Created
October 6, 2014 22:27
-
-
Save seth-paxton/d19571620e8986c2ef1a to your computer and use it in GitHub Desktop.
Sensu Remediate Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Download the plugin from: https://github.com/sensu/sensu-community-plugins/blob/master/handlers/remediation/sensu.rb | |
| 2. Create the handler definition: | |
| { | |
| "handlers": { | |
| "remediator": { | |
| "type": "pipe", | |
| "command": "/etc/sensu/handlers/remediator.rb" | |
| } | |
| } | |
| } | |
| 3. Create check definition: | |
| { | |
| "checks": { | |
| "seyren_check": { | |
| "command": "/etc/sensu/plugins/check-procs.rb -p PROC", | |
| "interval": 10, | |
| "subscribers": ["SUB"], | |
| "handlers": ["remediator","pagerduty"], | |
| "occurrences": 1, | |
| "refresh": 10, | |
| "remediation": { | |
| "light_remediation": { | |
| "occurrences": [1, 2], | |
| "severities": [1] | |
| }, | |
| "medium_remediation": { | |
| "occurrences": ["3-10"], | |
| "severities": [1] | |
| }, | |
| "heavy_remediation": { | |
| "occurrences": ["1+"], | |
| "severities": [2] | |
| } | |
| } | |
| }, | |
| "light_remediation": { | |
| "command": "touch /tmp/test", | |
| "subscribers": [], | |
| "handlers": ["pagerduty"], | |
| "pager_team": "testing", | |
| "interval": 10, | |
| "publish": false | |
| }, | |
| "medium_remediation": { | |
| "command": "touch /tmp/test", | |
| "subscribers": [], | |
| "handlers": ["pagerduty"], | |
| "pager_team": "testing", | |
| "interval": 10, | |
| "publish": false | |
| }, | |
| "heavy_remediation": { | |
| "command": "touch /tmp/test", | |
| "subscribers": [], | |
| "handlers": ["pagerduty"], | |
| "pager_team": "testing", | |
| "interval": 10, | |
| "publish": false | |
| } | |
| } | |
| } | |
| 4. I noticed in the Sensu-API log that remediator was POSTing a check to the API with the subscribers being the hostname of the affected server. Sample log message: | |
| {"timestamp":"2014-10-06T18:46:16.656712+0000","level":"info","message":"POST /request","remote_address":"127.0.0.1","user_agent":"Ruby","request_method":"POS | |
| T","request_uri":"/request","request_body":"{\"check\":\"heavy_remediation\",\"subscribers\":[\"hostname.example.com\"]}"} | |
| 5. I changed my test client to subscribe to that queue and success. Everything works now: | |
| { | |
| "client":{ | |
| "subscriptions":[ | |
| "test", | |
| "hostname.example.com" | |
| ], | |
| "name":"hostname.example.com", | |
| "address":"555.555.555.555" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To avoid cluttering your subscriptions with hostnames, you could put the following line in your
seyren_checkdefinition, right after theremediationvalue:This will trigger the remediation commands on all clients that subscribe to
SUBObviously, this solution will only work properly if one of the following conditions is met:
Otherwise your remediation command may fail or interrupt services or do other bad things.