Sensu Notes.md

See (Sensu Go Migration Notes.md) file for more details

Sensu Upgrade

08/03/2020

https://docs.sensu.io/sensu-go/latest/operations/maintain-sensu/upgrade/

download latest packages for master and agents to repo server and run yum clean all on sensu master
if needed, update salt states to ensure they are up-to-date 2.1. Stop sensu services on sensu-master systemctl stop sensu-agent systemctl stop sensu-backend
update sensu software on the sensu-master
yum update sensu-go-backend yum update sensu-go-cli yum update sensu-go-agent systemctl daemon-reload
restart the sensu services systemctl start sensu-backend systemctl start sensu-agent
run yum clean all on salt minions
Stop agent on minion systemctl stop sensu-agent
Upgrade agent on minion yum update sensu-go-agent -y
Run this systemctl daemon-reload
start agent systemctl start sensu-agent
verify with this salt '*' cmd.run 'sensu-agent version' `salt -C '* not salt* not sensu* not jira*' cmd.run 'sensu-agent version'

In version 5.16 the default password was removed in favor of a sensu-backend init with bash variables.

Sen$uP@ssw0rd!

systemctl start sensu-backend export SENSU_BACKEND_CLUSTER_ADMIN_USERNAME=YOUR_USERNAME export SENSU_BACKEND_CLUSTER_ADMIN_PASSWORD=YOUR_PASSWORD sensu-backend init

sensuctl create --file filename.json

OIDC Okta Auth

type: oidc api_version: authentication/v2 metadata: name: oidc_okta spec: additional_scopes:

groups
email client_id: 0oa2qxyf3q0DC6Dj2297 client_secret: bpKGPQ9-ILxZIUrcpGgT5jsmT7JT6X6LLMa3kF redirect_uri: https://sensu.msoc.defpoint.local:8000/api/enterprise/authentication/v2/oidc/callback server: https://mdr-multipass.okta.com groups_claim: groups groups_prefix: 'okta:' username_claim: email username_prefix: 'okta:'

#cluster role binding for okta sensuctl cluster-role-binding create okta --cluster-role=cluster-admin --group=okta:mdr-admins sensuctl cluster-role-binding create mdr-admin --cluster-role=mdr-admin --group=ldap:mdr-admins

sensuctl cluster-role-binding list

type: ClusterRoleBinding api_version: core/v2 metadata: name: cluster-admin spec: role_ref:

name: cluster-admin
type: ClusterRole

subjects:

name: okta:group type: Group

Look for the JWT in the tokens URL parameter.

{
  "exp": 1596583324,
  "jti": "4d048b63688296361fd96b1ac7d77ef1",
  "sub": "okta:brad.poulton@accenturefederal.com",
  "groups": [
    "okta:splunk-role-admin",
    "okta:Everyone",
    "okta:vault-admin",
    "okta:phantom-role-administrator",
    "okta:VPN",
    "okta:aws#afs-mdr-common-services#mdr_engineer_readonly#471284459109",
    "okta:aws-us-gov#afs-mdr-common-services-gov#mdr_engineer_readonly#701290387780",
    "okta:AWS - MDR_Engineer-Readonly Role",
    "okta:mdr-admins",
    "okta:VictorOps"
  ],
  "provider": {
    "provider_id": "oidc_okta",
    "provider_type": "oidc",
    "user_id": "00u22ymdgdKPTDyR5297"
  },
  "api_key": false
}

LDAP Auth

running ldap search with basedn \"ou=groups, dc=mdr-multipass, dc=okta, dc=com\" and filter \"(\u0026(objectclass=groupOfNames)(uniqueMember=uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com))\"
ldapsearch -x -H ldaps://mdr-multipass.ldap.okta.com -b dc=mdr-multipass,dc=okta,dc=com -D "uid=ldap.read@defpoint.com,dc=mdr-multipass,dc=okta,dc=com" -W

# brad.poulton, users, mdr-multipass.okta.com
dn: uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: brad.poulton
uniqueIdentifier: 00u22ymdgdKPTDyR5297
organizationalStatus: ACTIVE
givenName: Brad
sn: Poulton
cn: Brad Poulton
mail: brad.poulton@accenturefederal.com
mobile: 4355126342

# mdr-admins, groups, mdr-multipass.okta.com
dn: cn=mdr-admins,ou=groups,dc=mdr-multipass,dc=okta,dc=com
objectClass: top
objectClass: groupofUniqueNames
cn: mdr-admins
uniqueIdentifier: 00g1m5jakrmiDwISV297
uniqueMember: uid=chris.lynch,ou=users,dc=mdr-multipass,dc=okta,dc=com
uniqueMember: uid=ryan.damour,ou=users,dc=mdr-multipass,dc=okta,dc=com
uniqueMember: uid=duane.waddle,ou=users,dc=mdr-multipass,dc=okta,dc=com
uniqueMember: uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com

Jan 14 23:48:51 sensu sensu-backend: {"component":"authentication/v2","level":"debug","msg":"running ldap search with basedn \"ou=groups, dc=mdr-multipass, dc=okta, dc=com\" and filter \"(\u0026(objectclass=groupOfNames)(uniqueMember=uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com))\"","time":"2020-01-14T23:48:51Z"}

brad-test SensuA123

Sensu Notes.md 4.6 KB تاريخچه خام

Sensu Notes.md

See (Sensu Go Migration Notes.md) file for more details

Sensu Upgrade

OIDC Okta Auth

LDAP Auth

Sensu Notes.md 4.6 KB

تاريخچه خام