puppet will autorequire file resources defined in trusted_ca_file property.

Properties

The following properties are available in the sensu_configure type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

url

sensu-backend URL

trusted_ca_file

Path to trusted CA

Default value: /etc/sensu/ssl/ca.crt

Parameters

The following parameters are available in the sensu_configure type.

name

namevar

The name of the resource.

username

Username to use with sensuctl configure

password

Password to use with sensuctl configure

bootstrap_password

Password to use when bootstrapping sensuctl

Default value: P@ssw0rd!

sensu_entity

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]
  • sensu_namespace - Puppet will autorequire sensu_namespace resource defined in namespace property.
  • sensu_handler - Puppet will autorequie sensu_handler resource defined in deregistration_handler property.

Examples

Create an entity
sensu_entity { 'test':
  ensure       => 'present',
  entity_class => 'proxy',
}

Properties

The following properties are available in the sensu_entity type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

entity_class

The entity type

subscriptions

A list of subscription names for the entity

system

System information about the entity, such as operating system and platform.

last_seen

Timestamp the entity was last seen, in epoch time.

deregister

Valid values: true, false

If the entity should be removed when it stops sending keepalive messages.

Default value: false

deregistration_handler

The name of the handler to be called when an entity is deregistered.

redact

List of items to redact from log messages.

namespace

The Sensu RBAC namespace that this entity belongs to.

Default value: default

labels

Custom attributes to include with event data, which can be queried like regular attributes.

annotations

Arbitrary, non-identifying metadata to include with event data.

Parameters

The following parameters are available in the sensu_entity type.

name

namevar

The unique name of the entity

sensu_event

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]
  • sensu_namespace - Puppet will autorequire sensu_namespace resource defined in namespace property.

Examples

Resolve an event
sensu_event { 'test for sensu-agent':
  ensure => 'resolve'
}
Delete an event
sensu_event { 'test for sensu-agent':
  ensure => 'absent'
}

Properties

The following properties are available in the sensu_event type.

ensure

Valid values: present, resolve, absent, delete

Aliases: "delete"=>"absent"

The basic property that the resource should be in.

Parameters

The following parameters are available in the sensu_event type.

name

namevar

Event name. Can take form of ' for '.

entity

The name of the entity the event should match

check

The name of the check the event should match

namespace

The Sensu RBAC namespace that this event belongs to.

Default value: default

sensu_filter

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]
  • sensu_namespace - Puppet will autorequire sensu_namespace resource defined in namespace property.
  • sensu_asset - Puppet will autorequire sensu_asset resources defined in runtime_assets property.

Examples

Create a filter
sensu_filter { 'test':
  ensure      => 'present',
  action      => 'allow',
  expressions => ["event.Entity.Environment == 'production'"],
}

Properties

The following properties are available in the sensu_filter type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

action

Valid values: allow, deny

Action to take with the event if the filter expressions match.

expressions

Filter expressions to be compared with event data.

runtime_assets

Valid values: /.*/, absent

Assets to be applied to the filter’s execution context.

namespace

The Sensu RBAC namespace that this filter belongs to.

Default value: default

labels

Custom attributes to include with event data, which can be queried like regular attributes.

annotations

Arbitrary, non-identifying metadata to include with event data.

Parameters

The following parameters are available in the sensu_filter type.

name

namevar

The name of the filter.

sensu_handler

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]
  • sensu_namespace - Puppet will autorequire sensu_namespace resource defined in namespace property.
  • sensu_filter - Puppet will autorequire sensu_filter resources defined in filters property.
  • sensu_mutator - Puppet will autorequire sensu_mutator resource defined for mutator property.
  • sensu_handler - Puppet will autorequire sensu_handler resources defined for handlers property.
  • sensu_asset - Puppet will autorequire sensu_asset resources defined in runtime_assets property.

Examples

Create a handler
sensu_handler { 'test':
  ensure  => 'present',
  type    => 'pipe',
  command => 'notify.rb'
}

Properties

The following properties are available in the sensu_handler type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

type

Valid values: pipe, tcp, udp, set

The handler type.

filters

Valid values: /.*/, absent

An array of Sensu event filters (names) to use when filtering events for the handler.

mutator

Valid values: /.*/, absent

The Sensu event mutator (name) to use to mutate event data for the handler.

timeout

Valid values: /^[0-9]+$/, absent

The handler execution duration timeout in seconds (hard stop)

command

Valid values: /.*/, absent

The handler command to be executed.

env_vars

Valid values: /.*/, absent

An array of environment variables to use with command execution.

socket_host

The socket host address (IP or hostname) to connect to.

socket_port

The socket port to connect to.

handlers

Valid values: /.*/, absent

An array of Sensu event handlers (names) to use for events using the handler set.

runtime_assets

Valid values: /.*/, absent

An array of Sensu assets (names), required at runtime for the execution of the command

namespace

The Sensu RBAC namespace that this handler belongs to.

Default value: default

labels

Custom attributes to include with event data, which can be queried like regular attributes.

annotations

Arbitrary, non-identifying metadata to include with event data.

Parameters

The following parameters are available in the sensu_handler type.

name

namevar

The name of the handler.

sensu_hook

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]
  • sensu_namespace - Puppet will autorequire sensu_namespace resource defined in namespace property.

Examples

Create a hook
sensu_hook { 'test':
  ensure  => 'present',
  command => 'ps aux',
}

Properties

The following properties are available in the sensu_hook type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

command

The hook command to be executed.

timeout

The hook execution duration timeout in seconds (hard stop)

Default value: 60

stdin

Valid values: true, false

If the Sensu agent writes JSON serialized Sensu entity and check data to the command process’ STDIN.

Default value: false

namespace

The Sensu RBAC namespace that this hook belongs to.

Default value: default

labels

Custom attributes to include with event data, which can be queried like regular attributes.

annotations

Arbitrary, non-identifying metadata to include with event data.

Parameters

The following parameters are available in the sensu_hook type.

name

namevar

The name of the hook.

sensu_ldap_auth

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]
  • Exec[sensu-add-license]

Examples

Add a LDAP auth
sensu_ldap_auth { 'openldap':
  ensure              => 'present',
  servers             => [
    {
      'host' => '127.0.0.1',
      'port' => 389,
    },
  ],
  server_binding      => {
    '127.0.0.1' => {
      'user_dn' => 'cn=binder,dc=acme,dc=org',
      'password' => 'P@ssw0rd!'
    }
  },
  server_group_search => {
    '127.0.0.1' => {
      'base_dn' => 'dc=acme,dc=org',
    }
  },
  server_user_search  => {
    '127.0.0.1' => {
      'base_dn' => 'dc=acme,dc=org',
    }
  },
}

Properties

The following properties are available in the sensu_ldap_auth type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

servers

LDAP servers Defaults:

  • insecure: false
  • security: tls
  • trusted_ca_file: ""
  • client_cert_file: ""
  • client_key_file: ""
server_binding

LDAP server bindings

server_group_search

Search configuration for groups. Defaults:

  • attribute: member
  • name_attribute: cn
  • object_class: groupOfNames
server_user_search

Search configuration for users. Defaults:

  • attribute: uid
  • name_attribute: cn
  • object_class: person
groups_prefix

The prefix added to all LDAP groups.

username_prefix

The prefix added to all LDAP usernames.

Parameters

The following parameters are available in the sensu_ldap_auth type.

name

namevar

The name of the LDAP auth.

sensu_mutator

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]
  • sensu_namespace - Puppet will autorequire sensu_namespace resource defined in namespace property.
  • sensu_asset - Puppet will autorequire sensu_asset resources defined in runtime_assets property.

Examples

Create a mutator
sensu_mutator { 'example':
  ensure  => 'present',
  command => 'example-mutator.rb',
}

Properties

The following properties are available in the sensu_mutator type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

command

The mutator command to be executed.

timeout

Valid values: /^[0-9]+$/, absent

The mutator execution duration timeout in seconds (hard stop)

runtime_assets

Valid values: /.*/, absent

An array of Sensu assets (names), required at runtime for the execution of the command

env_vars

Valid values: /.*/, absent

An array of environment variables to use with command execution.

namespace

The Sensu RBAC namespace that this mutator belongs to.

Default value: default

labels

Custom attributes to include with event data, which can be queried like regular attributes.

annotations

Arbitrary, non-identifying metadata to include with event data.

Parameters

The following parameters are available in the sensu_mutator type.

name

namevar

The name of the mutator.

sensu_namespace

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]

Examples

Add an namespace
sensu_namespace { 'test':
  ensure => 'present',
}

Properties

The following properties are available in the sensu_namespace type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

Parameters

The following parameters are available in the sensu_namespace type.

name

namevar

The name of the namespace.

sensu_plugin

Autorequires:

  • Package[sensu-plugins-ruby]

Examples

Install a sensu plugin
sensu_plugin { 'disk-checks':
  ensure  => 'present',
}
Install specific version of a sensu plugin
sensu_plugin { 'disk-checks':
  ensure  => 'present',
  version => '4.0.0',
}
Install latest version of a sensu plugin
sensu_plugin { 'disk-checks':
  ensure  => 'present',
  version => 'latest',
}

Properties

The following properties are available in the sensu_plugin type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

version

Valid values: latest, /[0-9.]+/

Specific version to install, or latest

Parameters

The following parameters are available in the sensu_plugin type.

name

namevar

Plugin or extension name

extension

Valid values: true, false

Sets to install an extension instead of a plugin

Default value: false

source

Install Sensu plugins and extensions from a custom SOURCE

clean

Valid values: true, false

Clean up (remove) other installed versions of the plugin(s) and/or extension(s)

Default value: true

proxy

Install Sensu plugins and extensions via a PROXY URL

sensu_role

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]
  • sensu_namespace - Puppet will autorequire sensu_namespace resource defined in namespace property.

Examples

Add a role
sensu_role { 'test':
  ensure => 'present',
  rules  => [{'verbs' => ['get','list'], 'resources' => ['checks'], 'resource_names' => ['']}],
}

Properties

The following properties are available in the sensu_role type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

namespace

Namespace the role is restricted to.

Default value: default

rules

The rulesets that a role applies.

Parameters

The following parameters are available in the sensu_role type.

name

namevar

The name of the role.

sensu_role_binding

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]
  • sensu_role - Puppet will autorequire sensu_role resource defined in role_ref property.
  • sensu_namespace - Puppet will autorequire sensu_namespace resource defined in namespace property.
  • sensu_user - Puppet will autorequire sensu_user resources based on users and groups defined for the subjects property.

Examples

Add a role binding
sensu_role_binding { 'test':
  ensure   => 'present',
  role_ref => 'test-role',
  subjects => [
    { 'type' => 'User', 'name' => 'test-user' }
  ],
}

Properties

The following properties are available in the sensu_role_binding type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

namespace

Namespace the role binding is restricted to.

Default value: default

role_ref

References a role.

subjects

The users or groups being assigned.

Parameters

The following parameters are available in the sensu_role_binding type.

name

namevar

The name of the role binding.

sensu_silenced

The name of a sensu_silenced resource may not match the name returned by sensuctl. The name from sensuctl will take the form of subscription:check. If you wish to have a sensu_silenced resource name match sensuctl then define the name using the subscription:check format and do not define subscription or check properties.

The subscription and check properties take precedence over value in the name if name takes the form subscription:check.

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]
  • sensu_namespace - Puppet will autorequire sensu_namespace resource defined in namespace property.

Examples

Create a silencing for all checks with subscription entity:sensu_agent
sensu_silenced { 'test':
  ensure       => 'present',
  subscription => 'entity:sensu_agent',
}
Define silencing using composite name where subscription=entity:sensu_agent and check=*.
sensu_silenced { 'entity:sensu_agent:*':
  ensure => 'present',
}
Define silencing using composite name where subscription=linux and check=check-http.
sensu_silenced { 'linux:check-http':
  ensure => 'present',
}
Define silencing where subscription is linux and check is check-http. The subscription property overrides the value from name.
sensu_silenced { 'test:check-http':
  ensure       => 'present',
  subscription => 'linux',
}
Define silencing where subscription is linux and check is test. The check property overrides the value from name.
sensu_silenced { 'linux:check-http':
  ensure => 'present',
  check  => 'test',
}

Properties

The following properties are available in the sensu_silenced type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

begin

Time at which silence entry goes into effect, in epoch.

expire

Number of seconds until this entry should be deleted.

Default value: -1

expire_on_resolve

Valid values: true, false

If the entry should be deleted when a check begins return OK status (resolves).

Default value: false

creator

Valid values: /.*/, absent

Person/application/entity responsible for creating the entry.

reason

Valid values: /.*/, absent

Explanation for the creation of this entry.

namespace

The Sensu RBAC namespace that this silenced belongs to.

Default value: default

labels

Custom attributes to include with event data, which can be queried like regular attributes.

annotations

Arbitrary, non-identifying metadata to include with event data.

Parameters

The following parameters are available in the sensu_silenced type.

name

namevar

Silenced name

check

The name of the check the entry should match

subscription

The name of the subscription the entry should match

sensu_user

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensu_configure[puppet]
  • Sensu_api_validator[sensu]

Examples

Create a user
sensu_user { 'test':
  ensure   => 'present',
  password => 'supersecret',
  groups   => ['users'],
}
Change a user's password
sensu_user { 'test'
  ensure       => 'present',
  password     => 'newpassword',
  old_password => 'supersecret',
  groups       => ['users'],
}

Properties

The following properties are available in the sensu_user type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

password

The user's password.

groups

Groups to which the user belongs.

disabled

Valid values: true, false

The state of the user’s account.

Default value: false

Parameters

The following parameters are available in the sensu_user type.

name

namevar

The name of the user.

old_password

The user's old password, needed in order to change a user's password

configure

Valid values: true, false

Run sensuctl configure for this user

Default value: false

configure_url

URL to use with 'sensuctl configure'

Default value: http://127.0.0.1:8080