[rfr] Add support for Sensu enterprise (#82)

* Introduce sensu enterprise credential variables

* Parameterize services

* Only checking ssl dir structure if enabled

* sensu enterprise handler

* Parameterized service name

* Install sensu enterprise repo

* Remove unnecessary handler notification

* Rename rabbitmq.json.j2 to sensu-rabbitmq.json.j2 for consistency

* Convention over configuration: add default dynamic_data_store and static_data_store

@TODO: add documentation

* Restart sensu enterprise dashboard if using enterprise repo

* Use parameters for service name

* Install sensu enterprise dashboard

* Fix typo

* Quote yaml value and add template file

* Code review update

* Introduce variable rabbitmq_enable_ssl

* Restart sensu-enterprise service

* Update README to include newly introduced variable

README.md

@@ -6,6 +6,7 @@ This role deploys a full [Sensu](https://sensuapp.org) stack, a modern, open sou
 
 ## Features
 - Deploy a full [Sensu](https://sensuapp.org) stack, including RabbitMQ, redis, and the [Uchiwa dashboard](https://uchiwa.io/#/)
+- Full support for [Sensu Enterprise](https://sensuapp.org/enterprise)
 - Tight integration with the Ansible inventory - deployment of monitoring checks based on inventory grouping
 - Fine grained control over dynamic client configurations
 - Remote plugin deployment
@@ -73,4 +74,4 @@ Stephen Muth - ([@smuth4](https://github.com/smuth4))
 Feel free to:  
 Contact me - [@calumacrae](https://twitter.com/calumacrae), [mailto:calum0macrae@gmail.com](calum0macrae@gmail.com)  
 [Raise an issue](https://github.com/cmacrae/ansible-sensu/issues)  
-[Contribute](https://github.com/cmacrae/ansible-sensu/pulls)  
+[Contribute](https://github.com/cmacrae/ansible-sensu/pulls)  

defaults/main.yml

@@ -1,6 +1,22 @@
 ---
-# Sensu version
+# Sensu enterprise credential
+# Variables for Sensu Enterprise License
+se_enterprise: false
+se_user: ''
+se_pass: ''
+
+# Sensu package
 sensu_package: sensu
+sensu_enterprise_package: sensu-enterprise
+sensu_enterprise_dashboard_package: sensu-enterprise-dashboard
+
+# Sensu service names
+sensu_server_service_name: sensu-server
+sensu_api_service_name: sensu-api
+sensu_client_service_name: sensu-client
+sensu_enterprise_service_name: sensu-enterprise
+sensu_enterprise_dashboard_service_name: sensu-enterprise-dashboard
+uchiwa_service_name: uchiwa
 
 # Service deployment options
 sensu_deploy_rabbitmq: true
@@ -9,6 +25,7 @@ sensu_deploy_redis: true
 # RabbitMQ server properties
 rabbitmq_config_path: /etc/rabbitmq
 rabbitmq_config_template: rabbitmq.config.j2
+rabbitmq_enable_ssl: true
 rabbitmq_host: "{{ groups['rabbitmq_servers'][0] }}"
 rabbitmq_port: 5671
 rabbitmq_pkg_state: present
@@ -29,6 +46,7 @@ redis_port: 6379
 redis_password:
 redis_sentinels: []
 redis_master_name:
+sensu_redis_config: sensu-redis.json.j2
 
 # Sensu/Uchiwa user/group/service properties
 sensu_api_host: "{{ groups['sensu_masters'][0] }}"
@@ -39,7 +57,7 @@ sensu_api_password: secret
 sensu_api_uchiwa_path: ''
 sensu_api_timeout: 5000
 sensu_client_config: client.json.j2
-sensu_rabbitmq_config: rabbitmq.json.j2
+sensu_rabbitmq_config: sensu-rabbitmq.json.j2
 sensu_config_path: /etc/sensu
 sensu_pkg_state: present
 sensu_gem_state: present
@@ -66,6 +84,8 @@ sensu_ssl_server_cacert: "{{ sensu_ssl_tool_base_path }}/sensu_ca/cacert.pem"
 sensu_ssl_server_cert: "{{ sensu_ssl_tool_base_path }}/server/cert.pem"
 sensu_ssl_server_key: "{{ sensu_ssl_tool_base_path }}/server/key.pem"
 sensu_ssl_tool_version: "0.23"
+dynamic_data_store: "{{ playbook_dir }}/data/store"
+static_data_store: "{{ playbook_dir}}/data/static"
 
 # Uchiwa properties
 uchiwa_dc_name: ~

docs/role_variables.md

@@ -22,6 +22,7 @@ _Note: The above options are intended to provide users with flexibility. This al
 | `rabbitmq_sensu_user_name` | sensu | Username for authentication with the RabbitMQ vhost |
 | `rabbitmq_sensu_password` | sensu | Password for authentication with the RabbitMQ vhost |
 | `rabbitmq_sensu_vhost` | `/sensu` | Name of the RabbitMQ Sensu vhost |
+| `rabbitmq_enable_ssl` | `true` | Determines whether or not to use `ssl_listener` for RabbitMQ |
 
 ### [redis Server Properties](https://sensuapp.org/docs/latest/reference/redis)
 | Name               | Default Value | Description                  |

handlers/main.yml

@@ -7,18 +7,26 @@
     service: name={{ redis_service_name }} state=restarted
 
   - name: restart uchiwa service
-    service: name=uchiwa state=restarted
+    service: name={{ uchiwa_service_name }} state=restarted
 
   - name: restart sensu-server service
-    service: name=sensu-server state=restarted
-    when: sensu_master
+    service: name={{ sensu_server_service_name }} state=restarted
+    when: sensu_master and not se_enterprise
 
   - name: restart sensu-api service
-    service: name=sensu-api state=restarted
-    when: sensu_master
+    service: name={{ sensu_api_service_name }} state=restarted
+    when: sensu_master and not se_enterprise
 
   - name: restart sensu-client service
-    service: name=sensu-client state=restarted
+    service: name={{ sensu_client_service_name }} state=restarted
+
+  - name: restart sensu-enterprise service
+    service: name={{ sensu_enterprise_service_name }} state=restarted
+    when: se_enterprise and sensu_master
+
+  - name: restart sensu-enterprise-dashboard service
+    service: name={{ sensu_enterprise_dashboard_service_name }} state=restarted
+    when: se_enterprise and sensu_master
 
   # Joyent SmartOS specific handlers
   - name: import sensu-server service

tasks/CentOS/dashboard.yml

@@ -8,9 +8,27 @@
     yum:
       name: uchiwa
       state: present
+    when: not se_enterprise
+
+  - name: Ensure Sensu Enterprise Dashboard is installed
+    yum:
+      name: "{{ sensu_enterprise_dashboard_package }}"
+      state: present
+    when: se_enterprise
 
   - name: Deploy Uchiwa config
     template:
       src: uchiwa_config.json.j2
       dest: "{{ sensu_config_path }}/uchiwa.json"
-    notify: restart uchiwa service
+    when: not se_enterprise
+    notify:
+      - restart uchiwa service
+
+
+  - name: Deploy Sensu Enterprise Dashboard
+    template:
+      src: sensu_enterprise_dashboard_config.json.j2
+      dest: "{{ sensu_config_path}}/dashboard.json"
+    when: se_enterprise
+    notify:
+      - restart sensu-enterprise-dashboard service

tasks/CentOS/main.yml

@@ -17,5 +17,45 @@
       group: root
       mode: 0644
 
+  - name: Ensure that credential is supplied if installing Sensu Enterprise
+    assert:
+      that:
+        - "se_user != ''"
+        - "se_pass != ''"
+      msg: Sensu enterprise credential must not be empty. Did you forget to set se_user and se_pass?
+    when: se_enterprise
+
+  - name: Ensure the Sensu Enterprise repo is present
+    copy:
+      dest: /etc/yum.repos.d/sensu-enterprise.repo
+      content: |
+        [sensu-enterprise]
+        name=sensu-enterprise
+        baseurl=http://{{ se_user }}:{{ se_pass }}@enterprise.sensuapp.com/yum/noarch/
+        gpgcheck=0
+        enabled=1
+      owner: root
+      group: root
+      mode: 0644
+    when: se_enterprise
+
+  - name: Ensure the Sensu Enterprise Dashboard repo is present
+    copy:
+      dest: /etc/yum.repos.d/sensu-enterprise-dashboard.repo
+      content: |
+        [sensu-enterprise-dashboard]
+        name=sensu-enterprise-dashboard
+        baseurl=http://{{ se_user }}:{{ se_pass }}@enterprise.sensuapp.com/yum/\$basearch/
+        gpgcheck=0
+        enabled=1
+      owner: root
+      group: root
+      mode: 0644
+    when: se_enterprise
+
   - name: Ensure Sensu is installed
     yum: name={{ sensu_package }} state={{ sensu_pkg_state }}
+
+  - name: Ensure Sensu Enterprise is installed
+    yum: name={{ sensu_enterprise_package }} state={{ sensu_pkg_state }}
+    when: se_enterprise

tasks/client.yml

@@ -16,4 +16,7 @@
     static: false
 
   - name: Ensure Sensu client service is running
-    service: name=sensu-client state=started enabled=yes
+    service:
+      name: "{{ sensu_client_service_name }}"
+      state: started
+      enabled: yes

tasks/common.yml

@@ -16,11 +16,12 @@
       dest: "{{ sensu_config_path }}/conf.d/redis.json"
       owner: "{{ sensu_user_name }}"
       group: "{{ sensu_group_name }}"
-      src: sensu-redis.json.j2
+      src: "{{ sensu_redis_config }}"
     when: sensu_deploy_redis
     notify:
       - restart sensu-server service
       - restart sensu-api service
+      - restart sensu-enterprise service
       - restart sensu-client service
 
   - name: Deploy Sensu RabbitMQ configuration
@@ -33,6 +34,7 @@
     notify:
       - restart sensu-server service
       - restart sensu-api service
+      - restart sensu-enterprise service
       - restart sensu-client service
 
   - name: Deploy Sensu transport configuration
@@ -44,4 +46,5 @@
     notify:
       - restart sensu-server service
       - restart sensu-api service
+      - restart sensu-enterprise service
       - restart sensu-client service

tasks/dashboard.yml

@@ -2,5 +2,8 @@
 # tasks/dashboard.yml: Deployment of the Uchiwa dashboard
   - include: "{{ ansible_distribution }}/dashboard.yml"
 
-  - name: Ensure Uchiwa server service is running
-    service: name=uchiwa state=started enabled=yes
+  - name: Ensure Uchiwa/Sensu Enterprise Dashboard server service is running
+    service:
+      name: "{{ uchiwa_service_name if not se_enterprise else sensu_enterprise_dashboard_service_name }}"
+      state: started
+      enabled: yes

tasks/plugins.yml

@@ -82,3 +82,4 @@
     notify:
       - restart sensu-server service
       - restart sensu-api service
+      - restart sensu-enterprise service

tasks/rabbit.yml

@@ -18,6 +18,7 @@
       - restart rabbitmq service
       - restart sensu-api service
       - restart sensu-server service
+      - restart sensu-enterprise service
     when: sensu_ssl_manage_certs
 
   - name: Deploy RabbitMQ config

tasks/server.yml

@@ -16,7 +16,8 @@
     static: false
 
   - name: Ensure Sensu server service is running
-    service: name=sensu-server state=started enabled=yes
+    service: name={{ sensu_server_service_name if not se_enterprise else sensu_enterprise_service_name }} state=started enabled=yes
 
   - name: Ensure Sensu API service is running
     service: name=sensu-api state=started enabled=yes
+    when: not se_enterprise

tasks/ssl.yml

@@ -9,6 +9,7 @@
       state: directory
       owner: "{{ sensu_user_name }}"
       group: "{{ sensu_group_name }}"
+    when: sensu_ssl_gen_certs and sensu_ssl_manage_certs
 
   - include: ssl_generate.yml
     when: sensu_ssl_gen_certs

templates/rabbitmq.config.j2

@@ -1,10 +1,14 @@
 [
     {rabbit, [
+    {% if rabbitmq_enable_ssl %}
     {ssl_listeners, [{{ rabbitmq_port }}]},
     {ssl_options, [{cacertfile,"{{ rabbitmq_config_path }}/ssl/cacert.pem"},
                    {certfile,"{{ rabbitmq_config_path }}/ssl/cert.pem"},
                    {keyfile,"{{ rabbitmq_config_path }}/ssl/key.pem"},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,true}]}
+    {% else %}
+    {tcp_listeners, [{{ rabbitmq_port }}]}
+    {% endif %}
   ]}
 ].

templates/rabbitmq.json.j2

@@ -1,9 +1,11 @@
 {
   "rabbitmq": {
+    {% if rabbitmq_enable_ssl %}
     "ssl": {
       "cert_chain_file": "{{ sensu_config_path }}/ssl/cert.pem",
       "private_key_file": "{{ sensu_config_path }}/ssl/key.pem"
     },
+    {% endif %}
     "host": "{{ rabbitmq_host }}",
     "port": {{ rabbitmq_port }},
     "vhost": "{{ rabbitmq_sensu_vhost }}",

templates/sensu_enterprise_dashboard_config.json.j2

@@ -0,0 +1,19 @@
+{
+ "sensu": [
+   {
+       "name": "{{ uchiwa_dc_name }}",
+       "host": "{{ sensu_api_host }}",
+       "ssl": {{ sensu_api_ssl }},
+       "port": {{ uchiwa_sensu_api_port }},
+       "user": "{{ sensu_api_user_name }}",
+       "pass": "{{ sensu_api_password }}",
+       "path": "{{ sensu_api_uchiwa_path }}",
+       "timeout": {{ sensu_api_timeout }}
+   }
+ ],
+ "dashboard": {
+   "users": {{ uchiwa_users | to_nice_json }},
+   "port": {{ uchiwa_port }},
+   "refresh": {{ uchiwa_refresh }}
+  }
+}