From 05bf3665a7d58965e9aba1efb142b0d41bfb6980 Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Wed, 8 Apr 2020 19:45:03 +0200 Subject: [PATCH] Bootstrap alerta --- .drone.yml | 13 +++++++ .envrc.sample | 2 + .gitignore | 1 + CHECKS | 5 +++ Dockerfile | 5 +++ README.md | 5 +++ ansible/.vault.sh | 5 +++ ansible/post-deploy.yml | 40 ++++++++++++++++++++ ansible/pre-deploy.yml | 56 ++++++++++++++++++++++++++++ ansible/requirements.yml | 6 +++ ansible/vars/alerta_admin_key.yml | 9 +++++ ansible/vars/alerta_admin_passwd.yml | 9 +++++ ansible/vars/alerta_secret_key.yml | 9 +++++ ansible/vars/all.yml | 10 +++++ ansible/vars/ansible_become_pass.yml | 8 ++++ ansible/vars/db_passwd.yml | 9 +++++ ansible/vars/root_db_passwd.yml | 9 +++++ app.json | 5 +++ requirements.txt | 1 + sbin/encrypt.sh | 15 ++++++++ 20 files changed, 222 insertions(+) create mode 100644 .drone.yml create mode 100644 .envrc.sample create mode 100644 .gitignore create mode 100644 CHECKS create mode 100644 Dockerfile create mode 100644 README.md create mode 100755 ansible/.vault.sh create mode 100644 ansible/post-deploy.yml create mode 100644 ansible/pre-deploy.yml create mode 100644 ansible/requirements.yml create mode 100644 ansible/vars/alerta_admin_key.yml create mode 100644 ansible/vars/alerta_admin_passwd.yml create mode 100644 ansible/vars/alerta_secret_key.yml create mode 100644 ansible/vars/all.yml create mode 100644 ansible/vars/ansible_become_pass.yml create mode 100644 ansible/vars/db_passwd.yml create mode 100644 ansible/vars/root_db_passwd.yml create mode 100644 app.json create mode 100644 requirements.txt create mode 100755 sbin/encrypt.sh diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..64efec3 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,13 @@ +--- +kind: pipeline +name: default +steps: + - name: Deploy Alerta with Dokku + image: appleboy/drone-git-push:0.2.0-linux-amd64 + settings: + remote: ssh://dokku@dokku.autonomic.zone:222/alerta + ssh_key: + from_secret: drone_deploy_key + trigger: + branch: + - master diff --git a/.envrc.sample b/.envrc.sample new file mode 100644 index 0000000..cfe67cc --- /dev/null +++ b/.envrc.sample @@ -0,0 +1,2 @@ +# The path to our pass credentials store +export PASSWORD_STORE_DIR=$(pwd)/../infrastructure/credentials/password-store diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1d17dae --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.venv diff --git a/CHECKS b/CHECKS new file mode 100644 index 0000000..e72bbcc --- /dev/null +++ b/CHECKS @@ -0,0 +1,5 @@ +WAIT=3 +TIMEOUT=3 +ATTEMPTS=5 + +/ diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..1da4864 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,5 @@ +FROM alerta/alerta-web:7.4.4 + +EXPOSE 8080 + +COPY . ${WORKDIR} diff --git a/README.md b/README.md new file mode 100644 index 0000000..e5eb8b8 --- /dev/null +++ b/README.md @@ -0,0 +1,5 @@ +# alerta + +[![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/alerta/status.svg)](https://drone.autonomic.zone/autonomic-cooperative/alerta) + +> https://alerta.io/ diff --git a/ansible/.vault.sh b/ansible/.vault.sh new file mode 100755 index 0000000..8f30d37 --- /dev/null +++ b/ansible/.vault.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +set -eu -o pipefail + +echo $(pass show hosts/autonomic-dokku/vault/password) diff --git a/ansible/post-deploy.yml b/ansible/post-deploy.yml new file mode 100644 index 0000000..07fbcc3 --- /dev/null +++ b/ansible/post-deploy.yml @@ -0,0 +1,40 @@ +--- +- hosts: all + gather_facts: false + tasks: + - name: Load variables + include_vars: + dir: "{{ dokku_lib_root }}/data/ansible/alerta/vars/" + extensions: + - yml + + - name: Set HTTP 80 port proxy + dokku_ports: + app: alerta + mappings: + - "http:80:{{ http_port }}" + state: present + + - name: Setup LE certificates + shell: dokku letsencrypt alerta + args: + creates: /home/dokku/alerta/letsencrypt/certs + + - name: Setup LE certificates renew cron job + shell: dokku letsencrypt:cron-job --add + args: + creates: /home/dokku/alerta/letsencrypt/cron-job + + - name: Remove automatically configured ports + dokku_ports: + app: alerta + mappings: + - "http:8080:8080" + state: absent + + - name: Set HTTP 443 port + dokku_ports: + app: alerta + mappings: + - "https:443:{{ http_port }}" + state: present diff --git a/ansible/pre-deploy.yml b/ansible/pre-deploy.yml new file mode 100644 index 0000000..e4c8ffd --- /dev/null +++ b/ansible/pre-deploy.yml @@ -0,0 +1,56 @@ +--- +- hosts: all + gather_facts: false + tasks: + - name: Load variables + include_vars: + dir: "{{ dokku_lib_root }}/data/ansible/alerta/vars/" + extensions: + - yml + + - name: "Configure the {{ domain }} domain" + dokku_domains: + app: alerta + domains: + - "{{ domain }}" + state: present + + - name: Create postgres database + shell: " + dokku + postgres:create + alerta + --password {{ db_passwd }} + --root-password {{ root_db_passwd }} + " + args: + creates: /var/lib/dokku/services/postgres/alerta + + - name: Link postgres database to application + dokku_service_link: + app: alerta + name: alerta + service: postgres + + - name: Map application port to free host port + dokku_docker_options: + app: alerta + phase: run + options: + - "-p 3050:8080" + + - name: Configure the dokku app environment + dokku_config: + app: alerta + restart: false + config: + ADMIN_KEY: "{{ alerta_admin_key }}" + ADMIN_PASSWORD: "{{ alerta_admin_passwd }}" + ALLOWED_KEYCLOAK_ROLES: "{{ keycloak_roles }}" + AUTH_PROVIDER: "{{ auth_provider }}" + AUTH_REQUIRED: "{{ auth_required }}" + DATABASE_NAME: "{{ db_name }}" + DATABASE_URL: "postgresql://{{ db_user }}:{{ db_passwd }}@{{ db_loc }}/{{ db_name }}" + KEYCLOAK_REALM: "{{ keycloak_realm }}" + KEYCLOAK_URL: "{{ keycloak_url }}" + SECRET_KEY: "{{ alerta_secret_key }}" diff --git a/ansible/requirements.yml b/ansible/requirements.yml new file mode 100644 index 0000000..489c772 --- /dev/null +++ b/ansible/requirements.yml @@ -0,0 +1,6 @@ +--- +- src: dokku_bot.ansible_dokku + version: v2020.3.24 + +- src: https://git.autonomic.zone/autonomic-cooperative/autonomic.gandi/archive/0.0.5.tar.gz + name: autonomic.gandi diff --git a/ansible/vars/alerta_admin_key.yml b/ansible/vars/alerta_admin_key.yml new file mode 100644 index 0000000..fceb843 --- /dev/null +++ b/ansible/vars/alerta_admin_key.yml @@ -0,0 +1,9 @@ +--- +alerta_admin_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 63646336653264643762383534656133316563613837663433303531313064333562303130366162 + 6639613330663839356562303463616538393335636438650a356462663561313961366632653761 + 64326530653339346138373666623430306138623139633061653466643939653032613538646237 + 3832333964306461330a366334383539636431623261666530623739623533356163653535303064 + 39363161326165623936346339313834383561366563356330303963666639353962336565356439 + 6634313338326362353332356132353033396235633335663864 diff --git a/ansible/vars/alerta_admin_passwd.yml b/ansible/vars/alerta_admin_passwd.yml new file mode 100644 index 0000000..f6232f5 --- /dev/null +++ b/ansible/vars/alerta_admin_passwd.yml @@ -0,0 +1,9 @@ +--- +alerta_admin_passwd: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38616564643264396163666135656438336266623132393436653734313339323731613638376630 + 6138653434376366623966343930383565363665396132340a356461313738326438373963383738 + 65356263303465366630666366616537316362656639663066616366383962393533393931366535 + 3731333261346631360a356538626235333532353730383439393166323838353964393166376137 + 61613034363765623966656536373135623139323566306665303064343437616464373631346665 + 6566336638343939353764623833383733653232373062306264 diff --git a/ansible/vars/alerta_secret_key.yml b/ansible/vars/alerta_secret_key.yml new file mode 100644 index 0000000..319cc8d --- /dev/null +++ b/ansible/vars/alerta_secret_key.yml @@ -0,0 +1,9 @@ +--- +alerta_secret_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65373532396564323565326161386132323730396234323465323166666661333537613537613137 + 6262333130363835336637313633383561343736663832320a316261623735356630646434383864 + 65313564633434306136613936333666646431333530326566356535393465376633363065626533 + 3935323633336234360a333030393965623364376233663134363562386463366238616336313163 + 32623339373863363737663530663235356134323634386664623833336533653735623937396161 + 3431306265383232393762333234333466336533346430333631 diff --git a/ansible/vars/all.yml b/ansible/vars/all.yml new file mode 100644 index 0000000..c489bde --- /dev/null +++ b/ansible/vars/all.yml @@ -0,0 +1,10 @@ +--- +auth_provider: "keycloak" +auth_required: "true" +db_loc: "dokku-postgres-alerta:3306" +db_name: "alerta" +db_user: "postgres" +http_port: "3050" +keycloak_realm: "Autonomic" +keycloak_roles: "Worker-Owner" +keycloak_url: "https://id.autonomic.zone" diff --git a/ansible/vars/ansible_become_pass.yml b/ansible/vars/ansible_become_pass.yml new file mode 100644 index 0000000..abb21b9 --- /dev/null +++ b/ansible/vars/ansible_become_pass.yml @@ -0,0 +1,8 @@ +--- +ansible_become_pass: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 34396236353735666531323238656533643465303131663464613162396333313836363630666266 + 6539323631656635333864316166633064633366323936610a656137616334313534333635313232 + 35323561303763366563316631313638363333393763323935343563303963616334336639386462 + 3837383830616637360a373539613630356564363662393836366462666430353439353637303035 + 63396633303166343433313439303539313637306637663137313533316531616434 diff --git a/ansible/vars/db_passwd.yml b/ansible/vars/db_passwd.yml new file mode 100644 index 0000000..e45bf78 --- /dev/null +++ b/ansible/vars/db_passwd.yml @@ -0,0 +1,9 @@ +--- +db_passwd: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 66613866666133643236393137646262346262356564333730656432303766623663656639316135 + 6461373238626433343638326564316561623161666563390a323066616336336238643033313765 + 35303436643633383637663162643731326130646165363733643833663966306233383339613661 + 3234636138633533380a636363383366343834643831626633366366343732663334636632613730 + 32653539383834343937346563643539623963383237303036336431346463333262613838356134 + 6465386337343037336530646335663533656433306663343261 diff --git a/ansible/vars/root_db_passwd.yml b/ansible/vars/root_db_passwd.yml new file mode 100644 index 0000000..3ccf2c4 --- /dev/null +++ b/ansible/vars/root_db_passwd.yml @@ -0,0 +1,9 @@ +--- +root_db_passwd: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 61623136343461613137323665303834646466636631396538616232663061376439303739633861 + 6132323764333365396237303936353431313866383261340a336336313162643363643231656662 + 32613561666538633364643066343261636239656637303134396565666536623334616234393837 + 6165636634646332330a316130613531346430373163316130363330656532663137373832656237 + 63666337303434623465366331336538626536313535393938656232323634316632656636613339 + 3330386231353338343236356133393538366337626438613537 diff --git a/app.json b/app.json new file mode 100644 index 0000000..3c03768 --- /dev/null +++ b/app.json @@ -0,0 +1,5 @@ +{ + "name": "alerta", + "description": "A tool used to consolidate and de-duplicate alerts from multiple sources for quick ‘at-a-glance’ visualisation", + "repository": "https://git.autonomic.zone/autonomic-cooperative/alerta" +} diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..130e91f --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +ansible==2.9.6 diff --git a/sbin/encrypt.sh b/sbin/encrypt.sh new file mode 100755 index 0000000..d328761 --- /dev/null +++ b/sbin/encrypt.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -eu -o pipefail + +# Usage +# ./encrypt.sh mysecretname mysecretvalue + +declare name="$1" +declare secret="$2" + +ansible-vault \ + encrypt_string \ + --vault-password-file ansible/.vault.sh \ + --name "$name" \ + "$secret"