So I am trying to configure my Sensu to run a remediation script to (self-heal) my systems. So for instance I have a Web Check that has a hook to run a remediation script, but I need to pass to the remediation script a variable of the hostname to remediate.
However it seems that the variables {{ .labels.hostname }} doesnât work as part of the command to run as remediation?
I see that it logs this when it appears to try to run the remediation:
sensugo sensu-backend: {âcomponentâ:âagentdâ,âerrorâ:âcheck is invalid: check name must not be emptyâ,âlevelâ:âerrorâ,âmsgâ:âerror handling messageâ,âpayloadâ:"\u0008\ufffd\ufffd\ufffd\ufffd\u0005\u0012\ufffd\u0002\n\u0005agent\u001a\ufffd\u0001\n\u0007sensugo\u0012\u0005linux\u001a\u0006centos"\u0004rhel*\u00087.7.19082r\n\u001a\n\u0002lo\u001a\u000b127.0.0.1/8\u001a\u0007::1/128\nT\n\u0004eth0\u0012\u0011fe:eb:12:03:c1:66\u001a\r10.0.3.101/20\u001a\u000c10.0.1.20/20\u001a\u001cfe80::fceb:12ff:fe03:c166/64:\u0005amd64"\u0005proxy(\ufffd\ufffd\ufffd\ufffd\u0005:\u0000Z\u0005agentj\u0008passwordj\u0006passwdj\u0004passj\u0007api_keyj\tapi_tokenj\naccess_keyj\nsecret_keyj\u000bprivate_keyj\u0006secretr\u0012\n\u0007sensugo\u0012\u0007defaultz\u000e5.14.1#b45811c\u001aq\ufffd\u0001hunmatched token: template: :1:103: executing ââ at \u003c.labels.hostname\u003e: map has no entry for key âlabelsâ\ufffd\u0001\u0003\ufffd\u0002\u0000*\u0000",âtimeâ:â2019-10-28T19:56:21-07:00â,âtypeâ:âeventâ}
Did you configured the hostname label for your agent entity? You should be able to verify that information with a command like sensuctl entity info $entity_name --format yaml. Token substitution only works with the metadata of the entity, not the check or hook metadata.
If you could also give us the check configuration and the hook configuration, that would be greatly appreciated!
For reference, I could successfully test this scenario by first modifying my sensu-agent configuration to add the following label for an entity named whisky:
$ sensuctl entity info whisky
type: Entity
api_version: core/v2
metadata:
labels:
foo: bar
[...]
Then, I simply configured the following hook and assigned it to a check ran by this entity:
sensuctl event info --format yaml ws_dev.banksite.net check_http_hooks
and look for a hooks attribute under check in the output
The default tabular output of sensuctl only shows a few primary fields of information. If you need to see the entire output you want json or yaml output.
Okay looks like this is a bug associated with token substitution used in hooks being used with proxy requests.
The log message is being generated by the sensu-backend service. Itâs a bit cryptic, but my best intuition is the token substitution logic being run against the hook for the proxy entity is expecting a âcheckâ object to be available in scope but its not.
The error is on the backend and not the agent, because the backend is doing the work of generating checks to run for each proxy that matches the proxy request conditions. So there seems to be a bug in that logic somewhere. What is likely happening is the token sub is failing for the hook, the backend then drops the hook and doesnât attach the hook for the new generated checkâŚso the hook is never fired in this case.
Check hooks arenât intended to be used for remediation; they donât offer workflow controls such as âtry onceâ and/or escalation tasks if the first task doesnât restore service.
Have you seen the remediation handler plugin? It executed checks which have access to entity metadata (as tokens), which addresses your original issue.