Getting the following error when I try to apply certificates to a working instance.
[root@sensuapp ssl]# sensu-backend init
sensuctl configure -n --url https://127.0.0.1:8080 --username admin --password password --format tabular
{“level”:“warn”,“ts”:“2021-03-09T05:30:51.671Z”,“caller”:“clientv3/retry_interceptor.go:62”,“msg”:“retrying of unary invoker failed”,“target”:“passthrough:///http://localhost:2379”,“attempt”:0,“error”:“rpc error: code = DeadlineExceeded desc = latest balancer error: connection error: desc = “transport: Error while dialing dial tcp [::1]:2379: connect: connection refused””}
{“component”:“sensu-enterprise”,“error”:“context deadline exceeded”,“level”:“fatal”,“msg”:“error executing sensu-backend”,“time”:“2021-03-09T05:30:51Z”}
Below is the provisioning script
#!/bin/env bash
# Configure script
set -e # Stop script execution on any error
echo ""; echo "-----------------------------------------"
# Configure variables
MYHOST=sensuapp
MYHOSTIP="10.0.0.17"
echo "- Variables set -"
# Set system name
hostnamectl set-hostname $MYHOST
cat >> /etc/hosts <<EOF
$MYHOSTIP $MYHOST $MYHOST.localdomain
EOF
echo "- Name set -"
# Install tools
yum -y -q -e 3 install net-tools python3 haproxy > /dev/null 2>&1
echo "- Tools installed -"
# Configure firewall
systemctl enable --now firewalld.service > /dev/null 2>&1
firewall-cmd --permanent --add-service=https > /dev/null 2>&1
firewall-cmd --permanent --add-service=ssh > /dev/null 2>&1
firewall-cmd --permanent --add-port=3000/tcp > /dev/null 2>&1
firewall-cmd --permanent --add-port=8081/tcp > /dev/null 2>&1
firewall-cmd --reload > /dev/null 2>&1
echo "- Firewall Updated -"
# From here down we need to generate the certs used with Sensu.
# Set up CA
# Based on https://www.centlinux.com/2019/01/configure-certificate-authority-ca-centos-7.html
# Configue the CA private key
openssl genrsa -aes128 -out /etc/pki/CA/private/ourCA.key \
-passout pass:"password" 2048
# Configure the CA auth certificate using the previous key
openssl req -new -x509 -days 1825 \
-key /etc/pki/CA/private/ourCA.key \
-out /etc/pki/CA/certs/ourCA.crt \
-passout pass:"password" -passin pass:"password" \
-subj "/C=AU/ST=NSW/L=Sydney/O=.../OU=.../CN=.../emailAddress=..."
openssl x509 -in /etc/pki/CA/certs/ourCA.crt -out /etc/pki/CA/certs/ourCA.pem
echo "- CA Configured -"
# From here down we need to generate the certs used with Sensu.
openssl req -new -key /etc/pki/CA/private/ourCA.key \
-out /etc/ssl/sensuapp.pem \
-passout pass:"password" -passin pass:"password" \
-subj "/C=AU/ST=NSW/L=Sydney/O=.../OU=.../CN=.../emailAddress=..."
echo "- Certificate configured -"
# Install Application
echo "- Install Sensu repos -"
curl https://packagecloud.io/install/repositories/sensu/stable/script.rpm.sh | sudo bash > /dev/null 2>&1
echo "- Install sensu -"
yum -y -q -e 3 install sensu-go-cli sensu-go-backend sensu-go-agent > /dev/null 2>&1
echo "- Load backend config -"
curl -L https://docs.sensu.io/sensu-go/latest/files/backend.yml -o /etc/sensu/backend.yml > /dev/null 2>&1
echo "- Sensu installed -"
# Sensu backend configuration
##
# backend configuration
cat > /etc/sensu/backend.yml <<EOF
##
state-dir: "/var/lib/sensu/sensu-backend"
cache-dir: "/var/cache/sensu/sensu-backend"
config-file: "/etc/sensu/backend.yml"
debug: false
#deregistration-handler: "example_handler"
log-level: "debug" # available log levels: panic, fatal, error, warn, info, debug
##
# agent configuration
##
agent-host: "[::]" # listen on all IPv4 and IPv6 addresses
agent-port: 8081
##
# api configuration
##
api-listen-address: "[::]:8080" # listen on all IPv4 and IPv6 addresses
api-url: "https://localhost:8080"
##
# web ui configuration
##
dashboard-cert-file: "/etc/ssl/certs/sensuapp.pem"
dashboard-key-file: "/etc/ssl/private/sensuapp.key"
dashboard-host: "[::]" # listen on all IPv4 and IPv6 addresses
dashboard-port: 3000
##
# ssl configuration
##
cert-file: "/etc/ssl/certs/sensuapp.crt"
key-file: "/etc/ssl/private/sensuapp.key"
trusted-ca-file: "/etc/pki/CA/certs/ourCA.pem"
insecure-skip-tls-verify: false
##
# store configuration
##
etcd-advertise-client-urls: "http://localhost:2379"
etcd-cert-file: "/etc/ssl/certs/sensuapp.pem"
etcd-client-cert-auth: false
etcd-initial-advertise-peer-urls: "http://127.0.0.1:2380"
etcd-initial-cluster: "default=http://127.0.0.1:2380"
etcd-initial-cluster-state: "new" # new or existing
etcd-initial-cluster-token: "sensu"
etcd-key-file: "/etc/ssl/private/sensuapp.key"
etcd-listen-client-urls: "http://127.0.0.1:2379"
etcd-listen-peer-urls: "http://127.0.0.1:2380"
etcd-name: "default"
etcd-peer-cert-file: "/etc/ssl/certs/sensuapp.pem"
etcd-peer-client-cert-auth: false
etcd-peer-key-file: "/etc/pki/CA/private/ourCA.key"
etcd-peer-trusted-ca-file: "/etc/pki/CA/private/ourCA.key"
etcd-trusted-ca-file: "/etc/pki/CA/private/ourCA.key"
no-embed-etcd: false
etcd-cipher-suits
# - TLS_EXAMPLE
EOF
# Start application
systemctl start sensu-backend > /dev/null 2>&1
export SENSU_BACKEND_CLUSTER_ADMIN_USERNAME=admin
export SENSU_BACKEND_CLUSTER_ADMIN_PASSWORD=password
sensu-backend init
sensuctl configure -n --url https://127.0.0.1:8080 --username admin --password password --format tabular
# Configure InfluxDB integration
sensuctl asset add sensu/sensu-influxdb-handler:3.5.0 -r influxdb-handler
sensuctl handler create influx-db \
--type pipe \
--command "sensu-influxdb-handler -d sensu" \
--env-vars "INFLUXDB_ADDR=http://10.0.0.18:8086, INFLUXDB_USER=sensu, INFLUXDB_PASS=password" \
--runtime-assets influxdb-handler \
# --mutator status-metric
# Create Check-path
sensuctl check create check-path -c "check-path.bin -t 2 8.8.8.8" -s "sla-sub" -i "10"
sensuctl check set-output-metric-format check-path nagios_perfdata
sensuctl check set-output-metric-handlers check-path influx-db
# Create Check-path-inf
sensuctl check create check-path-inf -c "check-path-inf.bin 8.8.8.8" -s "sla-sub" -i "10"
sensuctl check set-output-metric-format check-path-inf influxdb_line
sensuctl check set-output-metric-handlers check-path-inf influx-db
# Create Debug handler
sensuctl handler create debug-check --type pipe --command "cat | python3 -m json.tool > /var/log/sensu/debug-check.json"
sensuctl handler create debug-check-inf --type pipe --command "cat | python3 -m json.tool > /var/log/sensu/debug-check-inf.json"
#sensuctl check set-handlers check-path debug-check
# Apply handlers
sensuctl check set-handlers check-path influx-db
#sensuctl check set-handlers check-path-inf debug-check-inf
sensuctl check set-handlers check-path-inf influx-db
echo "- Sensu started -"
# sensu-agent start --statsd-event-handlers influx-db
echo "- InfluxDB Handler Configured -"
echo "-----------------------------------------"
echo "With great power comes great opportunity!"
echo "-----------------------------------------"
echo ""
echo "The install guide can be found at:-"
echo "https://docs.sensu.io/sensu-go/latest/installation/install-sensu/"
echo ""
echo "-----------------------------------------"
echo "You may now log into Sensu by browsing to https://127.0.0.1"
echo "Username: admin"
echo "Password: password"
Hey,
Real quick look at your config…
i think you are probably misconfiguring your embedded etcd settings.
You are setting up tls certs, but then you using ‘http://’ endpoint strings in your etcd configuration…when you should be using ‘https://’ which is probably the sensu-backend init to fail with the error.
Also your sensuctl configure may require an additional argument to specify the private ca file, depending on if your OS has added your private CA to the host bundle or not.
1 Like
Thanks for the great response Jef, greatly appreciated.
Following that update, I’m getting the following error
[root@sensuapp sensu]# sensu-backend init
{"component":"sensu-enterprise","error":"both cluster-admin-username and cluster-admin-password are required to be set","level":"fatal","msg":"error executing sensu-backend","time":"2021-03-09T21:11:48Z"}
Working from the security documentation here, I can’t see a reference to the cluster credentials being set. Any additional help would be amazing.
export SENSU_BACKEND_CLUSTER_ADMIN_USERNAME=YOUR_USERNAME
export SENSU_BACKEND_CLUSTER_ADMIN_PASSWORD=YOUR_PASSWORD
sensu-backend init
Ref:
https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/backend/#initialization
1 Like
Apparently a layer 8 issue 
if for whatever reason you are not able to set the envvar in your scripts… init takes config options.
This is the general pattern… most sensu-backend cmdline switches and mapped to envvars following a simple pattern:
--whatever → SENSU_BACKEND_WHATEVER
Ex:
--cluster-admin-password → SENSU_BACKEND_CLUSTER_ADMIN_PASSWORD
So if you can’t use them as envvars, you can use them as cmdline switches instead.
sensu-backend init --help
initialize a new sensu installation
Usage:
sensu-backend init [flags]
General Flags:
--cluster-admin-password string cluster admin password
--cluster-admin-username string cluster admin username
-c, --config-file string path to sensu-backend config file (default "/etc/sensu/backend.yml")
-h, --help help for init
--interactive interactive mode
--timeout string timeout, in seconds, for failing to establish a connection to etcd (default "5")
Store Flags:
--etcd-advertise-client-urls strings list of this member's client URLs to advertise to clients (default [http://localhost:2379])
--etcd-cert-file string path to the client server TLS cert file
--etcd-cipher-suites strings list of ciphers to use for etcd TLS configuration
--etcd-client-cert-auth enable client cert authentication
--etcd-client-urls string client URLs to use when operating as an etcd client
--etcd-key-file string path to the client server TLS key file
--etcd-max-request-bytes uint maximum etcd request size in bytes (use with caution) (default 1572864)
--etcd-trusted-ca-file string path to the client server TLS trusted CA cert file
[jspaleta@carbon ~]$
It was actually just me runing teh command interractively and not setting teh env vars first, so not really a problem.
Once I reran it properly the original issue is still present. I’m wondering if the certificates have been created correctly?
#!/bin/env bash
# Configure script
set -e # Stop script execution on any error
echo ""; echo "-----------------------------------------"
# Configure variables
MYHOST=sensuapp
MYHOSTIP="10.0.0.17"
echo "- Variables set -"
# Set system name
hostnamectl set-hostname $MYHOST
cat >> /etc/hosts <<EOF
$MYHOSTIP $MYHOST $MYHOST.localdomain
EOF
echo "- Name set -"
# Install tools
yum -y -q -e 3 install net-tools python3 haproxy > /dev/null 2>&1
echo "- Tools installed -"
# Configure firewall
systemctl enable --now firewalld.service > /dev/null 2>&1
firewall-cmd --permanent --add-service=https > /dev/null 2>&1
firewall-cmd --permanent --add-service=ssh > /dev/null 2>&1
firewall-cmd --permanent --add-port=3000/tcp > /dev/null 2>&1
firewall-cmd --permanent --add-port=8081/tcp > /dev/null 2>&1
firewall-cmd --reload > /dev/null 2>&1
echo "- Firewall Updated -"
# From here down we need to generate the certs used with Sensu.
# Set up CA
# Based on https://www.centlinux.com/2019/01/configure-certificate-authority-ca-centos-7.html
# Configue the CA private key
openssl genrsa -aes128 -out /etc/pki/CA/private/ourCA.key \
-passout pass:"password" 2048
# Configure the CA auth certificate using the previous key
openssl req -new -x509 -days 1825 \
-key /etc/pki/CA/private/ourCA.key \
-out /etc/pki/CA/certs/ourCA.crt \
-passout pass:"password" -passin pass:"password" \
-subj "/C=AU/ST=NSW/L=Sydney/O=.../OU=.../CN=.../emailAddress=..."
openssl x509 -in /etc/pki/CA/certs/ourCA.crt -out /etc/pki/CA/certs/ourCA.pem
echo "- CA Configured -"
# From here down we need to generate the certs used with Sensu.
openssl req -new -key /etc/pki/CA/private/ourCA.key \
-out /etc/ssl/sensuapp.pem \
-passout pass:"password" -passin pass:"password" \
-subj "/C=AU/ST=NSW/L=Sydney/O=.../OU=.../CN=.../emailAddress=..."
echo "- Certificate configured -"
# Install Application
echo "- Install Sensu repos -"
curl https://packagecloud.io/install/repositories/sensu/stable/script.rpm.sh | sudo bash > /dev/null 2>&1
echo "- Install sensu -"
yum -y -q -e 3 install sensu-go-cli sensu-go-backend sensu-go-agent > /dev/null 2>&1
echo "- Load backend config -"
curl -L https://docs.sensu.io/sensu-go/latest/files/backend.yml -o /etc/sensu/backend.yml > /dev/null 2>&1
echo "- Sensu installed -"
# Sensu backend configuration
##
# backend configuration
cat > /etc/sensu/backend.yml <<EOF
##
state-dir: "/var/lib/sensu/sensu-backend"
cache-dir: "/var/cache/sensu/sensu-backend"
config-file: "/etc/sensu/backend.yml"
debug: false
#deregistration-handler: "example_handler"
log-level: "debug" # available log levels: panic, fatal, error, warn, info, debug
##
# agent configuration
##
agent-host: "[::]" # listen on all IPv4 and IPv6 addresses
agent-port: 8081
##
# api configuration
##
api-listen-address: "[::]:8080" # listen on all IPv4 and IPv6 addresses
api-url: "https://localhost:8080"
##
# web ui configuration
##
dashboard-cert-file: "/etc/ssl/certs/sensuapp.pem"
dashboard-key-file: "/etc/ssl/private/sensuapp.key"
dashboard-host: "[::]" # listen on all IPv4 and IPv6 addresses
dashboard-port: 3000
##
# ssl configuration
##
cert-file: "/etc/ssl/certs/sensuapp.crt"
key-file: "/etc/ssl/private/sensuapp.key"
trusted-ca-file: "/etc/pki/CA/certs/ourCA.pem"
insecure-skip-tls-verify: false
##
# store configuration
##
etcd-advertise-client-urls: "https://localhost:2379"
etcd-cert-file: "/etc/ssl/certs/sensuapp.pem"
etcd-client-cert-auth: false
etcd-initial-advertise-peer-urls: "https://127.0.0.1:2380"
etcd-initial-cluster: "default=https://127.0.0.1:2380"
etcd-initial-cluster-state: "new" # new or existing
etcd-initial-cluster-token: "sensu"
etcd-key-file: "/etc/ssl/private/sensuapp.key"
etcd-listen-client-urls: "https://127.0.0.1:2379"
etcd-listen-peer-urls: "https://127.0.0.1:2380"
etcd-name: "default"
etcd-peer-cert-file: "/etc/ssl/certs/sensuapp.pem"
etcd-peer-client-cert-auth: false
etcd-peer-key-file: "/etc/pki/CA/private/ourCA.key"
etcd-peer-trusted-ca-file: "/etc/pki/CA/certs/ourCA.pem"
etcd-trusted-ca-file: "/etc/pki/CA/private/ourCA.key"
no-embed-etcd: false
etcd-cipher-suits
# - TLS_EXAMPLE
EOF
# Start application
systemctl start sensu-backend > /dev/null 2>&1
export SENSU_BACKEND_CLUSTER_ADMIN_USERNAME=admin
export SENSU_BACKEND_CLUSTER_ADMIN_PASSWORD=password
sensu-backend init
sensuctl configure -n --trusted-ca-file /etc/pki/CA/private/ourCA.key --url https://127.0.0.1:8080 --username admin --password password --format tabular
# Configure InfluxDB integration
sensuctl asset add sensu/sensu-influxdb-handler:3.5.0 -r influxdb-handler
sensuctl handler create influx-db \
--type pipe \
--command "sensu-influxdb-handler -d sensu" \
--env-vars "INFLUXDB_ADDR=http://10.0.0.18:8086, INFLUXDB_USER=sensu, INFLUXDB_PASS=password" \
--runtime-assets influxdb-handler \
# --mutator status-metric
# Create Check-path
sensuctl check create check-path -c "check-path.bin -t 2 8.8.8.8" -s "sla-sub" -i "10"
sensuctl check set-output-metric-format check-path nagios_perfdata
sensuctl check set-output-metric-handlers check-path influx-db
# Create Check-path-inf
sensuctl check create check-path-inf -c "check-path-inf.bin 8.8.8.8" -s "sla-sub" -i "10"
sensuctl check set-output-metric-format check-path-inf influxdb_line
sensuctl check set-output-metric-handlers check-path-inf influx-db
# Create Debug handler
sensuctl handler create debug-check --type pipe --command "cat | python3 -m json.tool > /var/log/sensu/debug-check.json"
sensuctl handler create debug-check-inf --type pipe --command "cat | python3 -m json.tool > /var/log/sensu/debug-check-inf.json"
#sensuctl check set-handlers check-path debug-check
# Apply handlers
sensuctl check set-handlers check-path influx-db
#sensuctl check set-handlers check-path-inf debug-check-inf
sensuctl check set-handlers check-path-inf influx-db
echo "- Sensu started -"
# sensu-agent start --statsd-event-handlers influx-db
echo "- InfluxDB Handler Configured -"
echo "-----------------------------------------"
echo "With great power comes great opportunity!"
echo "-----------------------------------------"
echo ""
echo "The install guide can be found at:-"
echo "https://docs.sensu.io/sensu-go/latest/installation/install-sensu/"
echo ""
echo "-----------------------------------------"
echo "You may now log into Sensu by browsing to https://127.0.0.1"
echo "Username: admin"
echo "Password: password"
you’ll probably need to add some error handling into the script actions and start investigating return status for each of the commands you are running in that shell script.
Filesystem permission problems maybe… good luck.
1 Like
Thank you for all your help Jef
Here is the final working config.
#!/bin/env bash
# Configure script
set -e # Stop script execution on any error
echo ""; echo "-----------------------------------------"
# Configure variables
MYHOST=sensuapp
MYHOSTIP="10.0.0.17"
echo "- Variables set -"
# Set system name
hostnamectl set-hostname $MYHOST
cat >> /etc/hosts <<EOF
$MYHOSTIP $MYHOST $MYHOST.localdomain
EOF
echo "- Name set -"
# Install tools
yum -y -q -e 3 install net-tools python3 > /dev/null 2>&1
echo "- Tools installed -"
# Configure firewall
setenforce 0 # Set permissive for testing
systemctl enable --now firewalld.service > /dev/null 2>&1
firewall-cmd --permanent --add-service=https > /dev/null 2>&1
firewall-cmd --permanent --add-service=ssh > /dev/null 2>&1
firewall-cmd --permanent --add-port=3000/tcp > /dev/null 2>&1
firewall-cmd --permanent --add-port=8080/tcp > /dev/null 2>&1
firewall-cmd --permanent --add-port=8081/tcp > /dev/null 2>&1
firewall-cmd --reload > /dev/null 2>&1
echo "- Firewall Updated -"
# From here down we need to generate the certs used with Sensu.
# Set up CA
# Based on https://www.centlinux.com/2019/01/configure-certificate-authority-ca-centos-7.html
# https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs
# Configue the CA private key
openssl genrsa -aes128 -out /etc/pki/CA/private/ourCA.key \
-passout pass:"password" 2048
# Configure the CA auth certificate using the previous key
openssl req -new -x509 -days 1825 \
-key /etc/pki/CA/private/ourCA.key \
-out /etc/pki/CA/certs/ourCA.crt \
-passout pass:"password" -passin pass:"password" \
-subj "/C=AU/ST=NSW/L=Sydney/O=MNF Group/OU=Global Networks/CN=Global Networks/emailAddress=test@example.com"
# Add new CA to CA trust store
cp /etc/pki/CA/certs/ourCA.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust
export CA_PUB_CRT="/etc/pki/CA/certs/ourCA.crt"
export CA_PUB_PEM="/etc/pki/CA/certs/ourCA.pem"
export CA_PRI_KEY="/etc/pki/CA/private/ourCA.key"
echo "- CA Configured -"
# From here down we need to generate the certs used with Sensu.
# Generate server signing key
openssl genrsa -out /etc/pki/tls/private/sensuapp.key 1024
# Generate certificate signing request
openssl req -new -key /etc/pki/tls/private/sensuapp.key \
-out /etc/pki/tls/sensuapp.csr \
-subj "/C=AU/ST=NSW/L=Sydney/O=.../OU=.../CN=.../emailAddress=..."
# Use the CA to sign the server certificate
openssl x509 -req -in /etc/pki/tls/sensuapp.csr \
-CA /etc/pki/CA/certs/ourCA.crt \
-CAkey /etc/pki/CA/private/ourCA.key \
-CAcreateserial \
-out /etc/pki/tls/sensuapp.crt \
-days 365 -passin pass:"password"
export SVR_PUB_CRT="/etc/pki/tls/sensuapp.crt"
export SVR_PRI_KEY="/etc/pki/tls/private/sensuapp.key"
export CA_TRUST_LIST="/etc/pki/tls/certs/ca-bundle.crt"
echo "- Certificate configured -"
# Install Application
echo "- Install Sensu repos -"
curl https://packagecloud.io/install/repositories/sensu/stable/script.rpm.sh | sudo bash > /dev/null 2>&1
echo "- Install sensu -"
yum -y -q -e 3 install sensu-go-cli sensu-go-backend sensu-go-agent > /dev/null 2>&1
echo "- Load backend config -"
curl -L https://docs.sensu.io/sensu-go/latest/files/backend.yml -o /etc/sensu/backend.yml > /dev/null 2>&1
echo "- Sensu installed -"
# Sensu backend configuration
##
# backend configuration
cat > /etc/sensu/backend.yml <<EOF
##
state-dir: "/var/lib/sensu/sensu-backend"
cache-dir: "/var/cache/sensu/sensu-backend"
config-file: "/etc/sensu/backend.yml"
debug: false
#deregistration-handler: "example_handler"
log-level: "debug" # available log levels: panic, fatal, error, warn, info, debug
##
# agent configuration
##
agent-host: "[::]" # listen on all IPv4 and IPv6 addresses
agent-port: 8081
##
# api configuration
##
api-listen-address: "[::]:8080" # listen on all IPv4 and IPv6 addresses
api-url: "https://localhost:8080"
##
# web ui configuration
##
dashboard-cert-file: "$SVR_PUB_CRT"
dashboard-key-file: "$SVR_PRI_KEY"
dashboard-host: "[::]" # listen on all IPv4 and IPv6 addresses
dashboard-host: "[::]" # listen on all IPv4 and IPv6 addresses
dashboard-port: 3000
##
# ssl configuration
##
cert-file: "$SVR_PUB_CRT"
key-file: "$SVR_PRI_KEY"
trusted-ca-file: "$CA_TRUST_LIST"
insecure-skip-tls-verify: false
##
# store configuration
##
# etcd-advertise-client-urls: "https://localhost:2379"
# etcd-cert-file: "$SVR_PUB_CRT"
# etcd-client-cert-auth: false
# etcd-initial-advertise-peer-urls: "https://127.0.0.1:2380"
# etcd-initial-cluster: "default=https://127.0.0.1:2380"
# etcd-initial-cluster-state: "new" # new or existing
# etcd-initial-cluster-token: "sensu"
# etcd-key-file: "$SVR_PRI_KEY"
# etcd-listen-client-urls: "https://127.0.0.1:2379"
# etcd-listen-peer-urls: "https://127.0.0.1:2380"
# etcd-name: "default"
# etcd-peer-cert-file: "$SVR_PRI_KEY"
# etcd-peer-client-cert-auth: false
# etcd-peer-key-file: "$SVR_PRI_KEY"
# etcd-peer-trusted-ca-file: "$CA_TRUST_LIST"
# etcd-trusted-ca-file: "$CA_TRUST_LIST"
# no-embed-etcd: false
# etcd-cipher-suits
# - TLS_EXAMPLE
EOF
# Start application
systemctl start sensu-backend
export SENSU_BACKEND_CLUSTER_ADMIN_USERNAME=admin
export SENSU_BACKEND_CLUSTER_ADMIN_PASSWORD=password
sensu-backend init
sensuctl configure -n --insecure-skip-tls-verify --url https://127.0.0.1:8080 --username admin --password password --format tabular
# Configure InfluxDB integration
sensuctl asset add sensu/sensu-influxdb-handler:3.5.0 -r influxdb-handler
sensuctl handler create influx-db \
--type pipe \
--command "sensu-influxdb-handler -d sensu" \
--env-vars "INFLUXDB_ADDR=http://10.0.0.18:8086, INFLUXDB_USER=sensu, INFLUXDB_PASS=password" \
--runtime-assets influxdb-handler \
# --mutator status-metric
# Create Check-path
sensuctl check create check-path -c "check-path.bin -t 2 8.8.8.8" -s "sla-sub" -i "10"
sensuctl check set-output-metric-format check-path nagios_perfdata
sensuctl check set-output-metric-handlers check-path influx-db
# Create Check-path-inf
sensuctl check create check-path-inf -c "check-path-inf.bin 8.8.8.8" -s "sla-sub" -i "10"
sensuctl check set-output-metric-format check-path-inf influxdb_line
sensuctl check set-output-metric-handlers check-path-inf influx-db
# Create Debug handler
sensuctl handler create debug-check --type pipe --command "cat | python3 -m json.tool > /var/log/sensu/debug-check.json"
sensuctl handler create debug-check-inf --type pipe --command "cat | python3 -m json.tool > /var/log/sensu/debug-check-inf.json"
#sensuctl check set-handlers check-path debug-check
# Apply handlers
sensuctl check set-handlers check-path influx-db
#sensuctl check set-handlers check-path-inf debug-check-inf
sensuctl check set-handlers check-path-inf influx-db
echo "- Sensu started -"
# sensu-agent start --statsd-event-handlers influx-db
echo "- InfluxDB Handler Configured -"
echo "-----------------------------------------"
echo "With great power comes great opportunity!"
echo "-----------------------------------------"
echo ""
echo "The install guide can be found at:-"
echo "https://docs.sensu.io/sensu-go/latest/installation/install-sensu/"
echo ""
echo "-----------------------------------------"
echo "You may now log into Sensu by browsing to https://127.0.0.1"
echo "Username: admin"
echo "Password: password"