Last active
September 5, 2018 23:24
-
-
Save asachs01/0cdc8bdd24262534cf75a8eccb8940de to your computer and use it in GitHub Desktop.
Sensu Enterprise
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| ################################ | |
| # !!!NOTICE!! # | |
| # READ BEFORE RUNNING # | |
| ################################ | |
| # This is the Sensu Enterprise Provisioning Script | |
| # The intent is to make the provisioning of Sensu Enterprise easy. | |
| # | |
| # Currently Working on the follwing cloud providers/OS's: | |
| # | |
| # AWS: | |
| # - CentOS | |
| # | |
| # Set up our Sensu Enterprise Credentials | |
| SE_USER= | |
| SE_PASS= | |
| if [ -z "$SE_USER" ] || [ -z "$SE_PASS" ]; then | |
| echo "SE_USER and SE_PASS environment variables are required" | |
| exit 1 | |
| fi | |
| # Make sure we have all the package repos we need! | |
| sudo yum install wget epel-release vim yum-utils openssl -y | |
| # Set up zero-dependency erlang | |
| echo ' [rabbitmq-erlang] | |
| name=rabbitmq-erlang | |
| baseurl=https://dl.bintray.com/rabbitmq/rpm/erlang/20/el/7 | |
| gpgcheck=1 | |
| gpgkey=https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | |
| repo_gpgcheck=0 | |
| enabled=1' | sudo tee /etc/yum.repos.d/rabbitmq-erlang.repo | |
| # Install Erlang | |
| sudo yum install erlang -y | |
| # Set up the RabbitMQ Repo | |
| sudo rpm --import https://dl.bintray.com/rabbitmq/Keys/rabbitmq-release-signing-key.asc | |
| echo '[bintray-rabbitmq-server] | |
| name=bintray-rabbitmq-rpm | |
| baseurl=https://dl.bintray.com/rabbitmq/rpm/rabbitmq-server/v3.7.x/el/7/ | |
| gpgcheck=0 | |
| repo_gpgcheck=0 | |
| enabled=1' | sudo tee /etc/yum.repos.d/rabbitmq.repo | |
| # Install rabbitmq | |
| sudo yum install rabbitmq-server -y | |
| # Set up Sensu's repository & Sensu Enterprise | |
| echo '[sensu] | |
| name=sensu | |
| baseurl=https://repositories.sensuapp.org/yum/$releasever/$basearch/ | |
| gpgcheck=0 | |
| enabled=1' | sudo tee /etc/yum.repos.d/sensu.repo | |
| echo "[sensu-enterprise] | |
| name=sensu-enterprise | |
| baseurl=http://$SE_USER:[email protected]/yum/noarch/ | |
| gpgcheck=0 | |
| enabled=1" | sudo tee /etc/yum.repos.d/sensu-enterprise.repo | |
| echo "[sensu-enterprise-dashboard] | |
| name=sensu-enterprise-dashboard | |
| baseurl=http://$SE_USER:[email protected]/yum/\$basearch/ | |
| gpgcheck=0 | |
| enabled=1" | sudo tee /etc/yum.repos.d/sensu-enterprise-dashboard.repo | |
| # Get Redis installed | |
| sudo yum install redis -y | |
| # Install Sensu itself | |
| sudo yum install sensu sensu-enterprise sensu-enterprise-dashboard -y | |
| # Provide minimal transport configuration (used by client, server and API) | |
| echo '{ | |
| "transport": { | |
| "name": "rabbitmq" | |
| } | |
| }' | sudo tee /etc/sensu/transport.json | |
| # Provide minimal client configuration | |
| echo '{ | |
| "client": { | |
| "environment": "testing", | |
| "subscriptions": [ | |
| "dev" | |
| ] | |
| } | |
| }' |sudo tee /etc/sensu/conf.d/client.json | |
| # Ensure config file permissions are correct | |
| sudo chown -R sensu:sensu /etc/sensu | |
| # Install curl and jq helper utilities | |
| sudo yum install curl jq -y | |
| # Use curl to query the API, verify that the client has registered | |
| curl -s http://127.0.0.1:4567/clients | jq . | |
| # Add a basic dashboard config | |
| echo '{ | |
| "sensu": [ | |
| { | |
| "name": "sensu-enterprise", | |
| "host": "localhost", | |
| "port": 4567, | |
| "timeout": 5 | |
| } | |
| ], | |
| "dashboard": { | |
| "host": "0.0.0.0", | |
| "port": 3000, | |
| "interval": 5 | |
| } | |
| } | |
| ' | sudo tee /etc/sensu/dashboard.json | |
| # Get Sensu SSL tool | |
| cd $HOME | |
| sudo wget http://docs.sensu.io/sensu-core/1.4/files/sensu_ssl_tool.tar | |
| # Extract the tool | |
| tar -xvf sensu_ssl_tool.tar | |
| # Generate certs | |
| cd sensu_ssl_tool | |
| ./ssl_certs.sh generate | |
| # Sleep to ensure that the certs and keys are generated | |
| sleep 15s | |
| # Making the SSL directories | |
| sudo mkdir /etc/{rabbitmq,sensu}/ssl | |
| # Copying the files | |
| sudo cp $HOME/sensu_ssl_tool/server/{cert,key}.pem /etc/rabbitmq/ssl/ | |
| sudo cp $HOME/sensu_ssl_tool/sensu_ca/cacert.pem /etc/rabbitmq/ssl/ | |
| sudo cp $HOME/sensu_ssl_tool/client/{cert,key}.pem /etc/sensu/ssl/ | |
| # Configure rabbitmq SSL | |
| echo '[ | |
| {rabbit, [ | |
| {ssl_listeners, [5671]}, | |
| {ssl_options, [{cacertfile,"/etc/rabbitmq/ssl/cacert.pem"}, | |
| {certfile,"/etc/rabbitmq/ssl/cert.pem"}, | |
| {keyfile,"/etc/rabbitmq/ssl/key.pem"} | |
| ]} | |
| ]} | |
| ]. | |
| ' | sudo tee /etc/rabbitmq/rabbitmq.config | |
| # Configure sensu to use SSL | |
| # NOTE: These credentials are not intended for use in production. | |
| echo '{ | |
| "rabbitmq": { | |
| "host": "127.0.0.1", | |
| "port": 5671, | |
| "vhost": "/sensu", | |
| "user": "sensu", | |
| "password": "secret", | |
| "heartbeat": 30, | |
| "prefetch": 50, | |
| "ssl": { | |
| "cert_chain_file": "/etc/sensu/ssl/cert.pem", | |
| "private_key_file": "/etc/sensu/ssl/key.pem" | |
| } | |
| } | |
| }' | sudo tee /etc/sensu/conf.d/rabbitmq.json | |
| # Start up rabbitmq services | |
| sudo systemctl start rabbitmq-server | |
| # Add rabbitmq vhost configurations | |
| sudo rabbitmqctl add_vhost /sensu | |
| sudo rabbitmqctl add_user sensu secret | |
| sudo rabbitmqctl set_permissions -p /sensu sensu ".*" ".*" ".*" | |
| # Start up other services | |
| sudo systemctl start sensu-{enterprise,enterprise-dashboard,client}.service | |
| sudo systemctl start redis.service | |
| sudo systemctl enable redis.service | |
| sudo systemctl enable rabbitmq-server | |
| sudo systemctl enable sensu-{enterprise,enterprise-dashboard,client}.service |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment