-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsensu.yaml
203 lines (197 loc) · 6.68 KB
/
sensu.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
heat_template_version: 2013-05-23
description: >
template de déploiement d une application sur 2 instances tomcat, une base mysql, un haproxy et un apache frontal
parameters:
KeyName:
type: string
description: Name of an existing EC2 KeyPair to enable SSH access to the instances
FloatingIP:
description: FloatingIp,
type: string
default: 192.168.0.136
SubnetId:
description: SubnetId,
type: string
default: 77d1f47d-6d1c-4f4f-9e8d-ec3230676964
Instancetype:
type: string
description: Instance type for the server
default: m1.small
constraints:
- allowed_values: [m1.small, m1.medium, m1.large]
description: Instancetype must be one of m1.small, m1.medium or m1.large
ImageId:
type: string
description: ID of the image to use for the server
default: CentOS-7-x86_64-cfntools-boto2.12.0
constraints:
- allowed_values: [ CentOS-7-x86_64-cfntools-boto2.12.0, CentOS-7-x86_64-cfntools-boto2.12.0 ]
description: >
Image ID must be either centos-6.5_x86_64-cnftools or centos-6.5_x86_64-cnftools
SensuUser:
type: string
description: The Database admin account username
default: admin
hidden: true
constraints:
- length: { min: 1, max: 16 }
description: DBUsername must be between 1 and 64 characters
- allowed_pattern: '[a-zA-Z][a-zA-Z0-9]*'
description: >
DBUsername must begin with a letter and contain only alphanumeric
characters
SensuPassword:
type: string
description: The Database admin account password
default: admin
hidden: true
constraints:
- length: { min: 1, max: 41 }
description: DBUsername must be between 1 and 64 characters
- allowed_pattern: '[a-zA-Z0-9]*'
description: DBPassword must contain only alphanumeric characters
resources:
SensuServer:
# Use an AWS resource type and switch to native compute instance as
# soon as it is available
type: AWS::EC2::Instance
# Have to use AWS::EC::Instance metadata syntax for now
metadata:
AWS::CloudFormation::Init:
config:
packages:
yum:
services:
sysvinit:
properties:
ImageId: { get_param: ImageId }
InstanceType: { get_param: Instancetype }
KeyName: {Ref: KeyName}
SubnetId: {Ref: SubnetId}
UserData:
str_replace:
template: |
#!/bin/bash -v
/opt/aws/bin/cfn-init
# Setup MySQL root password and create a user
yum install -y openssl wget
yum install -y epel-release
yum install -y erlang
rpm --import http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
rpm -Uvh http://www.rabbitmq.com/releases/rabbitmq-server/v3.2.1/rabbitmq-server-3.2.1-1.noarch.rpm
chkconfig rabbitmq-server on
/etc/init.d/rabbitmq-server start
mkdir -p /etc/rabbitmq/ssl
cd /tmp
wget http://sensuapp.org/docs/0.16/tools/ssl_certs.tar
tar -xvf ssl_certs.tar
cd ssl_certs
./ssl_certs.sh generate
cp sensu_ca/cacert.pem /etc/rabbitmq/ssl/
cp server/*.pem /etc/rabbitmq/ssl/
mkdir -p /etc/sensu/ssl
cp server/*.pem /etc/sensu/ssl
cat > /etc/rabbitmq/rabbitmq.config <<EOF
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/etc/rabbitmq/ssl/cacert.pem"},
{certfile,"/etc/rabbitmq/ssl/cert.pem"},
{keyfile,"/etc/rabbitmq/ssl/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,true}]}
]}
].
EOF
/etc/init.d/rabbitmq-server restart
rabbitmqctl add_vhost /sensu
rabbitmqctl add_user sensu mypass
rabbitmqctl set_permissions -p /sensu sensu ".*" ".*" ".*"
yum install -y redis
/sbin/chkconfig redis on
service redis start
cat >> /etc/yum.repos.d/sensu.repo <<EOF
[sensu]
name=sensu-main
baseurl=http://repos.sensuapp.org/yum/el/6/x86_64/
gpgcheck=0
enabled=1
EOF
yum install -y sensu
cat >> /etc/sensu/conf.d/rabbitmq.json <<EOF
{
"rabbitmq": {
"ssl": {
"cert_chain_file": "/etc/sensu/ssl/cert.pem",
"private_key_file": "/etc/sensu/ssl/key.pem"
},
"host": "localhost",
"port": 5671,
"vhost": "/sensu",
"user": "sensu",
"password": "secret"
}
}
EOF
cat >> /etc/sensu/conf.d/redis.json <<EOF
{
"redis": {
"host": "localhost",
"port": 6379
}
}
EOF
cat >> /etc/sensu/conf.d/api.json <<EOF
{
"api": {
"host": "localhost",
"port": 4567,
"user": "admin",
"password": "secret"
}
}
EOF
cat >> /etc/sensu/conf.d/client.json <<EOF
{
"client": {
"name": "sensu",
"address": "localhost",
"subscriptions": [ "all" ]
}
}
EOF
chkconfig sensu-server on
chkconfig sensu-client on
chkconfig sensu-api on
/etc/init.d/sensu-server start
/etc/init.d/sensu-client start
/etc/init.d/sensu-api start
yum install -y uchiwa
cat > /etc/sensu/uchiwa.json <<EOF
{
"sensu": [
{
"name": "Sensu",
"host": "127.0.0.1",
"ssl": false,
"port": 4567,
"user": "admin",
"pass": "secret",
"path": "",
"timeout": 5000
}
],
"uchiwa": {
"user": "",
"pass": "",
"port": 3000,
"stats": 10,
"refresh": 10000
}
}
EOF
chkconfig uchiwa on
service uchiwa start
params:
$SensuUser: { get_param: SensuUser }
$SensuPassword: { get_param: SensuPassword }