This guide provides a complete Ansible playbook to install Sensu Go monitoring platform with backend, agent, and web UI configuration.
Current Sensu Go version: 6.13.1
Create a file named sensu.yml:
---
- name: Install and Configure Sensu Go Backend
hosts: sensu_backend
become: true
vars:
sensu_version: "6.13.1"
sensu_backend_port: 8080
sensu_agent_port: 8081
sensu_api_port: 8080
admin_username: "admin"
admin_password: "P@ssw0rd123!" # Change this!
tasks:
- name: Install prerequisites (Debian/Ubuntu)
apt:
name:
- apt-transport-https
- software-properties-common
- wget
- gnupg2
- curl
state: present
update_cache: true
when: ansible_os_family == "Debian"
- name: Install prerequisites (RHEL/CentOS)
yum:
name:
- wget
- gnupg2
- curl
state: present
when: ansible_os_family == "RedHat"
- name: Add Sensu APT key (Debian/Ubuntu)
apt_key:
url: "https://packagecloud.io/sensu/stable/gpgkey"
state: present
when: ansible_os_family == "Debian"
- name: Add Sensu APT repository (Debian/Ubuntu)
apt_repository:
repo: "deb https://packagecloud.io/sensu/stable/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main"
state: present
filename: sensu
when: ansible_os_family == "Debian"
- name: Add Sensu YUM repository (RHEL/CentOS)
yum_repository:
name: sensu_stable
description: Sensu Stable Repository
baseurl: "https://packagecloud.io/sensu/stable/el/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}"
gpgcheck: true
gpgkey: "https://packagecloud.io/sensu/stable/gpgkey"
enabled: true
when: ansible_os_family == "RedHat"
- name: Install Sensu Go backend
package:
name: "sensu-go-backend{% if sensu_version %}-{{ sensu_version }}{% endif %}"
state: present
notify: Restart Sensu Backend
- name: Configure Sensu backend
copy:
dest: /etc/sensu/backend.yml
owner: sensu
group: sensu
mode: '0640'
content: |
## Backend Configuration
agent-host: "0.0.0.0"
agent-port: {{ sensu_agent_port }}
api-host: "0.0.0.0"
api-port: {{ sensu_api_port }}
dashboard-host: "0.0.0.0"
dashboard-port: {{ sensu_backend_port }}
state-dir: "/var/lib/sensu/sensu-backend"
log-level: "info"
backend-name: "{{ ansible_hostname }}"
## Etcd Configuration
etcd-listen-client-urls: "http://127.0.0.1:2379"
etcd-listen-peer-urls: "http://127.0.0.1:2380"
etcd-initial-cluster: "default=http://127.0.0.1:2380"
etcd-initial-advertise-peer-urls: "http://127.0.0.1:2380"
etcd-name: "default"
- name: Enable and start Sensu backend
systemd:
name: sensu-backend
enabled: true
state: started
daemon_reload: true
- name: Wait for Sensu API to be available
wait_for:
port: "{{ sensu_api_port }}"
delay: 5
timeout: 120
- name: Configure Sensu admin user
uri:
url: "http://localhost:{{ sensu_api_port }}/api/core/v2/users"
method: POST
body_format: json
body:
username: "{{ admin_username }}"
password: "{{ admin_password }}"
groups:
- cluster-admins
status_code: [201, 409] # 409 = user already exists
register: user_create
changed_when: user_create.status == 201
- name: Configure firewall (UFW)
ufw:
rule: allow
port: "{{ item }}"
proto: tcp
comment: "Sensu Go"
loop:
- "{{ sensu_backend_port }}"
- "{{ sensu_agent_port }}"
- "{{ sensu_api_port }}"
- 2379
- 2380
when: ansible_os_family == "Debian"
failed_when: false
- name: Configure firewall (firewalld)
firewalld:
port: "{{ item }}/tcp"
permanent: true
immediate: true
state: enabled
loop:
- "{{ sensu_backend_port }}"
- "{{ sensu_agent_port }}"
- "{{ sensu_api_port }}"
- 2379
- 2380
when: ansible_os_family == "RedHat"
failed_when: false
- name: Display Sensu status
debug:
msg: |
Sensu Go {{ sensu_version }} installed successfully!
Dashboard: http://{{ ansible_default_ipv4.address | default(ansible_host) }}:{{ sensu_backend_port }}
Username: {{ admin_username }}
Password: {{ admin_password }}
IMPORTANT: Change the default password after first login!
handlers:
- name: Restart Sensu Backend
systemd:
name: sensu-backend
state: restarted
daemon_reload: true
---
- name: Deploy Sensu Agent to monitored hosts
hosts: monitored_hosts
become: true
vars:
sensu_backend_host: "192.168.1.110"
sensu_agent_port: 8081
sensu_version: "6.13.1"
tasks:
- name: Install prerequisites (Debian/Ubuntu)
apt:
name:
- apt-transport-https
- wget
- gnupg2
state: present
update_cache: true
when: ansible_os_family == "Debian"
- name: Add Sensu APT key (Debian/Ubuntu)
apt_key:
url: "https://packagecloud.io/sensu/stable/gpgkey"
state: present
when: ansible_os_family == "Debian"
- name: Add Sensu APT repository (Debian/Ubuntu)
apt_repository:
repo: "deb https://packagecloud.io/sensu/stable/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main"
state: present
filename: sensu
when: ansible_os_family == "Debian"
- name: Install Sensu Go agent
apt:
name: "sensu-go-agent{% if sensu_version %}-{{ sensu_version }}{% endif %}"
state: present
when: ansible_os_family == "Debian"
- name: Install Sensu Go agent (RHEL/CentOS)
yum:
name: "sensu-go-agent{% if sensu_version %}-{{ sensu_version }}{% endif %}"
state: present
when: ansible_os_family == "RedHat"
- name: Configure Sensu agent
copy:
dest: /etc/sensu/agent.yml
owner: sensu
group: sensu
mode: '0640'
content: |
## Agent Configuration
backend-url:
- "ws://{{ sensu_backend_host }}:{{ sensu_agent_port }}"
cache-dir: "/var/cache/sensu/sensu-agent"
log-level: "info"
name: "{{ ansible_fqdn | default(ansible_hostname) }}"
namespace: "default"
subscriptions:
- base
- "{{ ansible_os_family | lower }}"
{% if groups['webservers'] is defined and inventory_hostname in groups['webservers'] %}
- webserver
{% endif %}
{% if groups['databases'] is defined and inventory_hostname in groups['databases'] %}
- database
{% endif %}
- name: Enable and start Sensu agent
systemd:
name: sensu-agent
enabled: true
state: started
daemon_reload: true
- name: Configure firewall for agent
ufw:
rule: allow
port: "{{ sensu_agent_port }}"
proto: tcp
comment: "Sensu agent"
when: ansible_os_family == "Debian"
failed_when: false
- name: Wait for agent to connect
wait_for:
port: "{{ sensu_agent_port }}"
delay: 3
timeout: 60
failed_when: false
---
- name: Create Sensu checks via API
hosts: sensu_backend
become: false
vars:
sensu_api_url: "http://{{ ansible_host }}:8080"
sensu_user: "admin"
sensu_pass: "{{ admin_password }}"
tasks:
- name: Get Sensu API token
uri:
url: "{{ sensu_api_url }}/api/core/v2/users/{{ sensu_user }}/authentication"
method: POST
user: "{{ sensu_user }}"
password: "{{ sensu_pass }}"
force_basic_auth: true
return_content: true
register: auth_result
- name: Set API token
set_fact:
sensu_token: "{{ auth_result.json.access_token }}"
- name: Create CPU check
uri:
url: "{{ sensu_api_url }}/api/core/v2/namespaces/default/checks/check-cpu"
method: PUT
body_format: json
body:
metadata:
namespace: default
name: check-cpu
command: "check-cpu.sh -w 75 -c 90"
interval: 60
publish: true
subscriptions:
- base
handlers: []
timeout: 10
headers:
Authorization: "Bearer {{ sensu_token }}"
Content-Type: "application/json"
register: cpu_check
changed_when: cpu_check.status == 201
- name: Create memory check
uri:
url: "{{ sensu_api_url }}/api/core/v2/namespaces/default/checks/check-memory"
method: PUT
body_format: json
body:
metadata:
namespace: default
name: check-memory
command: "check-memory.sh -w 75 -c 90"
interval: 60
publish: true
subscriptions:
- base
handlers: []
timeout: 10
headers:
Authorization: "Bearer {{ sensu_token }}"
Content-Type: "application/json"
register: memory_check
changed_when: memory_check.status == 201
- name: Create disk check
uri:
url: "{{ sensu_api_url }}/api/core/v2/namespaces/default/checks/check-disk"
method: PUT
body_format: json
body:
metadata:
namespace: default
name: check-disk
command: "check-disk.sh -w 80 -c 90"
interval: 300
publish: true
subscriptions:
- base
handlers: []
timeout: 10
headers:
Authorization: "Bearer {{ sensu_token }}"
Content-Type: "application/json"
register: disk_check
changed_when: disk_check.status == 201
- name: Display check creation status
debug:
msg: "Created {{ [cpu_check, memory_check, disk_check] | selectattr('changed') | list | length }} checks in Sensu"
---
- name: Configure Sensu handlers and notifications
hosts: sensu_backend
become: false
vars:
sensu_api_url: "http://{{ ansible_host }}:8080"
sensu_user: "admin"
sensu_pass: "{{ admin_password }}"
slack_webhook: "https://hooks.slack.com/services/XXX/YYY/ZZZ"
admin_email: "admin@example.com"
tasks:
- name: Get Sensu API token
uri:
url: "{{ sensu_api_url }}/api/core/v2/users/{{ sensu_user }}/authentication"
method: POST
user: "{{ sensu_user }}"
password: "{{ sensu_pass }}"
force_basic_auth: true
return_content: true
register: auth_result
- name: Set API token
set_fact:
sensu_token: "{{ auth_result.json.access_token }}"
- name: Create Slack handler
uri:
url: "{{ sensu_api_url }}/api/core/v2/namespaces/default/handlers/slack"
method: PUT
body_format: json
body:
metadata:
namespace: default
name: slack
type: pipe
command: "sensu-slack-handler --webhook-url '{{ slack_webhook }}' --channel '#monitoring'"
timeout: 10
filters:
- is_incident
- not_silenced
headers:
Authorization: "Bearer {{ sensu_token }}"
Content-Type: "application/json"
register: slack_handler
changed_when: slack_handler.status == 201
- name: Create email handler
uri:
url: "{{ sensu_api_url }}/api/core/v2/namespaces/default/handlers/email"
method: PUT
body_format: json
body:
metadata:
namespace: default
name: email
type: pipe
command: "sensu-email-handler -t {{ admin_email }}"
timeout: 10
filters:
- is_incident
headers:
Authorization: "Bearer {{ sensu_token }}"
Content-Type: "application/json"
register: email_handler
changed_when: email_handler.status == 201
- name: Create critical alert filter
uri:
url: "{{ sensu_api_url }}/api/core/v2/namespaces/default/filters/is_incident"
method: PUT
body_format: json
body:
metadata:
namespace: default
name: is_incident
action: allow
expression: "val(event.check.status) != 0"
headers:
Authorization: "Bearer {{ sensu_token }}"
Content-Type: "application/json"
register: incident_filter
changed_when: incident_filter.status == 201
- name: Display handler configuration status
debug:
msg: "Configured Slack and email handlers for Sensu notifications"
---
sensu_backend:
hosts:
sensu:
ansible_host: 192.168.1.110
ansible_user: ansible
ansible_become: true
monitored_hosts:
hosts:
web1:
ansible_host: 192.168.1.10
web2:
ansible_host: 192.168.1.11
db1:
ansible_host: 192.168.1.20
# Test connectivity
ansible all -i inventory.yml -m ping
# Install Sensu backend
ansible-playbook -i inventory.yml sensu-backend.yml
# Deploy Sensu agents
ansible-playbook -i inventory.yml sensu-agents.yml
# Create checks
ansible-playbook -i inventory.yml sensu-checks.yml \
-e "admin_password=P@ssw0rd123!"
# Configure handlers
ansible-playbook -i inventory.yml sensu-handlers.yml \
-e "admin_password=P@ssw0rd123!" \
-e "slack_webhook=https://hooks.slack.com/services/XXX/YYY/ZZZ"
# Check Sensu backend status
ssh sensu "sudo systemctl status sensu-backend"
# Check Sensu agent status
ssh web1 "sudo systemctl status sensu-agent"
# Test API connection
curl -u admin:P@ssw0rd123! http://sensu:8080/api/core/v2/entities
# Access web UI
# http://sensu:8080
# Check logs
sudo journalctl -u sensu-backend -f
# Check configuration
sudo sensu-backend config test
# Verify ports are not in use
sudo netstat -tlnp | grep 8080
# Check agent logs
sudo journalctl -u sensu-agent -f
# Test backend connectivity
telnet sensu-backend 8081
# Verify agent configuration
sudo cat /etc/sensu/agent.yml
# Test API authentication
curl -u admin:password http://localhost:8080/api/core/v2/users
# Check API logs
sudo tail -f /var/log/sensu/sensu-backend.log
We develop tailored automation solutions for:
Let’s discuss your requirements: office@linux-server-admin.com | Contact