Merge branch 'experiment/alerta'

author: Christian Pointner <equinox@spreadspace.org> 2022-03-09 23:25:28 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2022-03-09 23:25:28 +0100
commit: e9cad366c80a621542f57bcb9b8708b43296819b (patch)
tree: eb7c034e25a284d1388479f6955425772cd7d67b /roles/monitoring/alerta
parent: ch-ap: switch to WPA2 only (diff)
parent: prometheus/alerta: tune some severities (diff)
4 files changed, 206 insertions, 0 deletions
diff --git a/roles/monitoring/alerta/defaults/main.yml b/roles/monitoring/alerta/defaults/main.yml
new file mode 100644
index 00000000..034c8268
--- /dev/null
+++ b/roles/monitoring/alerta/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# alerta_base_path: /srv/alerta
diff --git a/roles/monitoring/alerta/files/email.tmpl b/roles/monitoring/alerta/files/email.tmpl
new file mode 100644
index 00000000..939e0038
--- /dev/null
+++ b/roles/monitoring/alerta/files/email.tmpl
@@ -0,0 +1,32 @@
+
+------------------------------------------------------------
+[{{ alert.status|title }}] {{ alert.environment }}: {{ alert.severity|title }} {{ alert.event }} on {{ alert.service|join(', ') }} {{ alert.resource }}
+------------------------------------------------------------
+
+Alert ID: {{ alert.id }}
+Create Time: {{ alert.create_time }}
+Environment: {{ alert.environment }}
+Services: {{ alert.service|join(', ') }}
+Resource: {{ alert.resource }}
+Event: {{ alert.event }}
+Group: {{ alert.group }}
+Value: {{ alert.value }}
+Severity: {{ alert.previous_severity|title}} -> {{ alert.severity|title }}
+Status: {{ alert.status|title }}
+Text: {{ alert.text }}
+Duplicate Count: {{ alert.duplicate_count }}
+Origin: {{ alert.origin }}
+Tags: {{ alert.tags|join(', ') }}
+{% for key,value in alert.attributes.items() -%}
+{{ key|title }}: {{ value | safe }}
+{% endfor -%}
+
+{% if alert.raw_data %}
+Raw Data
+{{ alert.raw_data | safe }}
+{% endif %}
+
+To acknowledge this alert visit this URL:
+{{ dashboard_url | safe }}/#/alert/{{ alert.id }}
+
+Generated by {{ program }} on {{ hostname }} at {{ now }}
diff --git a/roles/monitoring/alerta/tasks/main.yml b/roles/monitoring/alerta/tasks/main.yml
new file mode 100644
index 00000000..490f5e3d
--- /dev/null
+++ b/roles/monitoring/alerta/tasks/main.yml
@@ -0,0 +1,99 @@
+---
+- name: create alerta subdirectories
+  loop:
+  - config
+  - postgres
+  - build
+  file:
+    path: "{{ alerta_base_path }}/{{ item }}"
+    state: directory
+
+- name: generate Dockerfile for custom image
+  copy:
+    content: |
+      FROM alerta/alerta-web:8.7.0
+
+      RUN set -x \
+          && sed 's/USE_AM_EXTERNALURL_FOR_SILENCES/ALERTMANAGER_USE_EXTERNALURL_FOR_SILENCES/' -i /venv/lib/python3.8/site-packages/alerta_prometheus.py \
+          && /venv/bin/pip install redis==4.1.4 \
+          && /venv/bin/pip install git+https://github.com/alerta/alerta-contrib.git@69d271ef9fe6542727ec4aa39fc8e0f797f1e8b1#subdirectory=integrations/mailer
+    dest: "{{ alerta_base_path }}/build/Dockerfile"
+  register: alerta_custom_image_docker
+
+- name: build custom image
+  docker_image:
+    name: "alerta-web-with-mailer:8.7.0"
+    state: present
+    force_source: "{{ alerta_custom_image_docker is changed }}"
+    source: build
+    build:
+      path: "{{ alerta_base_path }}/build"
+      network: host
+      pull: yes
+
+- name: install alertad config template
+  copy:
+    content: |
+      DEBUG = {{ '{{' }} 'True' if env.DEBUG else 'False' {{ '}}' }}
+      SECRET = "{{ '{{' }} env.SECRET_KEY {{ '}}' }}"
+      ALERT_TIMEOUT = 86400
+      HEARTBEAT_TIMEOUT = 7200
+      PLUGINS = ['reject', 'blackout', 'heartbeat', 'prometheus', 'amqp']
+      DEFAULT_ENVIRONMENT = 'unknown'
+      ALLOWED_ENVIRONMENTS = ['unknown', 'chaos-at-.*']
+      HEARTBEAT_EVENTS = ['PrometheusAlertmanagerE2eDeadManSwitch']
+      ALERTMANAGER_USERNAME = 'alerta'
+      ALERTMANAGER_PASSWORD = 'alerta'
+      ALERTMANAGER_SILENCE_FROM_ACK = True
+      ALERTMANAGER_USE_EXTERNALURL_FOR_SILENCES = True
+      AMQP_URL = 'redis://localhost:6379/'
+    dest: "{{ alerta_base_path }}/config/alertad.conf.j2"
+
+  ## TODO: add key handling...
+- name: install alerta-mailer config file
+  copy:
+    content: |
+      [alerta-mailer]
+      debug = True
+      key = aNqBsEyG0ynIKcc3e7acaBVBk5B793o_z7tvlsht
+      endpoint = http://localhost:8080/api
+      amqp_url = redis://localhost:6379
+      severities = critical, warning
+      smtp_host = 192.168.28.250
+      smtp_port = 25
+      smtp_starttls = False
+      skip_mta = False
+      mail_to = equinox@chaos-at-home.org
+      mail_from = noreply@chaos-at-home.org
+      email_type = text
+      mail_template = /app/email.tmpl
+      dashboard_url = http://192.168.32.1:8080
+    dest: "{{ alerta_base_path }}/config/alerta-mailer.conf"
+    mode: 0640
+
+- name: install e-mail template
+  copy:
+    src: email.tmpl
+    dest: "{{ alerta_base_path }}/config/email.tmpl"
+
+- name: install pod manifest
+  vars:
+    kubernetes_standalone_pod:
+      name: "alerta"
+      spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
+      mode: "0600"
+      config_hash_items:
+      - path: "{{ alerta_base_path }}/config/alertad.conf.j2"
+        properties:
+        - checksum
+      - path: "{{ alerta_base_path }}/config/alerta-mailer.conf"
+        properties:
+        - checksum
+      - path: "{{ alerta_base_path }}/config/email.tmpl"
+        properties:
+        - checksum
+      - path: "{{ alerta_base_path }}/build/Dockerfile"
+        properties:
+        - checksum
+  include_role:
+    name: kubernetes/standalone/pod
diff --git a/roles/monitoring/alerta/templates/pod-spec.yml.j2 b/roles/monitoring/alerta/templates/pod-spec.yml.j2
new file mode 100644
index 00000000..6edabae5
--- /dev/null
+++ b/roles/monitoring/alerta/templates/pod-spec.yml.j2
@@ -0,0 +1,73 @@
+containers:
+- name: alerta
+  image: "alerta-web-with-mailer:8.7.0"
+  env:
+  - name: "DATABASE_URL"
+    value: "postgres://alerta:secret@127.0.0.1:5432/alerta"
+  - name: "AUTH_REQUIRED"
+    value: "True"
+  - name: "ADMIN_USERS"
+    value: "admin"
+  - name: "DEBUG"
+    value: "1"
+  - name: "SUPERVISORD_LOG_LEVEL"
+    value: "warn"
+  volumeMounts:
+  - name: config
+    mountPath: /app/alertad.conf.j2
+    subPath: alertad.conf.j2
+    readOnly: true
+  ports:
+  - containerPort: 8080
+    hostPort: 8080
+
+- name: postgresql
+  image: "postgres:14.2"
+  args:
+  - postgres
+  - -c
+  - listen_addresses=127.0.0.1
+  env:
+  - name: "POSTGRES_DB"
+    value: "alerta"
+  - name: "POSTGRES_USER"
+    value: "alerta"
+  - name: "POSTGRES_PASSWORD"
+    value: "secret"
+  volumeMounts:
+  - name: postgres
+    mountPath: /var/lib/postgresql/data
+
+- name: redis
+  image: "redis:6.2.6"
+  args:
+  - redis-server
+  - --bind
+  - 127.0.0.1
+
+- name: mailer
+  image: "alerta-web-with-mailer:8.7.0"
+  command:
+  - alerta-mailer
+  env:
+  - name: "ALERTA_CONF_FILE"
+    value: "/app/alerta-mailer.conf"
+  volumeMounts:
+  - name: config
+    mountPath: /app/alerta-mailer.conf
+    subPath: alerta-mailer.conf
+    readOnly: true
+  - name: config
+    mountPath: /app/email.tmpl
+    subPath: email.tmpl
+    readOnly: true
+
+volumes:
+- name: config
+  hostPath:
+    path: "{{ alerta_base_path }}/config"
+    type: Directory
+- name: postgres
+  hostPath:
+    path: "{{ alerta_base_path }}/postgres"
+    type: Directory
author	Christian Pointner <equinox@spreadspace.org>	2022-03-09 23:25:28 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2022-03-09 23:25:28 +0100
commit	e9cad366c80a621542f57bcb9b8708b43296819b (patch)
tree	eb7c034e25a284d1388479f6955425772cd7d67b /roles/monitoring/alerta
parent	ch-ap: switch to WPA2 only (diff)
parent	prometheus/alerta: tune some severities (diff)