info about client configuration

[bovy89]

Hi,

using sensuclassic, we can dynamically add subscriptions (sensuclassic::subscription), also with custom attributes, and write custom client config (sensuclassic:write_json).

In this way, we can include sensuclassic module in the "root" hostgroup with default subscriptions and client attributes (we use foreman as ENC), while leaving other subscriptions and custom attributes inside other modules (e.g. tomcat subscription is inside our tomcat puppet module). This is possible due sensu config hash merge.

How can we translate this in sensu go (subscription, label, annotation etc)? This is a crucial feature for us.

Thanks

[treydock]

Does Foreman ENC do any merging? Merging in the Puppet module isn't necessary as we just write out a hash from config_hash to agent YAML. Here you can specify subscriptions, labels and annotations. You could specify a default for top level hostgroup then change else where. If you used Hiera then be very easy to merge values, just not sure if Foreman supports it.

I will open PR to make setting important values like subscription a bit easier.

[treydock]

Also be useful to see example of Foreman ENC yaml for sensuclassic and some manifest code that illustrates the different places you're setting something like subscription.

[ghoneycutt]

Perhaps a profile class is in order to potentially lookup() and munge the data?

[bovy89]

Just an example.

These are my modules.

mybasemodule/
├── manifests
    ├── init.pp

    # init.pp
    class mybasemodule {
        class { '::sensuclassic':
            <other client params here>
            subscriptions => ['all', 'linux'],
            client_custom => {
                'environment' => 'prod',
            },
        }
    }

myapachemodule/
├── manifests
    ├── init.pp

    # init.pp
    class myapachemodule {
        class { '::apache':
            server_signature => 'Off',
        }

        sensuclassic::subscription {'httpd': }
    }

In foreman I do the following (we are not using yaml):

include ::mybasemodule
include ::myapachemodule

This generate 2 config files: 1 for client and 1 for every subscription (sensu hash config merge will do the magic)

This allow us to dynamically add things (like subscription) without modify mybasemodule or its parameters

[treydock]

This is a fundamental change from Sensu to Sensu Go. The old way used files and you could deploy many files and they all got merged together. The new Sensu Go way is either defining agent config via a single YAML file or by modifying the agent's entity with sensuctl. The sensuclassic module approach simply is not possible with Sensu Go.

I have a few suggestions that could work.

One way is hacks on resource realization in Puppet:

mybasemodule

@sensu_entity { $facts['hostname']:
  ...
  subscriptions => ['base'],
}

myapachemodule:

Sensu_entity <| title == $facts['hostname'] |> {
  subscriptions +> ['httpd'],
}

The above will be challenging with the current module because we don't support a good way for agents to manage sensuctl resources. With #1164 you can install the CLI on agents. With future changes I will be adding support for using the Sensu Go API for managing resources so won't require sensuctl on the agent.

I have not tested using the sensu_entity resource to modify existing agent entities that are self registered. I don't know how that works when an entity has agent.yml with one list of subscriptions then another list is defined with sensuctl.

If you moved your ENC to Hiera this could be easily achieved with array lookups where common.yaml has base subscriptions then something like apache.yaml will contain the extra subscriptions. I do this on my deployments using Foreman's hostgroup as the value to define the hierarchy in Hiera. So the hostgroup base/apache would be able to exist in Hiera as base/apache.yaml if you add %{::hostgroup} into the hierarchy lookup. I rely on this extremely heavily in my Puppet deployments and works great. You then do lookup with unique to do array merging. The example below, the value for hostgroup comes from Foreman.

$subscriptions = lookup('sensu_subscriptions', Array, 'unique', [])
class { 'sensu::agent':
  config_hash => {
    'subscriptions' => $subscriptions',
  }
}

Then this is what I use in my hiera.yaml (condensed for simplicity):

hierarchy:
  - name: "Hierarchy (yaml version)"
    paths:
      - "fqdn/%{facts.fqdn}.yaml"
      - "hostgroup/%{::hostgroup}.yaml"
      - "common.yaml"

Then the actual data:

common.yaml

sensu_subscriptions:
  - all
  - linux

hostgroup/apache.yaml

sensu_subscriptions:
  - httpd

Because the Foreman hostgroups look like filesystem paths they allow nesting and work really well with Hiera.

[treydock]

Going to close in favor of issue opened with upstream Sensu Go. If more assistance is needed, feel free to re-open. Can open new issue if/when Sensu Go makes changes to better support this use case.

[treydock]

@bovy89 This was resolved in #1227 , docs here: https://github.com/sensu/sensu-puppet#advanced-agent---subscriptions