Initial commit

README.md

@@ -0,0 +1,109 @@
+# Sensu
+This role deploys a full [Sensu](https://sensuapp.org) stack, a modern, open source monitoring framework.
+
+## Features
+- Deploy a full Sensu stack, including RabbitMQ, Redis, and the [Uchiwa dashboard](https://uchiwa.io/#/)
+- Tight integration with the Ansible inventory - deployment of monitoring checks based on role defined in your inventory
+- Automatic generation and dynamic deployment of SSL certs for secure communication between your clients and servers
+- Highly configurable
+
+_Note:_ _Further documentation on features is coming_
+
+## Supported Platforms
+This role has been written with [SmartOS](https://smartos.org) in mind, to be deployed to [zones](https://wiki.smartos.org/display/DOC/Zones)
+
+In this initial release [SmartOS](https://smartos.org) will be the only supported platform.
+However, I am dedicating a lot of time to this role and will be adding support for all major BSD & Linux platforms.
+
+### Current Release
+- [SmartOS - base-64 15.1.0](https://docs.joyent.com/images/smartos/base#base-15.1.0)
+
+### Future Releases
+- OpenBSD
+- FreeBSD
+- NetBSD
+- EL
+- Ubuntu / Debian
+
+## Role Variables
+All variables have sensible defaults, which can be found in `defaults/main.yml`.
+The current version includes the following variables:
+
+### RabbitMQ Server Properties - [Sensu RabbitMQ documentation](https://sensuapp.org/docs/0.18/rabbitmq)
+| Name               | Default Value | Description                  |
+|--------------------|---------------|------------------------------|
+| rabbitmq\_config\_path| /opt/local/etc/rabbitmq | Path to the RabbitMQ configuration directory |
+| rabbitmq\_host| "{{ groups\['rabbitmq\_servers']\[0] }}" | The hostname/IP address of the RabbitMQ node |
+| rabbitmq\_port| 5671 | The transmission port for RabbitMQ communications |
+| rabbitmq\_server| false | Determines whether to include the deployment of RabbitMQ |
+| rabbitmq\_sensu\_user\_name| sensu | Username for authentication with the RabbitMQ vhost |
+| rabbitmq\_sensu\_password| sensu | Password for authentication with the RabbitMQ vhost |
+| rabbitmq\_sensu\_vhost| /sensu | Name of the RabbitMQ Sensu vhost |
+
+### Redis Server Properties - [Sensu Redis documentation](https://sensuapp.org/docs/0.18/redis)
+| Name               | Default Value | Description                  |
+|--------------------|---------------|------------------------------|
+| redis\_host| "{{ groups['redis_servers'][0] }}" | Hostname/IP address of the Redis node |
+| redis\_server| false | Determines whether to include the deployment of Redis |
+| redis_port| 6379 | The transmission port for Redis communications |
+
+### Sensu Properties - [Sensu services documentation](https://sensuapp.org/docs/0.18/install-sensu)
+| Name               | Default Value | Description                  |
+|--------------------|---------------|------------------------------|
+| sensu\_api\_host| "{{ groups['sensu_masters'][0] }}" | Hostname/IP address of the node running the Sensu API |
+| sensu\_api\_port| 4567 | Transmission port for Sensu API communications |
+| sensu\_api\_ssl| "false" | Determines whether to use SSL for Sensu API communications |
+| sensu\_api\_user\_name| admin | Username for authentication with the Sensu API |
+| sensu\_api\_password| secret | Password for authentication with the Sensu API |
+| sensu\_api\_uchiwa\_path| '' | Path to append to the Sensu API URI for Uchiwa communications |
+| sensu\_api\_timeout| 5000 | Value to set for the Sensu API timeout |
+| sensu\_client\_config| client.json.j2 | Jinja2 template to use for node configuration of the Sensu Client service |
+| sensu\_config\_path| /opt/local/etc/sensu | Path to the Sensu configuration directory |
+| sensu\_gem\_state| present | State of the Sensu gem - can be set to `latest` to keep Sensu updated |
+| sensu\_plugin\_gem\_state| present | State of the Sensu Plugins gem - can be set to `latest` to keep Sensu Plugins updated |
+| sensu\_group\_name| sensu | The name of the Sensu service user's primary group |
+| sensu\_include\_plugins| true | Determines whether to include the `sensu-plugins` gem |
+| sensu\_include\_dashboard| false | Determines whether to deploy the Uchiwa dashboard |
+| sensu\_master| false | Determines if a node is to act as the Sensu "master" node |
+| sensu\_user\_name| sensu | The name of the Sensu service user |
+
+### Uchiwa Properties - [Uchiwa documentation](http://docs.uchiwa.io/en/latest/)
+| Name               | Default Value | Description                  |
+|--------------------|---------------|------------------------------|
+| uchiwa\_dc\_name| _undefined_ | Datacenter name for Uchiwa instance |
+| uchiwa\_path| /opt/uchiwa | Path to the Uchiwa configuration directory |
+| uchiwa\_redis\_use\_ssl| false | Determines whether to use SSL for Redis communication |
+| uchiwa\_user\_name| admin | The user-name to log into Uchiwa |
+| uchiwa\_password| admin | The password to log into Uchiwa |
+| uchiwa\_port| 3000 | The TCP port to bind the Uchiwa web service to |
+| uchiwa\_refresh| 5 | The interval to pull the Sensu APIs in seconds |
+
+_Note_: _A few of these defaults will be moving to_`vars`_in the near future due to the addition of other OS support_
+
+## Example Playbook
+
+``` yaml
+  - hosts: all
+    roles:
+      - role: cmacrae.sensu
+```
+Or, passing parameter values:
+
+``` yaml
+  - hosts: sensu_masters
+    roles:
+	  - { role: cmacrae.sensu, sensu_master: true, sensu_include_dashboard: true  }
+```
+
+License
+-------
+MIT
+
+Author Information
+------------------
+Created by [Calum MacRae](http://cmacr.ae)
+
+Feel free to:  
+Contact me - [@calumacrae](https://twitter.com/calumacrae), [mailto:calum0macrae@gmail.com](calum0macrae@gmail.com)  
+[Raise an issue](https://github.com/cmacrae/ansible-sensu/issues)  
+[Contribute](https://github.com/cmacrae/ansible-sensu/pulls)  

defaults/main.yml

@@ -0,0 +1,42 @@
+---
+
+# RabbitMQ server properties
+rabbitmq_config_path: /opt/local/etc/rabbitmq
+rabbitmq_host: "{{ groups['rabbitmq_servers'][0] }}"
+rabbitmq_port: 5671
+rabbitmq_server: false
+rabbitmq_sensu_user_name: sensu
+rabbitmq_sensu_password: sensu
+rabbitmq_sensu_vhost: /sensu
+
+# Redis server properties
+redis_host: "{{ groups['redis_servers'][0] }}"
+redis_server: false
+redis_port: 6379
+
+# Sensu/Uchiwa user/group/service properties
+sensu_api_host: "{{ groups['sensu_masters'][0] }}"
+sensu_api_port: 4567
+sensu_api_ssl: "false"
+sensu_api_user_name: admin
+sensu_api_password: secret
+sensu_api_uchiwa_path: ''
+sensu_api_timeout: 5000
+sensu_client_config: client.json.j2
+sensu_config_path: /opt/local/etc/sensu
+sensu_gem_state: present
+sensu_plugin_gem_state: present
+sensu_group_name: sensu
+sensu_include_plugins: true
+sensu_include_dashboard: false
+sensu_master: false
+sensu_user_name: sensu
+
+# Uchiwa properties
+uchiwa_dc_name: ~
+uchiwa_path: /opt/uchiwa
+uchiwa_redis_use_ssl: false
+uchiwa_user_name: admin
+uchiwa_password: admin
+uchiwa_port: 3000
+uchiwa_refresh: 5

handlers/main.yml

@@ -0,0 +1,29 @@
+---
+
+  - name: restart rabbitmq service
+    service: name=rabbitmq state=restarted
+  
+  - name: restart uchiwa service
+    service: name=uchiwa state=restarted
+
+  - name: restart sensu-server service
+    service: name=sensu-server state=restarted
+
+  - name: restart sensu-api service
+    service: name=sensu-api state=restarted
+
+  - name: restart sensu-client service
+    service: name=sensu-client state=restarted
+
+  - name: import sensu-server service
+    command: /usr/sbin/svccfg import /opt/local/lib/svc/manifest/sensu-server.xml
+  
+  - name: import sensu-api service
+    command: /usr/sbin/svccfg import /opt/local/lib/svc/manifest/sensu-api.xml
+  
+  - name: import sensu-client service
+    command: /usr/sbin/svccfg import /opt/local/lib/svc/manifest/sensu-client.xml
+  
+  - name: import uchiwa service
+    command: /usr/sbin/svccfg import /opt/local/lib/svc/manifest/uchiwa.xml
+  

meta/main.yml

@@ -0,0 +1,131 @@
+---
+galaxy_info:
+  author: Calum MacRae
+  description: Roll out a full Sensu stack, including the Uchiwa dashboard
+  #company: your company (optional)
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: MIT
+  min_ansible_version: 1.4
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #- name: SmartOS
+  #  versions:
+  #  - all
+  #  - any
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  - name: SmartOS
+    versions:
+    - 15.1.0
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  categories:
+  - cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  - monitoring
+  #- networking
+  #- packaging
+  - system
+  - web
+dependencies: []
+  # List your role dependencies here, one per line. Only
+  # dependencies available via galaxy should be listed here.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

tasks/client.yml

@@ -0,0 +1,27 @@
+---
+
+  - name: Deploy Sensu client RabbitMQ configuration
+    template: dest="{{ sensu_config_path }}/conf.d/rabbitmq.json"
+              owner={{ sensu_user_name }} group={{ sensu_group_name }}
+              src=rabbitmq.json.j2
+    notify: restart sensu-client service
+
+  - name: Deploy Sensu client service configuration
+    template: dest="{{ sensu_config_path }}/conf.d/client.json"
+              owner={{ sensu_user_name }} group={{ sensu_group_name }}
+              src={{ sensu_client_config  }}
+    notify: restart sensu-client service
+
+  - name: Deploy Sensu client service manifest
+    template: dest=/opt/local/lib/svc/manifest/sensu-client.xml
+              src=sensu-client.smartos_smf_manifest.xml.j2
+              owner=root group=root mode=644
+    notify: import sensu-client service
+              
+  - name: Initial import of Sensu client service
+    command: /usr/sbin/svccfg import /opt/local/lib/svc/manifest/sensu-client.xml
+    args:
+      creates: "/var/svc/log/application-sensu-client:default.log"
+
+  - name: Ensure Sensu client service is running
+    service: name=sensu-client state=started enabled=yes

tasks/dashboard.yml

@@ -0,0 +1,67 @@
+---
+
+  - name: Ensure Uchiwa directory exists
+    file: dest={{ uchiwa_path }} state=directory
+          owner={{ sensu_user_name }} group={{ sensu_group_name }}
+          recurse=yes
+
+  - name: Ensure Uchiwa config directory exists
+    file: dest={{ uchiwa_path }}/etc state=directory
+          owner={{ sensu_user_name }} group={{ sensu_group_name }}
+          recurse=yes
+
+  - name: Ensure Uchiwa Go directory exists
+    file: dest={{ uchiwa_path }}/go state=directory
+          owner={{ sensu_user_name }} group={{ sensu_group_name }}
+          recurse=yes
+
+  - name: Ensure Uchiwa GOPATH exists
+    file: dest={{ uchiwa_path }}/go/{{ item }}
+          owner={{ sensu_user_name }}
+          group={{ sensu_group_name }}
+          state=directory recurse=yes
+    with_items:
+      - bin
+      - pkg
+      - src
+
+  - name: Fetch Uchiwa from GitHub
+    command: go get github.com/sensu/uchiwa
+    environment:
+      GOPATH: "{{ uchiwa_path }}/go"
+    sudo: yes
+    sudo_user: "{{ sensu_user_name }}"
+    args:
+      creates: "{{ uchiwa_path }}/go/src/github.com/sensu/uchiwa"
+
+  - name: Build and deploy Uchiwa
+    shell: npm install --production chdir={{ uchiwa_path }}/go/src/github.com/sensu/uchiwa
+    args:
+      creates: "{{ uchiwa_path }}/go/src/github.com/sensu/uchiwa/public/bower_components"
+    sudo: yes
+    sudo_user: "{{ sensu_user_name }}"
+
+  - name: Deploy Uchiwa config
+    template: src=uchiwa_config.json.j2 dest={{ uchiwa_path }}/etc/config.json
+              owner={{ sensu_user_name }} group={{ sensu_group_name }}
+    notify: restart uchiwa service
+
+  - name: Deploy Uchiwa service script
+    template: src=uchiwa.sh.j2
+              dest=/opt/local/lib/svc/method/uchiwa
+              owner=root group=root mode=755
+    notify: restart uchiwa service
+
+  - name: Deploy Uchiwa service manifest
+    template: dest=/opt/local/lib/svc/manifest/uchiwa.xml
+              src=uchiwa.smartos_smf_manifest.xml.j2
+              owner=root group=root mode=644
+    notify: import uchiwa service
+
+  - name: Initial import of Uchiwa server service
+    command: /usr/sbin/svccfg import /opt/local/lib/svc/manifest/uchiwa.xml
+    args:
+      creates: "/var/svc/log/application-uchiwa:default.log"
+
+  - name: Ensure Uchiwa server service is running
+    service: name=uchiwa state=started enabled=yes

tasks/main.yml

@@ -0,0 +1,51 @@
+---
+
+  - name: Ensure the Sensu group is present
+    group: name={{ sensu_group_name }}
+             state=present
+             
+  - name: Ensure the Sensu user is present
+    user: name={{ sensu_user_name }}
+          group={{ sensu_group_name }}
+          shell=/bin/false
+          home={{ sensu_config_path }}
+          createhome=yes
+          state=present
+
+  - name: Ensure the Sensu config directory is present
+    file: dest={{ sensu_config_path }}/conf.d state=directory recurse=yes
+          owner={{ sensu_user_name }} group={{ sensu_group_name }}
+
+  - name: Ensure Sensu dependencies are installed
+    pkgin: name=build-essential,ruby21-base state=present
+
+  - name: Ensure Uchiwa (dashboard) dependencies are installed
+    pkgin: name=go state=present
+    when: sensu_include_dashboard
+
+  - name: Ensure Sensu is installed
+    gem: name=sensu state={{ sensu_gem_state }} user_install=no
+    notify:
+      - restart sensu-client service
+    
+  - name: Ensure Sensu 'plugins' gem is installed
+    gem: name=sensu-plugin state={{ sensu_plugin_gem_state }} user_install=no
+
+  - include: ssl.yml tags=ssl
+
+  - include: rabbit.yml tags=rabbitmq
+    when: rabbitmq_server
+
+  - include: redis.yml tags=redis
+    when: redis_server
+
+  - include: server.yml tags=server
+    when: sensu_master
+
+  - include: dashboard.yml tags=dashboard
+    when: sensu_include_dashboard
+    
+  - include: client.yml tags=client
+
+  - include: plugins.yml tags=plugins
+    when: sensu_include_plugins

tasks/plugins.yml

@@ -0,0 +1,40 @@
+---
+
+  - name: Ensure Sensu plugin directory exists
+    file: dest={{ sensu_config_path }}/plugins state=directory
+          owner={{ sensu_user_name }} group={{ sensu_group_name }}
+
+  - name: Register available checks
+    local_action: command ls {{ static_data_store }}/sensu/checks
+    register: sensu_available_checks
+    changed_when: False
+
+  - name: Deploy check plugins
+    copy: src={{ static_data_store }}/sensu/checks/{{ item }}/
+          dest={{ sensu_config_path }}/plugins/ mode=755
+          owner={{ sensu_user_name }} group={{ sensu_group_name }}
+    when: sensu_available_checks.stdout.find('{{ item }}') != -1
+    with_flattened:
+      - group_names
+    notify: restart sensu-client service
+
+  - name: Deploy handler plugins
+    copy: src={{ static_data_store }}/sensu/handlers/
+          dest={{ sensu_config_path }}/plugins/ mode=755
+          owner={{ sensu_user_name }} group={{ sensu_group_name }}
+    notify: restart sensu-client service
+
+  - name: Deploy mutator plugins
+    copy: src={{ static_data_store }}/sensu/mutators/
+          dest={{ sensu_config_path }}/plugins/ mode=755
+          owner={{ sensu_user_name }} group={{ sensu_group_name }}
+    notify: restart sensu-client service
+
+  - name: Deploy check/handler/filter/mutator definitions to the master
+    template: src={{ static_data_store }}/sensu/definitions/{{ item }}.j2
+          dest={{ sensu_config_path }}/conf.d/{{ item }}
+          owner={{ sensu_user_name }} group={{ sensu_group_name }}
+    when: sensu_master
+    with_lines:
+      - ls {{ static_data_store }}/sensu/definitions | cut -d. --fields=1,2
+    notify: restart sensu-api service

tasks/rabbit.yml

@@ -0,0 +1,46 @@
+---
+
+  - name: Ensure RabbitMQ is installed
+    pkgin: name=rabbitmq state=present
+
+  - name: Ensure RabbitMQ SSL directory exists
+    file: dest={{ rabbitmq_config_path }}/ssl state=directory
+
+  - name: Ensure RabbitMQ SSL certs/keys are in place
+    copy: src={{ dynamic_data_store }}/{{ groups['sensu_masters'][0] }}/{{ sensu_config_path }}/ssl_generation/ssl_certs/{{ item }}
+          dest={{ rabbitmq_config_path }}/ssl
+    with_items:
+      - sensu_ca/cacert.pem
+      - server/cert.pem
+      - server/key.pem
+
+  - name: Deploy RabbitMQ config
+    template: dest={{ rabbitmq_config_path }}/rabbitmq.config
+              src=rabbitmq.config.j2
+              owner=root group=root mode=644
+    notify: restart rabbitmq service
+
+  - name: Ensure RabbitMQ is running
+    service: name={{ item }} state=started enabled=true
+    with_items:
+      - epmd
+      - rabbitmq
+
+  - name: Wait for RabbitMQ to be up and running before asking to create a vhost
+    pause: seconds=3
+
+  - name: Ensure Sensu RabbitMQ vhost exists
+    rabbitmq_vhost: name={{ rabbitmq_sensu_vhost }} state=present
+    sudo: yes
+    sudo_user: rabbitmq
+
+  - name: Ensure Sensu RabbitMQ user has access to the Sensu vhost
+    rabbitmq_user: user={{ rabbitmq_sensu_user_name }}
+                   password={{ rabbitmq_sensu_password }}
+                   vhost={{ rabbitmq_sensu_vhost }}
+                   configure_priv=.*
+                   read_priv=.*
+                   write_priv=.*
+                   state=present
+    sudo: yes
+    sudo_user: rabbitmq

tasks/redis.yml

@@ -0,0 +1,7 @@
+---
+
+  - name: Ensure Redis is installed
+    pkgin: name=redis state=present
+
+  - name: Ensure Redis is running
+    service: name=redis state=started enabled=true

tasks/server.yml

@@ -0,0 +1,41 @@
+---
+
+  - name: Deploy Sensu server API configuration
+    template: dest={{ sensu_config_path }}/conf.d/api.json
+              owner={{ sensu_user_name }} group={{ sensu_group_name }}
+              src=sensu-api.json.j2
+    notify: restart sensu-api service
+
+  - name: Deploy Sensu Redis configuration
+    template: dest={{ sensu_config_path }}/conf.d/redis.json
+              owner={{ sensu_user_name }} group={{ sensu_group_name }}
+              src=sensu-redis.json.j2
+    notify: restart sensu-api service
+
+  - name: Deploy Sensu server service manifest
+    template: dest=/opt/local/lib/svc/manifest/sensu-server.xml
+              src=sensu-server.smartos_smf_manifest.xml.j2
+              owner=root group=root mode=644
+    notify: import sensu-server service
+
+  - name: Deploy Sensu API service manifest
+    template: dest=/opt/local/lib/svc/manifest/sensu-api.xml
+              src=sensu-api.smartos_smf_manifest.xml.j2
+              owner=root group=root mode=644
+    notify: import sensu-api service
+ 
+  - name: Initial import of Sensu server service
+    command: /usr/sbin/svccfg import /opt/local/lib/svc/manifest/sensu-server.xml
+    args:
+      creates: "/var/svc/log/application-sensu-server:default.log"
+        
+  - name: Initial import of Sensu API service
+    command: /usr/sbin/svccfg import /opt/local/lib/svc/manifest/sensu-api.xml
+    args:
+      creates: "/var/svc/log/application-sensu-api:default.log"
+
+  - name: Ensure Sensu server service is running
+    service: name=sensu-server state=started enabled=yes
+
+  - name: Ensure Sensu API service is running
+    service: name=sensu-api state=started enabled=yes

tasks/ssl.yml

@@ -0,0 +1,52 @@
+---
+
+  - name: Ensure Sensu SSL directory exists
+    file: dest={{ sensu_config_path }}/ssl state=directory
+          owner={{ sensu_user_name }} group={{ sensu_group_name }}
+
+  - name: Ensure SSL generation directory exists
+    file: dest={{ sensu_config_path }}/ssl_generation state=directory
+          owner={{ sensu_user_name }} group={{ sensu_group_name }}
+    when: sensu_master
+
+  - name: Fetch the ssl_certs tarball from sensuapp.org
+    get_url: url=http://sensuapp.org/docs/0.16/tools/ssl_certs.tar
+             dest={{ sensu_config_path }}/ssl_generation/ssl_certs.tar
+    when: sensu_master
+    sudo: yes
+    sudo_user: "{{ sensu_user_name }}"
+
+  - name: Untar the ssl_certs tarball from sensuapp.org
+    shell: tar xf ssl_certs.tar chdir={{ sensu_config_path }}/ssl_generation
+    args:
+      creates: "{{ sensu_config_path }}/ssl_generation/ssl_certs"
+    when: sensu_master
+    sudo: yes
+    sudo_user: "{{ sensu_user_name }}"
+
+  - name: Generate SSL certs
+    shell: ./ssl_certs.sh generate chdir={{ sensu_config_path }}/ssl_generation/ssl_certs
+    args:
+      creates: "{{ sensu_config_path }}/ssl_generation/ssl_certs/server"
+    when: sensu_master
+    sudo: yes
+    sudo_user: "{{ sensu_user_name }}"
+
+  - name: Stash the Sensu SSL certs/keys
+    fetch: src={{ sensu_config_path }}/ssl_generation/ssl_certs/{{ item }}
+           dest={{ dynamic_data_store }}
+    when: sensu_master
+    with_items:
+      - sensu_ca/cacert.pem
+      - server/cert.pem
+      - server/key.pem
+      - client/cert.pem
+      - client/key.pem
+
+  - name: Deploy the Sensu client SSL cert/key
+    copy: src={{ dynamic_data_store }}/{{ groups['sensu_masters'][0] }}/{{ sensu_config_path }}/ssl_generation/ssl_certs/client/{{ item }}
+          owner={{ sensu_user_name }} group={{ sensu_group_name }}
+          dest={{ sensu_config_path }}/ssl
+    with_items:
+      - cert.pem
+      - key.pem

templates/client.json.j2

@@ -0,0 +1,7 @@
+{
+  "client": {
+    "name": "{{ ansible_hostname }}",
+    "address": "{{ ansible_default_ipv4['address'] }}",
+      "subscriptions": {{ group_names | to_nice_json }}
+  }
+}

templates/rabbitmq.config.j2

@@ -0,0 +1,10 @@
+[
+    {rabbit, [
+    {ssl_listeners, [{{ rabbitmq_port }}]},
+    {ssl_options, [{cacertfile,"{{ rabbitmq_config_path }}/ssl/cacert.pem"},
+                   {certfile,"{{ rabbitmq_config_path }}/ssl/cert.pem"},
+                   {keyfile,"{{ rabbitmq_config_path }}/ssl/key.pem"},
+                   {verify,verify_peer},
+                   {fail_if_no_peer_cert,true}]}
+  ]}
+].

templates/rabbitmq.json.j2

@@ -0,0 +1,13 @@
+{
+  "rabbitmq": {
+    "ssl": {
+      "cert_chain_file": "{{ sensu_config_path }}/ssl/cert.pem",
+      "private_key_file": "{{ sensu_config_path }}/ssl/key.pem"
+    },
+"host": "{{ rabbitmq_host }}",
+    "port": {{ rabbitmq_port }},
+    "vhost": "{{ rabbitmq_sensu_vhost }}",
+    "user": "{{ rabbitmq_sensu_user_name }}",
+    "password": "{{ rabbitmq_sensu_password }}"
+  }
+}

templates/sensu-api.json.j2

@@ -0,0 +1,8 @@
+{
+  "api": {
+    "host": "{{ sensu_api_host }}",
+    "port": {{ sensu_api_port }},
+    "user": "{{ sensu_api_user_name }}",
+    "password": "{{ sensu_api_password }}"
+  }
+}

templates/sensu-api.smartos_smf_manifest.xml.j2

@@ -0,0 +1,32 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<service_bundle type="manifest" name="sensu-api">
+  <service name="application/sensu-api" type="service" version="1">
+    <create_default_instance enabled="false" />
+    <single_instance />
+    <dependency name="network" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/milestone/network:default" />
+    </dependency>
+    <dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/system/filesystem/local" />
+    </dependency>
+    <method_context>
+      <method_credential user="{{ sensu_user_name }}" group="{{ sensu_group_name }}" />
+      <method_environment>
+        <envvar name="HOME" value="{{ sensu_config_path }}" />
+        <envvar name="PATH" value="/opt/local/sbin:/opt/local/bin:/sbin:/usr/sbin:/usr/bin" />
+      </method_environment>
+    </method_context>
+    <exec_method type="method" name="start" exec="/opt/local/bin/sensu-api --background --config_dir ${HOME}" timeout_seconds="60" />
+    <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60" />
+    <property_group name="startd" type="framework">
+      <propval name="duration" type="astring" value="contract" />
+    </property_group>
+    <stability value="Evolving" />
+    <template>
+      <common_name>
+        <loctext xml:lang="C">Sensu API</loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>

templates/sensu-client.smartos_smf_manifest.xml.j2

@@ -0,0 +1,32 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<service_bundle type="manifest" name="sensu-client">
+  <service name="application/sensu-client" type="service" version="1">
+    <create_default_instance enabled="false" />
+    <single_instance />
+    <dependency name="network" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/milestone/network:default" />
+    </dependency>
+    <dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/system/filesystem/local" />
+    </dependency>
+    <method_context>
+      <method_credential user="{{ sensu_user_name }}" group="{{ sensu_group_name }}" />
+      <method_environment>
+        <envvar name="HOME" value="{{ sensu_config_path }}" />
+        <envvar name="PATH" value="/opt/local/sbin:/opt/local/bin:/sbin:/usr/sbin:/usr/bin" />
+      </method_environment>
+    </method_context>
+    <exec_method type="method" name="start" exec="/opt/local/bin/sensu-client --background --config_dir ${HOME}" timeout_seconds="60" />
+    <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60" />
+    <property_group name="startd" type="framework">
+      <propval name="duration" type="astring" value="contract" />
+    </property_group>
+    <stability value="Evolving" />
+    <template>
+      <common_name>
+        <loctext xml:lang="C">Sensu Client</loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>

templates/sensu-redis.json.j2

@@ -0,0 +1,6 @@
+{
+  "redis": {
+    "host": "{{ redis_host }}",
+    "port": {{ redis_port }}
+  }
+}

templates/sensu-server.smartos_smf_manifest.xml.j2

@@ -0,0 +1,32 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<service_bundle type="manifest" name="sensu-server">
+  <service name="application/sensu-server" type="service" version="1">
+    <create_default_instance enabled="false" />
+    <single_instance />
+    <dependency name="network" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/milestone/network:default" />
+    </dependency>
+    <dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/system/filesystem/local" />
+    </dependency>
+    <method_context>
+      <method_credential user="{{ sensu_user_name }}" group="{{ sensu_group_name }}" />
+      <method_environment>
+        <envvar name="HOME" value="{{ sensu_config_path }}" />
+        <envvar name="PATH" value="/opt/local/sbin:/opt/local/bin:/sbin:/usr/sbin:/usr/bin" />
+      </method_environment>
+    </method_context>
+    <exec_method type="method" name="start" exec="/opt/local/bin/sensu-server --background --config_dir ${HOME}" timeout_seconds="60" />
+    <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60" />
+    <property_group name="startd" type="framework">
+      <propval name="duration" type="astring" value="contract" />
+    </property_group>
+    <stability value="Evolving" />
+    <template>
+      <common_name>
+        <loctext xml:lang="C">Sensu Server</loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>

templates/uchiwa.sh.j2

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+PATH=/opt/local/bin:/opt/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
+export PATH
+
+set -o errexit
+set -o xtrace
+
+. /lib/svc/share/smf_include.sh
+
+HOME={{ uchiwa_path }}
+UCHIWA_PATH=${HOME}/go/src/github.com/sensu/uchiwa
+UCHIWA_USER={{ sensu_user_name }}
+
+if [ ! -d $HOME ]; then
+   echo "No directory found at: $HOME"
+fi
+
+if [ ! -f $HOME/etc/config.json ]; then
+   echo "No Uchiwa config found at: ${HOME}/config.json"
+fi
+
+cd $UCHIWA_PATH
+${HOME}/go/bin/uchiwa -c ${HOME}/etc/config.json &
+exit ${SMF_EXIT_OK}

templates/uchiwa.smartos_smf_manifest.xml.j2

@@ -0,0 +1,32 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<service_bundle type="manifest" name="uchiwa">
+  <service name="application/uchiwa" type="service" version="1">
+    <create_default_instance enabled="false" />
+    <single_instance />
+    <dependency name="network" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/milestone/network:default" />
+    </dependency>
+    <dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/system/filesystem/local" />
+    </dependency>
+    <method_context>
+      <method_credential user="{{ sensu_user_name }}" group="{{ sensu_user_name }}" />
+      <method_environment>
+        <envvar name="HOME" value="{{ uchiwa_path }}" />
+        <envvar name="PATH" value="/opt/uchiwa/go/bin:/opt/local/sbin:/opt/local/bin:/sbin:/usr/sbin:/usr/bin" />
+      </method_environment>
+    </method_context>
+    <exec_method type="method" name="start" exec='/opt/local/lib/svc/method/uchiwa' timeout_seconds="60" />
+    <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60" />
+    <property_group name="startd" type="framework">
+      <propval name="duration" type="astring" value="contract" />
+    </property_group>
+    <stability value="Evolving" />
+    <template>
+      <common_name>
+        <loctext xml:lang="C">Open source dashboard for Sensu</loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>

templates/uchiwa_config.json.j2

@@ -0,0 +1,20 @@
+{
+ "sensu": [
+   {
+       "name": "{{ uchiwa_dc_name }}",
+       "host": "{{ sensu_api_host }}",
+       "ssl": {{ sensu_api_ssl }},
+       "port": {{ sensu_api_port }},
+       "user": "{{ sensu_api_user_name }}",
+       "pass": "{{ sensu_api_password }}",
+       "path": "{{ sensu_api_uchiwa_path }}",
+       "timeout": {{ sensu_api_timeout }}
+   }
+ ],
+ "uchiwa": {
+   "user": "{{ uchiwa_user_name }}",
+   "pass": "{{ uchiwa_password }}",
+   "port": {{ uchiwa_port }},
+   "refresh": {{ uchiwa_refresh }}
+  }
+}