feat(matrix-alertmanager): add ansible role for deployment using docker

README.md

@@ -7,6 +7,10 @@ metrics or alerting.
 
 ## Roles
 
+- [`matrix-alertmanager`](roles/matrix-alertmanager/README.md): An alert-
+  manager receiver which posts alerts to a configured matrix channel
+  using alertmanagers' webhooks.
+
 ## License
 
 [CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License

roles/matrix-alertmanager/README.md

@@ -0,0 +1,20 @@
+# `finallycoffee.observability.matrix-alertmanager` ansible role
+
+## Overview
+
+Runs [matrix-alertmanager](https://github.com/jaywink/matrix-alertmanager)
+in a docker container, and bridges alerts from alertmanager
+into a configured matrix room (per configured receiver).
+
+## Configuration
+
+### Required configuration
+
+The following variables need to be defined in order for `matrix-alertmanager` to
+be able to work:
+
+- `matrix_alertmanager_secret`: The secret configured in alertmanager for this receiver
+- `matrix_alertmanager_homeserver_url`: URL to the homeserver to log in to, including scheme and port.
+- `matrix_alertmanager_mxid`: The matrix ID in the form `@local:server.tld` to use
+- `matrix_alertmanager_access_token`: The matrix access token for `matrix_alertmanager_mxid` (Note: this is not the password)
+- `matrix_alertmanager_rooms`: A list of objects `{ name, room_id }` where `name` is the receiver name in alertmanager and `room_id` is a matrix room ID (not an alias)

roles/matrix-alertmanager/defaults/main.yml

@@ -0,0 +1,37 @@
+---
+
+matrix_alertmanager_prefix: ""
+matrix_alertmanager_user: "mxalerts"
+matrix_alertmanager_base_path: "/opt/matrix-alerts"
+matrix_alertmanager_config_file_path: "{{ matrix_alertmanager_base_path }}/env"
+
+matrix_alertmanager_listen_port: 3000
+matrix_alertmanager_secret: ~
+matrix_alertmanager_homeserver_url: ~
+matrix_alertmanager_rooms: []
+matrix_alertmanager_mxid: ~
+matrix_alertmanager_access_token: ~
+matrix_alertmanager_mention_room: false
+
+matrix_alertmanager_container_name: matrix-alerts
+matrix_alertmanager_container_image_name: "docker.io/jaywink/matrix-alertmanager"
+matrix_alertmanager_container_image_tag: latest
+matrix_alertmanager_container_image: >-2
+  {{ matrix_alertmanager_container_image_name + ':' + matrix_alertmanager_container_image_tag }}
+matrix_alertmanager_container_env: >-2
+  {{ matrix_alertmanager_container_base_env | combine(matrix_alertmanager_container_extra_env) }}
+matrix_alertmanager_container_extra_env: {}
+matrix_alertmanager_container_ports: >-2
+  {{ matrix_alertmanager_container_base_ports + matrix_alertmanager_container_extra_ports }}
+matrix_alertmanager_container_extra_ports: []
+matrix_alertmanager_container_networks: []
+matrix_alertmanager_container_purge_networks: false
+matrix_alertmanager_container_volumes: >-2
+  {{ matrix_alertmanager_container_base_volumes + matrix_alertmanager_container_extra_volumes }}
+matrix_alertmanager_container_extra_volumes: []
+matrix_alertmanager_container_labels: >-2
+  {{ matrix_alertmanager_container_base_labels | combine(matrix_alertmanager_container_extra_labels) }}
+matrix_alertmanager_container_extra_labels: {}
+matrix_alertmanager_container_capabilities: ~
+matrix_alertmanager_container_etc_hosts: ~
+matrix_alertmanager_container_restart_policy: unless-stopped

roles/matrix-alertmanager/tasks/main.yml

@@ -0,0 +1,46 @@
+---
+
+- name: Ensure user '{{ matrix_alertmanager_user }}' is created
+  user:
+    name: "{{ matrix_alertmanager_user }}"
+    state: present
+    system: yes
+  when: "matrix_alertmanager_user is string and matrix_alertmanager_user != 'root'"
+  register: matrix_alertmanager_user_info
+
+- name: Ensure base directory '{{ matrix_alertmanager_base_path }}' exists
+  file:
+    path: "{{ matrix_alertmanager_base_path }}"
+    state: directory
+    owner: "{{ matrix_alertmanager_run_user }}"
+    group: "{{ matrix_alertmanager_run_group }}"
+    mode: "0750"
+
+- name: Ensure config file '{{ matrix_alertmanager_config_file_path }}' is templated
+  template:
+    src: env.j2
+    dest: "{{ matrix_alertmanager_config_file_path }}"
+    owner: "{{ matrix_alertmanager_run_user }}"
+    group: "{{ matrix_alertmanager_run_group }}"
+    mode: "0640"
+  vars:
+    matrix_alertmanager_rooms_flattened: >-2
+      {%- for receiver in matrix_alertmanager_rooms -%}
+      {{ receiver.name }}/{{ receiver.room_id }}{{ '' if loop.last else '|' }}
+      {%- endfor %}
+
+- name: Ensure docker container '{{ matrix_alertmanager_container_name }}' is running
+  docker_container:
+    name: "{{ matrix_alertmanager_container_name }}"
+    image: "{{ matrix_alertmanager_container_image }}"
+    env: "{{ matrix_alertmanager_container_env }}"
+    user: "{{ matrix_alertmanager_run_user }}:{{ matrix_alertmanager_run_group }}"
+    ports: "{{ matrix_alertmanager_container_ports }}"
+    labels: "{{ matrix_alertmanager_container_labels }}"
+    volumes: "{{ matrix_alertmanager_container_volumes }}"
+    networks: "{{ matrix_alertmanager_container_networks | default(omit, True) }}"
+    capabilities: "{{ matrix_alertmanager_container_capabilities | default(omit, True) }}"
+    purge_networks: "{{ matrix_alertmanager_container_purge_networks | default(omit, True) }}"
+    etc_hosts: "{{ matrix_alertmanager_container_etc_hosts | default(omit, True) }}"
+    restart_policy: "{{ matrix_alertmanager_container_restart_policy }}"
+    state: started

roles/matrix-alertmanager/templates/env.j2

@@ -0,0 +1,7 @@
+APP_PORT={{ matrix_alertmanager_listen_port }}
+APP_ALERTMANAGER_SECRET={{ matrix_alertmanager_secret }}
+MATRIX_HOMESERVER_URL={{ matrix_alertmanager_homeserver_url }}
+MATRIX_ROOMS={{ matrix_alertmanager_rooms_flattened }}
+MATRIX_USER={{ matrix_alertmanager_mxid }}
+MATRIX_TOKEN={{ matrix_alertmanager_access_token }}
+MENTION_ROOM={{ '1' if matrix_alertmanager_mention_room else '0' }}

roles/matrix-alertmanager/vars/main.yml

@@ -0,0 +1,16 @@
+---
+
+matrix_alertmanager_run_user: >-2
+  {{ matrix_alertmanager_user_info.uid
+      if matrix_alertmanager_user != 'root'
+      else matrix_alertmanager_user }}
+matrix_alertmanager_run_group: >-2
+  {{ matrix_alertmanager_user_info.group
+      if matrix_alertmanager_user != 'root'
+      else matrix_alertmanager_user }}
+
+matrix_alertmanager_container_base_env: {}
+matrix_alertmanager_container_base_ports: []
+matrix_alertmanager_container_base_volumes:
+  - "{{ matrix_alertmanager_config_file_path }}:/app/.env:ro"
+matrix_alertmanager_container_base_labels: {}