Issues Connecting to Sensu with puppet

James1 · April 14, 2023, 10:45am

Description of your problem

I am trying to create a puppet module that uses the sensu:sensu puppet module to connect to our sensu service. This will be used on a brand new puppet server. We currently have a production puppet server using older modules, the plan is to migrate our servers to the the new puppet server when I get it working.

I have copied the code from the old server, but it is not working on the new server and I think this is because I am using a newer sensu module and the code has changed.

Currently my code adds centos 7 servers to puppet but I get errors and I have read the documentation and searched forums for an answer but cannot resolve.

I am getting this error in the journal of the sensu-agent service :
{"component":"agent","error":"Error reading CA file: open /etc/sensu/ssl/ca.crt: permission denied","level":"error","msg":"reconnection attempt failed","time":"2023-04-14T13:28:40+12:00"}

I get this when I run puppet (message repeats several times - our internal domain is redacted)
Notice: Unable to connect to sensu_api server (https://******.******.com:8080): Failed to open TCP connection to *******.******.com:8080 (Connection refused - connect(2) for "******.******.com" port 8080)

Description of steps you’ve taken to attempt to solve the issue

I have change the mode on /etc/sensu/ssl/ca.crt on the agent server to 777 - this didnt make a difference.
I have read the readme for sensu puppet module, and tried various changes - Nothing has worked

Environmental information

Operating system information

Centos agent
Ubuntu Puppet server

Package versions

Sensu version 6.9.2
Sensu Puppet Plugin v5.11.1

My code:
` class { ‘sensu’:
api_host => ‘..com’,
user => ‘****’,
password => ‘***********’,

}

$my_config = {
‘backends’ => [‘..com:8081’],
‘name’ => upcase(“${::hostname}”),
‘subscriptions’ => $sensu_subscriptions,
‘username’ => ‘',
‘password’ => '***’,
‘agent-managed-entity’ => true,
‘labels’ => {‘region’ => “some-region” , ‘vm-host’ => “some-host”, ‘environment’ => “bobs-your-uncle”},
}

class { ‘sensu::agent’:
config_hash => $my_config,
}`

aaronsachs · April 14, 2023, 3:29pm

Hey there, I think this is pointing to a separate issue from the puppet module connecting to the backend. Your agent doesn’t seem to have the CA file owned by the sensu user, so that should be a fairly straightforward fix.

As to this issue:

I’d validate that 1.) the sensu backend is running and 2.) you can actually connect to it.

James1 · April 24, 2023, 1:26am

Thanks Aaron - yes the backend is running and I can connect to it - this vm is showing up in the sensu console

aaronsachs · April 24, 2023, 8:38pm

Hey there,

So what does the actual rendered backend.yml look like once puppet’s done its thing? It sounds like it’s working (e.g., you’ve got an agent reporting in, you can do curls against the api like curl http://localhost:8080/health, the service is up and running). So it’s just puppet reporting that it can’t hit the API?

James1 · May 2, 2023, 10:19pm

Hi Guys

This issue can be closed. I tracked the issue down and resolved. There were a number of things wrong, confusion as to which password to use, the wrong ssl certificate being used and also a couple of puppet plugs were not installed.

Thanks for your help on this one - it certainly pointed me in the correct direction.

Topic		Replies	Views
Deploying with puppet: Notice: Failed to connect to validate entity host.example.org; sleeping 2 seconds before retry Sensu Go	8	679	June 3, 2021
Getting error with Sensu backend Authorization Sensu Go	4	1936	October 4, 2022
Wss-connection issues on sensu deployed by puppet Sensu Go	16	821	July 26, 2021
Sensu Go agent cannot connect to backend Sensu Go	0	994	September 25, 2019
Cannot validate certificate for 10.11.12.123 because it doesn't contain any IP SANs Sensu Go	2	4892	June 1, 2021