Sensu Go backend and environment variables

Sensu Integrations Sensu Plugins
1

I am testing with a brand new install of a clustered Sensu Go (5.15.0).
Current problem: Assets are not downloaded due to HTTP_PROXY not being used.

First attempt:
I found several postings on that and entered HTTP_PROXY=http://my.proxy.host:port into /etc/default/sensu-backend or /etc/sysconfig/sensu-backend (I am on CentOS 7).
Result: sensu-backend does not finish starting, only etcd is started (to be seen by list of open ports).
Adding a NO_PROXY list does not remedy that.

Second attempt:
Just entered HTTPS_PROXY into /etc/sysconfig/sensu-backend. Now sensu-backend is starting up fine, but it does not use the proxy for https connections to assets.bonsai.sensu.io:
error getting assets for event: error fetching asset: Get https://assets.bonsai.sensu.io/68546e739d96fd695655b77b35b5aabfbabeb056/sensu-plugins-cpu-checks_4.0.0_centos_linux_amd64.tar.gz: dial tcp 13.224.196.28:443: i/o timeout

Third attempt:
I tried to find a way to download the asset manually and feed the tar.gz file into sensu-backend, but so far I came up empty.
Is this possible as a workaround?

Best regards,
Dirk

2

Dirk,

In regards to your first attempt, can you expand on what you used for NO_PROXY in comparison to how you configured the backend URLs? Were they all IP addresses, hostnames, or a combination of both?

3

Todd,
I tried “NO_PROXY=”.sccon.de" because I found documentation stating that ip addresses should not be used in the NO_PROXY env variable.
Now since you ask I retried entering ip addresses also, and now sensu-backend does start up fully and is accessible.

But the HTTPS_PROXY env variable still seems not to be used because the main problem is still the same: Assets cannot be loaded.

4

@dirkhschulz, fwiw assets don’t have to be loaded from Bonsai. You can mirror the packages on your own webserver, artifactory or internal github/lab/bitbucket instance. The only thing that matters is the URL and SHA512 sum.

5

aaronsachs-sensu
thanks for hinting at that. To be honest I wanted to avoid the hassle of setting up an internal webserver for that and adding each package to it.

Isn’t there any way to load assets manually into sensu-backend like unpackaging the content into some directory or similar?

6

Just to be sure I tried downloading the asset through the http proxy manually, and that works:
wget https://assets.bonsai.sensu.io/68546e739d96fd695655b77b35b5aabfbabeb056/sensu-plugins-cpu-checks_4.0.0_centos_linux_amd64.tar.gz
–2019-12-02 20:47:50-- https://assets.bonsai.sensu.io/68546e739d96fd695655b77b35b5aabfbabeb056/sensu-plugins-cpu-checks_4.0.0_centos_linux_amd64.tar.gz
Verbindungsaufbau zu 10.20.40.254:3128
 verbunden.
Proxy-Anforderung gesendet, warte auf Antwort
 200 OK
LĂ€nge: 1269503 (1,2M)
In »»sensu-plugins-cpu-checks_4.0.0_centos_linux_amd64.tar.gz«« speichern.

So the question is why the HTTP_PROXY env variable is read but the HTTPS_PROXY env variable is not.

7

@dirkhschulz You can certainly install plugins manually, though for the CPU check plugin you’re attempting to use, you will need to use the sensu-install tool that we publish (see https://docs.sensu.io/sensu-go/5.15/installation/plugins/#installing-plugins-using-the-sensu-install-tool). For other assets, you can download them and place them into a directory that Sensu has access to and provide the full path to the command.

8

Or is there a way to completely mirror all assets from bonsai in one sweep?

9

aaronsachs-sensu
I successfully installed sensu-install and installed the sensu-plugins-cpu-checks:

[SENSU-INSTALL] installing Sensu gem ‘sensu-plugins-cpu-checks’
Fetching: mixlib-cli-1.7.0.gem (100%)
Successfully installed mixlib-cli-1.7.0
Fetching: sensu-plugin-4.0.0.gem (100%)
Successfully installed sensu-plugin-4.0.0
Fetching: linux-kstat-0.1.3-universal-linux.gem (100%)
Successfully installed linux-kstat-0.1.3-universal-linux
Fetching: sensu-plugins-cpu-checks-4.0.0.gem (100%)
You can use the embedded Ruby by setting EMBEDDED_RUBY=true in /etc/default/sensu
Successfully installed sensu-plugins-cpu-checks-4.0.0

After that I restarted sensu-backend.

But still sensu-backend tries to download the asset:

error getting assets for event: error fetching asset: Get https://assets.bonsai.sensu.io/68546e739d96fd695655b77b35b5aabfbabeb056/sensu-plugins-cpu-checks_4.0.0_centos_linux_amd64.tar.gz: dial tcp 13.35.253.65:443: i/o timeout

Do I have to change the asset definition to make sensu-backend aware of it being installed manually?

10

You’ll have to change your check definition for Sensu to stop attempting to download the asset. My hunch is that you’ve still got it listed in your check as part of runtime_assets. Remove it from there, and point the command to the executable (should be at /opt/sensu-plugins-ruby/embedded/bin).

11

thanks alot!
that made it working.

12

Finally solved the primary problem: Assets could not be loaded because I entered HTTP_PROXY only in /etc/sysconfig/sensu-backend, but not in /etc/sysconfig/sensu-agent.
After adjusting /etc/sysconfig/sensu-agent, downloading assets from bonsai worked.

2 Likes
13

Ah! Great to hear that you got it sorted.