Since puppet can inject sensu resources, there definitely some user/password active. Puppet is authing as a user to inject those resources. This is most likely something subtle in your puppet configuration where puppet is configured to create the initial user/password that is subtly different than what you expect. Something silly like puppet perhaps adding quotation marks verbatim as part of the password when you expected the quotes to be stripped?
Can you share a stripped down puppet config that we can both run against a throw away host that does the bare minimum to init a backend?
The shown configuration of the backend-host is written as hash used for foreman’s ENC.
In basic puppet classes, this is:
class { 'sensu':
password => 'kOjKans§s',
api_host => 'sensu-backend.example.org',
agent_entity_config_password => 'kOjKans§s',
}
include sensu::backend
class { 'sensu::agent':
backends => ['sensu-backend.example.org:8081'],
subscriptions => ['linux'],
}
Mention: I created a password, that is of course not my original password. You are free to change it. I included the “§” as it’s a special character and this was used in my setup, too.