Puppet

ENTERPRISE: Built-in integrations are available for Sensu Enterprise users only.

Overview

Deregister Sensu clients from the client registry if they no longer have an associated Puppet node. The puppet enterprise handler requires access to a SSL truststore and keystore, containing a valid (and whitelisted) Puppet certificate, private key, and CA. The local Puppet agent certificate, private key, and CA can be used.

Configuration

Example(s)

The following is an example global configuration for the puppet enterprise handler (integration).

{
  "puppet": {
    "endpoint": "https://10.0.1.12:8081/pdb/query/v4/nodes/",
    "ssl": {
      "keystore_file": "/etc/sensu/ssl/puppet/keystore.jks",
      "keystore_password": "secret",
      "truststore_file": "/etc/sensu/ssl/puppet/truststore.jks",
      "truststore_password": "secret"
    },
    "timeout": 10
  }
}

The Puppet enterprise handler is most commonly used as part of the keepalive set handler. For example:

{
  "handlers": {
    "keepalive": {
      "type": "set",
      "handlers": [
        "pagerduty",
        "puppet"
      ]
    }
  }
}

When querying PuppetDB for a node, by default, Sensu will use the Sensu client’s name for the Puppet node name. Individual Sensu clients can override the name of their corresponding Puppet node, using specific client definition attributes.

The following is an example client definition, specifying its Puppet node name.

{
  "client": {
    "name": "i-424242",
    "address": "8.8.8.8",
    "subscriptions": [
      "production",
      "webserver"
    ],
    "puppet": {
      "node_name": "webserver01.example.com"
    }
  }
}

Integration Specification

NOTE: the following integration definition attributes may be overwritten by the corresponding Sensu client definition puppet attributes, which are included in event data.

puppet attributes

The following attributes are configured within the {"puppet": {} } configuration scope.

endpoint
description The PuppetDB API endpoint (URL). If an API path is not specified, /pdb/query/v4/nodes/ will be used.
required true
type String
example
"endpoint": "https://10.0.1.12:8081/pdb/query/v4/nodes/"
ssl
description A set of attributes that configure SSL for PuppetDB API queries.
required true
type Hash
example
"ssl": {}

ssl attributes

The following attributes are configured within the {"puppet": { "ssl": {} } } configuration scope.

EXAMPLE
{
  "puppet": {
    "endpoint": "https://10.0.1.12:8081/pdb/query/v4/nodes/",
    "...": "...",
    "ssl": {
      "keystore_file": "/etc/sensu/ssl/puppet/keystore.jks",
      "keystore_password": "secret",
      "truststore_file": "/etc/sensu/ssl/puppet/truststore.jks",
      "truststore_password": "secret"
    }
  }
}
ATTRIBUTES
keystore_file
description The file path for the SSL certificate keystore.
required true
type String
example
"keystore_file": "/etc/sensu/ssl/puppet/keystore.jks"
keystore_password
description The SSL certificate keystore password.
required true
type String
example
"keystore_password": "secret"
truststore_file
description The file path for the SSL certificate truststore.
required true
type String
example
"truststore_file": "/etc/sensu/ssl/puppet/truststore.jks"
truststore_password
description The SSL certificate truststore password.
required true
type String
example
"truststore_password": "secret"
http_proxy
description The URL of a proxy to be used for HTTP requests.
required false
type String
example
"http_proxy": "http://192.168.250.11:3128"
timeout
description The handler execution duration timeout in seconds (hard stop).
required false
type Integer
default 10
example
"timeout": 30