Updates Sensu Upgrade Notes

Reposerver Notes.md

@@ -22,8 +22,8 @@ rpm --import 'name of key'
 # list the gpg key in the RPM database
 rpm -qa 'name of key'*
 
-# visit site to view original hash of package via URL in this example for Sensu 6.4.3; then download package
-wget https://packagecloud.io/sensu/stable/packages/el/7/sensu-go-agent-6.4.3-5016.x86_64.rpm/download.rpm
+# visit site to view original hash of package via URL in this example for Sensu Go Agent 6.7; then download package
+wget --content-disposition https://packagecloud.io/sensu/stable/packages/el/7/sensu-go-agent-6.7.0-6196.x86_64.rpm/download.rpm
 
 # validate package signature with name of the package downloaded
 rpm -K 'name of package'
@@ -31,10 +31,7 @@ rpm -K 'name of package'
 # validate SHA256 integrity hash and match hash with vendor
 sha256sum 'name of package'
 
-# rename package with proper name from vendor
-cp 'name of package' 'new name of package to match vendor with .rpm'
-
-# cleanup old GPGKey associated with package after SHA256 passed and old package
+# cleanup old GPGKey associated with package after SHA256 passed and previous version of package - keep the current package version in Repo
 rm -rf 'name of key' && rm -rf 'name of package'
 ```
 

Sensu Notes.md → Sensu Go Notes.md

@@ -14,7 +14,10 @@ sudo -i
 vim /etc/sensu/conf.d/sensu_license.json
 chown sensu: /etc/sensu/conf.d/sensu_license.json
 chmod 600 /etc/sensu/conf.d/sensu_license.json
-vim /root/sensu-password  # see vault engineering/sensu/sensu-prod
+
+# see vault engineering/sensu/sensu-prod
+vim /root/sensu-password 
+
 sensuctl configure -n --username 'admin' --password $( cat /root/sensu-password ) --namespace default --insecure-skip-tls-verify --url 'https://127.0.0.1:8080' 
 sensuctl license info
 sensuctl create --file /etc/sensu/conf.d/sensu_license.json
@@ -25,44 +28,46 @@ echo "" > /root/sensu-password
 
 ## Sensu Upgrade
 - Upgrade Notes moved to [Sensu Upgrade Notes](Sensu%20Upgrade%20Notes.md)
+
 ## OIDC Okta Auth
 ---
-type: oidc
-api_version: authentication/v2
-metadata:
-  name: oidc_okta
-spec:
-  additional_scopes:
-  - groups
-  - email
-  client_id: 0oa2qxyf3q0DC6Dj2297
-  client_secret: 'PUT CLIENT SECRET HERE'
-  redirect_uri: https://sensu.pvt.xdrtest.accenturefederalcyber.com:8080/api/enterprise/authentication/v2/oidc/callback
-  server: https://mdr-multipass.okta.com
-  groups_claim: groups
-  groups_prefix: 'okta:'
-  username_claim: email
-  username_prefix: 'okta:'
+type: oidc  
+api_version: authentication/v2  
+metadata:  
+  name: oidc_okta  
+spec:  
+  additional_scopes:  
+  - groups  
+  - email  
+  client_id: 0oa2qxyf3q0DC6Dj2297  
+  client_secret: 'PUT CLIENT SECRET HERE'  
+  redirect_uri: https://sensu.pvt.xdrtest.accenturefederalcyber.com:8080/api/enterprise/authentication/v2/oidc/callback  
+  server: https://mdr-multipass.okta.com  
+  groups_claim: groups  
+  groups_prefix: 'okta:'  
+  username_claim: email  
+  username_prefix: 'okta:'  
 
 ```
-#cluster role binding for okta
+# Cluster role binding for okta
 sensuctl cluster-role-binding create okta --cluster-role=cluster-admin --group=okta:mdr-admins
 sensuctl cluster-role-binding create mdr-admin --cluster-role=mdr-admin --group=ldap:mdr-admins
   
 sensuctl cluster-role-binding list
 ```
 
-type: ClusterRoleBinding
-api_version: core/v2
-metadata:
-  name: cluster-admin
-spec:
-  role_ref:
-    name: cluster-admin
-    type: ClusterRole
-  subjects:
-  - name: okta:group
-    type: Group
+type: ClusterRoleBinding  
+api_version: core/v2 
+metadata:  
+  name: cluster-admin  
+spec:  
+  role_ref:  
+  - name: cluster-admin  
+  - type: ClusterRole  
+  
+  subjects:  
+  - name: okta:group  
+  - type: Group  
     
 Look for the JWT in the tokens URL parameter. 
 ```
@@ -91,11 +96,12 @@ Look for the JWT in the tokens URL parameter.
 }
 ```    
 
-### LDAP Auth    
+### LDAP Auth   
 ```
 running ldap search with basedn \"ou=groups, dc=mdr-multipass, dc=okta, dc=com\" and filter \"(\u0026(objectclass=groupOfNames)(uniqueMember=uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com))\"
 ldapsearch -x -H ldaps://mdr-multipass.ldap.okta.com -b dc=mdr-multipass,dc=okta,dc=com -D "uid=ldap.read@defpoint.com,dc=mdr-multipass,dc=okta,dc=com" -W
 ```
+
 ```
 # brad.poulton, users, mdr-multipass.okta.com
 dn: uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com
@@ -112,6 +118,7 @@ cn: Brad Poulton
 mail: brad.poulton@accenturefederal.com
 mobile: 4355126342
 ```
+
 ```
 # mdr-admins, groups, mdr-multipass.okta.com
 dn: cn=mdr-admins,ou=groups,dc=mdr-multipass,dc=okta,dc=com
@@ -132,7 +139,7 @@ SensuA123
 
 # Defragging the Database
 
-If `/var` starts filling up, a likely candidate is the etcd database. This can be compacted and defragged to free up space, but the tool to do so isn't installed by default.
+If `/var` starts filling up, a likely candidate is the `etcd` database. This can be compacted and defragged to free up space, but the tool to do so isn't installed by default.
 
 To defrag: (based off [Troubleshoot Sensu document](https://docs.sensu.io/sensu-go/latest/operations/maintain-sensu/troubleshoot/))
 ```
@@ -148,6 +155,6 @@ exit
 sudo yum remove etcd3
 ```
 
-If you get the error `No help topic for 'endpoint'`, then your environment variables aren't set (did you set them before you sudo'd?).
-If you get the error `Error:  context deadline exceeded`, then your endpoint is wrong, probably `https` instead of `http`.
+If you get the error:  `No help topic for 'endpoint'`, then your environment variables aren't set (did you set them before you sudo'd?).  
+If you get the error:  `Error:  context deadline exceeded`, then your endpoint is wrong, probably `https` instead of `http`.
 

Sensu Upgrade Notes.md → Sensu Go Upgrade Notes.md

@@ -10,10 +10,10 @@
 
 
 ### Sensu Go Upgrade History
- - [Jira MSOCI-1565 ticket - Upgrade Sensu to 6.2.X](https://jira.xdr.accenturefederalcyber.com/browse/MSOCI-1565)
- - [Jira MSOCI-1908 ticket - Upgrade Sensu to 6.4.3](https://jira.xdr.accenturefederalcyber.com/browse/MSOCI-1908)
- - [Jira MSOCI-1969 ticket - Upgrade Sensu to 6.6.1](https://jira.xdr.accenturefederalcyber.com/browse/MSOCI-1969)
- - [Pending MSOCI-2027 ticket - Upgrade Sensu to 6.7](https://jira.xdr.accenturefederalcyber.com/browse/MSOCI-2027)
+ - [MSOCI-1565 ticket - Upgrade Sensu to 6.2.X](https://jira.xdr.accenturefederalcyber.com/browse/MSOCI-1565)
+ - [MSOCI-1908 ticket - Upgrade Sensu to 6.4.3](https://jira.xdr.accenturefederalcyber.com/browse/MSOCI-1908)
+ - [MSOCI-1969 ticket - Upgrade Sensu to 6.6.1](https://jira.xdr.accenturefederalcyber.com/browse/MSOCI-1969)
+ - [MSOCI-2027 ticket - Upgrade Sensu to 6.7](https://jira.xdr.accenturefederalcyber.com/browse/MSOCI-2027)
 
 We want to deploy the new code in iterations so that we can quickly abort deployment if we run in to any issues.  Start with `GC Test` XDR Infrastructure first.
 
@@ -23,83 +23,87 @@ Starting with Moose and Internal infra within `GC TEST`.  After deployment is ve
 
 2. If needed, update Salt states to ensure they are up-to-date
 
-3. Stop Sensu services on `Sensu Backend` server
+3. Login to `GC TEST` Salt-Master and Stop Sensu services on `Sensu Backend` server; do the same process for `GC PROD` afterwards
+
+> :warning: Remember to silence Sensu alerts before restarting services.
+
     ```
-    systemctl stop sensu-agent 
-    systemctl stop sensu-backend
+    salt -C sensu* cmd.run 'systemctl stop sensu-agent'
+    salt -C sensu* cmd.run 'systemctl stop sensu-backend'
     ```
 
 4. Update Sensu Go software on the `Sensu Backend` server
     ```
-   yum update sensu-go-backend
-   yum update sensu-go-cli
-   yum update sensu-go-agent
-   systemctl daemon-reload
+   salt -C sensu* cmd.run 'yum update -y sensu-go-backend'
+   salt -C sensu* cmd.run 'yum update -y sensu-go-cli'
+   salt -C sensu* cmd.run 'yum update -y sensu-go-agent'
+   salt -C sensu* cmd.run 'systemctl daemon-reload'
     ```
-5. Restart the Sensu services 
+5. Restart the Sensu services and check the Status 
     ```
-    systemctl start sensu-backend
-    systemctl start sensu-agent
+    salt -C sensu* cmd.run 'systemctl start sensu-backend'
+    salt -C sensu* cmd.run 'systemctl start sensu-agent'
 
-    systemctl status sensu-backend
-    systemctl status sensu-agent
+    salt -C sensu* cmd.run 'systemctl status sensu-backend'
+    salt -C sensu* cmd.run 'systemctl status sensu-agent'
     ```
 6. `XDR Infrastructure` in `GC Test` first; Run `yum clean all` on Salt minions; then LCPs and customers
     ```
-    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or qcompliance* or vmray* )' cmd.run 'yum clean all'
+    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or qcompliance* or vmray* or resolver-vmray* or sensu* )' cmd.run 'yum clean all'
     
     salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'sensu-agent version'
     ```
 
 7. Verify and then Stop agent on minions `systemctl stop sensu-agent`
     ```
-    #XDR Infrastructure
-    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or qcompliance* or vmray* )' cmd.run 'sensu-agent version'
-    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* )' cmd.run 'systemctl stop sensu-agent'
+    # XDR Infrastructure
+    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or qcompliance* or vmray* or resolver-vmray* or sensu* )' cmd.run 'sensu-agent version'
+    
+    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or qcompliance* or vmray* or resolver-vmray* or sensu* )' cmd.run 'systemctl stop sensu-agent'
 
-    #LCPs
+    # LCPs
     salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'sensu-agent version'
     date; salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'systemctl stop sensu-agent'
 
-    #Customer Slices
+    # Customer Slices
     salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'sensu-agent version'
 
     date; salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'systemctl stop sensu-agent'
 
     ```
-8. Update the agent on minion `yum update sensu-go-agent -y`
+8. Update the agent on minion `yum update -y sensu-go-agent`
     ```
-    #XDR Infrastructure
-    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* )' cmd.run 'yum update sensu-go-agent -y'
+    # XDR Infrastructure
+    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or qcompliance* or vmray* or resolver-vmray* or sensu* )' cmd.run 'yum update -y sensu-go-agent'
 
-    #LCPs
-    salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'yum update sensu-go-agent -y'
+    # LCPs
+    salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'yum update -y sensu-go-agent'
 
-    #Customer Slices
-    salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'yum update sensu-go-agent -y'
+    # Customer Slices
+    salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'yum update -y sensu-go-agent'
     ```
 
 9. Reload the daemon `systemctl daemon-reload`
     ```
-    #XDR Infrastructure
-    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* )' cmd.run 'systemctl daemon-reload'
+    # XDR Infrastructure
+    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or qcompliance* or vmray* or resolver-vmray* or sensu* )' cmd.run 'systemctl daemon-reload'
 
-    #LCPs
+    # LCPs
     date; salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'systemctl daemon-reload'
 
-    #Customer Slices
+    # Customer Slices
     date; salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'systemctl daemon-reload'
     ```
 
 10. Start agent `systemctl start sensu-agent`
     ```
-    #XDR Infrastructure
-    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* )' cmd.run 'systemctl start sensu-agent'
+    # XDR Infrastructure
+    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or qcompliance* or vmray* or resolver-vmray* or sensu* )' cmd.run 'systemctl start sensu-agent'
 
-    #LCPs
+    # LCPs
     date; salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'systemctl start sensu-agent'
 
-    #Customer Slices
+    # Customer Slices
     date; salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'systemctl start sensu-agent'
     ```
 
@@ -109,6 +113,8 @@ Starting with Moose and Internal infra within `GC TEST`.  After deployment is ve
     salt -C '* not salt* not sensu* not jira*' cmd.run 'sensu-agent version'
     ```
 
+> :warning: Don't forget to un-silence Sensu. 
+
 In `version 5.16` the default password was removed in favor of a sensu-backend init with bash variables. 
 
 Sen$uP@ssw0rd!