Add Alerta feature to osh-infra

Change-Id: Id8dc3f86b8d6754df4ba3c0c720a78731e3f54d5
This commit is contained in:
Xiaoguang(William) Zhang 2020-08-11 16:50:48 -04:00
parent 486ad9a25f
commit 83a55fd19e
21 changed files with 658 additions and 3 deletions

24
alerta/Chart.yaml Normal file
View File

@ -0,0 +1,24 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: v1
description: OpenStack-Helm Alerta for Alertmanager.
name: alerta
version: 0.1.0
home: https://github.com/alerta/alerta
sources:
- https://github.com/alerta/alerta
- https://opendev.org/openstack/openstack-helm-infra
maintainers:
- name: OpenStack-Helm Authors
...

18
alerta/requirements.yaml Normal file
View File

@ -0,0 +1,18 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
dependencies:
- name: helm-toolkit
repository: http://localhost:8879/charts
version: 0.1.0
...

View File

@ -0,0 +1,65 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -x
ALERTA_DB_NAME={{ .Values.conf.alerta.alertadb }}
function create_db() {
export PGPASSWORD=${ADMIN_PASSWORD}
if `psql -h ${DB_FQDN} -p ${DB_PORT} -U ${DB_ADMIN_USER} -lqt | cut -d \| -f 1 | grep -qw ${ALERTA_DB_NAME}`; then
echo "Database ${ALERTA_DB_NAME} is already exist."
else
echo "Database ${ALERTA_DB_NAME} not exist, create it."
psql_cmd "postgres" ${DB_ADMIN_USER} ${ADMIN_PASSWORD} "CREATE DATABASE ${ALERTA_DB_NAME};"
echo "Database ${ALERTA_DB_NAME} is created."
fi
}
function psql_cmd {
DATABASE=$1
DB_USER=$2
export PGPASSWORD=$3
DB_COMMAND=$4
EXIT_ON_FAIL=${5:-1}
psql \
-h $DB_FQDN \
-p $DB_PORT \
-U $DB_USER \
-d $DATABASE \
-v "ON_ERROR_STOP=1" \
--command="${DB_COMMAND}"
RC=$?
if [[ $RC -ne 0 ]]
then
echo 'FAIL!'
if [[ $EXIT_ON_FAIL -eq 1 ]]
then
exit $RC
fi
fi
return 0
}
# Create db
sleep 10
create_db
exit 0

View File

@ -0,0 +1,30 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.alerta.configmap_bin }}
{{- $envAll := . }}
{{- $configMapBinName := printf "%s-%s" $envAll.Release.Name "etcd-bin" }}
---
apiVersion: v1
{{/* Note: this is a secret because credentials must be rendered into the password script. */}}
kind: Secret
metadata:
name: alerta-bin
type: Opaque
data:
{{- if .Values.images.local_registry.active }}
image-repo-sync.sh: {{- include "helm-toolkit.scripts.image_repo_sync" . | b64enc }}
{{- end }}
create_db.sh: {{ tuple "bin/_create_db.sh.tpl" . | include "helm-toolkit.utils.template" | b64enc }}
{{- end }}

View File

@ -0,0 +1,26 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.alerta.configmap_etc }}
{{- $envAll := . }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: alerta-etc
data:
alertad.conf: |
DATABASE_URL = {{ tuple "postgresql" "internal" "admin" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" |quote}}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.alerta.alerta_webui_config "key" "config.js") | indent 2 }}
{{- end }}

View File

@ -0,0 +1,66 @@
{{/*
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
{{- if .Values.manifests.alerta.create_db }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Pod
metadata:
name: alerta-create-db
spec:
restartPolicy: Never
containers:
- name: alerta-create-db
{{ tuple $envAll "alerta_create_db" | include "helm-toolkit.snippets.image" | indent 4 }}
env:
- name: DB_FQDN
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.postgresql.admin }}
key: DATABASE_HOST
- name: DB_PORT
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.postgresql.admin }}
key: DATABASE_PORT
- name: DB_ADMIN_USER
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.postgresql.admin }}
key: POSTGRES_USER
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.postgresql.admin }}
key: POSTGRES_PASSWORD
command:
- /tmp/create_db.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: alerta-bin
mountPath: /tmp/create_db.sh
subPath: create_db.sh
readOnly: true
volumes:
- name: pod-tmp
emptyDir: {}
- name: alerta-bin
secret:
secretName: alerta-bin
defaultMode: 0555
{{- end }}

View File

@ -0,0 +1,102 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.alerta.deployment }}
{{- $envAll := . }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: alerta
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "alerta" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
podManagementPolicy: "Parallel"
replicas: {{ .Values.pod.replicas.alerta }}
selector:
matchLabels:
{{ tuple $envAll "alerta" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
labels:
{{ tuple $envAll "alerta" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ dict "envAll" $envAll "podName" "alerta" "containerNames" (list "alerta" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
{{ dict "envAll" $envAll "application" "server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
{{ tuple $envAll "alerta" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.alerta.node_selector_key }}: {{ .Values.labels.alerta.node_selector_value | quote }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.alerta.timeout | default "30" }}
containers:
- name: alerta
{{ tuple $envAll "alerta" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.alerta | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "server" "container" "alerta" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
- name: ADMIN_USERS
valueFrom:
secretKeyRef:
name: {{ printf "%s-%s" $envAll.Release.Name "admin-cert" | quote }}
key: alerta-admin-user
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ printf "%s-%s" $envAll.Release.Name "admin-cert" | quote }}
key: alerta-admin-password
- name: ADMIN_KEY
valueFrom:
secretKeyRef:
name: {{ printf "%s-%s" $envAll.Release.Name "admin-cert" | quote }}
key: alerta-admin-key
- name: ALERTA_API_KEY
valueFrom:
secretKeyRef:
name: {{ printf "%s-%s" $envAll.Release.Name "admin-cert" | quote }}
key: alerta-api-key
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 180
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 120
volumeMounts:
- name: alerta-etc
mountPath: /app/alertad.conf
subPath: alertad.conf
- name: alerta-etc
mountPath: /app/config.js
subPath: config.js
resources:
{{ toYaml .Values.pod.resources | indent 12 }}
volumes:
- name: alerta-etc
configMap:
name: alerta-etc
defaultMode: 0444
{{- end }}

View File

@ -0,0 +1,28 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.alerta.secret }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Secret
metadata:
name: alerta-admin-cert
type: Opaque
data:
alerta-admin-user: {{ .Values.conf.alerta.alertaAdminUser | b64enc }}
alerta-admin-password: {{ .Values.conf.alerta.alertaAdminPassword | b64enc }}
alerta-admin-key: {{ .Values.conf.alerta.alertaAdminPassword | b64enc }}
alerta-api-key: {{ .Values.conf.alerta.alertaAdminPassword | b64enc }}
{{- end }}

View File

@ -0,0 +1,36 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.alerta.service }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: alerta
spec:
ports:
- name: http
{{ if .Values.network.alerta.node_port.enabled }}
nodePort: {{ .Values.network.alerta.node_port.port }}
{{ end }}
port: {{ tuple "alerta" "internal" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
targetPort: http
protocol: TCP
selector:
{{ tuple $envAll "alerta" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if .Values.network.alerta.node_port.enabled }}
type: NodePort
{{ end }}
{{- end }}

196
alerta/values.yaml Normal file
View File

@ -0,0 +1,196 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for alerta.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
---
images:
tags:
alerta: docker.io/alerta/alerta-web:8.0.2
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
alerta_create_db: "docker.io/openstackhelm/patroni:latest-ubuntu_xenial"
pull_policy: IfNotPresent
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
alerta:
node_selector_key: openstack-control-plane
node_selector_value: enabled
alerta_create_db:
node_selectory_key: openstack-control-plane
node_selector_value: enabled
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- alerta-postgresql-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
alerta:
services:
- endpoint: internal
service: alerta-postgresql
alerta_create_db:
services:
- endpoint: internal
service: alerta-postgresql
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
pod:
security_context:
alerta_create_db:
pod:
runAsUser: 65534
container:
postgresql_create_db:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
weight:
default: 10
replicas:
alerta: 1
mounts:
alerta:
lifecycle:
upgrades:
deployments:
revision_history: 3
pod_replacement_strategy: RollingUpdate
rolling_update:
max_unavailable: 1
max_surge: 3
termination_grace_period:
alerta:
timeout: 30
resources:
alerta:
enabled: false
limits:
memory: "1024Mi"
cpu: "100m"
requests:
memory: "128Mi"
cpu: "100m"
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
alerta:
name: alerta
namespace: null
hosts:
default: alerta
host_fqdn_override:
default: null
path:
default: null
scheme:
default: 'http'
port:
server:
default: 8080
postgresql:
auth:
admin:
username: postgres
password: password
hosts:
default: postgresql
host_fqdn_override:
default: null
path: /alerta_db
scheme: postgresql
port:
postgresql:
default: 5432
secrets:
postgresql:
admin: postgresql-admin
storage: []
volume: []
jobs: []
network:
alerta:
node_port:
enabled: true
port: 30480
network_policy: []
manifests:
alerta:
configmap_bin: true
configmap_etc: true
deployment: true
secret: true
service: true
create_db: true
conf:
alerta:
alertaAdminUser: admin
alertaAdminPassword: changeme
alertadb: alerta_db
alerta_configs: |
# ref: http://docs.alerta.io/en/latest/configuration.html
DEBUG: false
AUTH_REQUIRED: true
alerta_webui_config: |
# ref: http://docs.alerta.io/en/latest/webui.html
'use strict';
angular.module('config', [])
.constant('config', {
'endpoint' : "/api",
'provider' : "basic"
})
.constant('colors', {});
...

View File

@ -160,6 +160,20 @@ endpoints:
port:
api:
default: 9464
alerta:
name: alerta
namespace: null
hosts:
default: alerta
host_fqdn_override:
default: null
path:
default: /api/webhooks/prometheus
scheme:
default: 'http'
port:
api:
default: 8080
dependencies:
dynamic:
@ -294,6 +308,10 @@ conf:
# This routes performs a regular expression match on alert
# labels to catch alerts that are related to a list of
# services.
- receiver: "alerta"
continue: true
- receiver: "snmp_notifier"
continue: true
- match_re:
service: ^(foo1|foo2|baz)$
receiver: team-X-mails
@ -348,6 +366,15 @@ conf:
- send_resolved: true
#url: http://snmp-engine.osh-infra.svc.cluster.local:9464/alerts
url: {{ tuple "snmpnotifier" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
- name: 'alerta'
webhook_configs:
- send_resolved: true
#url: 'http://alerta:8080/api/webhooks/prometheus'
url: {{ tuple "alerta" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
http_config:
basic_auth:
username: admin
password: changeme
- name: 'team-X-mails'
email_configs:
- to: 'team-X+alerts@example.org'

View File

@ -1 +0,0 @@
../osh-infra-monitoring/130-postgresql.sh

View File

@ -0,0 +1 @@
../common/postgresql.sh

View File

@ -0,0 +1 @@
../common/alerta.sh

View File

@ -0,0 +1,28 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make alerta
#NOTE: Deploy command
helm upgrade --install alerta ./alerta \
--namespace=osh-infra
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status alerta

View File

@ -0,0 +1 @@
../common/postgresql.sh

View File

@ -0,0 +1 @@
../common/alerta.sh

View File

@ -0,0 +1 @@
../common/postgresql.sh

View File

@ -0,0 +1 @@
../common/alerta.sh

View File

@ -81,6 +81,8 @@
- ./tools/deployment/multinode/130-fluentd.sh
- ./tools/deployment/multinode/140-kibana.sh
- ./tools/deployment/multinode/160-zookeeper.sh
- ./tools/deployment/multinode/170-postgresql.sh
- ./tools/deployment/multinode/175-alerta.sh
- ./tools/deployment/multinode/600-grafana-selenium.sh || true
- ./tools/deployment/multinode/610-nagios-selenium.sh || true
- ./tools/deployment/multinode/620-prometheus-selenium.sh || true
@ -198,7 +200,8 @@
- ./tools/deployment/osh-infra-monitoring/105-blackbox-exporter.sh
- ./tools/deployment/osh-infra-monitoring/110-grafana.sh
- ./tools/deployment/osh-infra-monitoring/120-nagios.sh
- ./tools/deployment/osh-infra-monitoring/130-postgresql.sh
- ./tools/deployment/osh-infra-monitoring/170-postgresql.sh
- ./tools/deployment/osh-infra-monitoring/175-alerta.sh
- - ./tools/deployment/osh-infra-monitoring/600-grafana-selenium.sh || true
- ./tools/deployment/osh-infra-monitoring/610-prometheus-selenium.sh || true
- ./tools/deployment/osh-infra-monitoring/620-nagios-selenium.sh || true
@ -291,7 +294,8 @@
- ./tools/deployment/apparmor/085-rabbitmq.sh
- ./tools/deployment/apparmor/095-nagios.sh
- ./tools/deployment/apparmor/120-openvswitch.sh
- ./tools/deployment/apparmor/130-postgresql.sh
- ./tools/deployment/apparmor/170-postgresql.sh
- ./tools/deployment/apparmor/175-alerta.sh
- job:
name: openstack-helm-infra-aio-logging-apparmor