Sensu Puppet Keepalive Handler

• Overview
• Usage examples
• Configuration
  • Asset registration
  • Handler definition
  • Check definition
• Installation from source and contributing

Overview

The Sensu Puppet Keepalive Handler is a Sensu Event Handler that will delete an entity with a failing keepalive check when its corresponding Puppet node no longer exists or is deregistered.

Usage examples

Help:

Usage:
  sensu-puppet-handler [flags]
  sensu-puppet-handler [command]

Available Commands:
  help        Help about any command
  version     Print the version number of this plugin

Flags:
      --ca-cert string             path to the site's Puppet CA certificate PEM file
      --cert string                path to the SSL certificate PEM file signed by your site's Puppet CA
  -e, --endpoint string            the PuppetDB API endpoint (URL). If an API path is not specified, /pdb/query/v4/nodes/ will be used
  -h, --help                       help for sensu-puppet-handler
      --insecure-skip-tls-verify   skip SSL verification
      --key string                 path to the private key PEM file for that certificate
      --node-name string           node name to use for the entity when querying PuppetDB
  -a, --sensu-api-key string       The Sensu API key
  -u, --sensu-api-url string       The Sensu API URL (default "http://localhost:8080")
  -c, --sensu-ca-cert string       The Sensu Go CA Certificate

Configuration

Asset registration

Assets are the best way to make use of this handler. If you're not using an asset, please consider doing so! If you're using sensuctl 5.13 or later, you can use the following command to add the asset:

sensuctl asset add sensu/sensu-puppet-handler

If you're using an earlier version of sensuctl, you can download the asset definition from this project's Bonsai Asset Index page.

Handler definition

Create the handler using the following handler definition:

---
api_version: core/v2
type: Handler
metadata:
  namespace: default
  name: sensu-puppet-handler
spec:
  type: pipe
  command: sensu-puppet-handler
  timeout: 10
  env_vars:
  - PUPPET_ENDPOINT=https://puppetdb-host:8081
  - PUPPET_CERT=/path/to/puppet/cert.pem
  - PUPPET_KEY=/path/to/puppet/key.pem
  - PUPPET_CA_CERT=/path/to/puppet/ca.pem
  runtime_assets:
  - sensu/sensu-puppet-handler
  secrets:
  - name: SENSU_API_KEY
    secret: sensu-api-key

and then add the handler to the keepalive handler set:

---
api_version: core/v2
type: Handler
metadata:
  name: keepalive
  namespace: default
spec:
  handlers:
  - sensu-puppet-handler
  type: set

Check definition

No check definition is needed. This handler will only trigger on keepalive events after it is added to the keepalive handler set.

Puppet node name

When querying PuppetDB for a node, by default, Sensu will use the Sensu entity’s name for the Puppet node name. Individual Sensu entities can override the name of their corresponding Puppet node, using annotations:

# /etc/sensu/agent.yml example
annotations:
  sensu.io/plugins/sensu-puppet-handler/config/node-name: webserver01.example.com

Installing from source and contributing

Download the latest version of the sensu-puppet-handler from releases, or create an executable script from this source.

Compiling

From the local path of the sensu-puppet-handler repository:

go build

To contribute to this plugin, see CONTRIBUTING