adding customtimeout plugin and mongod and nginx

roles/alerta/README.md

@@ -1,8 +1,11 @@
 # Alerta
 
-This role will install alerta ( http://alerta.io/ ) along with the prometheus alerta plugin.
+This role will install alerta ( http://alerta.io/ ) along with the prometheus alerta plugin and a custom plugin called customtimeout written by https://github.com/twcollins
+- The customtimeout plugin expires stale alerts from alerta. The default expiry period is 21600 seconds i.e. 6 hours. This can be changed through /etc/alertad.conf CUSTOM_TIMEOUT = 21600
 
-The alerta monitoring system is a tool used to consolidate and de-duplicate alerts from multiple sources for quick ‘at-a-glance’ visualization. Alerta can be used as a part of monitoring stack to provide a dashboards for all the alerts that get generated from monitoring. Alerta can be integrated with Prometheus-Alertmanager, alerts that are acknowledged in alerta get silenced in the alertmanager.
+The alerta monitoring system is a tool used to consolidate and de-duplicate alerts from multiple sources for quick ‘at-a-glance’ visualization. Alerta can be used as a part of monitoring stack to provide a dashboards for all the alerts that get generated from monitoring.
+
+Alerta can be integrated with Prometheus-Alertmanager, alerts that are acknowledged in alerta get silenced in the alertmanager.
 
 - Supported OS
   - Centos/Redhat 7
@@ -22,11 +25,10 @@ Example Playbook
 `ansible-playbook alerta.yml -i /path/to/my/inventory`
 
 ## Dependencies
-This role assumes that nginx and mongodb is already installed on the server
 
 
 ## Deploying and Running Alerta
-After deploying alerta using the ansible role, the following changes have to be made -
+After deploying alerta using this ansible role, the following changes have to be made -
 
 Modify the alerta configuration ( /etc/alertad.conf ) to specify the alertmanager_api_url i.e. replace localhost with the ip/hostname of the actual server where you are running alertmanager.
 

roles/alerta/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+alerta_plugins:
+  - customtimeout-0.0.2
+
+prometheus_ip: "127.0.0.1"
+
+nginx_version: "1.10.2-1"

roles/alerta/handlers/main.yml

@@ -1,4 +1,12 @@
 ---
-
 - name: restart nginx
-  service: name=nginx state=restarted
+  service: name=nginx state=restarted enabled=yes
+
+- name: restart uwsgi
+  service: name=uwsgi state=restarted enabled=yes
+
+- name: restart mongod
+  service:
+    name: mongod
+    enabled: yes
+    state: restarted

roles/alerta/tasks/main.yml

@@ -1,10 +1,14 @@
+- include: nginx.yml
+- include: mongodb.yml
+
 - name: Alerta | install dependencies
   yum: name={{ item }} state=installed
   with_items:
     - python-devel
     - gcc
     - python-pip
     - wget
+    - git
 
 - name: Alerta | upgrade pip
   command: "pip install --upgrade pip"
@@ -47,6 +51,11 @@
 - name: Alerta | Configure uwsgi.ini
   template: src=uwsgi.ini.j2 dest=/etc/uwsgi.ini
 
+- name: Alerta | Generate alerta_secretkey
+  shell: cat /dev/urandom | tr -dc A-Za-z0-9_\!\@\#\$\%\^\&\*\(\)-+= | head -c 32 && echo
+  register: alerta_secretkey
+  changed_when: false
+
 - name: Alerta | Configure alertad.conf
   template: src=alertad.conf.j2 dest=/etc/alertad.conf
 
@@ -59,6 +68,28 @@
 - name: Alerta | install prometheus plugins
   shell: "pip install git+https://github.com/alerta/alerta-contrib.git#subdirectory=plugins/prometheus"
 
+- name: Alerta | Copy plugin
+  copy:
+    src: "{{ item }}.zip"
+    dest: /opt/{{ item }}.zip
+  with_items:
+    - "{{ alerta_plugins }}"
+
+- name: Alerta | unzip plugins
+  unarchive:
+    src: /opt/{{ item }}.zip
+    dest: /opt/
+    remote_src: yes
+  with_items:
+    - "{{ alerta_plugins }}"
+
+- name: Alerta | install plugins
+  shell: "python setup.py install"
+  args:
+    chdir: /opt/{{ item }}
+  with_items:
+    - "{{ alerta_plugins }}"
+
 - name: Alerta | Enable uwsgi service
   service: name=uwsgi state=started enabled=yes
 

roles/alerta/tasks/mongodb.yml

@@ -0,0 +1,27 @@
+---
+- name: mongodb | Install pymongo and mongodb
+  yum:
+    name: "{{ item }}"
+    state: present
+  notify: restart mongod
+  with_items:
+    - pymongo
+    - "https://repo.mongodb.org/yum/redhat/7Server/mongodb-org/3.4/x86_64/RPMS/mongodb-org-3.4.4-1.el7.x86_64.rpm"
+    - "https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/RPMS/mongodb-org-mongos-3.4.4-1.el7.x86_64.rpm"
+    - "https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/RPMS/mongodb-org-server-3.4.4-1.el7.x86_64.rpm"
+    - "https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/RPMS/mongodb-org-shell-3.4.4-1.el7.x86_64.rpm"
+    - "https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/RPMS/mongodb-org-tools-3.4.4-1.el7.x86_64.rpm"
+
+- name: mongodb | Create DB directory
+  file: path=/data/mongodb state=directory owner=mongod group=mongod
+
+- name: mongodb | Configure mongodb
+  template: src=mongodb.conf.j2 dest=/etc/mongod.conf owner=mongod group=mongod backup=yes mode=0644
+  notify: restart mongod
+
+- name: start mongod
+  service:
+    name: mongod
+    enabled: yes
+    state: started
+

roles/alerta/tasks/nginx.yml

@@ -0,0 +1,18 @@
+---
+- name: nginx | Install nginx
+  yum:
+    name:
+      - libselinux-python
+      - nginx-{{ nginx_version }}.el7.x86_64
+    state: present
+
+- name: nginx | Configure nginx.conf
+  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
+  notify: restart nginx
+
+- name: nginx | start nginx
+  service:
+    name: nginx
+    enabled: yes
+    state: started
+

roles/alerta/templates/alertacron

@@ -0,0 +1 @@
+* * * * * root /usr/bin/mongo --quiet monitoring /usr/local/bin/housekeepingAlerts.js

roles/alerta/templates/alertad.conf.j2

@@ -9,8 +9,16 @@ SEVERITY_MAP = {
 
 BASE_URL = '/api'
 
-PLUGINS=['prometheus']
-ALERTMANAGER_API_URL = 'http://localhost:9093'
+PLUGINS=['prometheus','customtimeout']
+CUSTOM_TIMEOUT = 21600
+#ALERTMANAGER_API_URL = 'http://{{ prometheus_ip }}:9093'
 ALERTMANAGER_SILENCE_DAYS = 1
 
 LOG_FILE = '/var/log/alerta/alerta.log'
+
+#AUTH_REQUIRED = True
+#ADMIN_USERS = ['myemail@domain']
+#ALLOWED_EMAIL_DOMAINS = ['mydomain']
+
+SECRET_KEY = '{{ alerta_secretkey.stdout }}'
+

roles/alerta/templates/housekeepingAlerts.js.j2

@@ -0,0 +1,25 @@
+// housekeepingAlerts.js
+
+now = new Date();
+
+// mark timed out alerts as EXPIRED and update alert history
+db.alerts.aggregate([
+    { $project: { event: 1, status: 1, lastReceiveId: 1, timeout: 1, expireTime: { $add: [ "$lastReceiveTime", { $multiply: [ "$timeout", 1000 ]} ]} } },
+    { $match: { status: { $ne: 'expired' }, expireTime: { $lt: now }, timeout: { $ne: 0 }}}
+]).forEach( function(alert) {
+    db.alerts.update(
+        { _id: alert._id },
+        {
+            $set: { status: 'expired' },
+            $push: {
+                history: {
+                    event: alert.event,
+                    status: 'expired',
+                    text: "alert timeout status change",
+                    id: alert.lastReceiveId,
+                    updateTime: now
+                }
+            }
+        }, false, true);
+})
+

roles/alerta/templates/mongodb.conf.j2

@@ -0,0 +1,12 @@
+auth=False
+logpath={{mongodb_conf_logpath | default("/var/log/mongodb/mongodb.log")}}
+logappend={{mongodb_conf_logappend | default("true") }}
+fork={{mongodb_conf_fork | default("true") }}
+dbpath=/data/mongodb
+pidfilepath={{mongodb_conf_pidpath | default("/var/run/mongodb/mongod.pid")}}
+bind_ip={{mongodb_conf_bind_ip | default("127.0.0.1") }}
+nojournal={{mongodb_conf_nojournal | default("false")}}
+port={{mongodb_conf_port | default(27017)}}
+rest={{mongodb_conf_rest | default("false") }}
+smallfiles={{mongodb_conf_smallfiles | default("false")}}
+

roles/alerta/templates/nginx.conf.j2

@@ -0,0 +1,32 @@
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+}
+

roles/alerta/templates/nginx_alerta.conf.j2

@@ -1,6 +1,24 @@
 server {
-        listen 8080;
-        listen [::]:8080;
+    listen 80;
+#     return 301 https://$host$request_uri;
+# }
+#
+#
+# server {
+#         listen 443;
+#         listen [::]:443;
+#         server_name alerta.{{ inventory_hostname }};
+#
+# ssl_certificate           /etc/nginx/wildcard.crt;
+# ssl_certificate_key       /etc/nginx/wildcard.key;
+#
+# ssl on;
+# ssl_session_cache  builtin:1000  shared:SSL:10m;
+# ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
+# ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
+# ssl_prefer_server_ciphers on;
+#
+# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 
         location /api { try_files $uri @api; }
         location @api {
@@ -15,3 +33,4 @@ server {
                 root /var/www/html;
         }
 }
+