sensu 0.21.0 → 0.22.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e7241998f1b395c09ed021c94e1391de71b1a1b3
-  data.tar.gz: 8ed7240bf31290a27826d17584a6e13f3ebe1e56
+  metadata.gz: cc83c24129d23bc39b4f06d48b7cdba8abf0f851
+  data.tar.gz: 6aca4babe99fb2e63e610204532322af7714f726
 SHA512:
-  metadata.gz: 46e0e42fb84c441414534f9f40fd2074cc90ee66964ebef97c72184b2af6c034244686f89d914ef21b70c527638dac7163f2e2049d760f28ef807152d8400dea
-  data.tar.gz: f9effb8a3907bf25952761c07a058e2df972c43454fe1256086e5c41e11266e4736e9c0a454d70934b00acb55499192632245096764314c968b6e4412f39ad97
+  metadata.gz: dae436f84c219b052231da1d79be00a829f312c823020fa9e6c535555c1995ed69fec6c051da467ec3f7a8633333f1365b068e13f68da007d82f34e56a43af93
+  data.tar.gz: a164bcfc4ce2673eb3fafd41276d7074659893864f634de39a2832435f01469a4a3e49424ccd25ab5dc5d82b57aed7d86ffe3d5deb4d11404a310ece5c7c43f5

data/CHANGELOG.md

@@ -1,5 +1,44 @@
+## 0.22.0 - 2016-01-29
+
+### Features
+
+Client registration events are optionally created and processed (handled,
+etc.) when a client is first added to the client registry. To enable this
+functionality, configure a "registration" handler definition on Sensu
+server(s), or define a client specific registration handler in the client
+definition, e.g. `{"client": "registration": {"handler": "debug"}}`.
+
+Client auto de-registration on sensu-client process stop is now supported
+by the Sensu package init script. Setting `CLIENT_DEREGISTER_ON_STOP=true`
+and `CLIENT_DEREGISTER_HANDLER=example` in `/etc/default/sensu` will cause
+the Sensu client to publish a check result to trigger the event handler
+named "example", before its process stops.
+
+Added support for Sensu client signatures, used to sign client keepalive
+and check result transport messages, for the purposes of source
+(publisher) verification. The client definition attribute "signature" is
+used to set the client signature, e.g. `"signature": "6zvyb8lm7fxcs7yw"`.
+A client signature can only be set once, the client must be deleted from
+the registry before its signature can be changed or removed. Client
+keepalives and check results that are not signed with the correct
+signature are logged (warn) and discarded. This feature is NOT a
+replacement for existing and proven security measures.
+
+The Sensu plugin installation tool, `sensu-install`, will no longer
+install a plugin if a or specified version has already been installed.
+
+The Sensu client socket now supports UTF-8 encoding.
+
 ## 0.21.0 - 2015-11-13
 
+### Important
+
+Using the Sensu embedded Ruby for Sensu checks, mutators, and handlers has
+become a common practice. The Sensu 0.21 packages changed the default
+value of `EMBEDDED_RUBY` from `false` to `true`, allowing Sensu plugins to
+use the embedded Ruby by default. This change makes it easier to get
+started with Sensu.
+
 ### Features
 
 Added a Sensu plugin installation tool, `sensu-install`, making it easier

data/exe/sensu-install

@@ -36,36 +36,60 @@ module Sensu
         puts "[SENSU-INSTALL] #{message}"
       end
 
+      def plugin_gem_installed?(raw_gem, options={})
+        log "determining if Sensu plugin gem '#{raw_gem}' is already installed ..."
+        gem_name, gem_version = raw_gem.split(":")
+        gem_command = "gem list -i #{gem_name}"
+        gem_command << " --version '#{gem_version}'" if gem_version
+        log gem_command if options[:verbose]
+        if system(gem_command)
+          log "Sensu plugin gem '#{gem_name}' has already been installed"
+          true
+        else
+          log "Sensu plugin gem '#{gem_name}' has not been installed" if options[:verbose]
+          false
+        end
+      end
+
+      def install_plugin_gem(raw_gem, options={})
+        log "installing Sensu plugin gem '#{raw_gem}'"
+        gem_name, gem_version = raw_gem.split(":")
+        gem_command = "gem install #{gem_name}"
+        gem_command << " --version '#{gem_version}'" if gem_version
+        gem_command << " --no-ri --no-rdoc"
+        gem_command << " --verbose" if options[:verbose]
+        gem_command << " --source #{options[:source]}" if options[:source]
+        log gem_command if options[:verbose]
+        unless system(gem_command)
+          log "failed to install Sensu plugin gem '#{gem_name}'"
+          log "you can run the sensu-install command again with --verbose for more info" unless options[:verbose]
+          log "please take note of any failure messages above"
+          log "make sure you have build tools installed (e.g. gcc)"
+          log "trying to determine the Sensu plugin homepage for #{gem_name} ..."
+          system("gem specification #{gem_name} -r | grep homepage")
+          exit 2
+        end
+      end
+
       def install_plugins(plugins, options={})
         log "installing Sensu plugins ..."
         log "provided Sensu plugins: #{plugins}" if options[:verbose]
-        gems = plugins.map do |plugin|
+        plugin_gems = plugins.map do |plugin|
           if plugin.start_with?("sensu-plugins-")
             plugin
           else
             "sensu-plugins-#{plugin}"
           end
         end
-        log "Sensu plugin gems to be installed: #{gems}" if options[:verbose]
-        gem_options = "--no-ri --no-rdoc"
-        gem_options << " --verbose" if options[:verbose]
-        gem_options << " --source #{options[:source]}" if options[:source]
-        gems.each do |gem|
-          log "installing Sensu plugin gem: #{gem}"
-          gem_command = "gem install #{gem} #{gem_options}"
-          log gem_command if options[:verbose]
-          unless system(gem_command)
-            log "failed to install Sensu plugin gem: #{gem}"
-            log "you can run the sensu-install command again with --verbose for more info" unless options[:verbose]
-            log "please take note of any failure messages above"
-            log "make sure you have build tools installed (e.g. gcc)"
-            log "trying to determine Sensu plugin homepage for #{gem} ..."
-            clean_gem = gem.split(":").first
-            system("gem specification #{clean_gem} -r | grep homepage")
-            exit 2
-          end
+        log "compiled Sensu plugin gems: #{plugin_gems}" if options[:verbose]
+        plugin_gems.reject! do |raw_gem|
+          plugin_gem_installed?(raw_gem, options)
+        end
+        log "Sensu plugin gems to be installed: #{plugin_gems}"
+        plugin_gems.each do |raw_gem|
+          install_plugin_gem(raw_gem, options)
         end
-        log "successfully install Sensu plugins: #{plugins}"
+        log "successfully installed Sensu plugins: #{plugins}"
       end
 
       def run

data/lib/sensu/api/process.rb

@@ -449,6 +449,7 @@ module Sensu
                     settings.logger.info("deleting client from registry", :client_name => client_name)
                     settings.redis.srem("clients", client_name) do
                       settings.redis.del("client:#{client_name}")
+                      settings.redis.del("client:#{client_name}:signature")
                       settings.redis.del("events:#{client_name}")
                       settings.redis.smembers("result:#{client_name}") do |checks|
                         checks.each do |check_name|

data/lib/sensu/client/process.rb

@@ -77,7 +77,9 @@ module Sensu
       # check result is composed of a client (name) and a check
       # definition, containing check `:output` and `:status`. JSON
       # serialization is used when publishing the check result payload
-      # to the transport pipe. Transport errors are logged.
+      # to the transport pipe. The check result is signed with the
+      # client signature if configured, for source validation.
+      # Transport errors are logged.
       #
       # @param check [Hash]
       def publish_check_result(check)
@@ -85,6 +87,7 @@ module Sensu
           :client => @settings[:client][:name],
           :check => check
         }
+        payload[:signature] = @settings[:client][:signature] if @settings[:client][:signature]
         @logger.info("publishing check result", :payload => payload)
         @transport.publish(:direct, "results", MultiJson.dump(payload)) do |info|
           if info[:error]

data/lib/sensu/client/socket.rb

@@ -141,9 +141,7 @@ module Sensu
           :client => @settings[:client][:name],
           :check => check.merge(:issued => Time.now.to_i)
         }
-        @logger.info("publishing check result", {
-          :payload => payload
-        })
+        @logger.info("publishing check result", :payload => payload)
         @transport.publish(:direct, "results", MultiJson.dump(payload))
       end
 
@@ -186,16 +184,14 @@ module Sensu
       #
       # @param [String] data to be processed.
       def process_data(data)
-        if data.bytes.find { |char| char > 0x80 }
-          @logger.warn("socket received non-ascii characters")
-          respond("invalid")
-        elsif data.strip == "ping"
+        if data.strip == "ping"
           @logger.debug("socket received ping")
           respond("pong")
         else
-          @logger.debug("socket received data", {
-            :data => data
-          })
+          @logger.debug("socket received data", :data => data)
+          unless valid_utf8?(data)
+            @logger.warn("data from socket is not a valid UTF-8 sequence, processing it anyways", :data => data)
+          end
           begin
             parse_check_result(data)
           rescue => error
@@ -208,6 +204,20 @@ module Sensu
         end
       end
 
+      # Tests if the argument (data) is a valid UTF-8 sequence.
+      #
+      # @param [String] data to be tested.
+      def valid_utf8?(data)
+        utf8_string_pattern = /\A([\x00-\x7f]|
+                                  [\xc2-\xdf][\x80-\xbf]|
+                                  \xe0[\xa0-\xbf][\x80-\xbf]|
+                                  [\xe1-\xef][\x80-\xbf]{2}|
+                                  \xf0[\x90-\xbf][\x80-\xbf]{2}|
+                                  [\xf1-\xf7][\x80-\xbf]{3})*\z/nx
+        data = data.force_encoding('BINARY') if data.respond_to?(:force_encoding)
+        return data =~ utf8_string_pattern
+      end
+
       # This method is called whenever data is received. For UDP, it
       # will only be called once, the original data length can be
       # expected. For TCP, this method may be called several times, data

data/lib/sensu/constants.rb

@@ -1,7 +1,7 @@
 module Sensu
   unless defined?(Sensu::VERSION)
     # Sensu release version.
-    VERSION = "0.21.0"
+    VERSION = "0.22.0"
 
     # Sensu check severities.
     SEVERITIES = %w[ok warning critical unknown]

data/lib/sensu/daemon.rb

@@ -4,7 +4,7 @@ gem "multi_json", "1.11.2"
 gem "eventmachine", "1.0.8"
 
 gem "sensu-logger", "1.1.0"
-gem "sensu-settings", "3.1.0"
+gem "sensu-settings", "3.3.0"
 gem "sensu-extension", "1.3.0"
 gem "sensu-extensions", "1.4.0"
 gem "sensu-transport", "3.3.0"

data/lib/sensu/server/process.rb

@@ -37,19 +37,102 @@ module Sensu
         @handling_event_count = 0
       end
 
+      # Create a registration check definition for a client. Client
+      # definitions may contain `:registration` configuration,
+      # containing custom attributes and handler information. By
+      # default, the registration check definition sets the `:handler`
+      # to `registration`. If the client provides its own
+      # `:registration` configuration, it's deep merged with the
+      # defaults. The check `:name`, `:output`, `:status`, `:issued`,
+      # and `:executed` values are always overridden to guard against
+      # an invalid definition.
+      def create_registration_check(client)
+        check = {:handler => "registration"}
+        if client.has_key?(:registration)
+          check = deep_merge(check, client[:registration])
+        end
+        timestamp = Time.now.to_i
+        overrides = {
+          :name => "registration",
+          :output => "new client registration",
+          :status => 1,
+          :issued => timestamp,
+          :executed => timestamp
+        }
+        check.merge(overrides)
+      end
+
+      # Create and process a client registration event. A registration
+      # event is created when a Sensu client is first added to the
+      # client registry. The `create_registration_check()` method is
+      # called to create a registration check definition for the
+      # client.
+      #
+      # @param client [Hash] definition.
+      def create_client_registration_event(client)
+        event = {
+          :id => random_uuid,
+          :client => client,
+          :check => create_registration_check(client),
+          :occurrences => 1,
+          :action => :create,
+          :timestamp => Time.now.to_i
+        }
+        process_event(event)
+      end
+
+      # Process an initial client registration, when it is first added
+      # to the client registry. If a registration handler is defined
+      # or the client specifies one, a client registration event is
+      # created and processed (handled, etc.) for the client
+      # (`create_client_registration_event()`).
+      #
+      # @param client [Hash] definition.
+      def process_client_registration(client)
+        if @settings.handler_exists?("registration") || client[:registration]
+          create_client_registration_event(client)
+        end
+      end
+
       # Update the Sensu client registry, stored in Redis. Sensu
       # client data is used to provide additional event context and
-      # enable agent health monitoring. JSON serialization is used for
-      # the client data.
+      # enable agent health monitoring. The client registry supports
+      # client signatures, unique string identifiers used for
+      # keepalive and result source verification. If a client has a
+      # signature, all further registry updates for the client must
+      # have the same signature. A client can begin to use a signature
+      # if one was not previously configured. JSON serialization is
+      # used for the stored client data.
       #
       # @param client [Hash]
-      # @param callback [Proc] to call after the the client data has
-      #   been added to (or updated) the registry.
+      # @param callback [Proc] to call with the success status
+      # (true/false) indicating if the client data has been added to
+      # (or updated) the registry or discarded due to client signature
+      # mismatch.
       def update_client_registry(client, &callback)
         @logger.debug("updating client registry", :client => client)
-        @redis.set("client:#{client[:name]}", MultiJson.dump(client)) do
-          @redis.sadd("clients", client[:name]) do
-            callback.call(client)
+        client_key = "client:#{client[:name]}"
+        signature_key = "#{client_key}:signature"
+        @redis.setnx(signature_key, client[:signature]) do |created|
+          process_client_registration(client) if created
+          @redis.get(signature_key) do |signature|
+            if signature.empty? && client[:signature]
+              @redis.set(signature_key, client[:signature])
+            end
+            if signature.empty? || (client[:signature] == signature)
+              @redis.set(client_key, MultiJson.dump(client)) do
+                @redis.sadd("clients", client[:name]) do
+                  callback.call(true) if callback
+                end
+              end
+            else
+              @logger.warn("invalid client signature", {
+                :client => client,
+                :signature => signature
+              })
+              @logger.warn("not updating client in the registry", :client => client)
+              callback.call(false) if callback
+            end
           end
         end
       end
@@ -381,13 +464,17 @@ module Sensu
           :keepalives => false,
           :version => VERSION
         }
-        update_client_registry(client, &callback)
+        update_client_registry(client) do
+          callback.call(client)
+        end
       end
 
       # Retrieve a client (data) from Redis if it exists. If a client
       # does not already exist, create one (a blank) using the
       # `client_key` as the client name. Dynamically create client
-      # data can be updated using the API (POST /clients/:client).
+      # data can be updated using the API (POST /clients/:client). If
+      # a client does exist and it has a client signature, the check
+      # result must have a matching signature or it is discarded.
       #
       # @param result [Hash] data.
       # @param callback [Proc] to be called with client data, either
@@ -397,7 +484,19 @@ module Sensu
         @redis.get("client:#{client_key}") do |client_json|
           unless client_json.nil?
             client = MultiJson.load(client_json)
-            callback.call(client)
+            if client[:signature]
+              if client[:signature] == result[:signature]
+                callback.call(client)
+              else
+                @logger.warn("invalid check result signature", {
+                  :result => result,
+                  :client => client
+                })
+                @logger.warn("not retrieving client from the registry", :result => result)
+              end
+            else
+              callback.call(client)
+            end
           else
             create_client(client_key, &callback)
           end
@@ -572,9 +671,11 @@ module Sensu
 
       # Publish a check result to the transport for processing. A
       # check result is composed of a client name and a check
-      # definition, containing check `:output` and `:status`. JSON
-      # serialization is used when publishing the check result payload
-      # to the transport pipe. Transport errors are logged.
+      # definition, containing check `:output` and `:status`. A client
+      # signature is added to the check result payload if one is
+      # registered for the client. JSON serialization is used when
+      # publishing the check result payload to the transport pipe.
+      # Transport errors are logged.
       #
       # @param client_name [String]
       # @param check [Hash]
@@ -583,13 +684,16 @@ module Sensu
           :client => client_name,
           :check => check
         }
-        @logger.debug("publishing check result", :payload => payload)
-        @transport.publish(:direct, "results", MultiJson.dump(payload)) do |info|
-          if info[:error]
-            @logger.error("failed to publish check result", {
-              :payload => payload,
-              :error => info[:error].to_s
-            })
+        @redis.get("client:#{client_name}:signature") do |signature|
+          payload[:signature] = signature if signature
+          @logger.debug("publishing check result", :payload => payload)
+          @transport.publish(:direct, "results", MultiJson.dump(payload)) do |info|
+            if info[:error]
+              @logger.error("failed to publish check result", {
+                :payload => payload,
+                :error => info[:error].to_s
+              })
+            end
           end
         end
       end

data/sensu.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |s|
   s.add_dependency "uuidtools", "2.1.5"
   s.add_dependency "eventmachine", "1.0.8"
   s.add_dependency "sensu-logger", "1.1.0"
-  s.add_dependency "sensu-settings", "3.1.0"
+  s.add_dependency "sensu-settings", "3.3.0"
   s.add_dependency "sensu-extension", "1.3.0"
   s.add_dependency "sensu-extensions", "1.4.0"
   s.add_dependency "sensu-transport", "3.3.0"
@@ -31,6 +31,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency "rake", "~> 10.3"
   s.add_development_dependency "rspec", "~> 3.0.0"
   s.add_development_dependency "em-http-request", "~> 1.1"
+  s.add_development_dependency "addressable", "2.3.8"
 
   s.files         = Dir.glob("{exe,lib}/**/*") + %w[sensu.gemspec README.md CHANGELOG.md MIT-LICENSE.txt]
   s.executables   = s.files.grep(%r{^exe/}) { |file| File.basename(file) }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sensu
 version: !ruby/object:Gem::Version
-  version: 0.21.0
+  version: 0.22.0
 platform: ruby
 authors:
 - Sean Porter
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2015-11-13 00:00:00.000000000 Z
+date: 2016-01-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -73,14 +73,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.3.0
 - !ruby/object:Gem::Dependency
   name: sensu-extension
   requirement: !ruby/object:Gem::Requirement
@@ -235,6 +235,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.3.8
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.3.8
 description: A monitoring framework that aims to be simple, malleable, and scalable.
 email:
 - portertech@gmail.com