Migrate to the new v2 format

2020-04-15 21:35:53 +02:00 · 2020-04-15 21:35:53 +02:00 · 2b0cab6145
commit 2b0cab6145
parent 45c60fa186
39 changed files with 282 additions and 403 deletions
--- a/ansible/.vault.sh
+++ b/ansible/.vault.sh
@ -1,5 +0,0 @@
 #!/bin/bash
 set -eu -o pipefail
 echo $(pass show hosts/autonomic-dokku/vault/password)
--- a/ansible/post-deploy.yml
+++ b/ansible/post-deploy.yml
@ -1,40 +0,0 @@
 ---
 - hosts: all
  gather_facts: false
  tasks:
    - name: Load variables
      include_vars:
        dir: "{{ dokku_lib_root }}/data/ansible/alerta/vars/"
        extensions:
          - yml
    - name: Set HTTP 80 port proxy
      dokku_ports:
        app: alerta
        mappings:
          - "http:80:{{ http_port }}"
        state: present
    - name: Setup LE certificates
      shell: dokku letsencrypt alerta
      args:
        creates: /home/dokku/alerta/letsencrypt/certs
    - name: Setup LE certificates renew cron job
      shell: dokku letsencrypt:cron-job --add
      args:
        creates: /home/dokku/alerta/letsencrypt/cron-job
    - name: Remove automatically configured ports
      dokku_ports:
        app: alerta
        mappings:
          - "http:8080:8080"
        state: absent
    - name: Set HTTP 443 port
      dokku_ports:
        app: alerta
        mappings:
          - "https:443:{{ http_port }}"
        state: present
--- a/ansible/pre-deploy.yml
+++ b/ansible/pre-deploy.yml
@ -1,98 +0,0 @@
 ---
 - hosts: all
  gather_facts: false
  tasks:
    - name: Load variables
      include_vars:
        dir: "{{ dokku_lib_root }}/data/ansible/alerta/vars/"
        extensions:
          - yml
    - name: "Configure the {{ domain }} domain"
      dokku_domains:
        app: alerta
        domains:
          - "{{ domain }}"
        state: present
    - name: Create mongo database
      no_log: true
      shell: "
        dokku
        mongo:create
        alerta
        --password {{ db_passwd }}
        --root-password {{ root_db_passwd }}
      "
      args:
        creates: /var/lib/dokku/services/mongo/alerta
    - name: Link mongo database to application
      dokku_service_link:
        app: alerta
        name: alerta
        service: mongo
    - name: Create application directories
      become: true
      file:
        path: /var/lib/alerta
        state: directory
        owner: dokku
        group: dokku
    - name: Copy over the /web/ configurations
      become: true
      template:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        owner: "{{ docker_user_uid }}"
        group: "{{ docker_user_gid }}"
        mode: 0664
      with_items:
        - src: config.json
          dest: /var/lib/alerta/config.json
    # Note(decentral1se): can't use "template" module here
    # because there are {{ }} jinja markers in this file!
    - name: Copy over email templates
      become: true
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        owner: "{{ docker_user_uid }}"
        group: "{{ docker_user_gid }}"
        mode: 0664
      with_items:
        - src: email.tmpl
          dest: /var/lib/alerta/email.tmpl
    - name: Copy over the /app/ configurations
      become: true
      template:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        owner: root
        group: root
        mode: 0664
      with_items:
        - src: alerta.conf
          dest: /var/lib/alerta/alerta.conf
        - src: alertad.conf
          dest: /var/lib/alerta/alertad.conf
    - name: Specify docker volume mounts
      dokku_storage:
        app: alerta
        mounts:
          - /var/lib/alerta/email.tmpl:/app/email.tmpl
          - /var/lib/alerta/alerta.conf:/app/alerta.conf
          - /var/lib/alerta/alertad.conf:/app/alertad.conf
          - /var/lib/alerta/config.json:/web/config.json
    - name: Configure the dokku app environment
      dokku_config:
        app: alerta
        restart: false
        config:
          SMTP_PASSWORD: "{{ smtp_passwd }}"
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -1,6 +0,0 @@
 ---
 - src: dokku_bot.ansible_dokku
  version: v2020.3.24
 - src: https://git.coop/decentral1se/autonomic.gandi/-/archive/0.0.5/autonomic.gandi-0.0.5.tar.gz
  name: autonomic.gandi
--- a/ansible/templates/alerta.conf
+++ b/ansible/templates/alerta.conf
@ -1,25 +0,0 @@
 [DEFAULT]
 debug = True
 endpoint = http://localhost:8080/api
 key = {{ alerta_cli_api_key }}
 output = json
 sslverify = False
 timezone = Europe/London
 [alerta-mailer]
 amqp_topic = notify
 amqp_url = {{ db_type }}://{{ db_user }}:{{ db_passwd }}@{{ db_loc }}/alerta
 config_file = /app/alerta.conf
 dashboard_url = https://{{ domain }}
 debug = True
 email_type = text
 endpoint = http://localhost:8080/api
 key = {{ alerta_mailer_api_key }}
 mail_from = {{ mail_from }}
 mail_template = /app/email.tmpl
 mail_to = {{ mail_to }}
 skip_mta = False
 smtp_host = {{ smtp_host }}
 smtp_password = {{ smtp_passwd }}
 smtp_port = {{ smtp_port }}
 smtp_starttls = {{ smtp_starttls }}
--- a/ansible/templates/alertad.conf
+++ b/ansible/templates/alertad.conf
@ -1,79 +0,0 @@
 SITE_LOGO_URL = "https://www.coops.tech/images/coops/autonomic"
 DEBUG = True
 SECRET = "{{ alerta_secret_key }}"
 DASHBOARD_URL = "https://{{ domain }}"
 BASE_URL = "/api"
 USE_PROXYFIX = True
 AUTH_REQUIRED = True
 AUTH_PROVIDER = "keycloak"
 ADMIN_USERS = [
    "calix",
    "decentral1se",
    "gunnar",
    "kawaiipunk",
    "naomi",
    "roxie",
    "takkaria"
 ]
 USER_DEFAULT_SCOPES = ["admin"]
 SIGNUP_ENABLED = False
 KEYCLOAK_URL = "{{ keycloak_url }}"
 KEYCLOAK_REALM = "{{ keycloak_realm }}"
 ALLOWED_KEYCLOAK_ROLES = ["{{ keycloak_role }}"]
 OAUTH2_CLIENT_ID = "{{ oauth_client_id }}"
 OAUTH2_CLIENT_SECRET = "{{ oauth_client_secret }}"
 SEVERITY_MAP = {
    "fatal": 0,
    "critical": 1,
    "major": 2,
    "minor": 3,
    "warning": 4,
    "indeterminate": 5,
    "cleared": 5,
    "normal": 5,
    "ok": 5,
    "informational": 6,
    "debug": 7,
    "trace": 8,
    "unknown": 9
 }
 DEFAULT_NORMAL_SEVERITY = "normal"
 DEFAULT_PREVIOUS_SEVERITY = "indeterminate"
 PLUGINS = [
    "alerta-mailer",
    "amqp",
    "blackout",
    "normalise",
    "rocketchat",
 ]
 AMQP_URL = "{{ db_type }}://{{ db_user }}:{{ db_passwd }}@{{ db_loc }}/alerta"
 AMQP_TOPIC = "notify"
 ROCKETCHAT_WEBHOOK_URL = "{{ rocket_chat_webhook_url }}"
 ROCKETCHAT_CHANNEL = "{{ rocket_chat_channel }}"
 ALERTA_USERNAME = "{{ alerta_username }}"
 ICON_EMOJI = "{{ rocket_chat_icon_emoji }}"
 DATABASE_URL = "{{ db_type }}://{{ db_user }}:{{ db_passwd }}@{{ db_loc }}/{{ db_name }}"
 DATABASE_NAME = "{{ db_name }}"
 EMAIL_VERIFICATION = False
 MAIL_FROM = "{{ mail_from }}"
 SMTP_HOST = "{{ smtp_host }}"
 SMTP_PASSWORD = "{{ smtp_passwd }}"
 SMTP_PORT = "{{ smtp_port }}"
 SMTP_STARTTLS = True
 SMTP_USERNAME = "{{ smtp_username }}"
 CORS_ORIGINS = ["*"]
--- a/ansible/vars/alerta_admin_key.yml
+++ b/ansible/vars/alerta_admin_key.yml
@ -1,9 +0,0 @@
 ---
 alerta_admin_key: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  63646336653264643762383534656133316563613837663433303531313064333562303130366162
  6639613330663839356562303463616538393335636438650a356462663561313961366632653761
  64326530653339346138373666623430306138623139633061653466643939653032613538646237
  3832333964306461330a366334383539636431623261666530623739623533356163653535303064
  39363161326165623936346339313834383561366563356330303963666639353962336565356439
  6634313338326362353332356132353033396235633335663864
--- a/ansible/vars/alerta_admin_passwd.yml
+++ b/ansible/vars/alerta_admin_passwd.yml
@ -1,9 +0,0 @@
 ---
 alerta_admin_passwd: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  38616564643264396163666135656438336266623132393436653734313339323731613638376630
  6138653434376366623966343930383565363665396132340a356461313738326438373963383738
  65356263303465366630666366616537316362656639663066616366383962393533393931366535
  3731333261346631360a356538626235333532353730383439393166323838353964393166376137
  61613034363765623966656536373135623139323566306665303064343437616464373631346665
  6566336638343939353764623833383733653232373062306264
--- a/ansible/vars/alerta_cli_api_key.yml
+++ b/ansible/vars/alerta_cli_api_key.yml
@ -1,9 +0,0 @@
 ---
 alerta_cli_api_key: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  31613438623962623730323666633431383066306566653562393663376364373030303233653836
  6664353163646430366436346530653463376464623164310a313965643737646563636263386564
  66383965653138396338383938613134306438643537336531353437643239376135326564623737
  6533666539346337340a333236343064656463383163386230313731343966363064626236336363
  33396463666136613663356135643062666633356435643564353739616661303566363561613966
  3164316364336135363331396363356266373666633731626262
--- a/ansible/vars/alerta_mailer_api_key.yml
+++ b/ansible/vars/alerta_mailer_api_key.yml
@ -1,9 +0,0 @@
 ---
 alerta_mailer_api_key: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  32366665633739636439343636633563616465653864356163386365616635396466656631656537
  3266393861333132336561336236363633616434336462370a623539323664333763356562663934
  62363033646264386137353933313931633637633736333737633066656561343530333938376532
  3231666663376335370a353062633239356364306230356362303962633338333265646238356439
  34663234666334366430323661353030373436363662383063363164366464646632303063646262
  3366653738646438313265316639396636313565633737653335
--- a/ansible/vars/alerta_secret_key.yml
+++ b/ansible/vars/alerta_secret_key.yml
@ -1,9 +0,0 @@
 ---
 alerta_secret_key: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  65373532396564323565326161386132323730396234323465323166666661333537613537613137
  6262333130363835336637313633383561343736663832320a316261623735356630646434383864
  65313564633434306136613936333666646431333530326566356535393465376633363065626533
  3935323633336234360a333030393965623364376233663134363562386463366238616336313163
  32623339373863363737663530663235356134323634386664623833336533653735623937396161
  3431306265383232393762333234333466336533346430333631
--- a/ansible/vars/all.yml
+++ b/ansible/vars/all.yml
@ -1,21 +0,0 @@
 ---
 alerta_username: "alerta"
 db_loc: "dokku-mongo-alerta:27017"
 db_name: "alerta"
 db_type: "mongodb"
 db_user: "alerta"
 docker_user_gid: 0
 docker_user_uid: 2000
 domain: "alerta.autonomic.zone"
 http_port: "8080"
 keycloak_realm: "autonomic"
 keycloak_role: "worker-owner"
 keycloak_url: "https://id.autonomic.zone"
 mail_from: "alerta-noreply@autonomic.zone"
 mail_to: "kaboom@autonomic.zone"
 rocket_chat_channel: "kaboom"
 rocket_chat_icon_emoji: ":rocket:"
 smtp_host: "mail.gandi.net"
 smtp_port: "587"
 smtp_starttls: "True"
 smtp_username: "alerta-noreply"
--- a/ansible/vars/ansible_become_pass.yml
+++ b/ansible/vars/ansible_become_pass.yml
@ -1,8 +0,0 @@
 ---
 ansible_become_pass: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  34396236353735666531323238656533643465303131663464613162396333313836363630666266
  6539323631656635333864316166633064633366323936610a656137616334313534333635313232
  35323561303763366563316631313638363333393763323935343563303963616334336639386462
  3837383830616637360a373539613630356564363662393836366462666430353439353637303035
  63396633303166343433313439303539313637306637663137313533316531616434
--- a/ansible/vars/db_passwd.yml
+++ b/ansible/vars/db_passwd.yml
@ -1,9 +0,0 @@
 ---
 db_passwd: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  66613866666133643236393137646262346262356564333730656432303766623663656639316135
  6461373238626433343638326564316561623161666563390a323066616336336238643033313765
  35303436643633383637663162643731326130646165363733643833663966306233383339613661
  3234636138633533380a636363383366343834643831626633366366343732663334636632613730
  32653539383834343937346563643539623963383237303036336431346463333262613838356134
  6465386337343037336530646335663533656433306663343261
--- a/ansible/vars/oauth_client_id.yml
+++ b/ansible/vars/oauth_client_id.yml
@ -1,8 +0,0 @@
 ---
 oauth_client_id: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  39306264623166643338363663373230373263613139316532343061373434336565393766353566
  3766306664323930366335323936336661346631643835320a653161303439306639376534373530
  66366230353338306464623336363539393064366136346133653163653835333938323137613965
  6261643035373035340a616166636636333730663632356533636561313530613466373635376239
  64623336383365386164393234643463666434613935623164363138653731333766
--- a/ansible/vars/oauth_client_secret.yml
+++ b/ansible/vars/oauth_client_secret.yml
@ -1,9 +0,0 @@
 ---
 oauth_client_secret: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  66376130626633383864663931383235346236613964343930303962633032626339646264643566
  3538393033383630633062323631306563383634643366610a343432633265303137626238393739
  38323230646566623563653037336636636635333435653162373539333036353261333366666466
  3861626564313636350a373938613136336233386437613833383333383565333933303938343766
  63663730316431363133393332306562653164343337303334663933616337343964623033666432
  3665653337373731616231363465383865313136393036393634
--- a/ansible/vars/rocket_chat_webhook_url.yml
+++ b/ansible/vars/rocket_chat_webhook_url.yml
@ -1,12 +0,0 @@
 ---
 rocket_chat_webhook_url: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  65346638303735373565363538386636616432323035313863356162363137323532323239316666
  3731386135653361393734323038356665393164663630390a623632376364633639626338653436
  31333038313138316233343533613061636462313965663764643530626531313738303461373833
  3731656362613761350a616465653534643930393637656238643739383436643836306566636234
  38643236643530623963663331313032396661336264333139356162356537313831373136363665
  36643331663663353766643135336366613638343932343664616161633638393035386537396334
  66626164396636396639396562386231646163366333616461376266316463646632316565333164
  38343431393233633931356537363063383030353965663031633662636533313132393961643730
  62323266373564633863316261363834303762646662333338383730636162366639
--- a/ansible/vars/root_db_passwd.yml
+++ b/ansible/vars/root_db_passwd.yml
@ -1,9 +0,0 @@
 ---
 root_db_passwd: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  61623136343461613137323665303834646466636631396538616232663061376439303739633861
  6132323764333365396237303936353431313866383261340a336336313162643363643231656662
  32613561666538633364643066343261636239656637303134396565666536623334616234393837
  6165636634646332330a316130613531346430373163316130363330656532663137373832656237
  63666337303434623465366331336538626536313535393938656232323634316632656636613339
  3330386231353338343236356133393538366337626438613537
--- a/ansible/vars/smtp_passwd.yml
+++ b/ansible/vars/smtp_passwd.yml
@ -1,8 +0,0 @@
 ---
 smtp_passwd: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  63363435653931383333353934663266336231346465333934303964353435353330303865376361
  3033346166353266663037376164663465306633643530340a383564383038306563633736623430
  64386330303863336539346461653332346233303538613465613363356532376137623439616132
  3563613431363738620a653339633765313564633639383366383236656635353737633031323466
  64393064623139333661633361306531626532613562643465336561303536333632
--- a/app.json
+++ b/app.json
@ -1,5 +0,0 @@
 {
  "name": "alerta",
  "description": "A tool used to consolidate and de-duplicate alerts from multiple sources for quick ‘at-a-glance’ visualisation",
  "repository": "https://git.autonomic.zone/autonomic-cooperative/alerta"
 }
--- a/deploy.d/config.yml
+++ b/deploy.d/config.yml
@ -0,0 +1,58 @@
 ---
 vars:
  alerta_username: "alerta"
  domain: "alerta.autonomic.zone"
  keycloak_realm: "autonomic"
  keycloak_role: "worker-owner"
  keycloak_url: "https://id.autonomic.zone"
  mail_from: "alerta-noreply@autonomic.zone"
  mail_to: "kaboom@autonomic.zone"
  port: "8080"
  rocket_chat_channel: "kaboom"
  rocket_chat_icon_emoji: ":rocket:"
  smtp_host: "mail.gandi.net"
  smtp_port: "587"
  smtp_starttls: "True"
  smtp_username: "alerta-noreply"
 dirs:
  - path: /var/lib/alerta/
 db:
  - type: "mongo"
    passwd: "{{ vault.db_passwd }}"
    root_passwd: "{{ vault.root_db_passwd }}"
 files:
  - src: email.tmpl
    dest: /var/lib/alerta/email.tmpl
    owner: "{{ vars.docker_user_uid }}"
    group: "{{ vars.docker_user_gid }}"
    mode: "664"
 templates:
  - src: config.json
    dest: /var/lib/alerta/config.json
    owner: "{{ vars.docker_user_uid }}"
    group: "{{ vars.docker_user_gid }}"
    mode: "664"
  - src: alerta.conf
    dest: /var/lib/alerta/alerta.conf
    owner: "root"
    group: "root"
    mode: "664"
  - src: alertad.conf
    dest: /var/lib/alerta/alertad.conf
    owner: "root"
    group: "root"
    mode: "664"
 volumes:
  - /var/lib/alerta/email.tmpl:/app/email.tmpl
  - /var/lib/alerta/alerta.conf:/app/alerta.conf
  - /var/lib/alerta/alertad.conf:/app/alertad.conf
  - /var/lib/alerta/config.json:/web/config.json
 env:
  DOKKU_LETSENCRYPT_EMAIL: "helo@autonomic.zone"
  SMTP_PASSWORD: "{{ vault.smtp_passwd }}"
--- a/deploy.d/files/email.tmpl
+++ b/deploy.d/files/email.tmpl
@ -29,6 +29,7 @@ Raw Data
 Comrades! To Arms!
 To acknowledge this alert visit this URL:
 {{ dashboard_url }}/#/alert/{{ alert.id }}
 Generated by {{ program }} on {{ hostname }} at {{ now }}
--- a/deploy.d/plays/predeploy.yml
+++ b/deploy.d/plays/predeploy.yml
@ -0,0 +1,19 @@
 ---
 - name: Get uid/guid of the Docker user
  become: true
  getent:
    database: passwd
    key: docker
    split: ":"
 - name: Prepare docker user information dictionary
  set_fact:
    docker_user_info:
      {
        "docker_user_uid": "{{ getent_passwd['docker'][1] }}",
        "docker_user_gid": "{{ getent_passwd['docker'][2] }}",
      }
 - name: Store docker user uid/guid in config.vars dictionary
  set_fact:
    config: "{{ config | update_vars(docker_user_info) }}"
--- a/deploy.d/templates/alerta.conf
+++ b/deploy.d/templates/alerta.conf
@ -0,0 +1,25 @@
 [DEFAULT]
 debug = True
 endpoint = http://localhost:8080/api
 key = {{ vault.alerta_cli_api_key }}
 output = json
 sslverify = False
 timezone = Europe/London
 [alerta-mailer]
 amqp_topic = notify
 amqp_url = {{ dokku.mogodb_type }}://{{ dokku.mongodb_user }}:{{ vault.db_passwd }}@{{ dokku.mongodb_addr }}/{{ dokku.app }}
 config_file = /app/alerta.conf
 dashboard_url = https://{{ config.vars.domain }}
 debug = True
 email_type = text
 endpoint = http://localhost:8080/api
 key = {{ vault.alerta_mailer_api_key }}
 mail_from = {{ config.vars.mail_from }}
 mail_template = /app/email.tmpl
 mail_to = {{ config.vars.mail_to }}
 skip_mta = False
 smtp_host = {{ config.vars.smtp_host }}
 smtp_password = {{ vault.smtp_passwd }}
 smtp_port = {{ config.vars.smtp_port }}
 smtp_starttls = {{ config.vars.smtp_starttls }}
--- a/deploy.d/templates/alertad.conf
+++ b/deploy.d/templates/alertad.conf
@ -0,0 +1,79 @@
 SITE_LOGO_URL = "https://www.coops.tech/images/coops/autonomic"
 DEBUG = True
 SECRET = "{{ vault.alerta_secret_key }}"
 DASHBOARD_URL = "https://{{ config.vars.domain }}"
 BASE_URL = "/api"
 USE_PROXYFIX = True
 AUTH_REQUIRED = True
 AUTH_PROVIDER = "keycloak"
 ADMIN_USERS = [
    "calix",
    "decentral1se",
    "gunnar",
    "kawaiipunk",
    "naomi",
    "roxie",
    "takkaria"
 ]
 USER_DEFAULT_SCOPES = ["admin"]
 SIGNUP_ENABLED = False
 KEYCLOAK_URL = "{{ config.vars.keycloak_url }}"
 KEYCLOAK_REALM = "{{ config.vars.keycloak_realm }}"
 ALLOWED_KEYCLOAK_ROLES = ["{{ config.vars.keycloak_role }}"]
 OAUTH2_CLIENT_ID = "{{ vault.oauth_client_id }}"
 OAUTH2_CLIENT_SECRET = "{{ vault.oauth_client_secret }}"
 SEVERITY_MAP = {
    "fatal": 0,
    "critical": 1,
    "major": 2,
    "minor": 3,
    "warning": 4,
    "indeterminate": 5,
    "cleared": 5,
    "normal": 5,
    "ok": 5,
    "informational": 6,
    "debug": 7,
    "trace": 8,
    "unknown": 9
 }
 DEFAULT_NORMAL_SEVERITY = "normal"
 DEFAULT_PREVIOUS_SEVERITY = "indeterminate"
 PLUGINS = [
    "alerta-mailer",
    "amqp",
    "blackout",
    "normalise",
    "rocketchat",
 ]
 AMQP_URL = "{{ dokku.mogodb_type }}://{{ dokku.mongodb_user }}:{{ vault.db_passwd }}@{{ dokku.mongodb_addr }}/{{ dokku.app }}"
 AMQP_TOPIC = "notify"
 ROCKETCHAT_WEBHOOK_URL = "{{ vault.rocket_chat_webhook_url }}"
 ROCKETCHAT_CHANNEL = "{{ config.vars.rocket_chat_channel }}"
 ALERTA_USERNAME = "{{ config.vars.alerta_username }}"
 ICON_EMOJI = "{{ config.vars.rocket_chat_icon_emoji }}"
 DATABASE_URL = "{{ dokku.mogodb_type }}://{{ dokku.mongodb_user }}:{{ vault.db_passwd }}@{{ dokku.mongodb_addr }}/{{ dokku.app }}"
 DATABASE_NAME = "{{ dokku.app }}"
 EMAIL_VERIFICATION = False
 MAIL_FROM = "{{ config.vars.mail_from }}"
 SMTP_HOST = "{{ config.vars.smtp_host }}"
 SMTP_PASSWORD = "{{ vault.smtp_passwd }}"
 SMTP_PORT = "{{ config.vars.smtp_port }}"
 SMTP_STARTTLS = True
 SMTP_USERNAME = "{{ config.vars.smtp_username }}"
 CORS_ORIGINS = ["*"]
--- a/deploy.d/templates/config.json
+++ b/deploy.d/templates/config.json
--- a/deploy.d/vault/alerta_admin_key.yml
+++ b/deploy.d/vault/alerta_admin_key.yml
@ -0,0 +1,9 @@
 ---
 alerta_admin_key: !vault |-
  $ANSIBLE_VAULT;1.1;AES256
  34313632666130383832633066396334313136393838313534326264346133336562333633323631
  6566343333353165633537643331616364366566346533640a373965393433393735323237653762
  61373835366162316630646136323665623332373966393061643237386661343463376137623539
  6564623030336638340a316533613863303132366231393434376535383963653165313065653838
  34323239326438616436363864323837366666393564343765643735363233636234343165303432
  3964353761646163633162353761613763323139393664346565
--- a/deploy.d/vault/alerta_admin_passwd.yml
+++ b/deploy.d/vault/alerta_admin_passwd.yml
@ -0,0 +1,9 @@
 ---
 alerta_admin_passwd: !vault |-
  $ANSIBLE_VAULT;1.1;AES256
  61386635613234316466653038313332633565663932353863666263643364363831343633616461
  6238343035613264336666333838333864313064363666340a663839366631396536633966363264
  35306264333563656633313032343937386435666631623738626632323837326262303136343163
  6334633033373830620a626663393737653433633635643662663432333237656632663130626635
  63643039333937353039653439616638613966363362333439613564643333616564373464633365
  3866373639306361323466323537613236316163656636376239
--- a/deploy.d/vault/alerta_cli_api_key.yml
+++ b/deploy.d/vault/alerta_cli_api_key.yml
@ -0,0 +1,9 @@
 ---
 alerta_cli_api_key: !vault |-
  $ANSIBLE_VAULT;1.1;AES256
  33653264303231306632383136363466643237643130633937613862666662636265623931356133
  3966643536623562383737623935366264636339383730650a366563363730653865643839663032
  65333766316637353737636162396666306332616338646233643134356633313033323263616231
  3536366165626336300a336266353539326631376362313263653636376361366463343766636632
  61373235643634346636343466393365633562383433323830373032323633633535333238646435
  3937366335343037383031353130653937333034326332653162
--- a/deploy.d/vault/alerta_mailer_api_key.yml
+++ b/deploy.d/vault/alerta_mailer_api_key.yml
@ -0,0 +1,9 @@
 ---
 alerta_mailer_api_key: !vault |-
  $ANSIBLE_VAULT;1.1;AES256
  62363530353231306463613063633465306633396630333262646461663563383038366565366361
  3237386339393561646261333238303064663139643332390a303363613965323138333931613136
  64306337633064313938366264316636663565616533376330393732363364333061316337386434
  3636666430393436610a656263376133363939386362656439396563383861643638313763383065
  39633366323336383430313032646131313535346261613833636539383832313737613530626331
  3038646333373063363761666337373636346237353365623339
--- a/deploy.d/vault/alerta_secret_key.yml
+++ b/deploy.d/vault/alerta_secret_key.yml
@ -0,0 +1,9 @@
 ---
 alerta_secret_key: !vault |-
  $ANSIBLE_VAULT;1.1;AES256
  63393463393937636330343330663164353035653235656362633435316337313034373535356466
  3734386165306530363336353531326532623266386365620a633831323537656164366261613438
  33303932316233353439646233616566353836376265613835333564326432643439336562376237
  3563336163323138390a633261633661303361353935623637373635326134356437623261343334
  32623861376666306637316466613365656266623364623661383032313461633434343332346636
  6236383965323331313436646463346132626437653361303831
--- a/deploy.d/vault/db_passwd.yml
+++ b/deploy.d/vault/db_passwd.yml
@ -0,0 +1,9 @@
 ---
 db_passwd: !vault |-
  $ANSIBLE_VAULT;1.1;AES256
  62323761346564613537633764396461313935646436633865373463323065396633316666303433
  6435303135663230663862346230613030353838643563350a353739656135346362333030333331
  65666361363638383964323162656232376539343636306235623863333839343932306461373636
  3666623436623730630a653063306138316661333565306433633231346234363764303662386165
  62636638373539656562653838313565393332633765653561623834653563633339346366636461
  3032363032646631346161653932623337343735643138303137
--- a/deploy.d/vault/oauth_client_id.yml
+++ b/deploy.d/vault/oauth_client_id.yml
@ -0,0 +1,8 @@
 ---
 oauth_client_id: !vault |-
  $ANSIBLE_VAULT;1.1;AES256
  61373639333566663566666465376265346266363461353061353866333562636432323731626164
  3966356130323836376264633538333233663463386336650a666561336234353964306339623739
  63326431356561323730346463393336373431383839333764353233333462393338626665383165
  3262666232393361320a646230306666373963633036663261643063366337356365366163636238
  34346235666536643761356635383236336365643839633434333235323930303162
--- a/deploy.d/vault/oauth_client_secret.yml
+++ b/deploy.d/vault/oauth_client_secret.yml
@ -0,0 +1,9 @@
 ---
 oauth_client_secret: !vault |-
  $ANSIBLE_VAULT;1.1;AES256
  33613831323161653934373132316538643564623666346133626165346438356430613061333332
  3661643836343966663739306665663231653833306630330a346565313638626164373038306362
  62373339336662333434343762383062623235346134333531373833346466343338323563353831
  6638303763663333370a653065356266646638313634373431306130363838353738666633393666
  30383933353334313932313637386433373738393765306162666461303663663563373334316236
  6264633331353565643139616436363737633162343037623632
--- a/deploy.d/vault/rocket_chat_webhook_url.yml
+++ b/deploy.d/vault/rocket_chat_webhook_url.yml
@ -0,0 +1,12 @@
 ---
 rocket_chat_webhook_url: !vault |-
  $ANSIBLE_VAULT;1.1;AES256
  36326239336466373635303536363064666165386136393630633435666662313737326561376661
  6666623437383265386137396430326135623138643935340a386461633463616330343630373333
  63633438303032383331613932323235623331326539353561623632663936356562393136303765
  3037613739316630320a613163613863383764613864326664613263373634663738333432326433
  33326232303933313264666537656634313763316430633937396633326133653866353934346463
  65343161356565326264663563313462616136383663386461346135383034353961653362303735
  33666438626338306161376238343365386566326138666639623330316566373561633139313130
  32636166363763636532346663383139383765316533343162353630356264353966636133303434
  30643838346530356534656430363862383364396365353435396232353931653862
--- a/deploy.d/vault/root_db_passwd.yml
+++ b/deploy.d/vault/root_db_passwd.yml
@ -0,0 +1,9 @@
 ---
 root_db_passwd: !vault |-
  $ANSIBLE_VAULT;1.1;AES256
  33343661333761643934323666663537313862626465613763373734613763346663303638663230
  6333343962353439653534646266383039343034646130350a396435636638333936663465623263
  30306266303337366564663333643764386334303733316436363137643465306135633661316466
  3634393864613439650a373965393166323531333338376436366135343736336366343364383834
  66333839343337633666346134396264306334616235363239356130653136336365373763366630
  6366363230663864666266623838383035366462636565663464
--- a/deploy.d/vault/smtp_passwd.yml
+++ b/deploy.d/vault/smtp_passwd.yml
@ -0,0 +1,8 @@
 ---
 smtp_passwd: !vault |-
  $ANSIBLE_VAULT;1.1;AES256
  38356466313262356537666361396462376663393733393433636161613466356431396665386165
  3139303436666663356332663766343931323031623161610a373364356163636335326666653030
  35373366663962363562616631316639376166316438656237386363623461376562643334613262
  6638613730346139370a303637653665653036316430393239633435613664326362663033636530
  61306434636234343333626161303866623461643233366434356635373463313432
--- a/requirements.txt
+++ b/requirements.txt
@ -1 +0,0 @@
 ansible==2.9.6
--- a/sbin/encrypt.sh
+++ b/sbin/encrypt.sh
@ -1,15 +0,0 @@
 #!/bin/bash
 set -eu -o pipefail
 # Usage
 # ./encrypt.sh mysecretname mysecretvalue
 declare name="$1"
 declare secret="$2"
 ansible-vault \
  encrypt_string \
  --vault-password-file ansible/.vault.sh \
  --name "$name" \
  "$secret"