Bootstrap alerta

2020-04-08 19:45:03 +02:00 · 2020-04-08 19:45:03 +02:00 · 05bf3665a7
commit 05bf3665a7
20 changed files with 222 additions and 0 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,13 @@
+---
+kind: pipeline
+name: default
+steps:
+  - name: Deploy Alerta with Dokku
+    image: appleboy/drone-git-push:0.2.0-linux-amd64
+    settings:
+      remote: ssh://dokku@dokku.autonomic.zone:222/alerta
+      ssh_key:
+        from_secret: drone_deploy_key
+    trigger:
+      branch:
+        - master
--- a/.envrc.sample
+++ b/.envrc.sample
@ -0,0 +1,2 @@
+# The path to our pass credentials store
+export PASSWORD_STORE_DIR=$(pwd)/../infrastructure/credentials/password-store
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.venv
--- a/5
+++ b/5
@ -0,0 +1,5 @@
+WAIT=3
+TIMEOUT=3
+ATTEMPTS=5
+
+/
--- a/5
+++ b/5
@ -0,0 +1,5 @@
+FROM alerta/alerta-web:7.4.4
+
+EXPOSE 8080
+
+COPY . ${WORKDIR}
--- a/README.md
+++ b/README.md
@ -0,0 +1,5 @@
+# alerta
+
+[![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/alerta/status.svg)](https://drone.autonomic.zone/autonomic-cooperative/alerta)
+
+> https://alerta.io/
--- a/ansible/.vault.sh
+++ b/ansible/.vault.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+echo $(pass show hosts/autonomic-dokku/vault/password)
--- a/ansible/post-deploy.yml
+++ b/ansible/post-deploy.yml
@ -0,0 +1,40 @@
+---
+- hosts: all
+  gather_facts: false
+  tasks:
+    - name: Load variables
+      include_vars:
+        dir: "{{ dokku_lib_root }}/data/ansible/alerta/vars/"
+        extensions:
+          - yml
+
+    - name: Set HTTP 80 port proxy
+      dokku_ports:
+        app: alerta
+        mappings:
+          - "http:80:{{ http_port }}"
+        state: present
+
+    - name: Setup LE certificates
+      shell: dokku letsencrypt alerta
+      args:
+        creates: /home/dokku/alerta/letsencrypt/certs
+
+    - name: Setup LE certificates renew cron job
+      shell: dokku letsencrypt:cron-job --add
+      args:
+        creates: /home/dokku/alerta/letsencrypt/cron-job
+
+    - name: Remove automatically configured ports
+      dokku_ports:
+        app: alerta
+        mappings:
+          - "http:8080:8080"
+        state: absent
+
+    - name: Set HTTP 443 port
+      dokku_ports:
+        app: alerta
+        mappings:
+          - "https:443:{{ http_port }}"
+        state: present
--- a/ansible/pre-deploy.yml
+++ b/ansible/pre-deploy.yml
@ -0,0 +1,56 @@
+---
+- hosts: all
+  gather_facts: false
+  tasks:
+    - name: Load variables
+      include_vars:
+        dir: "{{ dokku_lib_root }}/data/ansible/alerta/vars/"
+        extensions:
+          - yml
+
+    - name: "Configure the {{ domain }} domain"
+      dokku_domains:
+        app: alerta
+        domains:
+          - "{{ domain }}"
+        state: present
+
+    - name: Create postgres database
+      shell: "
+        dokku
+        postgres:create
+        alerta
+        --password {{ db_passwd }}
+        --root-password {{ root_db_passwd }}
+      "
+      args:
+        creates: /var/lib/dokku/services/postgres/alerta
+
+    - name: Link postgres database to application
+      dokku_service_link:
+        app: alerta
+        name: alerta
+        service: postgres
+
+    - name: Map application port to free host port
+      dokku_docker_options:
+        app: alerta
+        phase: run
+        options:
+          - "-p 3050:8080"
+
+    - name: Configure the dokku app environment
+      dokku_config:
+        app: alerta
+        restart: false
+        config:
+          ADMIN_KEY: "{{ alerta_admin_key }}"
+          ADMIN_PASSWORD: "{{ alerta_admin_passwd }}"
+          ALLOWED_KEYCLOAK_ROLES: "{{ keycloak_roles }}"
+          AUTH_PROVIDER: "{{ auth_provider }}"
+          AUTH_REQUIRED: "{{ auth_required }}"
+          DATABASE_NAME: "{{ db_name }}"
+          DATABASE_URL: "postgresql://{{ db_user }}:{{ db_passwd }}@{{ db_loc }}/{{ db_name }}"
+          KEYCLOAK_REALM: "{{ keycloak_realm }}"
+          KEYCLOAK_URL: "{{ keycloak_url }}"
+          SECRET_KEY: "{{ alerta_secret_key }}"
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -0,0 +1,6 @@
+---
+- src: dokku_bot.ansible_dokku
+  version: v2020.3.24
+
+- src: https://git.autonomic.zone/autonomic-cooperative/autonomic.gandi/archive/0.0.5.tar.gz
+  name: autonomic.gandi
--- a/ansible/vars/alerta_admin_key.yml
+++ b/ansible/vars/alerta_admin_key.yml
@ -0,0 +1,9 @@
+---
+alerta_admin_key: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  63646336653264643762383534656133316563613837663433303531313064333562303130366162
+  6639613330663839356562303463616538393335636438650a356462663561313961366632653761
+  64326530653339346138373666623430306138623139633061653466643939653032613538646237
+  3832333964306461330a366334383539636431623261666530623739623533356163653535303064
+  39363161326165623936346339313834383561366563356330303963666639353962336565356439
+  6634313338326362353332356132353033396235633335663864
--- a/ansible/vars/alerta_admin_passwd.yml
+++ b/ansible/vars/alerta_admin_passwd.yml
@ -0,0 +1,9 @@
+---
+alerta_admin_passwd: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  38616564643264396163666135656438336266623132393436653734313339323731613638376630
+  6138653434376366623966343930383565363665396132340a356461313738326438373963383738
+  65356263303465366630666366616537316362656639663066616366383962393533393931366535
+  3731333261346631360a356538626235333532353730383439393166323838353964393166376137
+  61613034363765623966656536373135623139323566306665303064343437616464373631346665
+  6566336638343939353764623833383733653232373062306264
--- a/ansible/vars/alerta_secret_key.yml
+++ b/ansible/vars/alerta_secret_key.yml
@ -0,0 +1,9 @@
+---
+alerta_secret_key: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  65373532396564323565326161386132323730396234323465323166666661333537613537613137
+  6262333130363835336637313633383561343736663832320a316261623735356630646434383864
+  65313564633434306136613936333666646431333530326566356535393465376633363065626533
+  3935323633336234360a333030393965623364376233663134363562386463366238616336313163
+  32623339373863363737663530663235356134323634386664623833336533653735623937396161
+  3431306265383232393762333234333466336533346430333631
--- a/ansible/vars/all.yml
+++ b/ansible/vars/all.yml
@ -0,0 +1,10 @@
+---
+auth_provider: "keycloak"
+auth_required: "true"
+db_loc: "dokku-postgres-alerta:3306"
+db_name: "alerta"
+db_user: "postgres"
+http_port: "3050"
+keycloak_realm: "Autonomic"
+keycloak_roles: "Worker-Owner"
+keycloak_url: "https://id.autonomic.zone"
--- a/ansible/vars/ansible_become_pass.yml
+++ b/ansible/vars/ansible_become_pass.yml
@ -0,0 +1,8 @@
+---
+ansible_become_pass: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  34396236353735666531323238656533643465303131663464613162396333313836363630666266
+  6539323631656635333864316166633064633366323936610a656137616334313534333635313232
+  35323561303763366563316631313638363333393763323935343563303963616334336639386462
+  3837383830616637360a373539613630356564363662393836366462666430353439353637303035
+  63396633303166343433313439303539313637306637663137313533316531616434
--- a/ansible/vars/db_passwd.yml
+++ b/ansible/vars/db_passwd.yml
@ -0,0 +1,9 @@
+---
+db_passwd: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  66613866666133643236393137646262346262356564333730656432303766623663656639316135
+  6461373238626433343638326564316561623161666563390a323066616336336238643033313765
+  35303436643633383637663162643731326130646165363733643833663966306233383339613661
+  3234636138633533380a636363383366343834643831626633366366343732663334636632613730
+  32653539383834343937346563643539623963383237303036336431346463333262613838356134
+  6465386337343037336530646335663533656433306663343261
--- a/ansible/vars/root_db_passwd.yml
+++ b/ansible/vars/root_db_passwd.yml
@ -0,0 +1,9 @@
+---
+root_db_passwd: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  61623136343461613137323665303834646466636631396538616232663061376439303739633861
+  6132323764333365396237303936353431313866383261340a336336313162643363643231656662
+  32613561666538633364643066343261636239656637303134396565666536623334616234393837
+  6165636634646332330a316130613531346430373163316130363330656532663137373832656237
+  63666337303434623465366331336538626536313535393938656232323634316632656636613339
+  3330386231353338343236356133393538366337626438613537
--- a/app.json
+++ b/app.json
@ -0,0 +1,5 @@
+{
+  "name": "alerta",
+  "description": "A tool used to consolidate and de-duplicate alerts from multiple sources for quick ‘at-a-glance’ visualisation",
+  "repository": "https://git.autonomic.zone/autonomic-cooperative/alerta"
+}
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1 @@
+ansible==2.9.6
--- a/sbin/encrypt.sh
+++ b/sbin/encrypt.sh
@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+# Usage
+# ./encrypt.sh mysecretname mysecretvalue
+
+declare name="$1"
+declare secret="$2"
+
+ansible-vault \
+  encrypt_string \
+  --vault-password-file ansible/.vault.sh \
+  --name "$name" \
+  "$secret"