From 2b0cab61452128781d6fa2312a5e1e3956304a2b Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Wed, 15 Apr 2020 21:35:53 +0200 Subject: [PATCH] Migrate to the new v2 format --- ansible/.vault.sh | 5 -- ansible/post-deploy.yml | 40 --------- ansible/pre-deploy.yml | 98 --------------------- ansible/requirements.yml | 6 -- ansible/templates/alerta.conf | 25 ------ ansible/templates/alertad.conf | 79 ----------------- ansible/vars/alerta_admin_key.yml | 9 -- ansible/vars/alerta_admin_passwd.yml | 9 -- ansible/vars/alerta_cli_api_key.yml | 9 -- ansible/vars/alerta_mailer_api_key.yml | 9 -- ansible/vars/alerta_secret_key.yml | 9 -- ansible/vars/all.yml | 21 ----- ansible/vars/ansible_become_pass.yml | 8 -- ansible/vars/db_passwd.yml | 9 -- ansible/vars/oauth_client_id.yml | 8 -- ansible/vars/oauth_client_secret.yml | 9 -- ansible/vars/rocket_chat_webhook_url.yml | 12 --- ansible/vars/root_db_passwd.yml | 9 -- ansible/vars/smtp_passwd.yml | 8 -- app.json | 5 -- deploy.d/config.yml | 58 ++++++++++++ {ansible => deploy.d}/files/email.tmpl | 1 + deploy.d/plays/predeploy.yml | 19 ++++ deploy.d/templates/alerta.conf | 25 ++++++ deploy.d/templates/alertad.conf | 79 +++++++++++++++++ {ansible => deploy.d}/templates/config.json | 0 deploy.d/vault/alerta_admin_key.yml | 9 ++ deploy.d/vault/alerta_admin_passwd.yml | 9 ++ deploy.d/vault/alerta_cli_api_key.yml | 9 ++ deploy.d/vault/alerta_mailer_api_key.yml | 9 ++ deploy.d/vault/alerta_secret_key.yml | 9 ++ deploy.d/vault/db_passwd.yml | 9 ++ deploy.d/vault/oauth_client_id.yml | 8 ++ deploy.d/vault/oauth_client_secret.yml | 9 ++ deploy.d/vault/rocket_chat_webhook_url.yml | 12 +++ deploy.d/vault/root_db_passwd.yml | 9 ++ deploy.d/vault/smtp_passwd.yml | 8 ++ requirements.txt | 1 - sbin/encrypt.sh | 15 ---- 39 files changed, 282 insertions(+), 403 deletions(-) delete mode 100755 ansible/.vault.sh delete mode 100644 ansible/post-deploy.yml delete mode 100644 ansible/pre-deploy.yml delete mode 100644 ansible/requirements.yml delete mode 100644 ansible/templates/alerta.conf delete mode 100644 ansible/templates/alertad.conf delete mode 100644 ansible/vars/alerta_admin_key.yml delete mode 100644 ansible/vars/alerta_admin_passwd.yml delete mode 100644 ansible/vars/alerta_cli_api_key.yml delete mode 100644 ansible/vars/alerta_mailer_api_key.yml delete mode 100644 ansible/vars/alerta_secret_key.yml delete mode 100644 ansible/vars/all.yml delete mode 100644 ansible/vars/ansible_become_pass.yml delete mode 100644 ansible/vars/db_passwd.yml delete mode 100644 ansible/vars/oauth_client_id.yml delete mode 100644 ansible/vars/oauth_client_secret.yml delete mode 100644 ansible/vars/rocket_chat_webhook_url.yml delete mode 100644 ansible/vars/root_db_passwd.yml delete mode 100644 ansible/vars/smtp_passwd.yml delete mode 100644 app.json create mode 100644 deploy.d/config.yml rename {ansible => deploy.d}/files/email.tmpl (99%) create mode 100644 deploy.d/plays/predeploy.yml create mode 100644 deploy.d/templates/alerta.conf create mode 100644 deploy.d/templates/alertad.conf rename {ansible => deploy.d}/templates/config.json (100%) create mode 100644 deploy.d/vault/alerta_admin_key.yml create mode 100644 deploy.d/vault/alerta_admin_passwd.yml create mode 100644 deploy.d/vault/alerta_cli_api_key.yml create mode 100644 deploy.d/vault/alerta_mailer_api_key.yml create mode 100644 deploy.d/vault/alerta_secret_key.yml create mode 100644 deploy.d/vault/db_passwd.yml create mode 100644 deploy.d/vault/oauth_client_id.yml create mode 100644 deploy.d/vault/oauth_client_secret.yml create mode 100644 deploy.d/vault/rocket_chat_webhook_url.yml create mode 100644 deploy.d/vault/root_db_passwd.yml create mode 100644 deploy.d/vault/smtp_passwd.yml delete mode 100644 requirements.txt delete mode 100755 sbin/encrypt.sh diff --git a/ansible/.vault.sh b/ansible/.vault.sh deleted file mode 100755 index 8f30d37..0000000 --- a/ansible/.vault.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -set -eu -o pipefail - -echo $(pass show hosts/autonomic-dokku/vault/password) diff --git a/ansible/post-deploy.yml b/ansible/post-deploy.yml deleted file mode 100644 index 07fbcc3..0000000 --- a/ansible/post-deploy.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- hosts: all - gather_facts: false - tasks: - - name: Load variables - include_vars: - dir: "{{ dokku_lib_root }}/data/ansible/alerta/vars/" - extensions: - - yml - - - name: Set HTTP 80 port proxy - dokku_ports: - app: alerta - mappings: - - "http:80:{{ http_port }}" - state: present - - - name: Setup LE certificates - shell: dokku letsencrypt alerta - args: - creates: /home/dokku/alerta/letsencrypt/certs - - - name: Setup LE certificates renew cron job - shell: dokku letsencrypt:cron-job --add - args: - creates: /home/dokku/alerta/letsencrypt/cron-job - - - name: Remove automatically configured ports - dokku_ports: - app: alerta - mappings: - - "http:8080:8080" - state: absent - - - name: Set HTTP 443 port - dokku_ports: - app: alerta - mappings: - - "https:443:{{ http_port }}" - state: present diff --git a/ansible/pre-deploy.yml b/ansible/pre-deploy.yml deleted file mode 100644 index 23a82d2..0000000 --- a/ansible/pre-deploy.yml +++ /dev/null @@ -1,98 +0,0 @@ ---- -- hosts: all - gather_facts: false - tasks: - - name: Load variables - include_vars: - dir: "{{ dokku_lib_root }}/data/ansible/alerta/vars/" - extensions: - - yml - - - name: "Configure the {{ domain }} domain" - dokku_domains: - app: alerta - domains: - - "{{ domain }}" - state: present - - - name: Create mongo database - no_log: true - shell: " - dokku - mongo:create - alerta - --password {{ db_passwd }} - --root-password {{ root_db_passwd }} - " - args: - creates: /var/lib/dokku/services/mongo/alerta - - - name: Link mongo database to application - dokku_service_link: - app: alerta - name: alerta - service: mongo - - - name: Create application directories - become: true - file: - path: /var/lib/alerta - state: directory - owner: dokku - group: dokku - - - name: Copy over the /web/ configurations - become: true - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "{{ docker_user_uid }}" - group: "{{ docker_user_gid }}" - mode: 0664 - with_items: - - src: config.json - dest: /var/lib/alerta/config.json - - # Note(decentral1se): can't use "template" module here - # because there are {{ }} jinja markers in this file! - - name: Copy over email templates - become: true - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "{{ docker_user_uid }}" - group: "{{ docker_user_gid }}" - mode: 0664 - with_items: - - src: email.tmpl - dest: /var/lib/alerta/email.tmpl - - - name: Copy over the /app/ configurations - become: true - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: 0664 - with_items: - - src: alerta.conf - dest: /var/lib/alerta/alerta.conf - - src: alertad.conf - dest: /var/lib/alerta/alertad.conf - - - name: Specify docker volume mounts - dokku_storage: - app: alerta - mounts: - - /var/lib/alerta/email.tmpl:/app/email.tmpl - - /var/lib/alerta/alerta.conf:/app/alerta.conf - - /var/lib/alerta/alertad.conf:/app/alertad.conf - - /var/lib/alerta/config.json:/web/config.json - - - name: Configure the dokku app environment - dokku_config: - app: alerta - restart: false - config: - SMTP_PASSWORD: "{{ smtp_passwd }}" diff --git a/ansible/requirements.yml b/ansible/requirements.yml deleted file mode 100644 index e2e3214..0000000 --- a/ansible/requirements.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- src: dokku_bot.ansible_dokku - version: v2020.3.24 - -- src: https://git.coop/decentral1se/autonomic.gandi/-/archive/0.0.5/autonomic.gandi-0.0.5.tar.gz - name: autonomic.gandi diff --git a/ansible/templates/alerta.conf b/ansible/templates/alerta.conf deleted file mode 100644 index 5bd594e..0000000 --- a/ansible/templates/alerta.conf +++ /dev/null @@ -1,25 +0,0 @@ -[DEFAULT] -debug = True -endpoint = http://localhost:8080/api -key = {{ alerta_cli_api_key }} -output = json -sslverify = False -timezone = Europe/London - -[alerta-mailer] -amqp_topic = notify -amqp_url = {{ db_type }}://{{ db_user }}:{{ db_passwd }}@{{ db_loc }}/alerta -config_file = /app/alerta.conf -dashboard_url = https://{{ domain }} -debug = True -email_type = text -endpoint = http://localhost:8080/api -key = {{ alerta_mailer_api_key }} -mail_from = {{ mail_from }} -mail_template = /app/email.tmpl -mail_to = {{ mail_to }} -skip_mta = False -smtp_host = {{ smtp_host }} -smtp_password = {{ smtp_passwd }} -smtp_port = {{ smtp_port }} -smtp_starttls = {{ smtp_starttls }} diff --git a/ansible/templates/alertad.conf b/ansible/templates/alertad.conf deleted file mode 100644 index 3339919..0000000 --- a/ansible/templates/alertad.conf +++ /dev/null @@ -1,79 +0,0 @@ -SITE_LOGO_URL = "https://www.coops.tech/images/coops/autonomic" - -DEBUG = True - -SECRET = "{{ alerta_secret_key }}" - -DASHBOARD_URL = "https://{{ domain }}" -BASE_URL = "/api" -USE_PROXYFIX = True - -AUTH_REQUIRED = True -AUTH_PROVIDER = "keycloak" - -ADMIN_USERS = [ - "calix", - "decentral1se", - "gunnar", - "kawaiipunk", - "naomi", - "roxie", - "takkaria" -] -USER_DEFAULT_SCOPES = ["admin"] - -SIGNUP_ENABLED = False - -KEYCLOAK_URL = "{{ keycloak_url }}" -KEYCLOAK_REALM = "{{ keycloak_realm }}" -ALLOWED_KEYCLOAK_ROLES = ["{{ keycloak_role }}"] -OAUTH2_CLIENT_ID = "{{ oauth_client_id }}" -OAUTH2_CLIENT_SECRET = "{{ oauth_client_secret }}" - -SEVERITY_MAP = { - "fatal": 0, - "critical": 1, - "major": 2, - "minor": 3, - "warning": 4, - "indeterminate": 5, - "cleared": 5, - "normal": 5, - "ok": 5, - "informational": 6, - "debug": 7, - "trace": 8, - "unknown": 9 -} - -DEFAULT_NORMAL_SEVERITY = "normal" -DEFAULT_PREVIOUS_SEVERITY = "indeterminate" - -PLUGINS = [ - "alerta-mailer", - "amqp", - "blackout", - "normalise", - "rocketchat", -] - -AMQP_URL = "{{ db_type }}://{{ db_user }}:{{ db_passwd }}@{{ db_loc }}/alerta" -AMQP_TOPIC = "notify" - -ROCKETCHAT_WEBHOOK_URL = "{{ rocket_chat_webhook_url }}" -ROCKETCHAT_CHANNEL = "{{ rocket_chat_channel }}" -ALERTA_USERNAME = "{{ alerta_username }}" -ICON_EMOJI = "{{ rocket_chat_icon_emoji }}" - -DATABASE_URL = "{{ db_type }}://{{ db_user }}:{{ db_passwd }}@{{ db_loc }}/{{ db_name }}" -DATABASE_NAME = "{{ db_name }}" - -EMAIL_VERIFICATION = False -MAIL_FROM = "{{ mail_from }}" -SMTP_HOST = "{{ smtp_host }}" -SMTP_PASSWORD = "{{ smtp_passwd }}" -SMTP_PORT = "{{ smtp_port }}" -SMTP_STARTTLS = True -SMTP_USERNAME = "{{ smtp_username }}" - -CORS_ORIGINS = ["*"] diff --git a/ansible/vars/alerta_admin_key.yml b/ansible/vars/alerta_admin_key.yml deleted file mode 100644 index fceb843..0000000 --- a/ansible/vars/alerta_admin_key.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -alerta_admin_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63646336653264643762383534656133316563613837663433303531313064333562303130366162 - 6639613330663839356562303463616538393335636438650a356462663561313961366632653761 - 64326530653339346138373666623430306138623139633061653466643939653032613538646237 - 3832333964306461330a366334383539636431623261666530623739623533356163653535303064 - 39363161326165623936346339313834383561366563356330303963666639353962336565356439 - 6634313338326362353332356132353033396235633335663864 diff --git a/ansible/vars/alerta_admin_passwd.yml b/ansible/vars/alerta_admin_passwd.yml deleted file mode 100644 index f6232f5..0000000 --- a/ansible/vars/alerta_admin_passwd.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -alerta_admin_passwd: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 38616564643264396163666135656438336266623132393436653734313339323731613638376630 - 6138653434376366623966343930383565363665396132340a356461313738326438373963383738 - 65356263303465366630666366616537316362656639663066616366383962393533393931366535 - 3731333261346631360a356538626235333532353730383439393166323838353964393166376137 - 61613034363765623966656536373135623139323566306665303064343437616464373631346665 - 6566336638343939353764623833383733653232373062306264 diff --git a/ansible/vars/alerta_cli_api_key.yml b/ansible/vars/alerta_cli_api_key.yml deleted file mode 100644 index 4abaca0..0000000 --- a/ansible/vars/alerta_cli_api_key.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -alerta_cli_api_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 31613438623962623730323666633431383066306566653562393663376364373030303233653836 - 6664353163646430366436346530653463376464623164310a313965643737646563636263386564 - 66383965653138396338383938613134306438643537336531353437643239376135326564623737 - 6533666539346337340a333236343064656463383163386230313731343966363064626236336363 - 33396463666136613663356135643062666633356435643564353739616661303566363561613966 - 3164316364336135363331396363356266373666633731626262 diff --git a/ansible/vars/alerta_mailer_api_key.yml b/ansible/vars/alerta_mailer_api_key.yml deleted file mode 100644 index 6d845bd..0000000 --- a/ansible/vars/alerta_mailer_api_key.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -alerta_mailer_api_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 32366665633739636439343636633563616465653864356163386365616635396466656631656537 - 3266393861333132336561336236363633616434336462370a623539323664333763356562663934 - 62363033646264386137353933313931633637633736333737633066656561343530333938376532 - 3231666663376335370a353062633239356364306230356362303962633338333265646238356439 - 34663234666334366430323661353030373436363662383063363164366464646632303063646262 - 3366653738646438313265316639396636313565633737653335 diff --git a/ansible/vars/alerta_secret_key.yml b/ansible/vars/alerta_secret_key.yml deleted file mode 100644 index 319cc8d..0000000 --- a/ansible/vars/alerta_secret_key.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -alerta_secret_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65373532396564323565326161386132323730396234323465323166666661333537613537613137 - 6262333130363835336637313633383561343736663832320a316261623735356630646434383864 - 65313564633434306136613936333666646431333530326566356535393465376633363065626533 - 3935323633336234360a333030393965623364376233663134363562386463366238616336313163 - 32623339373863363737663530663235356134323634386664623833336533653735623937396161 - 3431306265383232393762333234333466336533346430333631 diff --git a/ansible/vars/all.yml b/ansible/vars/all.yml deleted file mode 100644 index 8bd94d8..0000000 --- a/ansible/vars/all.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -alerta_username: "alerta" -db_loc: "dokku-mongo-alerta:27017" -db_name: "alerta" -db_type: "mongodb" -db_user: "alerta" -docker_user_gid: 0 -docker_user_uid: 2000 -domain: "alerta.autonomic.zone" -http_port: "8080" -keycloak_realm: "autonomic" -keycloak_role: "worker-owner" -keycloak_url: "https://id.autonomic.zone" -mail_from: "alerta-noreply@autonomic.zone" -mail_to: "kaboom@autonomic.zone" -rocket_chat_channel: "kaboom" -rocket_chat_icon_emoji: ":rocket:" -smtp_host: "mail.gandi.net" -smtp_port: "587" -smtp_starttls: "True" -smtp_username: "alerta-noreply" diff --git a/ansible/vars/ansible_become_pass.yml b/ansible/vars/ansible_become_pass.yml deleted file mode 100644 index abb21b9..0000000 --- a/ansible/vars/ansible_become_pass.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -ansible_become_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 34396236353735666531323238656533643465303131663464613162396333313836363630666266 - 6539323631656635333864316166633064633366323936610a656137616334313534333635313232 - 35323561303763366563316631313638363333393763323935343563303963616334336639386462 - 3837383830616637360a373539613630356564363662393836366462666430353439353637303035 - 63396633303166343433313439303539313637306637663137313533316531616434 diff --git a/ansible/vars/db_passwd.yml b/ansible/vars/db_passwd.yml deleted file mode 100644 index e45bf78..0000000 --- a/ansible/vars/db_passwd.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -db_passwd: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 66613866666133643236393137646262346262356564333730656432303766623663656639316135 - 6461373238626433343638326564316561623161666563390a323066616336336238643033313765 - 35303436643633383637663162643731326130646165363733643833663966306233383339613661 - 3234636138633533380a636363383366343834643831626633366366343732663334636632613730 - 32653539383834343937346563643539623963383237303036336431346463333262613838356134 - 6465386337343037336530646335663533656433306663343261 diff --git a/ansible/vars/oauth_client_id.yml b/ansible/vars/oauth_client_id.yml deleted file mode 100644 index 6b98ec5..0000000 --- a/ansible/vars/oauth_client_id.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -oauth_client_id: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 39306264623166643338363663373230373263613139316532343061373434336565393766353566 - 3766306664323930366335323936336661346631643835320a653161303439306639376534373530 - 66366230353338306464623336363539393064366136346133653163653835333938323137613965 - 6261643035373035340a616166636636333730663632356533636561313530613466373635376239 - 64623336383365386164393234643463666434613935623164363138653731333766 diff --git a/ansible/vars/oauth_client_secret.yml b/ansible/vars/oauth_client_secret.yml deleted file mode 100644 index 23666d3..0000000 --- a/ansible/vars/oauth_client_secret.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -oauth_client_secret: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 66376130626633383864663931383235346236613964343930303962633032626339646264643566 - 3538393033383630633062323631306563383634643366610a343432633265303137626238393739 - 38323230646566623563653037336636636635333435653162373539333036353261333366666466 - 3861626564313636350a373938613136336233386437613833383333383565333933303938343766 - 63663730316431363133393332306562653164343337303334663933616337343964623033666432 - 3665653337373731616231363465383865313136393036393634 diff --git a/ansible/vars/rocket_chat_webhook_url.yml b/ansible/vars/rocket_chat_webhook_url.yml deleted file mode 100644 index 1812347..0000000 --- a/ansible/vars/rocket_chat_webhook_url.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -rocket_chat_webhook_url: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65346638303735373565363538386636616432323035313863356162363137323532323239316666 - 3731386135653361393734323038356665393164663630390a623632376364633639626338653436 - 31333038313138316233343533613061636462313965663764643530626531313738303461373833 - 3731656362613761350a616465653534643930393637656238643739383436643836306566636234 - 38643236643530623963663331313032396661336264333139356162356537313831373136363665 - 36643331663663353766643135336366613638343932343664616161633638393035386537396334 - 66626164396636396639396562386231646163366333616461376266316463646632316565333164 - 38343431393233633931356537363063383030353965663031633662636533313132393961643730 - 62323266373564633863316261363834303762646662333338383730636162366639 diff --git a/ansible/vars/root_db_passwd.yml b/ansible/vars/root_db_passwd.yml deleted file mode 100644 index 3ccf2c4..0000000 --- a/ansible/vars/root_db_passwd.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -root_db_passwd: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 61623136343461613137323665303834646466636631396538616232663061376439303739633861 - 6132323764333365396237303936353431313866383261340a336336313162643363643231656662 - 32613561666538633364643066343261636239656637303134396565666536623334616234393837 - 6165636634646332330a316130613531346430373163316130363330656532663137373832656237 - 63666337303434623465366331336538626536313535393938656232323634316632656636613339 - 3330386231353338343236356133393538366337626438613537 diff --git a/ansible/vars/smtp_passwd.yml b/ansible/vars/smtp_passwd.yml deleted file mode 100644 index 6badf7d..0000000 --- a/ansible/vars/smtp_passwd.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -smtp_passwd: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63363435653931383333353934663266336231346465333934303964353435353330303865376361 - 3033346166353266663037376164663465306633643530340a383564383038306563633736623430 - 64386330303863336539346461653332346233303538613465613363356532376137623439616132 - 3563613431363738620a653339633765313564633639383366383236656635353737633031323466 - 64393064623139333661633361306531626532613562643465336561303536333632 diff --git a/app.json b/app.json deleted file mode 100644 index 3c03768..0000000 --- a/app.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "name": "alerta", - "description": "A tool used to consolidate and de-duplicate alerts from multiple sources for quick ‘at-a-glance’ visualisation", - "repository": "https://git.autonomic.zone/autonomic-cooperative/alerta" -} diff --git a/deploy.d/config.yml b/deploy.d/config.yml new file mode 100644 index 0000000..2fc47fa --- /dev/null +++ b/deploy.d/config.yml @@ -0,0 +1,58 @@ +--- +vars: + alerta_username: "alerta" + domain: "alerta.autonomic.zone" + keycloak_realm: "autonomic" + keycloak_role: "worker-owner" + keycloak_url: "https://id.autonomic.zone" + mail_from: "alerta-noreply@autonomic.zone" + mail_to: "kaboom@autonomic.zone" + port: "8080" + rocket_chat_channel: "kaboom" + rocket_chat_icon_emoji: ":rocket:" + smtp_host: "mail.gandi.net" + smtp_port: "587" + smtp_starttls: "True" + smtp_username: "alerta-noreply" + +dirs: + - path: /var/lib/alerta/ + +db: + - type: "mongo" + passwd: "{{ vault.db_passwd }}" + root_passwd: "{{ vault.root_db_passwd }}" + +files: + - src: email.tmpl + dest: /var/lib/alerta/email.tmpl + owner: "{{ vars.docker_user_uid }}" + group: "{{ vars.docker_user_gid }}" + mode: "664" + +templates: + - src: config.json + dest: /var/lib/alerta/config.json + owner: "{{ vars.docker_user_uid }}" + group: "{{ vars.docker_user_gid }}" + mode: "664" + - src: alerta.conf + dest: /var/lib/alerta/alerta.conf + owner: "root" + group: "root" + mode: "664" + - src: alertad.conf + dest: /var/lib/alerta/alertad.conf + owner: "root" + group: "root" + mode: "664" + +volumes: + - /var/lib/alerta/email.tmpl:/app/email.tmpl + - /var/lib/alerta/alerta.conf:/app/alerta.conf + - /var/lib/alerta/alertad.conf:/app/alertad.conf + - /var/lib/alerta/config.json:/web/config.json + +env: + DOKKU_LETSENCRYPT_EMAIL: "helo@autonomic.zone" + SMTP_PASSWORD: "{{ vault.smtp_passwd }}" diff --git a/ansible/files/email.tmpl b/deploy.d/files/email.tmpl similarity index 99% rename from ansible/files/email.tmpl rename to deploy.d/files/email.tmpl index 98cdf78..7a8ffa8 100644 --- a/ansible/files/email.tmpl +++ b/deploy.d/files/email.tmpl @@ -29,6 +29,7 @@ Raw Data Comrades! To Arms! To acknowledge this alert visit this URL: + {{ dashboard_url }}/#/alert/{{ alert.id }} Generated by {{ program }} on {{ hostname }} at {{ now }} diff --git a/deploy.d/plays/predeploy.yml b/deploy.d/plays/predeploy.yml new file mode 100644 index 0000000..29b4b8d --- /dev/null +++ b/deploy.d/plays/predeploy.yml @@ -0,0 +1,19 @@ +--- +- name: Get uid/guid of the Docker user + become: true + getent: + database: passwd + key: docker + split: ":" + +- name: Prepare docker user information dictionary + set_fact: + docker_user_info: + { + "docker_user_uid": "{{ getent_passwd['docker'][1] }}", + "docker_user_gid": "{{ getent_passwd['docker'][2] }}", + } + +- name: Store docker user uid/guid in config.vars dictionary + set_fact: + config: "{{ config | update_vars(docker_user_info) }}" diff --git a/deploy.d/templates/alerta.conf b/deploy.d/templates/alerta.conf new file mode 100644 index 0000000..6f78598 --- /dev/null +++ b/deploy.d/templates/alerta.conf @@ -0,0 +1,25 @@ +[DEFAULT] +debug = True +endpoint = http://localhost:8080/api +key = {{ vault.alerta_cli_api_key }} +output = json +sslverify = False +timezone = Europe/London + +[alerta-mailer] +amqp_topic = notify +amqp_url = {{ dokku.mogodb_type }}://{{ dokku.mongodb_user }}:{{ vault.db_passwd }}@{{ dokku.mongodb_addr }}/{{ dokku.app }} +config_file = /app/alerta.conf +dashboard_url = https://{{ config.vars.domain }} +debug = True +email_type = text +endpoint = http://localhost:8080/api +key = {{ vault.alerta_mailer_api_key }} +mail_from = {{ config.vars.mail_from }} +mail_template = /app/email.tmpl +mail_to = {{ config.vars.mail_to }} +skip_mta = False +smtp_host = {{ config.vars.smtp_host }} +smtp_password = {{ vault.smtp_passwd }} +smtp_port = {{ config.vars.smtp_port }} +smtp_starttls = {{ config.vars.smtp_starttls }} diff --git a/deploy.d/templates/alertad.conf b/deploy.d/templates/alertad.conf new file mode 100644 index 0000000..b0bef2a --- /dev/null +++ b/deploy.d/templates/alertad.conf @@ -0,0 +1,79 @@ +SITE_LOGO_URL = "https://www.coops.tech/images/coops/autonomic" + +DEBUG = True + +SECRET = "{{ vault.alerta_secret_key }}" + +DASHBOARD_URL = "https://{{ config.vars.domain }}" +BASE_URL = "/api" +USE_PROXYFIX = True + +AUTH_REQUIRED = True +AUTH_PROVIDER = "keycloak" + +ADMIN_USERS = [ + "calix", + "decentral1se", + "gunnar", + "kawaiipunk", + "naomi", + "roxie", + "takkaria" +] +USER_DEFAULT_SCOPES = ["admin"] + +SIGNUP_ENABLED = False + +KEYCLOAK_URL = "{{ config.vars.keycloak_url }}" +KEYCLOAK_REALM = "{{ config.vars.keycloak_realm }}" +ALLOWED_KEYCLOAK_ROLES = ["{{ config.vars.keycloak_role }}"] +OAUTH2_CLIENT_ID = "{{ vault.oauth_client_id }}" +OAUTH2_CLIENT_SECRET = "{{ vault.oauth_client_secret }}" + +SEVERITY_MAP = { + "fatal": 0, + "critical": 1, + "major": 2, + "minor": 3, + "warning": 4, + "indeterminate": 5, + "cleared": 5, + "normal": 5, + "ok": 5, + "informational": 6, + "debug": 7, + "trace": 8, + "unknown": 9 +} + +DEFAULT_NORMAL_SEVERITY = "normal" +DEFAULT_PREVIOUS_SEVERITY = "indeterminate" + +PLUGINS = [ + "alerta-mailer", + "amqp", + "blackout", + "normalise", + "rocketchat", +] + +AMQP_URL = "{{ dokku.mogodb_type }}://{{ dokku.mongodb_user }}:{{ vault.db_passwd }}@{{ dokku.mongodb_addr }}/{{ dokku.app }}" +AMQP_TOPIC = "notify" + +ROCKETCHAT_WEBHOOK_URL = "{{ vault.rocket_chat_webhook_url }}" +ROCKETCHAT_CHANNEL = "{{ config.vars.rocket_chat_channel }}" +ALERTA_USERNAME = "{{ config.vars.alerta_username }}" +ICON_EMOJI = "{{ config.vars.rocket_chat_icon_emoji }}" + +DATABASE_URL = "{{ dokku.mogodb_type }}://{{ dokku.mongodb_user }}:{{ vault.db_passwd }}@{{ dokku.mongodb_addr }}/{{ dokku.app }}" +DATABASE_NAME = "{{ dokku.app }}" + +EMAIL_VERIFICATION = False +MAIL_FROM = "{{ config.vars.mail_from }}" +SMTP_HOST = "{{ config.vars.smtp_host }}" +SMTP_PASSWORD = "{{ vault.smtp_passwd }}" +SMTP_PORT = "{{ config.vars.smtp_port }}" +SMTP_STARTTLS = True +SMTP_USERNAME = "{{ config.vars.smtp_username }}" + +CORS_ORIGINS = ["*"] diff --git a/ansible/templates/config.json b/deploy.d/templates/config.json similarity index 100% rename from ansible/templates/config.json rename to deploy.d/templates/config.json diff --git a/deploy.d/vault/alerta_admin_key.yml b/deploy.d/vault/alerta_admin_key.yml new file mode 100644 index 0000000..35383c5 --- /dev/null +++ b/deploy.d/vault/alerta_admin_key.yml @@ -0,0 +1,9 @@ +--- +alerta_admin_key: !vault |- + $ANSIBLE_VAULT;1.1;AES256 + 34313632666130383832633066396334313136393838313534326264346133336562333633323631 + 6566343333353165633537643331616364366566346533640a373965393433393735323237653762 + 61373835366162316630646136323665623332373966393061643237386661343463376137623539 + 6564623030336638340a316533613863303132366231393434376535383963653165313065653838 + 34323239326438616436363864323837366666393564343765643735363233636234343165303432 + 3964353761646163633162353761613763323139393664346565 diff --git a/deploy.d/vault/alerta_admin_passwd.yml b/deploy.d/vault/alerta_admin_passwd.yml new file mode 100644 index 0000000..70509b2 --- /dev/null +++ b/deploy.d/vault/alerta_admin_passwd.yml @@ -0,0 +1,9 @@ +--- +alerta_admin_passwd: !vault |- + $ANSIBLE_VAULT;1.1;AES256 + 61386635613234316466653038313332633565663932353863666263643364363831343633616461 + 6238343035613264336666333838333864313064363666340a663839366631396536633966363264 + 35306264333563656633313032343937386435666631623738626632323837326262303136343163 + 6334633033373830620a626663393737653433633635643662663432333237656632663130626635 + 63643039333937353039653439616638613966363362333439613564643333616564373464633365 + 3866373639306361323466323537613236316163656636376239 diff --git a/deploy.d/vault/alerta_cli_api_key.yml b/deploy.d/vault/alerta_cli_api_key.yml new file mode 100644 index 0000000..24341ce --- /dev/null +++ b/deploy.d/vault/alerta_cli_api_key.yml @@ -0,0 +1,9 @@ +--- +alerta_cli_api_key: !vault |- + $ANSIBLE_VAULT;1.1;AES256 + 33653264303231306632383136363466643237643130633937613862666662636265623931356133 + 3966643536623562383737623935366264636339383730650a366563363730653865643839663032 + 65333766316637353737636162396666306332616338646233643134356633313033323263616231 + 3536366165626336300a336266353539326631376362313263653636376361366463343766636632 + 61373235643634346636343466393365633562383433323830373032323633633535333238646435 + 3937366335343037383031353130653937333034326332653162 diff --git a/deploy.d/vault/alerta_mailer_api_key.yml b/deploy.d/vault/alerta_mailer_api_key.yml new file mode 100644 index 0000000..865731f --- /dev/null +++ b/deploy.d/vault/alerta_mailer_api_key.yml @@ -0,0 +1,9 @@ +--- +alerta_mailer_api_key: !vault |- + $ANSIBLE_VAULT;1.1;AES256 + 62363530353231306463613063633465306633396630333262646461663563383038366565366361 + 3237386339393561646261333238303064663139643332390a303363613965323138333931613136 + 64306337633064313938366264316636663565616533376330393732363364333061316337386434 + 3636666430393436610a656263376133363939386362656439396563383861643638313763383065 + 39633366323336383430313032646131313535346261613833636539383832313737613530626331 + 3038646333373063363761666337373636346237353365623339 diff --git a/deploy.d/vault/alerta_secret_key.yml b/deploy.d/vault/alerta_secret_key.yml new file mode 100644 index 0000000..0787248 --- /dev/null +++ b/deploy.d/vault/alerta_secret_key.yml @@ -0,0 +1,9 @@ +--- +alerta_secret_key: !vault |- + $ANSIBLE_VAULT;1.1;AES256 + 63393463393937636330343330663164353035653235656362633435316337313034373535356466 + 3734386165306530363336353531326532623266386365620a633831323537656164366261613438 + 33303932316233353439646233616566353836376265613835333564326432643439336562376237 + 3563336163323138390a633261633661303361353935623637373635326134356437623261343334 + 32623861376666306637316466613365656266623364623661383032313461633434343332346636 + 6236383965323331313436646463346132626437653361303831 diff --git a/deploy.d/vault/db_passwd.yml b/deploy.d/vault/db_passwd.yml new file mode 100644 index 0000000..360f81e --- /dev/null +++ b/deploy.d/vault/db_passwd.yml @@ -0,0 +1,9 @@ +--- +db_passwd: !vault |- + $ANSIBLE_VAULT;1.1;AES256 + 62323761346564613537633764396461313935646436633865373463323065396633316666303433 + 6435303135663230663862346230613030353838643563350a353739656135346362333030333331 + 65666361363638383964323162656232376539343636306235623863333839343932306461373636 + 3666623436623730630a653063306138316661333565306433633231346234363764303662386165 + 62636638373539656562653838313565393332633765653561623834653563633339346366636461 + 3032363032646631346161653932623337343735643138303137 diff --git a/deploy.d/vault/oauth_client_id.yml b/deploy.d/vault/oauth_client_id.yml new file mode 100644 index 0000000..d52748f --- /dev/null +++ b/deploy.d/vault/oauth_client_id.yml @@ -0,0 +1,8 @@ +--- +oauth_client_id: !vault |- + $ANSIBLE_VAULT;1.1;AES256 + 61373639333566663566666465376265346266363461353061353866333562636432323731626164 + 3966356130323836376264633538333233663463386336650a666561336234353964306339623739 + 63326431356561323730346463393336373431383839333764353233333462393338626665383165 + 3262666232393361320a646230306666373963633036663261643063366337356365366163636238 + 34346235666536643761356635383236336365643839633434333235323930303162 diff --git a/deploy.d/vault/oauth_client_secret.yml b/deploy.d/vault/oauth_client_secret.yml new file mode 100644 index 0000000..7b116bf --- /dev/null +++ b/deploy.d/vault/oauth_client_secret.yml @@ -0,0 +1,9 @@ +--- +oauth_client_secret: !vault |- + $ANSIBLE_VAULT;1.1;AES256 + 33613831323161653934373132316538643564623666346133626165346438356430613061333332 + 3661643836343966663739306665663231653833306630330a346565313638626164373038306362 + 62373339336662333434343762383062623235346134333531373833346466343338323563353831 + 6638303763663333370a653065356266646638313634373431306130363838353738666633393666 + 30383933353334313932313637386433373738393765306162666461303663663563373334316236 + 6264633331353565643139616436363737633162343037623632 diff --git a/deploy.d/vault/rocket_chat_webhook_url.yml b/deploy.d/vault/rocket_chat_webhook_url.yml new file mode 100644 index 0000000..87747b8 --- /dev/null +++ b/deploy.d/vault/rocket_chat_webhook_url.yml @@ -0,0 +1,12 @@ +--- +rocket_chat_webhook_url: !vault |- + $ANSIBLE_VAULT;1.1;AES256 + 36326239336466373635303536363064666165386136393630633435666662313737326561376661 + 6666623437383265386137396430326135623138643935340a386461633463616330343630373333 + 63633438303032383331613932323235623331326539353561623632663936356562393136303765 + 3037613739316630320a613163613863383764613864326664613263373634663738333432326433 + 33326232303933313264666537656634313763316430633937396633326133653866353934346463 + 65343161356565326264663563313462616136383663386461346135383034353961653362303735 + 33666438626338306161376238343365386566326138666639623330316566373561633139313130 + 32636166363763636532346663383139383765316533343162353630356264353966636133303434 + 30643838346530356534656430363862383364396365353435396232353931653862 diff --git a/deploy.d/vault/root_db_passwd.yml b/deploy.d/vault/root_db_passwd.yml new file mode 100644 index 0000000..18907fa --- /dev/null +++ b/deploy.d/vault/root_db_passwd.yml @@ -0,0 +1,9 @@ +--- +root_db_passwd: !vault |- + $ANSIBLE_VAULT;1.1;AES256 + 33343661333761643934323666663537313862626465613763373734613763346663303638663230 + 6333343962353439653534646266383039343034646130350a396435636638333936663465623263 + 30306266303337366564663333643764386334303733316436363137643465306135633661316466 + 3634393864613439650a373965393166323531333338376436366135343736336366343364383834 + 66333839343337633666346134396264306334616235363239356130653136336365373763366630 + 6366363230663864666266623838383035366462636565663464 diff --git a/deploy.d/vault/smtp_passwd.yml b/deploy.d/vault/smtp_passwd.yml new file mode 100644 index 0000000..a42ae25 --- /dev/null +++ b/deploy.d/vault/smtp_passwd.yml @@ -0,0 +1,8 @@ +--- +smtp_passwd: !vault |- + $ANSIBLE_VAULT;1.1;AES256 + 38356466313262356537666361396462376663393733393433636161613466356431396665386165 + 3139303436666663356332663766343931323031623161610a373364356163636335326666653030 + 35373366663962363562616631316639376166316438656237386363623461376562643334613262 + 6638613730346139370a303637653665653036316430393239633435613664326362663033636530 + 61306434636234343333626161303866623461643233366434356635373463313432 diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 130e91f..0000000 --- a/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -ansible==2.9.6 diff --git a/sbin/encrypt.sh b/sbin/encrypt.sh deleted file mode 100755 index d328761..0000000 --- a/sbin/encrypt.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -set -eu -o pipefail - -# Usage -# ./encrypt.sh mysecretname mysecretvalue - -declare name="$1" -declare secret="$2" - -ansible-vault \ - encrypt_string \ - --vault-password-file ansible/.vault.sh \ - --name "$name" \ - "$secret"