Sensu Go 6.10.0 JWT changes impacting Puppet usage

[jhenderson-pro]

Description of the problem

• What did you do? In Sensu Go 6.10.0, users are now automatically logged out of the UI and sensuctl after a period of inactivity (12h).
• What happened? This impacts operations for organizations that use Puppet and have upgraded to 6.10.
• What did you expect to happen? Updating to 6.10.0, Puppet operations would continue functioning as it had.
• How can someone reproduce the problem? Upgrade from any Sensu Go version to 6.10.0.

Command used and debugging output

• What does your puppet config look like (including any hiera config)
• Is this a masterless or master-based puppet setup?

Platform and version information

• Your OS:
• Your Ruby version:
• Your version of Puppet:
• Your version of Sensu:
• Your version of this module:

Is there anything else you think will be helpful?

Adjusting the Sensu Puppet Module to use API keys may be helpful.

[elfranne]

Quick Fix:

From the 6.10 release notes:

NOTE: Custom commands making use of $SENSU_ACCESS_TOKEN and $SENSU_REFRESH_TOKEN may be impacted by the changes to sessions and refresh tokens. We recommend setting up an API key and using $SENSU_API_KEY in light of these changes.

The changes are a bit unclear, but it seems the tokens have been deleted. You can manually fix the issue by recreating a new tokens in the config (/root/.config/sensu/sensuctl/cluster):
curl -X GET https://127.0.0.1:8080/auth -u user:pass -k

Then replace the new tokens in the cluster file.

[maxadamo]

the workaround proposed by @elfranne works. But it can't be used on a large number of hosts, because this password should be supplied on all the clients using sensuctl.

[sensu-discourse]

This issue has been mentioned on Sensu Community. There might be relevant details there:

https://discourse.sensu.io/t/getting-the-error-401/3232/3