DevOps Series Ansible Deployment of Sensu and Uchiwa

0
4760

While Sensu is a free and open source monitoring and telemetry tool, Uchiwa provides the free and open source dashboard for Sensu. This article covers the Ansible deployment of Sensu and Uchiwa.

Sensu Core is a free and open source monitoring and telemetry solution. You can use it to monitor services, an application’s health, servers and important KPIs. It is primarily a monitoring event pipeline which allows you to filter or amend incoming events, and send alerts and notifications. It uses JSON for all its configuration files and integrates well with automation tools. Uchiwa is a free and open source dashboard for Sensu, written in the Go programming language. It also requires Node.js for front-end assets and JavaScript. Both Sensu Core and Uchiwa are released under the MIT licence.

Setting them up

A CentOS 7 (x86_64) guest virtual machine (VM) using KVM/QEMU will be used to set up Sensu.

The host system is a Parabola GNU/Linux-libre x86_64 system and Ansible is installed using the distribution package manager. The version of Ansible used is 2.6.0 as indicated below:

$ ansible --version

ansible 2.6.0

config file = /etc/ansible/ansible.cfg

configured module search path = [‘/home/guest/.ansible/plugins/modules’, ‘/usr/share/ansible/plugins/modules’]

ansible python module location = /usr/lib/python3.6/site-packages/ansible

executable location = /usr/bin/ansible

python version = 3.6.5 (default, May 11 2018, 04:00:52) [GCC 8.1.0]

The Ansible inventory, playbook and configuration files are created on the host system as follows:

ansible/inventory/kvm/

/playbooks/configuration/

/files/

The inventory/kvm/inventory file contains the following:

sensu ansible_host=192.168.122.43 ansible_connection=ssh ansible_user=centos ansible_password=centos123
Figure 1: Sensu client Web UI

A ‘centos’ user is created in the guest VM and sudo access is provided for this user using the ‘visudo’ command. SELinux needs to allow access to port 3000 for the Uchiwa dashboard. You should also add an entry in the /etc/hosts file for the CentOS VM as shown below:

192.168.122.43 sensu

You can now test connectivity from Ansible to the CentOS 7 VM using the following command:

$ ansible -i inventory/kvm/inventory sensu -m ping

sensu | SUCCESS => {

“changed”: false,

“ping”: “pong”

}

Installing the repositories

The first step is to install the repositories required for Sensu. The Extra Packages for Enterprise Linux (EPEL) repository is added. The sensu.repo also needs to be created in the guest VM, whose file contents are shown below:

[sensu]

name=sensu

baseurl=https://sensu.global.ssl.fastly.net/yum/$releasever/$basearch/

gpgcheck=0

enabled=1

The Ansible playbook for setting up the pre-requisite repositories is given below:

---

- name: Repository setup

hosts: sensu

become: yes

become_method: sudo

gather_facts: yes

tags: [repo]

tasks:

- name: Install epel-release

yum:

name: epel-release

state: present

- name: Create sensu.repo

copy:

src: ../../files/sensu.repo

dest: /etc/yum.repos.d/sensu.repo

The above playbook can be invoked using the following command:

$ ansible-playbook -i inventory/kvm/inventory playbooks/configuration/sensu.yml --tags repo -vv -K

The vv represents the verbosity in the Ansible output. You can use up to four v’s for a more detailed output. The -K option prompts for the sudo password for the centos user account.

Figure 2: Sensu data centre Web UI

Redis

The Redis in-memory database is used as a data store and for transport. You can install it using the YUM tool. In the following example, the protected-mode in Redis configuration is disabled as we are in development mode and the server is started. We wait for the Redis server to run on port 6379. The Ansible playbook for installing, configuring and starting Redis is as follows:

- name: Install Redis

hosts: sensu

become: yes

become_method: sudo

gather_facts: true

tags: [redis]

tasks:

- name: Install Redis

yum:

name: redis

state: present

- lineinfile:

path: /etc/redis.conf

regexp: ‘^protected-mode yes’

line: ‘protected-mode no’

- name: Start Redis

systemd:

name: redis

state: started

- wait_for:

port: 6379

The above playbook can be executed as follows:

$ ansible-playbook -i inventory/kvm/inventory playbooks/configuration/sensu.yml --tags redis -vv -K

Sensu

You can now proceed to install Sensu and the Uchiwa dashboard. The jq tool is used to process JSON data in the command line. The Sensu config.json file contents specify the Redis transport and API access information as shown below:

{

“transport”: {

“name”: “redis”

},

“api”: {

“host”: “127.0.0.1”,

“port”: 4567

}

}

The client.json file sets the environment to ‘development’ and the subscription name to ‘linux’ as shown below:

{

“client”: {

“environment”: “development”,

“subscriptions”: [

“linux”

]

}

}

The Uchiwa dashboard configuration file is given by uchiwa.json, which includes information on Sensu as well as the host and port where Sensu should run. The uchiwa.json file contents are as follows:

{

“sensu”: [

{

“name”: “sensu”,

“host”: “127.0.0.1”,

“port”: 4567,

“timeout”: 10

}

],

“uchiwa”: {

“host”: “0.0.0.0”,

“port”: 3000,

“refresh”: 10

}

}

The above configuration files are copied to the /etc/sensu directory in their respective locations. The firewall rule to allow port 3000 for the Uchiwa dashboard is then enabled. The sensu-{api, client, server} and the Uchiwa dashboard services are then started. The Ansible playbook for the above tasks is provided below for reference:

- name: Install sensu, uchiwa

hosts: sensu

become: yes

become_method: sudo

gather_facts: true

tags: [sensu]

tasks:

- name: Install sensu and packages

yum:

name: “{{ item }}”

state: present

with_items:

- sensu

- uchiwa

- jq

- name: Create config.json

copy:

src: ../../files/config.json

dest: /etc/sensu/config.json

- name: Create client.json

copy:

src: ../../files/client.json

dest: /etc/sensu/conf.d/client.json

- name: Create uchiwa.json

copy:

src: ../../files/uchiwa.json

dest: /etc/sensu/uchiwa.json

- file:

path: /etc/sensu

owner: sensu

group: sensu

recurse: yes

- firewalld:

port: 3000/tcp

state: enabled

- name: Start services

systemd:

name: “{{ item }}”

state: started

with_items:

- sensu-server

- sensu-api

- sensu-client

- uchiwa

The execution output for installing Sensu and Uchiwa is shown below:

$ ansible-playbook -i inventory/kvm/inventory playbooks/configuration/sensu.yml --tags sensu -K

SUDO password:

PLAY [Repository setup] *************************************

TASK [Gathering Facts] **************************************

ok: [sensu]

PLAY [Install Redis] ****************************************

TASK [Gathering Facts] **************************************ok: [sensu]

PLAY [Install sensu, uchiwa] ********************************

TASK [Gathering Facts] **************************************

ok: [sensu]

TASK [Install sensu and packages] ***************************

changed: [sensu] => (item=[‘sensu’, ‘uchiwa’, ‘jq’])

TASK [Create config.json] ************************************

changed: [sensu]

TASK [Create client.json] ***********************************

changed: [sensu]

TASK [Create uchiwa.json] ***********************************

changed: [sensu]

TASK [file] **************************************************

changed: [sensu]

TASK [firewalld] *********************************************

changed: [sensu]

TASK [Start services] ***************************************

changed: [sensu] => (item=sensu-server)

changed: [sensu] => (item=sensu-api)

changed: [sensu] => (item=sensu-client)

changed: [sensu] => (item=uchiwa)

PLAY [Enable checks] ****************************************

TASK [Gathering Facts] **************************************

ok: [sensu]

PLAY RECAP **************************************************

sensu : ok=11 changed=7 unreachable=0 failed=0

You can now verify that Sensu is running fine by querying the API for clients using the Curl command and parsing the output using jq, as follows:

$ curl -s http://127.0.0.1:4567/clients | jq .

[

{

“name”: “localhost.localdomain”,

“address”: “192.168.122.164”,

“environment”: “development”,

“subscriptions”: [

“linux”,

“client:localhost.localdomain”

],

“version”: “1.4.3”,

“timestamp”: 1533722644

}

]

The Uchiwa dashboard is available at http://192.168.122.43:3000 in the host system, and you can view the Sensu client Web interface as shown in Figure 1.

The Sensu data center view is shown in Figure 2.

Figure 3: List of Sensu checks

Checks

The monitoring checks for CPU, disk and memory can be set up on the guest VM and viewed in the Uchiwa dashboard. The sensu-install command is used to install the Ruby script checks that will be run periodically. The check configurations for CPU, disk and memory are copied to the /etc/sensu/conf.d directory and provided below for reference:

Listing 6.1: check_cpu_linux.json

{

“checks”: {

“check-cpu-linux”: {

“command”: “/opt/sensu/embedded/bin/check-cpu.rb -w 80 -c 90 “,

“interval”: 60,

“subscribers”: [

“linux”

]

}

}

}

Listing 6.2: check_disk_usage_linux.json

{

“checks”: {

“check-disk-usage-linux”: {

“command”: “/opt/sensu/embedded/bin/check-disk-usage.rb -w 80 -c 90”,

“interval”: 60,

“subscribers”: [

“linux”

]

}

}

}

Listing 6.3: check_memory_linux.json

{

“checks”: {

“check_memory_linux”: {

“command”: “/opt/sensu/embedded/bin/check-memory-percent.rb -w 90 -c 95”,

“interval”: 60,

“subscribers”: [

“linux”

]

}

}

}

Finally, the Sensu services are restarted. The Ansible playbook to install the checks is given below, for reference:

- name: Enable checks

hosts: sensu

become: yes

become_method: sudo

gather_facts: true

tags: [checks]

tasks:

- name: Install checks

command: “sensu-install -p {{ item }}”

args:

chdir: /opt/sensu/embedded/bin

with_items:

- cpu-checks

- disk-checks

- memory-checks

- name: Create check json files

copy:

src: “../../files/{{ item }}.json”

dest: “/etc/sensu/conf.d/{{ item }}.json”

with_items:

- check_cpu_linux

- check_disk_usage_linux

- check_memory_linux

- name: Restart services

systemd:

name: “{{ item }}”

state: restarted

with_items:

- sensu-server

- sensu-api

- sensu-client

- uchiwa

The above playbook can be invoked using the following command:

$ ansible-playbook -i inventory/kvm/inventory playbooks/configuration/sensu.yml --tags checks -vv -K

The Sensu dashboard will now have the installed checks as shown in Figure 3.

Figure 4: Output of Sensu checks

The results of the check output are also available in the dashboard as shown in Figure 4.

You are encouraged to read the Sensu Core documentation available at https://docs.sensu.io/sensu-core/1.4/ to learn more about the framework and its usage.

LEAVE A REPLY

Please enter your comment!
Please enter your name here