sensu 0.23.3 → 0.24.0.beta

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2a163224e80319ffc8f609c822c4243991a86585
-  data.tar.gz: f5f24edd6a1f730516ba87a3911b8da6fc0c2a31
+  metadata.gz: cf29524e586ad648f83f891749f04ed9bb41d1f5
+  data.tar.gz: 651104b216bbc218bebfc51ec19e46563a32c093
 SHA512:
-  metadata.gz: 99e3e414e8b34e1b271c846c484c28433eedbc9aad76830c11eed1df07595d3715704216475edf3307d87f1b30105271e74a51d45671027f23efdf6e9d0f2457
-  data.tar.gz: b48247feeedbcc6cfd60e9fd719484ef2f08bd0bf7ad79e4533d08e634722f2d159ebc1558fae477f3c13ee238c145da9115068ebf1fff79d75d2ac25fba06b9
+  metadata.gz: ee318b81fcda3b1b714052000cad8c7fede926803f31f96dd52f33a461e42b4b840addce01b950139feca58f6583cc65ee9dd1e3e42dea257a94182ec0df2f50
+  data.tar.gz: cfeee1f970ae412bd090004b6f977026382f7806c2e520363c11731885fd3a8f218c2aa4c19214d4035fec22fd6b54de6c97d0f6f9c4eaaafe6c2e0cd99b29a2

data/CHANGELOG.md

@@ -1,3 +1,61 @@
+## 0.24.0 - TBD
+
+### Important
+
+Sensu check ["Aggregates 2.0"](https://github.com/sensu/sensu/issues/1218)
+breaks the existing Sensu API aggregate endpoints.
+
+Sensu API GET /health endpoint, failed health checks now respond with a
+`412` (preconditions failed) instead of a `503`.
+
+### Features
+
+Persistent Sensu event IDs, event occurrences for a client/check pair will
+now have the same event ID until the event is resolved.
+
+Added a CLI option/argument to cause the Sensu service to validate its
+compiled configuration settings and exit with the appropriate exit
+code, e.g. `2` for invalid. The CLI option is `--validate_config`. This
+feature is now used when restarting a Sensu service to first validate the
+new configuration before stopping the running service.
+
+Improved tracking of in progress check result processing, no longer
+potentially losing check results when restarting the Sensu server service.
+
+Event data check type now explicitly defaults to "standard".
+
+Check results for proxy clients (a.k.a JIT clients) will now have a check
+"origin" set to the client name of the result producer.
+
+Configurable Sensu Spawn concurrent child process limit (checks, mutators,
+& pipe handlers). The default limit is still `12` and the EventMachine
+threadpool size is automatically adjusted to accommodate a larger limit.
+
+Sensu check ["Aggregates 2.0"](https://github.com/sensu/sensu/issues/1218).
+
+Sensu client token substitution is now supported in every check definition
+attribute value, no longer just the check command.
+
+### Other
+
+Sensu API GET /health endpoint, failed health check now responds with a
+`412` (preconditions failed) instead of a `503`.
+
+Sensu API POST /clients endpoint can now create clients in the registry
+that are expected to produce keepalives, and validates clients with the
+Sensu Settings client definition validator.
+
+Updated Thin (used by Sensu API) to the latest version, 1.6.4.
+
+JrJackson is now used to parse JSON when Sensu is running on JRuby.
+
+The Sensu API now listens immediately on service start, even before it has
+successfully connected to Redis and the Sensu Transport. It will now
+respond with a `500` response, with a descriptive error message, when it
+has not yet initialized its connections or it is reconnecting to either
+Redis or the Sensu Transport. The API /info and /health endpoints will
+still respond normally while reconnecting.
+
 ## 0.23.3 - 2016-05-26
 
 ### Fixes

data/lib/sensu/api/process.rb

@@ -1,10 +1,11 @@
 require "sensu/daemon"
+require "sensu/api/validators"
 
 gem "sinatra", "1.4.6"
 gem "async_sinatra", "1.2.0"
 
 unless RUBY_PLATFORM =~ /java/
-  gem "thin", "1.6.3"
+  gem "thin", "1.6.4"
   require "thin"
 end
 
@@ -22,10 +23,9 @@ module Sensu
           bootstrap(options)
           setup_process(options)
           EM::run do
-            setup_connections do
-              start
-              setup_signal_traps
-            end
+            setup_connections
+            start
+            setup_signal_traps
           end
         end
 
@@ -84,8 +84,8 @@ module Sensu
         def stop
           @logger.warn("stopping")
           stop_server do
-            settings.redis.close if settings.redis
-            settings.transport.close if settings.transport
+            settings.redis.close if settings.respond_to?(:redis)
+            settings.transport.close if settings.respond_to?(:transport)
             super
           end
         end
@@ -124,11 +124,18 @@ module Sensu
           env["rack.input"].rewind
         end
 
-        def protected!
-          if settings.api[:user] && settings.api[:password]
-            return if !(settings.api[:user] && settings.api[:password]) || authorized?
-            headers["WWW-Authenticate"] = 'Basic realm="Restricted Area"'
-            unauthorized!
+        def connected?
+          if settings.respond_to?(:redis) && settings.respond_to?(:transport)
+            unless ["/info", "/health"].include?(env["REQUEST_PATH"])
+              unless settings.redis.connected?
+                not_connected!("not connected to redis")
+              end
+              unless settings.transport.connected?
+                not_connected!("not connected to transport")
+              end
+            end
+          else
+            not_connected!("redis and transport connections not initialized")
           end
         end
 
@@ -140,6 +147,22 @@ module Sensu
             @auth.credentials == [settings.api[:user], settings.api[:password]]
         end
 
+        def protected!
+          if settings.api[:user] && settings.api[:password]
+            return if authorized?
+            headers["WWW-Authenticate"] = 'Basic realm="Restricted Area"'
+            unauthorized!
+          end
+        end
+
+        def error!(body="")
+          throw(:halt, [500, body])
+        end
+
+        def not_connected!(message)
+          error!(Sensu::JSON.dump(:error => message))
+        end
+
         def bad_request!
           ahalt 400
         end
@@ -152,8 +175,8 @@ module Sensu
           ahalt 404
         end
 
-        def unavailable!
-          ahalt 503
+        def precondition_failed!
+          ahalt 412
         end
 
         def created!(response)
@@ -306,6 +329,7 @@ module Sensu
         settings.cors.each do |header, value|
           headers["Access-Control-Allow-#{header}"] = value
         end
+        connected?
         protected! unless env["REQUEST_METHOD"] == "OPTIONS"
       end
 
@@ -342,27 +366,27 @@ module Sensu
               healthy << (info[:keepalives][:messages] <= max_messages)
               healthy << (info[:results][:messages] <= max_messages)
             end
-            healthy.all? ? no_content! : unavailable!
+            healthy.all? ? no_content! : precondition_failed!
           end
         else
-          unavailable!
+          precondition_failed!
         end
       end
 
       apost "/clients/?" do
-        rules = {
-          :name => {:type => String, :nil_ok => false, :regex => /\A[\w\.-]+\z/},
-          :address => {:type => String, :nil_ok => false},
-          :subscriptions => {:type => Array, :nil_ok => false}
-        }
-        read_data(rules) do |data|
-          data[:keepalives] = false
+        read_data do |data|
+          data[:keepalives] = data.fetch(:keepalives, false)
           data[:version] = VERSION
           data[:timestamp] = Time.now.to_i
-          settings.redis.set("client:#{data[:name]}", Sensu::JSON.dump(data)) do
-            settings.redis.sadd("clients", data[:name]) do
-              created!(Sensu::JSON.dump(:name => data[:name]))
+          validator = Validators::Client.new
+          if validator.valid?(data)
+            settings.redis.set("client:#{data[:name]}", Sensu::JSON.dump(data)) do
+              settings.redis.sadd("clients", data[:name]) do
+                created!(Sensu::JSON.dump(:name => data[:name]))
+              end
             end
+          else
+            bad_request!
           end
         end
       end
@@ -582,102 +606,172 @@ module Sensu
       end
 
       aget "/aggregates/?" do
-        response = Array.new
-        settings.redis.smembers("aggregates") do |checks|
-          unless checks.empty?
-            checks.each_with_index do |check_name, index|
-              settings.redis.smembers("aggregates:#{check_name}") do |aggregates|
-                aggregates.reverse!
-                aggregates.map! do |issued|
-                  issued.to_i
+        settings.redis.smembers("aggregates") do |aggregates|
+          aggregates.map! do |aggregate|
+            {:name => aggregate}
+          end
+          body Sensu::JSON.dump(aggregates)
+        end
+      end
+
+      aget %r{^/aggregates/([\w\.-]+)/?$} do |aggregate|
+        response = {
+          :clients => 0,
+          :checks => 0,
+          :results => {
+            :ok => 0,
+            :warning => 0,
+            :critical => 0,
+            :unknown => 0,
+            :total => 0,
+            :stale => 0
+          }
+        }
+        settings.redis.smembers("aggregates:#{aggregate}") do |aggregate_members|
+          unless aggregate_members.empty?
+            clients = []
+            checks = []
+            results = []
+            aggregate_members.each_with_index do |member, index|
+              client_name, check_name = member.split(":")
+              clients << client_name
+              checks << check_name
+              result_key = "result:#{client_name}:#{check_name}"
+              settings.redis.get(result_key) do |result_json|
+                unless result_json.nil?
+                  results << Sensu::JSON.load(result_json)
+                else
+                  settings.redis.srem("aggregates:#{aggregate}", member)
                 end
-                item = {
-                  :check => check_name,
-                  :issued => aggregates
-                }
-                response << item
-                if index == checks.length - 1
+                if index == aggregate_members.length - 1
+                  response[:clients] = clients.uniq.length
+                  response[:checks] = checks.uniq.length
+                  max_age = integer_parameter(params[:max_age])
+                  if max_age
+                    result_count = results.length
+                    timestamp = Time.now.to_i - max_age
+                    results.reject! do |result|
+                      result[:executed] < timestamp
+                    end
+                    response[:results][:stale] = result_count - results.length
+                  end
+                  response[:results][:total] = results.length
+                  results.each do |result|
+                    severity = (SEVERITIES[result[:status]] || "unknown")
+                    response[:results][severity.to_sym] += 1
+                  end
                   body Sensu::JSON.dump(response)
                 end
               end
             end
           else
-            body Sensu::JSON.dump(response)
+            not_found!
           end
         end
       end
 
-      aget %r{^/aggregates/([\w\.-]+)/?$} do |check_name|
-        settings.redis.smembers("aggregates:#{check_name}") do |aggregates|
-          unless aggregates.empty?
-            aggregates.reverse!
-            aggregates.map! do |issued|
-              issued.to_i
-            end
-            age = integer_parameter(params[:age])
-            if age
-              timestamp = Time.now.to_i - age
-              aggregates.reject! do |issued|
-                issued > timestamp
+      adelete %r{^/aggregates/([\w\.-]+)/?$} do |aggregate|
+        settings.redis.smembers("aggregates") do |aggregates|
+          if aggregates.include?(aggregate)
+            settings.redis.srem("aggregates", aggregate) do
+              settings.redis.del("aggregates:#{aggregate}") do
+                no_content!
               end
             end
-            body Sensu::JSON.dump(pagination(aggregates))
           else
             not_found!
           end
         end
       end
 
-      adelete %r{^/aggregates/([\w\.-]+)/?$} do |check_name|
-        settings.redis.smembers("aggregates:#{check_name}") do |aggregates|
-          unless aggregates.empty?
-            aggregates.each do |check_issued|
-              result_set = "#{check_name}:#{check_issued}"
-              settings.redis.del("aggregation:#{result_set}")
-              settings.redis.del("aggregate:#{result_set}")
+      aget %r{^/aggregates/([\w\.-]+)/clients/?$} do |aggregate|
+        response = Array.new
+        settings.redis.smembers("aggregates:#{aggregate}") do |aggregate_members|
+          unless aggregate_members.empty?
+            clients = Hash.new
+            aggregate_members.each do |member|
+              client_name, check_name = member.split(":")
+              clients[client_name] ||= []
+              clients[client_name] << check_name
             end
-            settings.redis.del("aggregates:#{check_name}") do
-              settings.redis.srem("aggregates", check_name) do
-                no_content!
-              end
+            clients.each do |client_name, checks|
+              response << {
+                :name => client_name,
+                :checks => checks
+              }
             end
+            body Sensu::JSON.dump(response)
           else
             not_found!
           end
         end
       end
 
-      aget %r{^/aggregates?/([\w\.-]+)/([\w\.-]+)/?$} do |check_name, check_issued|
-        result_set = "#{check_name}:#{check_issued}"
-        settings.redis.hgetall("aggregate:#{result_set}") do |aggregate|
-          unless aggregate.empty?
-            response = aggregate.inject(Hash.new) do |totals, (status, count)|
-              totals[status] = Integer(count)
-              totals
+      aget %r{^/aggregates/([\w\.-]+)/checks/?$} do |aggregate|
+        response = Array.new
+        settings.redis.smembers("aggregates:#{aggregate}") do |aggregate_members|
+          unless aggregate_members.empty?
+            checks = Hash.new
+            aggregate_members.each do |member|
+              client_name, check_name = member.split(":")
+              checks[check_name] ||= []
+              checks[check_name] << client_name
             end
-            settings.redis.hgetall("aggregation:#{result_set}") do |results|
-              parsed_results = results.inject(Array.new) do |parsed, (client_name, check_json)|
-                check = Sensu::JSON.load(check_json)
-                parsed << check.merge(:client => client_name)
-              end
-              if params[:summarize]
-                options = params[:summarize].split(",")
-                if options.include?("output")
-                  outputs = Hash.new(0)
-                  parsed_results.each do |result|
-                    outputs[result[:output]] += 1
+            checks.each do |check_name, clients|
+              response << {
+                :name => check_name,
+                :clients => clients
+              }
+            end
+            body Sensu::JSON.dump(response)
+          else
+            not_found!
+          end
+        end
+      end
+
+      aget %r{^/aggregates/([\w\.-]+)/results/([\w\.-]+)/?$} do |aggregate, severity|
+        response = Array.new
+        if SEVERITIES.include?(severity)
+          settings.redis.smembers("aggregates:#{aggregate}") do |aggregate_members|
+            unless aggregate_members.empty?
+              summaries = Hash.new
+              max_age = integer_parameter(params[:max_age])
+              current_timestamp = Time.now.to_i
+              aggregate_members.each_with_index do |member, index|
+                client_name, check_name = member.split(":")
+                result_key = "result:#{client_name}:#{check_name}"
+                settings.redis.get(result_key) do |result_json|
+                  unless result_json.nil?
+                    result = Sensu::JSON.load(result_json)
+                    if SEVERITIES[result[:status]] == severity &&
+                        (max_age.nil? || result[:executed] >= (current_timestamp - max_age))
+                      summaries[check_name] ||= {}
+                      summaries[check_name][result[:output]] ||= {:total => 0, :clients => []}
+                      summaries[check_name][result[:output]][:total] += 1
+                      summaries[check_name][result[:output]][:clients] << client_name
+                    end
+                  end
+                  if index == aggregate_members.length - 1
+                    summaries.each do |check_name, outputs|
+                      summary = outputs.map do |output, output_summary|
+                        {:output => output}.merge(output_summary)
+                      end
+                      response << {
+                        :check => check_name,
+                        :summary => summary
+                      }
+                    end
+                    body Sensu::JSON.dump(response)
                   end
-                  response[:outputs] = outputs
                 end
               end
-              if params[:results]
-                response[:results] = parsed_results
-              end
-              body Sensu::JSON.dump(response)
+            else
+              not_found!
             end
-          else
-            not_found!
           end
+        else
+          bad_request!
         end
       end
 

data/lib/sensu/api/validators.rb

@@ -0,0 +1,37 @@
+require "sensu/settings/rules"
+require "sensu/settings/validators/client"
+
+module Sensu
+  module API
+    module Validators
+      # The error class for validation.
+      class Invalid < RuntimeError; end
+
+      class Client
+        # Include Sensu Settings rules and client validator.
+        include Sensu::Settings::Rules
+        include Sensu::Settings::Validators::Client
+
+        # Determine if a client definition is valid.
+        #
+        # @param client [Hash]
+        # @return [TrueClass, FalseClass]
+        def valid?(client)
+          validate_client(client)
+          true
+        rescue Invalid
+          false
+        end
+
+        private
+
+        # This method is called when `validate_client()` encounters an
+        # invalid definition object. This method raises an exception
+        # to be caught by `valid?()`.
+        def invalid(*arguments)
+          raise Invalid
+        end
+      end
+    end
+  end
+end

data/lib/sensu/cli.rb

@@ -26,6 +26,9 @@ module Sensu
         opts.on("-d", "--config_dir DIR[,DIR]", "DIR or comma-delimited DIR list for Sensu JSON config files") do |dir|
           options[:config_dirs] = dir.split(",")
         end
+        opts.on("--validate_config", "Validate the compiled configuration and exit") do
+          options[:validate_config] = true
+        end
         opts.on("-P", "--print_config", "Print the compiled configuration and exit") do
           options[:print_config] = true
         end

data/lib/sensu/client/process.rb

@@ -99,12 +99,40 @@ module Sensu
         end
       end
 
+      # Perform token substitution for an object. String values are
+      # passed to `substitute_tokens()`, arrays and sub-hashes are
+      # processed recursively. Numeric values are ignored.
+      #
+      # @param object [Object]
+      # @return	[Array] containing the updated object with substituted
+      #   values and an array of unmatched tokens.
+      def object_substitute_tokens(object)
+        unmatched_tokens = []
+        case object
+        when Hash
+          object.each do |key, value|
+            object[key], unmatched = object_substitute_tokens(value)
+            unmatched_tokens.push(*unmatched)
+          end
+        when Array
+          object.map! do |value|
+            value, unmatched = object_substitute_tokens(value)
+            unmatched_tokens.push(*unmatched)
+            value
+          end
+        when String
+          object, unmatched_tokens = substitute_tokens(object, @settings[:client])
+        end
+        [object, unmatched_tokens.uniq]
+      end
+
       # Execute a check command, capturing its output (STDOUT/ERR),
       # exit status code, execution duration, timestamp, and publish
       # the result. This method guards against multiple executions for
-      # the same check. Check command tokens are substituted with the
-      # associated client attribute values. If there are unmatched
-      # check command tokens, the check command will not be executed,
+      # the same check. Check attribute value tokens are substituted
+      # with the associated client attribute values, via
+      # `object_substitute_tokens()`. If there are unmatched check
+      # attribute value tokens, the check will not be executed,
       # instead a check result will be published reporting the
       # unmatched tokens.
       #
@@ -113,11 +141,11 @@ module Sensu
         @logger.debug("attempting to execute check command", :check => check)
         unless @checks_in_progress.include?(check[:name])
           @checks_in_progress << check[:name]
-          command, unmatched_tokens = substitute_tokens(check[:command], @settings[:client])
+          check, unmatched_tokens = object_substitute_tokens(check)
           if unmatched_tokens.empty?
-            check[:executed] = Time.now.to_i
             started = Time.now.to_f
-            Spawn.process(command, :timeout => check[:timeout]) do |output, status|
+            check[:executed] = started.to_i
+            Spawn.process(check[:command], :timeout => check[:timeout]) do |output, status|
               check[:duration] = ("%.3f" % (Time.now.to_f - started)).to_f
               check[:output] = output
               check[:status] = status

data/lib/sensu/constants.rb

@@ -1,7 +1,7 @@
 module Sensu
   unless defined?(Sensu::VERSION)
     # Sensu release version.
-    VERSION = "0.23.3".freeze
+    VERSION = "0.24.0.beta".freeze
 
     # Sensu check severities.
     SEVERITIES = %w[ok warning critical unknown].freeze