From 4930ff68c7d699611511aaabd2c2ebe585207051 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 11 Mar 2022 20:58:38 +0100
Subject: alerta: improve support for mailer

---
 roles/monitoring/alerta/defaults/main.yml          | 14 +++++
 roles/monitoring/alerta/tasks/main.yml             | 68 +++++++++-------------
 .../monitoring/alerta/templates/alerta.conf.j2.j2  | 24 ++++++++
 .../monitoring/alerta/templates/alertad.conf.j2.j2 | 19 ++++++
 roles/monitoring/alerta/templates/pod-spec.yml.j2  | 33 +++++------
 5 files changed, 96 insertions(+), 62 deletions(-)
 create mode 100644 roles/monitoring/alerta/templates/alerta.conf.j2.j2
 create mode 100644 roles/monitoring/alerta/templates/alertad.conf.j2.j2

(limited to 'roles/monitoring')

diff --git a/roles/monitoring/alerta/defaults/main.yml b/roles/monitoring/alerta/defaults/main.yml
index 59dea307..0720e00d 100644
--- a/roles/monitoring/alerta/defaults/main.yml
+++ b/roles/monitoring/alerta/defaults/main.yml
@@ -12,3 +12,17 @@ alerta_web_port: 8080
 
 # alerta_web_secret_key: "randomstring"
 # alerta_postgres_password: "secret"
+
+alerta_plugins:
+ - reject
+ - blackout
+
+# alerta_mailer:
+#   severities: critical, major, minor
+#   smtp_host: 192.0.2.1
+#   smtp_port: 25
+#   smtp_starttls: False
+#   skip_mta: False
+#   mail_to: admin@exmaple.com
+#   mail_from: noreply@example.com
+#   dashboard_url: https://alerta.example.com
diff --git a/roles/monitoring/alerta/tasks/main.yml b/roles/monitoring/alerta/tasks/main.yml
index ffedb143..87a0cb3d 100644
--- a/roles/monitoring/alerta/tasks/main.yml
+++ b/roles/monitoring/alerta/tasks/main.yml
@@ -19,17 +19,32 @@
   copy:
     content: |
       FROM alerta/alerta-web:{{ alerta_web_version }}
+      {% if 'prometheus' in alerta_plugins %}
+
+      RUN set -x \
+          && sed 's/USE_AM_EXTERNALURL_FOR_SILENCES/ALERTMANAGER_USE_EXTERNALURL_FOR_SILENCES/' -i /venv/lib/python3.8/site-packages/alerta_prometheus.py
+      {% endif %}
+      {% if alerta_mailer is defined %}
 
       RUN set -x \
-          && sed 's/USE_AM_EXTERNALURL_FOR_SILENCES/ALERTMANAGER_USE_EXTERNALURL_FOR_SILENCES/' -i /venv/lib/python3.8/site-packages/alerta_prometheus.py \
           && /venv/bin/pip install redis=={{ _alerta_pip[alerta_web_version].redis_version }} \
-          && /venv/bin/pip install git+https://github.com/alerta/alerta-contrib.git@{{ _alerta_pip[alerta_web_version].contrib_mailer_git_hash }}#subdirectory=integrations/mailer
+          && /venv/bin/pip install git+https://github.com/alerta/alerta-contrib.git@{{ _alerta_pip[alerta_web_version].contrib_mailer_git_hash }}#subdirectory=integrations/mailer \
+          && echo "" >> /app/supervisord.conf.j2 \
+          && echo "[program:mailer]" >> /app/supervisord.conf.j2 \
+          && echo "command=alerta-mailer" >> /app/supervisord.conf.j2 \
+          && echo "redirect_stderr=true" >> /app/supervisord.conf.j2
+
+      USER root
+      RUN set -x \
+          && sed 's/--scope "write:alerts"/--scope "write:alerts" --scope "write:heartbeats"/' -i /usr/local/bin/docker-entrypoint.sh
+      USER 1001
+      {% endif %}
     dest: "{{ alerta_base_path }}/build/Dockerfile"
   register: alerta_custom_image_docker
 
 - name: build custom image
   docker_image:
-    name: "alerta-web-with-mailer:{{ alerta_web_version }}"
+    name: "alerta/alerta-web:{{ alerta_web_version }}-custom"
     state: present
     force_source: "{{ alerta_custom_image_docker is changed }}"
     source: build
@@ -38,44 +53,13 @@
       network: host
       pull: yes
 
-- name: install alertad config template
-  copy:
-    content: |
-      DEBUG = {{ '{{' }} 'True' if env.DEBUG else 'False' {{ '}}' }}
-      SECRET = "{{ '{{' }} env.SECRET_KEY {{ '}}' }}"
-      ALERT_TIMEOUT = 86400
-      HEARTBEAT_TIMEOUT = 7200
-      PLUGINS = ['reject', 'blackout', 'heartbeat', 'prometheus', 'amqp']
-      DEFAULT_ENVIRONMENT = 'unknown'
-      ALLOWED_ENVIRONMENTS = ['unknown', 'chaos-at-.*']
-      HEARTBEAT_EVENTS = ['PrometheusAlertmanagerE2eDeadManSwitch']
-      ALERTMANAGER_USERNAME = 'alerta'
-      ALERTMANAGER_PASSWORD = 'alerta'
-      ALERTMANAGER_SILENCE_FROM_ACK = True
-      ALERTMANAGER_USE_EXTERNALURL_FOR_SILENCES = True
-      AMQP_URL = 'redis://localhost:6379/'
-    dest: "{{ alerta_base_path }}/config/alertad.conf.j2"
-
-  ## TODO: add key handling...
-- name: install alerta-mailer config file
-  copy:
-    content: |
-      [alerta-mailer]
-      debug = True
-      key = aNqBsEyG0ynIKcc3e7acaBVBk5B793o_z7tvlsht
-      endpoint = http://localhost:8080/api
-      amqp_url = redis://localhost:6379
-      severities = critical, warning
-      smtp_host = 192.168.28.250
-      smtp_port = 25
-      smtp_starttls = False
-      skip_mta = False
-      mail_to = equinox@chaos-at-home.org
-      mail_from = noreply@chaos-at-home.org
-      email_type = text
-      mail_template = /app/email.tmpl
-      dashboard_url = http://192.168.32.1:8080
-    dest: "{{ alerta_base_path }}/config/alerta-mailer.conf"
+- name: install config templates
+  loop:
+  - alertad
+  - alerta
+  template:
+    src: "{{ item }}.conf.j2.j2"
+    dest: "{{ alerta_base_path }}/config/{{ item }}.conf.j2"
     mode: 0640
 
 - name: install e-mail template
@@ -93,7 +77,7 @@
       - path: "{{ alerta_base_path }}/config/alertad.conf.j2"
         properties:
         - checksum
-      - path: "{{ alerta_base_path }}/config/alerta-mailer.conf"
+      - path: "{{ alerta_base_path }}/config/alerta.conf.j2"
         properties:
         - checksum
       - path: "{{ alerta_base_path }}/config/email.tmpl"
diff --git a/roles/monitoring/alerta/templates/alerta.conf.j2.j2 b/roles/monitoring/alerta/templates/alerta.conf.j2.j2
new file mode 100644
index 00000000..66f5f14c
--- /dev/null
+++ b/roles/monitoring/alerta/templates/alerta.conf.j2.j2
@@ -0,0 +1,24 @@
+[DEFAULT]
+sslverify = no
+output = presto
+endpoint = http://localhost:8080/api
+timezone = Europe/London
+{{ '{%-' }} if env.API_KEY {{ '%}' }}
+key = {{ '{{' }} env.API_KEY {{ '}}' }}
+{{ '{%-' }} endif {{ '%}' }}
+debug = {{ '{{' }} 'yes' if env.DEBUG else 'no' {{ '}}' }}
+{% if alerta_mailer is defined %}
+
+[alerta-mailer]
+debug = {{ '{{' }} 'yes' if env.DEBUG else 'no' {{ '}}' }}
+{{ '{%-' }} if env.API_KEY {{ '%}' }}
+key = {{ '{{' }} env.API_KEY {{ '}}' }}
+{{ '{%-' }} endif {{ '%}' }}
+endpoint = http://localhost:8080/api
+amqp_url = redis://localhost:6379
+email_type: text
+mail_template: /app/email.tmpl
+{%   for option, value in alerta_mailer.items() %}
+{{ option }} = {{ value }}
+{%   endfor %}
+{% endif %}
diff --git a/roles/monitoring/alerta/templates/alertad.conf.j2.j2 b/roles/monitoring/alerta/templates/alertad.conf.j2.j2
new file mode 100644
index 00000000..54089a76
--- /dev/null
+++ b/roles/monitoring/alerta/templates/alertad.conf.j2.j2
@@ -0,0 +1,19 @@
+DEBUG = {{ '{{' }} 'True' if env.DEBUG else 'False' {{ '}}' }}
+SECRET = "{{ '{{' }} env.SECRET_KEY {{ '}}' }}"
+ALERT_TIMEOUT = 86400
+HEARTBEAT_TIMEOUT = 7200
+PLUGINS = ['{{ alerta_plugins | join("', '") }}']
+DEFAULT_ENVIRONMENT = 'unknown'
+ALLOWED_ENVIRONMENTS = ['unknown', 'chaos-at-.*']
+{% if 'heartbeat' in alerta_plugins %}
+HEARTBEAT_EVENTS = ['PrometheusAlertmanagerE2eDeadManSwitch']
+{% endif %}
+{% if 'prometheus' in alerta_plugins %}
+ALERTMANAGER_USERNAME = 'alerta'
+ALERTMANAGER_PASSWORD = 'alerta'
+ALERTMANAGER_SILENCE_FROM_ACK = True
+ALERTMANAGER_USE_EXTERNALURL_FOR_SILENCES = True
+{% endif %}
+{% if 'amqp' in alerta_plugins %}
+AMQP_URL = 'redis://localhost:6379/'
+{% endif %}
diff --git a/roles/monitoring/alerta/templates/pod-spec.yml.j2 b/roles/monitoring/alerta/templates/pod-spec.yml.j2
index c39ec080..9ce20988 100644
--- a/roles/monitoring/alerta/templates/pod-spec.yml.j2
+++ b/roles/monitoring/alerta/templates/pod-spec.yml.j2
@@ -1,6 +1,6 @@
 containers:
 - name: alerta
-  image: "alerta-web-with-mailer:{{ alerta_web_version }}"
+  image: "alerta/alerta-web:{{ alerta_web_version }}-custom"
   env:
   - name: "DATABASE_URL"
     value: "postgres://alerta:{{ alerta_postgres_password }}@127.0.0.1:5432/alerta"
@@ -10,8 +10,6 @@ containers:
     value: "admin"
   - name: "SECRET_KEY"
     value: "{{ alerta_web_secret_key }}"
-  - name: "DEBUG"
-    value: "1"
   - name: "SUPERVISORD_LOG_LEVEL"
     value: "warn"
   volumeMounts:
@@ -19,6 +17,16 @@ containers:
     mountPath: /app/alertad.conf.j2
     subPath: alertad.conf.j2
     readOnly: true
+  - name: config
+    mountPath: /app/alerta.conf.j2
+    subPath: alerta.conf.j2
+    readOnly: true
+{% if alerta_mailer is defined %}
+  - name: config
+    mountPath: /app/email.tmpl
+    subPath: email.tmpl
+    readOnly: true
+{% endif %}
   ports:
   - containerPort: 8080
     hostPort: {{ alerta_web_port }}
@@ -39,6 +47,7 @@ containers:
   volumeMounts:
   - name: postgres
     mountPath: /var/lib/postgresql/data
+{% if 'amqp' in alerta_plugins %}
 
 - name: redis
   image: "redis:{{ alerta_redis_version }}"
@@ -46,23 +55,7 @@ containers:
   - redis-server
   - --bind
   - 127.0.0.1
-
-- name: mailer
-  image: "alerta-web-with-mailer:{{ alerta_web_version }}"
-  command:
-  - alerta-mailer
-  env:
-  - name: "ALERTA_CONF_FILE"
-    value: "/app/alerta-mailer.conf"
-  volumeMounts:
-  - name: config
-    mountPath: /app/alerta-mailer.conf
-    subPath: alerta-mailer.conf
-    readOnly: true
-  - name: config
-    mountPath: /app/email.tmpl
-    subPath: email.tmpl
-    readOnly: true
+{% endif %}
 
 volumes:
 - name: config
-- 
cgit v1.2.3