From c3588e40fff758abfed0552827c9020396a5f7ea Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Fri, 10 Apr 2020 12:18:53 +0200
Subject: [PATCH] Finalize role based on docker images and behind an apache
reverse proxy
---
defaults/main.yml | 3 -
handlers/main.yml | 20 +--
meta/main.yml | 5 +-
tasks/alerta.yml | 168 +++++--------------
tasks/apache.yml | 33 ++++
tasks/main.yml | 13 ++
templates/api/Dockerfile | 10 ++
templates/{ => api}/alerta.conf | 0
templates/{ => api}/alertad.conf | 3 +-
templates/docker-compose.yml | 38 ++++-
templates/{ => plugins}/elastalert/plugin.py | 0
templates/{ => plugins}/elastalert/setup.py | 2 +-
templates/{ => plugins}/gitlab/plugin.py | 0
templates/{ => plugins}/gitlab/setup.py | 2 +-
templates/vhost.conf | 47 ++----
templates/webui/.env | 1 +
templates/webui/Dockerfile | 18 ++
templates/{ => webui}/config.json | 0
templates/webui/nginx.conf | 30 ++++
19 files changed, 205 insertions(+), 188 deletions(-)
delete mode 100644 defaults/main.yml
create mode 100644 tasks/apache.yml
create mode 100644 templates/api/Dockerfile
rename templates/{ => api}/alerta.conf (100%)
rename templates/{ => api}/alertad.conf (85%)
rename templates/{ => plugins}/elastalert/plugin.py (100%)
rename templates/{ => plugins}/elastalert/setup.py (95%)
rename templates/{ => plugins}/gitlab/plugin.py (100%)
rename templates/{ => plugins}/gitlab/setup.py (95%)
create mode 100644 templates/webui/.env
create mode 100644 templates/webui/Dockerfile
rename templates/{ => webui}/config.json (100%)
create mode 100644 templates/webui/nginx.conf
diff --git a/defaults/main.yml b/defaults/main.yml
deleted file mode 100644
index 0e8cadf..0000000
--- a/defaults/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-
-alerta_ui_version: 7.0.1
diff --git a/handlers/main.yml b/handlers/main.yml
index 4aece8a..39a23dc 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,18 +1,6 @@
---
-- name: Restart uwsgi
- service:
- name: uwsgi
- state: restarted
-
-- name: Re-create the alerta ui container
- docker_container:
- name: alerta-beta
- image: alerta/alerta-beta
- state: started
- recreate: yes
- restart_policy: always
- published_ports:
- - 8999:80
- volumes:
- - /var/www/alerta/config.json:/usr/share/nginx/html/config.json
+- name: Re-create Docker Network and Containers
+ docker_compose:
+ project_src: /opt/alerta
+ build: yes
diff --git a/meta/main.yml b/meta/main.yml
index 5d68df9..9423155 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -12,5 +12,6 @@ galaxy_info:
- 16
- 18
dependencies:
- - { role: mongodb }
- - { role: nginx }
+ - role: apache
+ - role: docker
+ - role: letsencrypt
diff --git a/tasks/alerta.yml b/tasks/alerta.yml
index 8547c43..11bbeec 100644
--- a/tasks/alerta.yml
+++ b/tasks/alerta.yml
@@ -1,161 +1,75 @@
---
# file: roles/alerta/tasks/alerta.yml
-- name: Ensure packages
- apt:
- pkg: '{{ packages }}'
- state: present
- vars:
- packages:
- - python-pip
- - python-dev
- - python3-dev
- - libpq-dev
-
-- name: Ensure PIP packages
- pip:
- name: '{{ packages }}'
- state: present
- vars:
- packages:
- - alerta-server
- - alerta
- - uwsgi
- - python-gitlab
-
-- name: Remove directories for web UI
- file:
- path: '{{ item }}'
- state: absent
- with_items:
- - /var/www/alerta
- - /tmp/angular-alerta-webui-master
-
-- name: Ensure directory for web UI
+- name: Ensure directory
file:
path: '{{ item }}'
- state: absent
+ state: directory
with_items:
- - /var/www/alerta
-
-#- name: Download and extract web UI
-# unarchive:
-# src: 'https://github.com/alerta/angular-alerta-webui/archive/v{{ alerta_ui_version }}.zip'
-# dest: /tmp
-# remote_src: yes
-
-#- name: Move new web UI
-# command: mv /tmp/angular-alerta-webui-{{ alerta_ui_version }}/app /var/www/alerta
-# args:
-# creates: /var/www/alerta
-# removes: /tmp/angular-alerta-webui-{{ alerta_ui_version }}/app
-
-- name: Copy wsgi.py
- template:
- src: wsgi.py
- dest: /var/www/alerta/wsgi.py
-
-- name: Copy uwsgi.ini
- template:
- src: uwsgi.ini
- dest: /etc/uwsgi.ini
-
-- name: Copy uwsgi.service
- template:
- src: uwsgi.service
- dest: /etc/systemd/system/uwsgi.service
-
-- name: Prepare uwsgi for autostart
- systemd:
- name: uwsgi
- state: restarted
- enabled: yes
- daemon_reload: yes
-
-- name: Copy nginx default config
- template:
- src: nginx.default
- dest: /etc/nginx/sites-available/default
- notify:
- - Restart nginx
+ - /opt/alerta/api/plugins
+ - /opt/alerta/webui
-- name: Copy config.js
+- name: Copy Alerta config files
template:
src: '{{ item }}'
- dest: /var/www/alerta/{{ item }}
+ dest: /opt/alerta/{{ item }}
with_items:
- - config.js
- - config.json
+ - docker-compose.yml
+ notify:
+ - Re-create Docker Network and Containers
-- name: Copy alertad.conf
+- name: Copy API config files
template:
- src: alertad.conf
- dest: /etc/alertad.conf
+ src: api/{{ item }}
+ dest: /opt/alerta/api/{{ item }}
+ with_items:
+ - alerta.conf
+ - alertad.conf
+ - Dockerfile
notify:
- - Restart uwsgi
+ - Re-create Docker Network and Containers
-- name: Configure root CLI
+- name: Copy Web UI config files
template:
- src: alerta.conf
- dest: /root/.alerta.conf
-
-- name: Configure crontabs
- cron:
- name: '{{ item.name }}'
- minute: '{{ item.minute }}'
- job: '{{ item.job }} >/dev/null 2>&1'
- disabled: '{{ crons_disabled|default(false) }}'
+ src: webui/{{ item }}
+ dest: /opt/alerta/webui/{{ item }}
with_items:
- - name: Heartbeats to Alert
- minute: '*/3'
- job: /usr/local/bin/alerta heartbeats --alert
- - name: Alerta Housekeeping
- minute: 0
- job: /usr/local/bin/alerta housekeeping
- tags:
- - cron
+ - .env
+ - config.json
+ - nginx.conf
+ - Dockerfile
+ notify:
+ - Re-create Docker Network and Containers
- name: Copy plugins
template:
- src: '{{ item }}/plugin.py'
- dest: /tmp/alerta_{{ item }}.py
+ src: plugins/{{ item }}/plugin.py
+ dest: /opt/alerta/api/plugins/alerta_{{ item }}.py
with_items:
- elastalert
- gitlab
- tags:
- - plugin
+ notify:
+ - Re-create Docker Network and Containers
- name: Copy plugin setups
template:
- src: '{{ item }}/setup.py'
- dest: /tmp/setup_alerta_{{ item }}.py
- with_items:
- - elastalert
- - gitlab
- tags:
- - plugin
-
-- name: Install plugins
- command: python3 setup_alerta_{{ item }}.py install
- args:
- chdir: /tmp
+ src: plugins/{{ item }}/setup.py
+ dest: /opt/alerta/api/plugins/setup_alerta_{{ item }}.py
with_items:
- elastalert
- gitlab
- tags:
- - plugin
-
-- name: Copy favicon.ico
- copy:
- src: '{{ inventory_dir }}/files/favicon.ico'
- dest: /var/www/alerta/favicon.ico
+ notify:
+ - Re-create Docker Network and Containers
- name: Pull docker image
docker_image:
- name: alerta/alerta-beta
+ name: "{{ item }}"
source: pull
force_source: yes
+ with_items:
+ - alerta/alerta-web
+ - node:lts-alpine
+ - nginx:stable-alpine
+ - postgres
notify:
- - Re-create the alerta ui container
- tags:
- - ui
+ - Re-create Docker Network and Containers
diff --git a/tasks/apache.yml b/tasks/apache.yml
new file mode 100644
index 0000000..fa42eff
--- /dev/null
+++ b/tasks/apache.yml
@@ -0,0 +1,33 @@
+---
+# file: roles/alerta/tasks/apache.yml
+
+- name: Set facts
+ set_fact:
+ apacheUser: www-data
+
+- name: Apache Modules
+ apache2_module:
+ state: present
+ name: '{{ item }}'
+ with_items:
+ - proxy
+ - proxy_http
+ notify:
+ - Restart Apache
+
+- name: Apache Configuration File
+ template:
+ src: vhost.conf
+ dest: /etc/apache2/sites-available/alerta{{ apache_conf_ext }}
+ owner: root
+ group: root
+ mode: 0664
+ notify:
+ - Restart Apache
+
+- name: Apache enable site
+ command: a2ensite alerta
+ args:
+ creates: /etc/apache2/sites-enabled/alerta{{ apache_conf_ext }}
+ notify:
+ - Restart Apache
diff --git a/tasks/main.yml b/tasks/main.yml
index 2fa34e8..38031ad 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -12,6 +12,19 @@
- always
- block:
+ - name: Install Certs
+ include_tasks: ../../letsencrypt/tasks/cert.yml
+ with_items: '{{ alerta_settings|default([]) }}'
+ loop_control:
+ loop_var: domain
+ when: domain.protocol|default("https") == "https" and domain.letsencrypt|default(true)
+
+ when: (not excluded_roles or "letsencrypt" not in excluded_roles) and groups.proxyserver is not defined
+
+- block:
+
+ - name: Import apache
+ import_tasks: apache.yml
- name: Import alerta
import_tasks: alerta.yml
diff --git a/templates/api/Dockerfile b/templates/api/Dockerfile
new file mode 100644
index 0000000..b85cd06
--- /dev/null
+++ b/templates/api/Dockerfile
@@ -0,0 +1,10 @@
+FROM alerta/alerta-web
+
+USER root
+COPY ./plugins/*.py /tmp/plugins/
+RUN /venv/bin/pip install python-gitlab && \
+ /venv/bin/python3 /tmp/plugins/setup_alerta_gitlab.py install && \
+ /venv/bin/python3 /tmp/plugins/setup_alerta_elastalert.py install && \
+ echo "Done"
+
+USER 1001
diff --git a/templates/alerta.conf b/templates/api/alerta.conf
similarity index 100%
rename from templates/alerta.conf
rename to templates/api/alerta.conf
diff --git a/templates/alertad.conf b/templates/api/alertad.conf
similarity index 85%
rename from templates/alertad.conf
rename to templates/api/alertad.conf
index fafcda8..2034192 100644
--- a/templates/alertad.conf
+++ b/templates/api/alertad.conf
@@ -1,4 +1,5 @@
BASE_URL='https://{{ alerta_domain }}/api'
+USE_PROXYFIX=True
AUTH_REQUIRED=True
AUTH_PROVIDER='gitlab'
SECRET_KEY='{{ alerta_secret_key }}'
@@ -12,7 +13,7 @@ OAUTH2_CLIENT_SECRET='{{ alerta_gitlab.client_secret }}'
ALLOWED_GITLAB_GROUPS=['{{ alerta_environments|join("','") }}']
# Plugins
-PLUGINS=['reject','gitlab','elastalert']
+PLUGINS=['reject','blackout','normalise','enhance','gitlab','elastalert']
ORIGIN_BLACKLIST=[]
ALLOWED_ENVIRONMENTS=['{{ alerta_environments|join("','") }}']
ACTIONS = ['createIssue']
diff --git a/templates/docker-compose.yml b/templates/docker-compose.yml
index 2f64c98..8b9de03 100644
--- a/templates/docker-compose.yml
+++ b/templates/docker-compose.yml
@@ -1,20 +1,35 @@
-version: '2.1'
+version: '3.7'
services:
- web:
- image: alerta/alerta-web
+ webui:
+ build:
+ context: webui
+ ports:
+ - "8092:80"
+ depends_on:
+ - api
+ networks:
+ net:
+ aliases:
+ - web
+ restart: always
+ api:
+ build:
+ context: api
ports:
- "8091:8080"
depends_on:
- db
volumes:
- - ./config/alerta.conf:/app/alerta.conf
- - ./config/alertad.conf:/app/alertad.conf
- - ./config/config.json:/web/config.json
- - ./plugins/gitlab.py:/venv/lib/python3.7/site-packages/alerta/plugins/gitlab.py
+ - ./api/alerta.conf:/app/alerta.conf
+ - ./api/alertad.conf:/app/alertad.conf
environment:
- DATABASE_URL=postgres://postgres:postgres@db:5432/monitoring
- - BASE_URL=https://alerta.lakedrops.com/api
+ - BASE_URL=https://{{ alerta_domain }}/api
- ALERTA_CONF_FILE=/app/alerta.conf
+ networks:
+ net:
+ aliases:
+ - api
restart: always
db:
image: postgres
@@ -24,4 +39,11 @@ services:
POSTGRES_DB: monitoring
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
+ networks:
+ net:
+ aliases:
+ - db
restart: always
+
+networks:
+ net: {}
diff --git a/templates/elastalert/plugin.py b/templates/plugins/elastalert/plugin.py
similarity index 100%
rename from templates/elastalert/plugin.py
rename to templates/plugins/elastalert/plugin.py
diff --git a/templates/elastalert/setup.py b/templates/plugins/elastalert/setup.py
similarity index 95%
rename from templates/elastalert/setup.py
rename to templates/plugins/elastalert/setup.py
index b7fd2fa..fe868b1 100644
--- a/templates/elastalert/setup.py
+++ b/templates/plugins/elastalert/setup.py
@@ -9,7 +9,7 @@ setup(
description='LakeDrops Alerta plugin for incoming alerts from Elastalert',
url='https://gitlab.lakedrops.com/ansible-roles/alerta',
license='MIT',
- author='Jürgen Haas',
+ author='Juergen Haas',
author_email='juergen.haas@lakedrops.com',
packages=find_packages(),
py_modules=['alerta_elastalert'],
diff --git a/templates/gitlab/plugin.py b/templates/plugins/gitlab/plugin.py
similarity index 100%
rename from templates/gitlab/plugin.py
rename to templates/plugins/gitlab/plugin.py
diff --git a/templates/gitlab/setup.py b/templates/plugins/gitlab/setup.py
similarity index 95%
rename from templates/gitlab/setup.py
rename to templates/plugins/gitlab/setup.py
index 7988d32..782e996 100644
--- a/templates/gitlab/setup.py
+++ b/templates/plugins/gitlab/setup.py
@@ -9,7 +9,7 @@ setup(
description='LakeDrops Alerta plugin for GitLab Issues',
url='https://gitlab.lakedrops.com/ansible-roles/alerta',
license='MIT',
- author='Jürgen Haas',
+ author='Juergen Haas',
author_email='juergen.haas@lakedrops.com',
packages=find_packages(),
py_modules=['alerta_gitlab'],
diff --git a/templates/vhost.conf b/templates/vhost.conf
index 0461099..2d466e1 100644
--- a/templates/vhost.conf
+++ b/templates/vhost.conf
@@ -2,59 +2,48 @@
Include /etc/apache2/conf-available/global-redirect.conf
ServerAdmin webmaster@paragon-es.de
- ServerName alerta.lakedrops.com
+ ServerName {{ alerta_domain }}
Include /etc/apache2/conf-available/redirect-ssl.conf
Include /etc/apache2/conf-available/letsencrypt-redirect.conf
- ErrorLog ${APACHE_LOG_DIR}/alerta.lakedrops.com-error.log
+ ErrorLog ${APACHE_LOG_DIR}/{{ alerta_domain }}-error.log
LogLevel warn
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
- CustomLog ${APACHE_LOG_DIR}/alerta.lakedrops.com-access.log combined env=!forwarded
- CustomLog ${APACHE_LOG_DIR}/alerta.lakedrops.com-access.log proxy env=forwarded
+ CustomLog ${APACHE_LOG_DIR}/{{ alerta_domain }}-access.log combined env=!forwarded
+ CustomLog ${APACHE_LOG_DIR}/{{ alerta_domain }}-access.log proxy env=forwarded
</VirtualHost>
<VirtualHost *:443>
Include /etc/apache2/conf-available/global-redirect.conf
ServerAdmin webmaster@paragon-es.de
- ServerName alerta.lakedrops.com
+ ServerName {{ alerta_domain }}
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
- FileETag None
- Header unset ETag
- Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
- Header set Pragma "no-cache"
- Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
-
- RequestHeader set Host alerta.lakedrops.com
- RequestHeader set X_FORWARDED_PROTO 'https'
- RequestHeader set X-Forwarded-Ssl on
- RequestHeader set X-Forwarded-For alerta.lakedrops.com
-
DocumentRoot /var/www/html
<Proxy *>
Include /etc/apache2/conf-available/global-deny.conf
</Proxy>
- RewriteEngine on
- RewriteCond ${HTTP:Upgrade} websocket [NC]
- RewriteCond ${HTTP:Connection} upgrade [NC]
- RewriteRule .* "wss:/localhost:8091/$1" [P,L]
-
- ProxyPass / http://localhost:8091/
- ProxyPassReverse / http://localhost:8091/
ProxyPreserveHost On
+ ProxyRequests Off
+
+ ProxyPass /web http://127.0.0.1:8092/
+ ProxyPassReverse /web http://127.0.0.1:8092/
+
+ ProxyPass /api http://127.0.0.1:8091/api
+ ProxyPassReverse /api http://127.0.0.1:8091/api
- ErrorLog ${APACHE_LOG_DIR}/alerta.lakedrops.com-error.log
+ ErrorLog ${APACHE_LOG_DIR}/{{ alerta_domain }}-error.log
LogLevel warn
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
- CustomLog ${APACHE_LOG_DIR}/alerta.lakedrops.com-access.log combined env=!forwarded
- CustomLog ${APACHE_LOG_DIR}/alerta.lakedrops.com-access.log proxy env=forwarded
+ CustomLog ${APACHE_LOG_DIR}/{{ alerta_domain }}-access.log combined env=!forwarded
+ CustomLog ${APACHE_LOG_DIR}/{{ alerta_domain }}-access.log proxy env=forwarded
<IfModule mod_expires.c>
ExpiresActive On
@@ -72,7 +61,7 @@
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
- SSLCertificateFile /etc/letsencrypt/live/alerta.lakedrops.com/cert.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/alerta.lakedrops.com/privkey.pem
- SSLCertificateChainFile /etc/letsencrypt/live/alerta.lakedrops.com/chain.pem
+ SSLCertificateFile /etc/letsencrypt/live/{{ alerta_domain }}/cert.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/{{ alerta_domain }}/privkey.pem
+ SSLCertificateChainFile /etc/letsencrypt/live/{{ alerta_domain }}/chain.pem
</VirtualHost>
diff --git a/templates/webui/.env b/templates/webui/.env
new file mode 100644
index 0000000..3856e07
--- /dev/null
+++ b/templates/webui/.env
@@ -0,0 +1 @@
+BASE_URL=/web
diff --git a/templates/webui/Dockerfile b/templates/webui/Dockerfile
new file mode 100644
index 0000000..3172ca4
--- /dev/null
+++ b/templates/webui/Dockerfile
@@ -0,0 +1,18 @@
+# build stage
+FROM node:lts-alpine as build-stage
+
+RUN apk add --no-cache git
+WORKDIR /app
+ADD https://github.com/alerta/alerta-webui/archive/master.tar.gz /tmp/webui.tar.gz
+RUN tar zxvf /tmp/webui.tar.gz -C /app --strip-components=1
+RUN npm install
+COPY .env .
+RUN npm run build
+
+# production stage
+FROM nginx:stable-alpine as production-stage
+COPY --from=build-stage /app/dist /app
+COPY config.json /app/config.json
+COPY nginx.conf /etc/nginx/nginx.conf
+EXPOSE 80
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/templates/config.json b/templates/webui/config.json
similarity index 100%
rename from templates/config.json
rename to templates/webui/config.json
diff --git a/templates/webui/nginx.conf b/templates/webui/nginx.conf
new file mode 100644
index 0000000..6f61d6c
--- /dev/null
+++ b/templates/webui/nginx.conf
@@ -0,0 +1,30 @@
+user nginx;
+worker_processes 1;
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+events {
+ worker_connections 1024;
+}
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+ access_log /var/log/nginx/access.log main;
+ sendfile on;
+ keepalive_timeout 65;
+ server {
+ listen 80;
+ server_name localhost;
+ location / {
+ root /app;
+ index index.html;
+ try_files $uri $uri/ /index.html;
+ }
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+ }
+}
--
GitLab