Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sensu Go 6.10.0 JWT changes impacting Puppet usage #1338

Open
jhenderson-pro opened this issue Jul 26, 2023 · 3 comments
Open

Sensu Go 6.10.0 JWT changes impacting Puppet usage #1338

jhenderson-pro opened this issue Jul 26, 2023 · 3 comments
Assignees

Comments

@jhenderson-pro
Copy link
Member

jhenderson-pro commented Jul 26, 2023

Description of the problem

  • What did you do? In Sensu Go 6.10.0, users are now automatically logged out of the UI and sensuctl after a period of inactivity (12h).
  • What happened? This impacts operations for organizations that use Puppet and have upgraded to 6.10.
  • What did you expect to happen? Updating to 6.10.0, Puppet operations would continue functioning as it had.
  • How can someone reproduce the problem? Upgrade from any Sensu Go version to 6.10.0.

Command used and debugging output

  • What does your puppet config look like (including any hiera config)
  • Is this a masterless or master-based puppet setup?

Platform and version information

  • Your OS:
  • Your Ruby version:
  • Your version of Puppet:
  • Your version of Sensu:
  • Your version of this module:

Is there anything else you think will be helpful?

Adjusting the Sensu Puppet Module to use API keys may be helpful.

@elfranne
Copy link

elfranne commented Aug 1, 2023

Quick Fix:

From the 6.10 release notes:

NOTE: Custom commands making use of $SENSU_ACCESS_TOKEN and $SENSU_REFRESH_TOKEN may be impacted by the changes to sessions and refresh tokens. We recommend setting up an API key and using $SENSU_API_KEY in light of these changes.

The changes are a bit unclear, but it seems the tokens have been deleted. You can manually fix the issue by recreating a new tokens in the config (/root/.config/sensu/sensuctl/cluster):
curl -X GET https://127.0.0.1:8080/auth -u user:pass -k

Then replace the new tokens in the cluster file.

@maxadamo
Copy link
Contributor

maxadamo commented Aug 19, 2023

the workaround proposed by @elfranne works. But it can't be used on a large number of hosts, because this password should be supplied on all the clients using sensuctl.

@sensu-discourse
Copy link

This issue has been mentioned on Sensu Community. There might be relevant details there:

https://discourse.sensu.io/t/getting-the-error-401/3232/3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants