Hi everyone,
I’m wondering if there is any advantages/disavantages when using “Subscription checks”.
Thanks
Generally I’d recommend the following:
-
use standalone checks if you need to configure some clients individually, manually.
-
use subscription checks if you need your clients to be configured from a central source without using something like puppet or chef
-
use safe mode if you have something like puppet or chef for your fleet. (protects against someone modifying the command which is to be run on one side, since they need to match)
https://github.com/sensu/sensu-puppet#safe-mode-checks says:
···
By default Sensu clients will execute whatever check messages are on the queue. This is potentially a large security hole.
If you enable the safe_mode parameter, it will require that checks are defined on the client. If standalone checks are used then defining on the client is sufficient, otherwise checks will also need to be defined on the server as well.
On Tuesday, March 29, 2016 at 10:25:50 AM UTC+2, Chris Dung Tran-Duong wrote:
I’m wondering if there is any advantages/disavantages when using “Subscription checks”.
Hi,
With standalone checks, I can skip a check for a given environment (easy with Chef).
How to do that with subscription checks ?
Olivier.
···
On Thu, Mar 31, 2016 at 1:39 PM Alexander Skiba ghostlyrics@gmail.com wrote:
Generally I’d recommend the following:
- use standalone checks if you need to configure some clients individually, manually.
- use subscription checks if you need your clients to be configured from a central source without using something like puppet or chef
- use safe mode if you have something like puppet or chef for your fleet. (protects against someone modifying the command which is to be run on one side, since they need to match)
https://github.com/sensu/sensu-puppet#safe-mode-checks says:
By default Sensu clients will execute whatever check messages are on the queue. This is potentially a large security hole.
If you enable the safe_mode parameter, it will require that checks are defined on the client. If standalone checks are used then defining on the client is sufficient, otherwise checks will also need to be defined on the server as well.
On Tuesday, March 29, 2016 at 10:25:50 AM UTC+2, Chris Dung Tran-Duong wrote:
I’m wondering if there is any advantages/disavantages when using “Subscription checks”.
Set your environments up with different subscriptions (eg dev, live, stage_webservers etc). You can then change the subscriptions that apply on the server check.
Cheers,
Joel
···
Hi,
With standalone checks, I can skip a check for a given environment (easy with Chef).
How to do that with subscription checks ?
Olivier.
On Thu, Mar 31, 2016 at 1:39 PM Alexander Skiba ghostlyrics@gmail.com wrote:
Generally I’d recommend the following:
- use standalone checks if you need to configure some clients individually, manually.
- use subscription checks if you need your clients to be configured from a central source without using something like puppet or chef
- use safe mode if you have something like puppet or chef for your fleet. (protects against someone modifying the command which is to be run on one side, since they need to match)
https://github.com/sensu/sensu-puppet#safe-mode-checks says:
By default Sensu clients will execute whatever check messages are on the queue. This is potentially a large security hole.
If you enable the safe_mode parameter, it will require that checks are defined on the client. If standalone checks are used then defining on the client is sufficient, otherwise checks will also need to be defined on the server as well.
On Tuesday, March 29, 2016 at 10:25:50 AM UTC+2, Chris Dung Tran-Duong wrote:
I’m wondering if there is any advantages/disavantages when using “Subscription checks”.