Sensu Notes.md 2.8 KB
See (Migration to Sensu Go.md) file for more details
In version 5.16 the default password was removed in favor of a sensu-backend init with bash variables.
Sen$uP@ssw0rd!
systemctl start sensu-backend export SENSU_BACKEND_CLUSTER_ADMIN_USERNAME=YOUR_USERNAME export SENSU_BACKEND_CLUSTER_ADMIN_PASSWORD=YOUR_PASSWORD sensu-backend init
sensuctl create --file filename.json
type: oidc api_version: authentication/v2 metadata: name: oidc_okta spec: additional_scopes:
- groups
client_id:
client_secret:
redirect_uri: https://sensu.msoc.defpoint.local:8000/api/enterprise/authentication/v2/oidc/callback
server: https://mdr-multipass.okta.com
groups_claim: groups
groups_prefix: 'okta'
username_claim: email
username_prefix: 'okta'
#cluster role binding for okta sensuctl cluster-role-binding create okta --cluster-role=cluster-admin --group=okta:mdr-admins sensuctl cluster-role-binding create mdr-admin --cluster-role=mdr-admin --group=ldap:mdr-admins
sensuctl cluster-role-binding list
type: ClusterRoleBinding api_version: core/v2 metadata: name: cluster-admin spec: role_ref:
name: cluster-admin type: ClusterRolesubjects:
- name: okta:group
type: Group
running ldap search with basedn \"ou=groups, dc=mdr-multipass, dc=okta, dc=com\" and filter \"(\u0026(objectclass=groupOfNames)(uniqueMember=uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com))\" ldapsearch -x -H ldaps://mdr-multipass.ldap.okta.com -b dc=mdr-multipass,dc=okta,dc=com -D "uid=ldap.read@defpoint.com,dc=mdr-multipass,dc=okta,dc=com" -W
brad.poulton, users, mdr-multipass.okta.com
dn: uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: brad.poulton uniqueIdentifier: 00u22ymdgdKPTDyR5297 organizationalStatus: ACTIVE givenName: Brad sn: Poulton cn: Brad Poulton mail: brad.poulton@accenturefederal.com mobile: 4355126342
mdr-admins, groups, mdr-multipass.okta.com
dn: cn=mdr-admins,ou=groups,dc=mdr-multipass,dc=okta,dc=com objectClass: top objectClass: groupofUniqueNames cn: mdr-admins uniqueIdentifier: 00g1m5jakrmiDwISV297 uniqueMember: uid=chris.lynch,ou=users,dc=mdr-multipass,dc=okta,dc=com uniqueMember: uid=ryan.damour,ou=users,dc=mdr-multipass,dc=okta,dc=com uniqueMember: uid=duane.waddle,ou=users,dc=mdr-multipass,dc=okta,dc=com uniqueMember: uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com
Jan 14 23:48:51 sensu sensu-backend: {"component":"authentication/v2","level":"debug","msg":"running ldap search with basedn \"ou=groups, dc=mdr-multipass, dc=okta, dc=com\" and filter \"(\u0026(objectclass=groupOfNames)(uniqueMember=uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com))\"","time":"2020-01-14T23:48:51Z"}
brad-test SensuA123
- name: okta:group
type: Group