puppet/sensu dashboard authentication


#1

Hi,

In my puppet sensu config, I’m setting dashboard_user and dashboard_password to an empty string, which effectively turns off the dashboard auth. (I can wrap auth in nginx.)

However the puppet module notices every time:

user changed ‘’ to ‘’
password changed ‘’ to ‘’

(sensu-dashboard) Triggered ‘refresh’ from 1 events

Anyone have a workaround for that?

Mojo


#2

https://github.com/sensu/sensu-puppet/pull/170

As a workaround you can set it to false (the bool):

dashboard_user => false,

dashboard_password => false,

And that will allow it to converge without setting a user or password.

···

On Tue, Mar 18, 2014 at 1:06 PM, Mojo mojo.la@gmail.com wrote:

Hi,

In my puppet sensu config, I’m setting dashboard_user and dashboard_password to an empty string, which effectively turns off the dashboard auth. (I can wrap auth in nginx.)

However the puppet module notices every time:

user changed ‘’ to ‘’
password changed ‘’ to ‘’

(sensu-dashboard) Triggered ‘refresh’ from 1 events

Anyone have a workaround for that?

Mojo


#3

I know this is an old thread, but I have this interesting bug. If puppet is recreating the dashboard.json file, and it has dashboard_user => false and dashboard_password => false, they get set in the json file as “false” which disables access. Easy enough fix, but breaks the automation. :confused:

···

On Sunday, March 23, 2014 12:24:12 PM UTC-7, Kyle Anderson wrote:

https://github.com/sensu/sensu-puppet/pull/170

As a workaround you can set it to false (the bool):

dashboard_user => false,

dashboard_password => false,

And that will allow it to converge without setting a user or password.

On Tue, Mar 18, 2014 at 1:06 PM, Mojo moj...@gmail.com wrote:

Hi,

In my puppet sensu config, I’m setting dashboard_user and dashboard_password to an empty string, which effectively turns off the dashboard auth. (I can wrap auth in nginx.)

However the puppet module notices every time:

user changed ‘’ to ‘’
password changed ‘’ to ‘’

(sensu-dashboard) Triggered ‘refresh’ from 1 events

Anyone have a workaround for that?

Mojo


#4

Heh, yea.

Does it actually disable access?

Now that the PR is accepted, setting those to the empty string should remove it: https://github.com/sensu/sensu-puppet/blob/master/lib/puppet/provider/sensu_dashboard_config/json.rb#L59

···

On Tue, Apr 22, 2014 at 2:02 PM, Morris Jones mojo.la@gmail.com wrote:

I know this is an old thread, but I have this interesting bug. If puppet is recreating the dashboard.json file, and it has dashboard_user => false and dashboard_password => false, they get set in the json file as “false” which disables access. Easy enough fix, but breaks the automation. :confused:

On Sunday, March 23, 2014 12:24:12 PM UTC-7, Kyle Anderson wrote:

https://github.com/sensu/sensu-puppet/pull/170

As a workaround you can set it to false (the bool):

dashboard_user => false,

dashboard_password => false,

And that will allow it to converge without setting a user or password.

On Tue, Mar 18, 2014 at 1:06 PM, Mojo moj...@gmail.com wrote:

Hi,

In my puppet sensu config, I’m setting dashboard_user and dashboard_password to an empty string, which effectively turns off the dashboard auth. (I can wrap auth in nginx.)

However the puppet module notices every time:

user changed ‘’ to ‘’
password changed ‘’ to ‘’

(sensu-dashboard) Triggered ‘refresh’ from 1 events

Anyone have a workaround for that?

Mojo


#5

Unfortunately setting it to the empty string means a puppet manifest is executed on ever puppet agent run. That was the first message in the thread. Using false prevents the repetitive execution and restarts, but only after the user/password has been disabled with empty string. :slight_smile:

Mojo

···

On Tue, Apr 22, 2014 at 7:10 PM, Kyle Anderson kyle@xkyle.com wrote:

Heh, yea.

Does it actually disable access?

Now that the PR is accepted, setting those to the empty string should remove it: https://github.com/sensu/sensu-puppet/blob/master/lib/puppet/provider/sensu_dashboard_config/json.rb#L59

On Tue, Apr 22, 2014 at 2:02 PM, Morris Jones mojo.la@gmail.com wrote:

I know this is an old thread, but I have this interesting bug. If puppet is recreating the dashboard.json file, and it has dashboard_user => false and dashboard_password => false, they get set in the json file as “false” which disables access. Easy enough fix, but breaks the automation. :confused:

On Sunday, March 23, 2014 12:24:12 PM UTC-7, Kyle Anderson wrote:

https://github.com/sensu/sensu-puppet/pull/170

As a workaround you can set it to false (the bool):

dashboard_user => false,

dashboard_password => false,

And that will allow it to converge without setting a user or password.

On Tue, Mar 18, 2014 at 1:06 PM, Mojo moj...@gmail.com wrote:

Hi,

In my puppet sensu config, I’m setting dashboard_user and dashboard_password to an empty string, which effectively turns off the dashboard auth. (I can wrap auth in nginx.)

However the puppet module notices every time:

user changed ‘’ to ‘’
password changed ‘’ to ‘’

(sensu-dashboard) Triggered ‘refresh’ from 1 events

Anyone have a workaround for that?

Mojo


#6

Can you confirm that your version of the puppet module has that line in it?
https://github.com/sensu/sensu-puppet/pull/170

Should have fixed it so that it converged when set to empty string.

···

On Tue, Apr 22, 2014 at 9:20 PM, Mojo mojo.la@gmail.com wrote:

Unfortunately setting it to the empty string means a puppet manifest is executed on ever puppet agent run. That was the first message in the thread. Using false prevents the repetitive execution and restarts, but only after the user/password has been disabled with empty string. :slight_smile:

Mojo

On Tue, Apr 22, 2014 at 7:10 PM, Kyle Anderson kyle@xkyle.com wrote:

Heh, yea.

Does it actually disable access?

Now that the PR is accepted, setting those to the empty string should remove it: https://github.com/sensu/sensu-puppet/blob/master/lib/puppet/provider/sensu_dashboard_config/json.rb#L59

On Tue, Apr 22, 2014 at 2:02 PM, Morris Jones mojo.la@gmail.com wrote:

I know this is an old thread, but I have this interesting bug. If puppet is recreating the dashboard.json file, and it has dashboard_user => false and dashboard_password => false, they get set in the json file as “false” which disables access. Easy enough fix, but breaks the automation. :confused:

On Sunday, March 23, 2014 12:24:12 PM UTC-7, Kyle Anderson wrote:

https://github.com/sensu/sensu-puppet/pull/170

As a workaround you can set it to false (the bool):

dashboard_user => false,

dashboard_password => false,

And that will allow it to converge without setting a user or password.

On Tue, Mar 18, 2014 at 1:06 PM, Mojo moj...@gmail.com wrote:

Hi,

In my puppet sensu config, I’m setting dashboard_user and dashboard_password to an empty string, which effectively turns off the dashboard auth. (I can wrap auth in nginx.)

However the puppet module notices every time:

user changed ‘’ to ‘’
password changed ‘’ to ‘’

(sensu-dashboard) Triggered ‘refresh’ from 1 events

Anyone have a workaround for that?

Mojo


#7

Quite right, my copy of the sensu puppet module is older than that pull request. Thank you!

Best regards,
Mojo

···

On Tue, Apr 22, 2014 at 9:23 PM, Kyle Anderson kyle@xkyle.com wrote:

Can you confirm that your version of the puppet module has that line in it?
https://github.com/sensu/sensu-puppet/pull/170

Should have fixed it so that it converged when set to empty string.

On Tue, Apr 22, 2014 at 9:20 PM, Mojo mojo.la@gmail.com wrote:

Unfortunately setting it to the empty string means a puppet manifest is executed on ever puppet agent run. That was the first message in the thread. Using false prevents the repetitive execution and restarts, but only after the user/password has been disabled with empty string. :slight_smile:

Mojo

On Tue, Apr 22, 2014 at 7:10 PM, Kyle Anderson kyle@xkyle.com wrote:

Heh, yea.

Does it actually disable access?

Now that the PR is accepted, setting those to the empty string should remove it: https://github.com/sensu/sensu-puppet/blob/master/lib/puppet/provider/sensu_dashboard_config/json.rb#L59

On Tue, Apr 22, 2014 at 2:02 PM, Morris Jones mojo.la@gmail.com wrote:

I know this is an old thread, but I have this interesting bug. If puppet is recreating the dashboard.json file, and it has dashboard_user => false and dashboard_password => false, they get set in the json file as “false” which disables access. Easy enough fix, but breaks the automation. :confused:

On Sunday, March 23, 2014 12:24:12 PM UTC-7, Kyle Anderson wrote:

https://github.com/sensu/sensu-puppet/pull/170

As a workaround you can set it to false (the bool):

dashboard_user => false,

dashboard_password => false,

And that will allow it to converge without setting a user or password.

On Tue, Mar 18, 2014 at 1:06 PM, Mojo moj...@gmail.com wrote:

Hi,

In my puppet sensu config, I’m setting dashboard_user and dashboard_password to an empty string, which effectively turns off the dashboard auth. (I can wrap auth in nginx.)

However the puppet module notices every time:

user changed ‘’ to ‘’
password changed ‘’ to ‘’

(sensu-dashboard) Triggered ‘refresh’ from 1 events

Anyone have a workaround for that?

Mojo


#8