35 changes: 17 additions & 18 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,19 @@
# Changelog

## [v4.7.0](https://github.com/sensu/sensu-puppet/tree/v4.7.0) (2020-03-20)
## [v4.7.1](https://github.com/sensu/sensu-puppet/tree/v4.7.1) (2020-04-07)

[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v4.7.0...v4.7.1)

### Fixed

- Replacing invalid multibyte chars so it is 100% utf-8 [\#1237](https://github.com/sensu/sensu-puppet/pull/1237) ([mvsm](https://github.com/mvsm))

### Merged Pull Requests

- Postgresql examples [\#1238](https://github.com/sensu/sensu-puppet/pull/1238) ([treydock](https://github.com/treydock))
- Fix vagrant [\#1234](https://github.com/sensu/sensu-puppet/pull/1234) ([treydock](https://github.com/treydock))

## [v4.7.0](https://github.com/sensu/sensu-puppet/tree/v4.7.0) (2020-03-21)

[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v4.6.0...v4.7.0)

Expand Down Expand Up @@ -144,10 +157,6 @@

[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.13.0...v3.14.0)

### Added

- Support defining agent and backend service environment variables [\#1160](https://github.com/sensu/sensu-puppet/pull/1160) ([treydock](https://github.com/treydock))

## [v3.13.0](https://github.com/sensu/sensu-puppet/tree/v3.13.0) (2019-11-26)

[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.12.0...v3.13.0)
Expand Down Expand Up @@ -199,8 +208,7 @@

### Added

- Initial work at design document [\#1161](https://github.com/sensu/sensu-puppet/pull/1161) ([treydock](https://github.com/treydock))
- Add bolt tasks [\#1153](https://github.com/sensu/sensu-puppet/pull/1153) ([treydock](https://github.com/treydock))
- Support defining agent and backend service environment variables [\#1160](https://github.com/sensu/sensu-puppet/pull/1160) ([treydock](https://github.com/treydock))
- Deprecate defining single asset builds [\#1140](https://github.com/sensu/sensu-puppet/pull/1140) ([treydock](https://github.com/treydock))

## [v3.9.0](https://github.com/sensu/sensu-puppet/tree/v3.9.0) (2019-10-10)
Expand All @@ -209,8 +217,10 @@

### Added

- Initial work at design document [\#1161](https://github.com/sensu/sensu-puppet/pull/1161) ([treydock](https://github.com/treydock))
- Add sensu\_resources type that will handle resource purging [\#1158](https://github.com/sensu/sensu-puppet/pull/1158) ([treydock](https://github.com/treydock))
- Add sensu\_gem package provider [\#1156](https://github.com/sensu/sensu-puppet/pull/1156) ([treydock](https://github.com/treydock))
- Add bolt tasks [\#1153](https://github.com/sensu/sensu-puppet/pull/1153) ([treydock](https://github.com/treydock))
- Install Windows agent via chocolatey [\#1152](https://github.com/sensu/sensu-puppet/pull/1152) ([treydock](https://github.com/treydock))
- Add sensu\_bonsai\_asset type [\#1149](https://github.com/sensu/sensu-puppet/pull/1149) ([treydock](https://github.com/treydock))
- Replace unit test instance variables with let [\#1143](https://github.com/sensu/sensu-puppet/pull/1143) ([treydock](https://github.com/treydock))
Expand All @@ -227,22 +237,11 @@
### Added

- Testing improvements [\#1139](https://github.com/sensu/sensu-puppet/pull/1139) ([treydock](https://github.com/treydock))
- Support Sensu go 5.12 [\#1137](https://github.com/sensu/sensu-puppet/pull/1137) ([treydock](https://github.com/treydock))
- Support role\_ref property being Hash [\#1133](https://github.com/sensu/sensu-puppet/pull/1133) ([treydock](https://github.com/treydock))

### Fixed

- Fix unit tests [\#1138](https://github.com/sensu/sensu-puppet/pull/1138) ([treydock](https://github.com/treydock))

## [v3.7.0](https://github.com/sensu/sensu-puppet/tree/v3.7.0) (2019-08-26)

[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.6.0...v3.7.0)

### Added

- Support PostgreSQL datastore [\#1136](https://github.com/sensu/sensu-puppet/pull/1136) ([treydock](https://github.com/treydock))
- Increase upper bound of module dependencies [\#1134](https://github.com/sensu/sensu-puppet/pull/1134) ([treydock](https://github.com/treydock))

## [v3.6.0](https://github.com/sensu/sensu-puppet/tree/v3.6.0) (2019-08-16)

[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.5.0...v3.6.0)
Expand Down
22 changes: 19 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,10 @@
* [Bolt Tasks](#bolt-tasks)
4. [Reference](#reference)
* [Facts](#facts)
5. [Limitations - OS compatibility, etc.](#limitations)
6. [Development - Guide for contributing to the module](#development)
7. [License](#license)
5. [Examples](#examples)
6. [Limitations - OS compatibility, etc.](#limitations)
7. [Development - Guide for contributing to the module](#development)
8. [License](#license)

## Module description

Expand Down Expand Up @@ -1078,6 +1079,21 @@ facter -p sensuctl
}
```

## Examples

Examples can be found in the [examples](https://github.com/sensu/sensu-puppet/tree/master/examples) directory.

* [Contact Routing](https://github.com/sensu/sensu-puppet/blob/master/examples/contact_routing.pp) - Example of contact routing
* [Email Alerts](https://github.com/sensu/sensu-puppet/blob/master/examples/email_alerts.pp) - Example of setting up e-mail alerts
* [InfluxDB Handler](https://github.com/sensu/sensu-puppet/blob/master/examples/influxdb_handler.pp) - Example of setting up InfluxDB handler
* [LDAP](https://github.com/sensu/sensu-puppet/blob/master/examples/ldap.pp) - Example of setting up LDAP authentication
* [Logging](https://github.com/sensu/sensu-puppet/blob/master/examples/logging.pp) - Example of setting up improved logging
* [Pagerduty with Secrets Env Vars](https://github.com/sensu/sensu-puppet/blob/master/examples/pagerduty-with-secrets-env.pp) - Setting up Pagerduty using environment variable secrets
* [Pagerduty with Secrets vault](https://github.com/sensu/sensu-puppet/blob/master/examples/pagerduty-with-secrets-vault.pp) - Setting up Pagerduty using secrets vault
* [PostgreSQL with Replication](https://github.com/sensu/sensu-puppet/tree/master/examples/postgresql-replication) - Contains example manifests of setting up Sensu backend and PostgreSQL with PostgreSQL replication.
* [PostgreSQL with SSL](https://github.com/sensu/sensu-puppet/tree/master/examples/postgresql-ssl) - Contains example manifests of setting up Sensu backend and PostgreSQL to communicate using SSL.
* [Slack Alerts](https://github.com/sensu/sensu-puppet/blob/master/examples/slack_alerts.pp) - Example of setting up Slack alerts

## Limitations

The type `sensu_user` does not at this time support `ensure => absent` due to a limitation with sensuctl, see [sensu-go#2540](https://github.com/sensu/sensu-go/issues/2540).
Expand Down
6 changes: 3 additions & 3 deletions REFERENCE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2395,7 +2395,7 @@ Filter expressions to be compared with event data.

Valid values: /.*/, absent

Assets to be applied to the filters execution context.
Assets to be applied to the filter's execution context.

##### `namespace`

Expand Down Expand Up @@ -2620,7 +2620,7 @@ Default value: 60

Valid values: `true`, `false`

If the Sensu agent writes JSON serialized Sensu entity and check data to the command process STDIN.
If the Sensu agent writes JSON serialized Sensu entity and check data to the command process' STDIN.

Default value: false

Expand Down Expand Up @@ -3585,7 +3585,7 @@ Groups to which the user belongs.

Valid values: `true`, `false`

The state of the users account.
The state of the user's account.

Default value: false

Expand Down
18 changes: 3 additions & 15 deletions Vagrantfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,28 +166,16 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|

config.vm.define "debian8-agent", autostart: false do |agent|
agent.vm.box = "debian/jessie64"
# TODO: Use specific version as something broken with 8.11.1
# See https://github.com/sensu/sensu-puppet/pull/1234#issuecomment-605355385
agent.vm.box_version = '8.11.0'
agent.vm.hostname = 'debian8-agent.example.com'
agent.vm.network :private_network, ip: "192.168.52.17"
agent.vm.provision :shell, :path => "tests/provision_basic_debian.sh"
agent.vm.provision :shell, :inline => "puppet apply /vagrant/tests/sensu-agent.pp"
agent.vm.provision :shell, :inline => "facter --custom-dir=/vagrant/lib/facter sensu_agent"
end

config.vm.define "win2008r2-agent", autostart: false do |agent|
agent.vm.box = "opentable/win-2008r2-standard-amd64-nocm"
agent.vm.provider :virtualbox do |vb|
vb.customize ["modifyvm", :id, "--memory", "2048"]
vb.customize ["modifyvm", :id, "--cpus", "1"]
end
agent.vm.hostname = 'win2008r2-agent'
agent.vm.network :private_network, ip: "192.168.52.25"
agent.vm.network "forwarded_port", host: 3390, guest: 3389, auto_correct: true
agent.vm.provision :shell, :path => "tests/provision_basic_win.ps1"
agent.vm.provision :shell, :inline => '$env:PATH += ";C:\Program Files\Puppet Labs\Puppet\bin" ; iex "puppet apply -v C:/vagrant/tests/sensu-agent.pp"'
agent.vm.provision :shell, :inline => '$env:PATH += ";C:\Program Files\Puppet Labs\Puppet\bin" ; iex "puppet apply -v C:/vagrant/tests/sensu-cli.pp"'
agent.vm.provision :shell, :inline => '$env:PATH += ";C:\Program Files\Puppet Labs\Puppet\bin" ; iex "facter --custom-dir=C:\vagrant\lib\facter sensu_agent"'
end

config.vm.define "win2012r2-agent", autostart: false do |agent|
agent.vm.box = "opentable/win-2012r2-standard-amd64-nocm"
agent.vm.provider :virtualbox do |vb|
Expand Down
36 changes: 36 additions & 0 deletions examples/postgresql-replication/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
The following directory contains examples of setting up a PostgreSQL primary/standby cluster that is used for Sensu Go backend events.

The example `sensu-backend.pp` will be applied to the Sensu Go backend.

The example `postgresql.pp` will be applied to both the primary and standby PostgreSQL servers.

Adjustments will have to be made for IP addresses and password.

Once the primary and standby have applied their Puppet catalog you must bootstrap the standby:

```
systemctl stop postgresql-9.6.service
rm -rf /var/lib/pgsql/9.6/data/*
sudo -u postgres pg_basebackup -h 192.168.52.11 -D /var/lib/pgsql/9.6/data -P -U repl -R --xlog-method=stream
```

Once the bootstrap is done, re-run Puppet.

Example command of checking that replicaton on the standby is functioning, run this command from the standby host:

```
PGPASSWORD='sensu' psql -U sensu -h localhost -c 'select * from events order by id desc LIMIT 1;'
```

Example command of checking primary replication:

```
PGPASSWORD='password' psql -U postgres -c "select pg_current_xlog_location()" -h localhost
```

Check the standby location matches primary

```
PGPASSWORD='password' psql -U postgres -c "select pg_last_xlog_receive_location()" -h localhost
PGPASSWORD='password' psql -U postgres -c "select pg_last_xlog_replay_location()" -h localhost
```
120 changes: 120 additions & 0 deletions examples/postgresql-replication/postgresql.pp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
$password = 'sensu'
$repl_password = 'secret'
$pgpassword = 'password'
$primary_ip = '192.168.52.11'
$standby_ip = '192.168.52.10'

if $facts['networking']['ip'] == $primary_ip {
$primary = true
$primary_ensure = 'present'
} else {
$primary = false
$primary_ensure = 'absent'
}

class { 'postgresql::globals':
manage_package_repo => true,
version => '9.6',
}
class { 'postgresql::server':
listen_addresses => '*',
postgres_password => $pgpassword,
manage_recovery_conf => true,
}

postgresql::server::db { 'sensu':
user => 'sensu',
password => postgresql_password('sensu', $password),
}

postgresql::server::pg_hba_rule { 'allow access to sensu database':
description => 'Open up postgresql for access to sensu from 0.0.0.0/0',
type => 'host',
database => 'sensu',
user => 'sensu',
address => '0.0.0.0/0',
auth_method => 'password',
}

postgresql::server::config_entry { 'ssl':
value => 'on',
}

postgresql::server::config_entry { 'ssl_cert_file':
value => "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
}

postgresql::server::config_entry { 'ssl_key_file':
value => "${trusted['certname']}.pem",
}

postgresql::server::config_entry { 'ssl_ca_file':
value => '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
}

postgresql::server::config_entry { 'ssl_crl_file':
value => '/etc/puppetlabs/puppet/ssl/crl.pem',
}

file { 'postgresql_ssl_key_file':
ensure => 'file',
path => "${postgresql::server::datadir}/${trusted['certname']}.pem",
source => "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
owner => 'postgres',
group => 'postgres',
mode => '0600',
}

# REFERENCE: https://wiki.postgresql.org/wiki/Streaming_Replication
# To enable read-only queries on a standby server, wal_level must be set to
# "hot_standby". But you can choose "archive" if you never connect to the
# server in standby mode.
postgresql::server::config_entry { 'wal_level':
ensure => $primary_ensure,
value => 'hot_standby',
}

# Set the maximum number of concurrent connections from the standby servers.
postgresql::server::config_entry { 'max_wal_senders':
ensure => $primary_ensure,
value => '5',
}

# To prevent the primary server from removing the WAL segments required for
# the standby server before shipping them, set the minimum number of segments
# retained in the pg_xlog directory. At least wal_keep_segments should be
# larger than the number of segments generated between the beginning of
# online-backup and the startup of streaming replication. If you enable WAL
# archiving to an archive directory accessible from the standby, this may
# not be necessary.
postgresql::server::config_entry { 'wal_keep_segments':
ensure => $primary_ensure,
value => '32',
}

if $primary {
postgresql::server::role { 'repl':
password_hash => postgresql_password('repl', $repl_password),
replication => true,
require => Class['postgresql::server::service'],
}

postgresql::server::pg_hba_rule { 'allow access to repl for replication':
description => "Allow replication for repl from ${standby_ip}/32",
type => 'host',
database => 'replication',
user => 'repl',
address => "${standby_ip}/32",
auth_method => 'md5',
}
} else {
# Enable read-only queries, modify/remove if primary wal_level is archive
postgresql::server::config_entry { 'hot_standby':
value => 'on',
}

postgresql::server::recovery { 'repl':
standby_mode => 'on',
primary_conninfo => "host=${primary_ip} port=5432 user=repl password=${repl_password} sslmode=prefer sslcompression=1",
}
}
59 changes: 59 additions & 0 deletions examples/postgresql-replication/sensu-backend.pp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
$password = 'sensu'
$master_ip = '192.168.52.11'

include sensu
class { 'sensu::agent':
backends => ['sensu-backend:8081'],
}
class { 'sensu::backend':
datastore => 'postgresql',
manage_postgresql_db => false,
postgresql_host => $master_ip,
postgresql_password => $password,
}

# Use Puppet certs when connecting to Sensu DB's Postgresql service
file { '/var/lib/sensu/.postgresql':
ensure => 'directory',
owner => 'sensu',
group => 'sensu',
mode => '0755',
require => Package['sensu-go-backend'],
notify => Service['sensu-backend'],
}

file { '/var/lib/sensu/.postgresql/root.crl':
ensure => 'file',
source => '/etc/puppetlabs/puppet/ssl/crl.pem',
owner => 'sensu',
group => 'sensu',
mode => '0644',
notify => Service['sensu-backend'],
}

file { '/var/lib/sensu/.postgresql/root.crt':
ensure => 'file',
source => $sensu::ssl_ca_source,
owner => 'sensu',
group => 'sensu',
mode => '0644',
notify => Service['sensu-backend'],
}

file { '/var/lib/sensu/.postgresql/postgresql.crt':
ensure => 'file',
source => $sensu::backend::ssl_cert_source,
owner => 'sensu',
group => 'sensu',
mode => '0644',
notify => Service['sensu-backend'],
}

file { '/var/lib/sensu/.postgresql/postgresql.key':
ensure => 'file',
source => $sensu::backend::ssl_key_source,
owner => 'sensu',
group => 'sensu',
mode => '0600',
notify => Service['sensu-backend'],
}
Loading