Bootstrap alerta

2020-04-08 19:45:03 +02:00
commit 05bf3665a7
20 changed files with 222 additions and 0 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,13 @@
 ---
 kind: pipeline
 name: default
 steps:
  - name: Deploy Alerta with Dokku
    image: appleboy/drone-git-push:0.2.0-linux-amd64
    settings:
      remote: ssh://dokku@dokku.autonomic.zone:222/alerta
      ssh_key:
        from_secret: drone_deploy_key
    trigger:
      branch:
        - master
--- a/.envrc.sample
+++ b/.envrc.sample
@ -0,0 +1,2 @@
 # The path to our pass credentials store
 export PASSWORD_STORE_DIR=$(pwd)/../infrastructure/credentials/password-store
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 .venv
--- a/5
+++ b/5
@ -0,0 +1,5 @@
 WAIT=3
 TIMEOUT=3
 ATTEMPTS=5
 /
--- a/5
+++ b/5
@ -0,0 +1,5 @@
 FROM alerta/alerta-web:7.4.4
 EXPOSE 8080
 COPY . ${WORKDIR}
--- a/README.md
+++ b/README.md
@ -0,0 +1,5 @@
 # alerta
 [![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/alerta/status.svg)](https://drone.autonomic.zone/autonomic-cooperative/alerta)
 > https://alerta.io/
--- a/ansible/.vault.sh
+++ b/ansible/.vault.sh
@ -0,0 +1,5 @@
 #!/bin/bash
 set -eu -o pipefail
 echo $(pass show hosts/autonomic-dokku/vault/password)
--- a/ansible/post-deploy.yml
+++ b/ansible/post-deploy.yml
@ -0,0 +1,40 @@
 ---
 - hosts: all
  gather_facts: false
  tasks:
    - name: Load variables
      include_vars:
        dir: "{{ dokku_lib_root }}/data/ansible/alerta/vars/"
        extensions:
          - yml
    - name: Set HTTP 80 port proxy
      dokku_ports:
        app: alerta
        mappings:
          - "http:80:{{ http_port }}"
        state: present
    - name: Setup LE certificates
      shell: dokku letsencrypt alerta
      args:
        creates: /home/dokku/alerta/letsencrypt/certs
    - name: Setup LE certificates renew cron job
      shell: dokku letsencrypt:cron-job --add
      args:
        creates: /home/dokku/alerta/letsencrypt/cron-job
    - name: Remove automatically configured ports
      dokku_ports:
        app: alerta
        mappings:
          - "http:8080:8080"
        state: absent
    - name: Set HTTP 443 port
      dokku_ports:
        app: alerta
        mappings:
          - "https:443:{{ http_port }}"
        state: present
--- a/ansible/pre-deploy.yml
+++ b/ansible/pre-deploy.yml
@ -0,0 +1,56 @@
 ---
 - hosts: all
  gather_facts: false
  tasks:
    - name: Load variables
      include_vars:
        dir: "{{ dokku_lib_root }}/data/ansible/alerta/vars/"
        extensions:
          - yml
    - name: "Configure the {{ domain }} domain"
      dokku_domains:
        app: alerta
        domains:
          - "{{ domain }}"
        state: present
    - name: Create postgres database
      shell: "
        dokku
        postgres:create
        alerta
        --password {{ db_passwd }}
        --root-password {{ root_db_passwd }}
      "
      args:
        creates: /var/lib/dokku/services/postgres/alerta
    - name: Link postgres database to application
      dokku_service_link:
        app: alerta
        name: alerta
        service: postgres
    - name: Map application port to free host port
      dokku_docker_options:
        app: alerta
        phase: run
        options:
          - "-p 3050:8080"
    - name: Configure the dokku app environment
      dokku_config:
        app: alerta
        restart: false
        config:
          ADMIN_KEY: "{{ alerta_admin_key }}"
          ADMIN_PASSWORD: "{{ alerta_admin_passwd }}"
          ALLOWED_KEYCLOAK_ROLES: "{{ keycloak_roles }}"
          AUTH_PROVIDER: "{{ auth_provider }}"
          AUTH_REQUIRED: "{{ auth_required }}"
          DATABASE_NAME: "{{ db_name }}"
          DATABASE_URL: "postgresql://{{ db_user }}:{{ db_passwd }}@{{ db_loc }}/{{ db_name }}"
          KEYCLOAK_REALM: "{{ keycloak_realm }}"
          KEYCLOAK_URL: "{{ keycloak_url }}"
          SECRET_KEY: "{{ alerta_secret_key }}"
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -0,0 +1,6 @@
 ---
 - src: dokku_bot.ansible_dokku
  version: v2020.3.24
 - src: https://git.autonomic.zone/autonomic-cooperative/autonomic.gandi/archive/0.0.5.tar.gz
  name: autonomic.gandi
--- a/ansible/vars/alerta_admin_key.yml
+++ b/ansible/vars/alerta_admin_key.yml
@ -0,0 +1,9 @@
 ---
 alerta_admin_key: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  63646336653264643762383534656133316563613837663433303531313064333562303130366162
  6639613330663839356562303463616538393335636438650a356462663561313961366632653761
  64326530653339346138373666623430306138623139633061653466643939653032613538646237
  3832333964306461330a366334383539636431623261666530623739623533356163653535303064
  39363161326165623936346339313834383561366563356330303963666639353962336565356439
  6634313338326362353332356132353033396235633335663864
--- a/ansible/vars/alerta_admin_passwd.yml
+++ b/ansible/vars/alerta_admin_passwd.yml
@ -0,0 +1,9 @@
 ---
 alerta_admin_passwd: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  38616564643264396163666135656438336266623132393436653734313339323731613638376630
  6138653434376366623966343930383565363665396132340a356461313738326438373963383738
  65356263303465366630666366616537316362656639663066616366383962393533393931366535
  3731333261346631360a356538626235333532353730383439393166323838353964393166376137
  61613034363765623966656536373135623139323566306665303064343437616464373631346665
  6566336638343939353764623833383733653232373062306264
--- a/ansible/vars/alerta_secret_key.yml
+++ b/ansible/vars/alerta_secret_key.yml
@ -0,0 +1,9 @@
 ---
 alerta_secret_key: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  65373532396564323565326161386132323730396234323465323166666661333537613537613137
  6262333130363835336637313633383561343736663832320a316261623735356630646434383864
  65313564633434306136613936333666646431333530326566356535393465376633363065626533
  3935323633336234360a333030393965623364376233663134363562386463366238616336313163
  32623339373863363737663530663235356134323634386664623833336533653735623937396161
  3431306265383232393762333234333466336533346430333631
--- a/ansible/vars/all.yml
+++ b/ansible/vars/all.yml
@ -0,0 +1,10 @@
 ---
 auth_provider: "keycloak"
 auth_required: "true"
 db_loc: "dokku-postgres-alerta:3306"
 db_name: "alerta"
 db_user: "postgres"
 http_port: "3050"
 keycloak_realm: "Autonomic"
 keycloak_roles: "Worker-Owner"
 keycloak_url: "https://id.autonomic.zone"
--- a/ansible/vars/ansible_become_pass.yml
+++ b/ansible/vars/ansible_become_pass.yml
@ -0,0 +1,8 @@
 ---
 ansible_become_pass: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  34396236353735666531323238656533643465303131663464613162396333313836363630666266
  6539323631656635333864316166633064633366323936610a656137616334313534333635313232
  35323561303763366563316631313638363333393763323935343563303963616334336639386462
  3837383830616637360a373539613630356564363662393836366462666430353439353637303035
  63396633303166343433313439303539313637306637663137313533316531616434
--- a/ansible/vars/db_passwd.yml
+++ b/ansible/vars/db_passwd.yml
@ -0,0 +1,9 @@
 ---
 db_passwd: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  66613866666133643236393137646262346262356564333730656432303766623663656639316135
  6461373238626433343638326564316561623161666563390a323066616336336238643033313765
  35303436643633383637663162643731326130646165363733643833663966306233383339613661
  3234636138633533380a636363383366343834643831626633366366343732663334636632613730
  32653539383834343937346563643539623963383237303036336431346463333262613838356134
  6465386337343037336530646335663533656433306663343261
--- a/ansible/vars/root_db_passwd.yml
+++ b/ansible/vars/root_db_passwd.yml
@ -0,0 +1,9 @@
 ---
 root_db_passwd: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  61623136343461613137323665303834646466636631396538616232663061376439303739633861
  6132323764333365396237303936353431313866383261340a336336313162643363643231656662
  32613561666538633364643066343261636239656637303134396565666536623334616234393837
  6165636634646332330a316130613531346430373163316130363330656532663137373832656237
  63666337303434623465366331336538626536313535393938656232323634316632656636613339
  3330386231353338343236356133393538366337626438613537
--- a/app.json
+++ b/app.json
@ -0,0 +1,5 @@
 {
  "name": "alerta",
  "description": "A tool used to consolidate and de-duplicate alerts from multiple sources for quick ‘at-a-glance’ visualisation",
  "repository": "https://git.autonomic.zone/autonomic-cooperative/alerta"
 }
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1 @@
 ansible==2.9.6
--- a/sbin/encrypt.sh
+++ b/sbin/encrypt.sh
@ -0,0 +1,15 @@
 #!/bin/bash
 set -eu -o pipefail
 # Usage
 # ./encrypt.sh mysecretname mysecretvalue
 declare name="$1"
 declare secret="$2"
 ansible-vault \
  encrypt_string \
  --vault-password-file ansible/.vault.sh \
  --name "$name" \
  "$secret"
		`@ -0,0 +1,2 @@`
							`# The path to our pass credentials store`
							`export PASSWORD_STORE_DIR=$(pwd)/../infrastructure/credentials/password-store`