Background/Problem:
I use vagrant a lot for testing so when I spin up a vagrant box, using Chef, it will register itself with my sensu environment. When I kill the vagrant box I need to go to the dashboard and remove the client, if I remember too. At the moment I don’t want to expose the sensu-api beyond the api server itself, yet I want a way to deregister a client from sensu automatically. I also don’t want every developer and user out there to have the ability to resolve events either or issue api commands at will.
Proposed Solution:
An init script on the client side runs when a graceful shutdown is performed, this script calls a ruby plugin that drops a check-result onto port 3030 of the local machine for the client to deliver to the server. The “output” of this result can be any api command, in this case I set the output to delete, example:
‘{ “name”: “api_call”, “output”: “delete”, “process”: “init”, “user”: “root”, “handler”: “sensu-api-handler”}’
A handler on the server is set as a pipe and sends the check-result to an “api-handler”. This handler then evaluates the output string to decide what to do. In this case it sees delete. The handler then, using the api, creates a stash containing the following:
{“path”: “api_call”/
“content”: {
node:
user: default is sensu
process: default is sensu
api_cmd: “delete”
timestamp: Time.now
}}
Forgive any syntax errors, thats what linters are for. Then, using the api as well, a delete command is issued to the api-server and removes that client from the dashboard.
This stash is created so that with modification, the handlers check here for a delete value and if so drop the check-result as the machine will be going down cleanly soon.
For cleanup, I have a check that runs every 60 seconds and removes stashes with a value of delete, this prevents Sensu from dropping valid results do to a stash.
I am aware that there is a way to expire the stashes automatically, I just haven’t gotten that far yet. In a perfect world I wouldn’t need to do this. The client, upon graceful shutdown, would issue an api delete command and remove itself, at some point I will look at that. Also, it would be nice if the client was able to do some of the above steps naturally. Possibly by picking up a key/value pair in a check result and knowing that this is an api command.
I understand there is/would be some duplicate effort involved here. The main thought behind this is to leverage the check-result Q to deliver api commands to the api server, thereby exposing one less machine, or distributing one less key/credentials to the environment. A method such as this may also be a way to control or mange in a small capacity appliances by having a dedicated sensu-client be responsible for accepting traps from a group of appliances and issuing api commands on behalf of the appliance.
Just figured I would throw this out there