Improved handling of changes to sensu::etc_dir

This handling only works with systemd based sytems, adds dependency on campotcamp/systemd Fix unit tests to work with latest Puppet 6 release
sensu · Oct 23, 2020 · bf0923e · bf0923e
1 parent 3239e64
commit bf0923e
Show file tree

Hide file tree

Showing 15 changed files with 178 additions and 30 deletions.
diff --git a/.fixtures-latest.yml b/.fixtures-latest.yml
@@ -30,5 +30,7 @@ fixtures:
       repo: git://github.com/voxpupuli/puppet-archive.git
     windows_env:
       repo: git://github.com/voxpupuli/puppet-windows_env.git
+    systemd:
+      repo: git://github.com/camptocamp/puppet-systemd.git
   symlinks:
     sensu: "#{source_dir}"
diff --git a/.fixtures.yml b/.fixtures.yml
@@ -42,5 +42,8 @@ fixtures:
     windows_env:
       repo: git://github.com/voxpupuli/puppet-windows_env.git
       ref: 'v3.0.0'
+    systemd:
+      repo: git://github.com/camptocamp/puppet-systemd.git
+      ref: '2.0.0'
   symlinks:
     sensu: "#{source_dir}"
diff --git a/README.md b/README.md
@@ -100,10 +100,11 @@ Beginning with Sensu Go 6, some changes to `agent.yml` will only bootstrap an ag
 If you wish to make changes to values such as `subscriptions`, `labels` or `annotations` after a host is added to Sensu this must be done
 via the Sensu Go API. To support this it's now required that agents have the ability to make API calls.
 
-In order to ensure agents can make API calls either via API or sensuctl the agent must be told about the admin password:
+In order to ensure agents can make API calls either via API or sensuctl the agent must be told about the admin password and API host:
 
 ```
 class { 'sensu':
+  api_host                     => 'sensu-backend.example.com',
   agent_entity_config_password => 'supersecret',
 }
 class { 'sensu::agent':
@@ -324,6 +325,10 @@ sensu::agent_entity_config_password: supersecret
 This module supports Windows Sensu Go agent via chocolatey beginning with version 5.12.0.
 
 ```puppet
+class { 'sensu':
+  api_host                     => 'sensu-backend.example.com',
+  agent_entity_config_password => 'supersecret',
+}
 class { 'sensu::agent':
   backends      => ['sensu-backend.example.com:8081'],
   subscriptions => ['windows'],
@@ -1220,6 +1225,8 @@ Examples can be found in the [examples](https://github.com/sensu/sensu-puppet/tr
 
 ## Limitations
 
+Changing `sensu::etc_dir` is only supported on systems using systemd.
+
 The type `sensu_user` does not at this time support `ensure => absent` due to a limitation with sensuctl, see [sensu-go#2540](https://github.com/sensu/sensu-go/issues/2540).
 
 When changing the `sensu::password` value, it's necessary to run Puppet on the backend first to update the `admin` password.

diff --git a/manifests/agent.pp b/manifests/agent.pp
@@ -35,6 +35,8 @@
 #   Sensu agent service ensure value.
 # @param service_enable
 #   Sensu agent service enable value.
+# @param service_path
+#   The path to sensu-agent service executable
 # @param config_hash
 #   Sensu agent configuration hash used to define agent.yml.
 # @param backends
@@ -81,6 +83,7 @@
   String $service_name = 'sensu-agent',
   String $service_ensure = 'running',
   Boolean $service_enable = true,
+  Stdlib::Absolutepath $service_path = '/usr/sbin/sensu-agent',
   Hash $config_hash = {},
   Optional[Array[Sensu::Backend_URL]] $backends = undef,
   String[1] $entity_name = $facts['networking']['fqdn'],
@@ -217,8 +220,8 @@
   # Only necessary for Puppet < 6.1.0,
   # See https://github.com/puppetlabs/puppet/commit/f8d5c60ddb130c6429ff12736bfdb4ae669a9fd4
   if versioncmp($facts['puppetversion'],'6.1.0') < 0 and $facts['service_provider'] == 'systemd' {
-    Package['sensu-go-agent'] ~> Exec['sensu systemctl daemon-reload']
-    Exec['sensu systemctl daemon-reload'] -> Service['sensu-agent']
+    Package['sensu-go-agent'] ~> Class['systemd::systemctl::daemon_reload']
+    Class['systemd::systemctl::daemon_reload']-> Service['sensu-agent']
   }
 
   package { 'sensu-go-agent':
@@ -281,6 +284,18 @@
     }
   }
 
+  if $facts['service_provider'] == 'systemd' {
+    systemd::dropin_file { 'sensu-agent-start.conf':
+      unit    => 'sensu-agent.service',
+      content => join([
+        '[Service]',
+        'ExecStart=',
+        "ExecStart=${service_path} start -c ${sensu::agent_config_path}",
+      ], "\n"),
+      notify  => Service['sensu-agent'],
+    }
+  }
+
   service { 'sensu-agent':
     ensure    => $service_ensure,
     enable    => $service_enable,

diff --git a/manifests/backend.pp b/manifests/backend.pp
@@ -22,6 +22,8 @@
 #   Sensu backend service ensure value.
 # @param service_enable
 #   Sensu backend service enable value.
+# @param service_path
+#   The path to sensu-backend service executable
 # @param state_dir
 #   Sensu backend state directory path.
 # @param config_hash
@@ -128,6 +130,7 @@
   String $service_name = 'sensu-backend',
   String $service_ensure = 'running',
   Boolean $service_enable = true,
+  Stdlib::Absolutepath $service_path = '/usr/sbin/sensu-backend',
   Stdlib::Absolutepath $state_dir = '/var/lib/sensu/sensu-backend',
   Hash $config_hash = {},
   Optional[String] $ssl_cert_source = $facts['puppet_hostcert'],
@@ -234,8 +237,8 @@
   # Only necessary for Puppet < 6.1.0,
   # See https://github.com/puppetlabs/puppet/commit/f8d5c60ddb130c6429ff12736bfdb4ae669a9fd4
   if versioncmp($facts['puppetversion'],'6.1.0') < 0 and $facts['service_provider'] == 'systemd' {
-    Package['sensu-go-backend'] ~> Exec['sensu systemctl daemon-reload']
-    Exec['sensu systemctl daemon-reload'] -> Service['sensu-backend']
+    Package['sensu-go-backend'] ~> Class['systemd::systemctl::daemon_reload']
+    Class['systemd::systemctl::daemon_reload']-> Service['sensu-backend']
   }
 
   sensu_user { 'admin':
@@ -352,6 +355,18 @@
     }
   }
 
+  if $facts['service_provider'] == 'systemd' {
+    systemd::dropin_file { 'sensu-backend-start.conf':
+      unit    => 'sensu-backend.service',
+      content => join([
+        '[Service]',
+        'ExecStart=',
+        "ExecStart=${service_path} start -c ${sensu::etc_dir}/backend.yml",
+      ], "\n"),
+      notify  => Service['sensu-backend'],
+    }
+  }
+
   service { 'sensu-backend':
     ensure    => $service_ensure,
     enable    => $service_enable,

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -149,9 +149,4 @@
 
   include sensu::resources
 
-  exec { 'sensu systemctl daemon-reload':
-    path        => '/usr/bin:/bin:/usr/sbin:/sbin',
-    command     => 'systemctl daemon-reload',
-    refreshonly => true,
-  }
 }
diff --git a/metadata.json b/metadata.json
@@ -19,6 +19,10 @@
     {
       "name": "puppetlabs/postgresql",
       "version_requirement": ">= 6.4.0 < 7.0.0"
+    },
+    {
+      "name": "camptocamp/systemd",
+      "version_requirement": ">= 2.0.0 < 3.0.0"
     }
   ],
   "operatingsystem_support": [

diff --git a/spec/acceptance/00_backend_spec.rb b/spec/acceptance/00_backend_spec.rb
@@ -92,6 +92,42 @@ class { 'sensu::backend':
     end
   end
 
+  context 'etc_dir change' do
+    it 'should work without errors' do
+      pp = <<-EOS
+      class { '::sensu':
+        etc_dir  => '/etc/sensugo',
+        password => 'supersecret',
+      }
+      class { 'sensu::backend':
+        config_hash => {
+          'agent-port' => 9081,
+        },
+      }
+      EOS
+
+      if RSpec.configuration.sensu_use_agent
+        site_pp = "node 'sensu-backend' { #{pp} }"
+        puppetserver = hosts_as('puppetserver')[0]
+        create_remote_file(puppetserver, "/etc/puppetlabs/code/environments/production/manifests/site.pp", site_pp)
+        on node, puppet("agent -t --detailed-exitcodes"), acceptable_exit_codes: [0,2]
+        on node, puppet("agent -t --detailed-exitcodes"), acceptable_exit_codes: [0]
+      else
+        # Run it twice and test for idempotency
+        apply_manifest_on(node, pp, :catch_failures => true)
+        apply_manifest_on(node, pp, :catch_changes  => true)
+      end
+    end
+
+    describe service('sensu-backend'), :node => node do
+      it { should be_enabled }
+      it { should be_running }
+    end
+    describe port(9081), :node => node do
+      it { should be_listening }
+    end
+  end
+
   context 'backend and agent' do
     it 'should work without errors' do
       pp = <<-EOS

diff --git a/spec/acceptance/01_agent_spec.rb b/spec/acceptance/01_agent_spec.rb
@@ -92,6 +92,56 @@ class { 'sensu::agent':
     end
   end
 
+  context 'etc_dir changed' do
+    it 'should work without errors' do
+      pp = <<-EOS
+      class { '::sensu':
+        etc_dir => '/etc/sensugo',
+      }
+      class { 'sensu::agent':
+        backends         => ['sensu-backend:8081'],
+        entity_name      => 'sensu-agent',
+        subscriptions    => ['base'],
+        labels           => { 'foo' => 'bar' },
+        annotations      => { 'contacts' => '[email protected]' },
+        config_hash      => {
+          'log-level' => 'info',
+          'keepalive-interval' => 30,
+          'api-port' => 4041,
+        }
+      }
+      sensu::agent::subscription { 'linux': }
+      sensu::agent::label { 'cpu.warning': value => '90' }
+      sensu::agent::label { 'cpu.critical': value => '95' }
+      sensu::agent::label { 'bar': value => 'baz2', redact => true }
+      sensu::agent::annotation { 'foobar': value => 'bar' }
+      sensu::agent::annotation { 'cpu.message': value => 'bar' }
+      sensu::agent::config_entry { 'keepalive-interval': value => 20 }
+      EOS
+
+      if RSpec.configuration.sensu_use_agent
+        site_pp = "node 'sensu-agent' { #{pp} }"
+        puppetserver = hosts_as('puppetserver')[0]
+        create_remote_file(puppetserver, "/etc/puppetlabs/code/environments/production/manifests/site.pp", site_pp)
+        on node, puppet("agent -t --detailed-exitcodes"), acceptable_exit_codes: [0,2]
+        on node, puppet("agent -t --detailed-exitcodes"), acceptable_exit_codes: [0]
+      else
+        # Run it twice and test for idempotency
+        apply_manifest_on(node, pp, :catch_failures => true)
+        apply_manifest_on(node, pp, :catch_changes  => true)
+      end
+    end
+
+    describe service('sensu-agent'), :node => node do
+      it { should be_enabled }
+      it { should be_running }
+    end
+
+    describe port(4041), :node => node do
+      it { should be_listening }
+    end
+  end
+
   context 'updates' do
     it 'should work without errors' do
       pp = <<-EOS

diff --git a/spec/classes/agent_spec.rb b/spec/classes/agent_spec.rb
@@ -38,11 +38,11 @@
 
         context 'on systemd host', if: (facts[:kernel] == 'Linux' && Puppet.version.to_s =~ %r{^5}) do
           let(:facts) { facts.merge({:service_provider => 'systemd'}) }
-          it { should contain_package('sensu-go-agent').that_notifies('Exec[sensu systemctl daemon-reload]') }
-          it { should contain_exec('sensu systemctl daemon-reload').that_comes_before('Service[sensu-agent]') }
+          it { should contain_package('sensu-go-agent').that_notifies('Class[systemd::systemctl::daemon_reload]') }
+          it { should contain_class('systemd::systemctl::daemon_reload').that_comes_before('Service[sensu-agent]') }
         end
-        it { should_not contain_package('sensu-go-agent').that_notifies('Exec[sensu systemctl daemon-reload]') }
-        it { should_not contain_exec('sensu systemctl daemon-reload').that_comes_before('Service[sensu-agent]') }
+        it { should_not contain_package('sensu-go-agent').that_notifies('Class[systemd::systemctl::daemon_reload]') }
+        it { should_not contain_class('systemd::systemctl::daemon_reload').that_comes_before('Service[sensu-agent]') }
 
         it {
           should contain_sensu_agent_entity_setup('puppet').with({
@@ -124,6 +124,18 @@
           it { should_not contain_file('sensu-agent_env_vars') }
         end
 
+        context 'systemd systems deploy dropin', if: facts[:kernel] == 'Linux' do
+          let(:facts) { facts.merge({:service_provider => 'systemd'}) }
+          it {
+            should contain_systemd__dropin_file('sensu-agent-start.conf').with({
+              'unit'    => 'sensu-agent.service',
+              'content' => %r{ExecStart=/usr/sbin/sensu-agent start -c #{platforms[facts[:osfamily]][:agent_config_path]}},
+              'notify'  => 'Service[sensu-agent]',
+            })
+          }
+        end
+        it { should_not contain_systemd__dropin_file('sensu-agent-start.conf') }
+
         it {
           should contain_service('sensu-agent').with({
             'ensure'    => 'running',

diff --git a/spec/classes/backend_spec.rb b/spec/classes/backend_spec.rb
@@ -24,11 +24,11 @@
 
         context 'on systemd host', if: Puppet.version.to_s =~ %r{^5} do
           let(:facts) { facts.merge({:service_provider => 'systemd'}) }
-          it { should contain_package('sensu-go-backend').that_notifies('Exec[sensu systemctl daemon-reload]') }
-          it { should contain_exec('sensu systemctl daemon-reload').that_comes_before('Service[sensu-backend]') }
+          it { should contain_package('sensu-go-backend').that_notifies('Class[systemd::systemctl::daemon_reload]') }
+          it { should contain_class('systemd::systemctl::daemon_reload').that_comes_before('Service[sensu-backend]') }
         end
-        it { should_not contain_package('sensu-go-backend').that_notifies('Exec[sensu systemctl daemon-reload]') }
-        it { should_not contain_exec('sensu systemctl daemon-reload').that_comes_before('Service[sensu-backend]') }
+        it { should_not contain_package('sensu-go-backend').that_notifies('Class[systemd::systemctl::daemon_reload]') }
+        it { should_not contain_class('systemd::systemctl::daemon_reload').that_comes_before('Service[sensu-backend]') }
 
         it { should have_sensu_user_resource_count(3) }
         it {
@@ -154,6 +154,18 @@
           it { should_not contain_file('sensu-backend_env_vars') }
         end
 
+        context 'systemd systems deploy dropin', if: facts[:kernel] == 'Linux' do
+          let(:facts) { facts.merge({:service_provider => 'systemd'}) }
+          it {
+            should contain_systemd__dropin_file('sensu-backend-start.conf').with({
+              'unit'    => 'sensu-backend.service',
+              'content' => %r{ExecStart=/usr/sbin/sensu-backend start -c /etc/sensu/backend.yml},
+              'notify'  => 'Service[sensu-backend]',
+            })
+          }
+        end
+        it { should_not contain_systemd__dropin_file('sensu-backend-start.conf') }
+
         it {
           should contain_service('sensu-backend').with({
             'ensure'    => 'running',

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -9,14 +9,6 @@
 
         it { should contain_class('sensu')}
         it { should contain_class('sensu::resources') }
-
-        it do
-          should contain_exec('sensu systemctl daemon-reload').with({
-            'path'        => '/usr/bin:/bin:/usr/sbin:/sbin',
-            'command'     => 'systemctl daemon-reload',
-            'refreshonly' => 'true',
-          })
-        end
       end
 
       context 'with use_ssl => false' do

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -33,6 +33,12 @@
     # facts being exercised with something like
     # Facter.collection.loader.load(:ipaddress)
     Facter.clear
+
+    # Ensure Puppet config initialization doesn't try and create directories that may not be writable
+    Puppet[:logdir] = '/tmp'
+    Puppet[:confdir] = '/tmp'
+    Puppet[:vardir] = '/tmp'
+    Puppet[:codedir] = '/tmp'
   end
   config.default_facts = {
     :environment               => 'rp_env',

diff --git a/spec/unit/facter/sensu_puppet_facts_spec.rb b/spec/unit/facter/sensu_puppet_facts_spec.rb
@@ -4,10 +4,6 @@
 describe SensuPuppetFacts do
   subject { SensuPuppetFacts }
   before(:each) do
-    Puppet[:logdir] = '/tmp'
-    Puppet[:confdir] = '/tmp'
-    Puppet[:vardir] = '/tmp'
-    Puppet[:codedir] = '/tmp'
     subject.add_facts
   end
   after(:each) do

diff --git a/tests/sensu-agent.pp b/tests/sensu-agent.pp
@@ -1,3 +1,6 @@
+class { 'sensu':
+  api_host => 'sensu-backend.example.com',
+}
 class { 'sensu::agent':
   backends => ['sensu-backend.example.com:8081'],
 }