commit 40fa1252483872813eed715ce3d68989a2fabc42 Author: Iain R. Learmonth <irl@fsfe.org> Date: Thu Oct 3 11:32:54 2019 +0100 monitor: Use SNS notification commands --- ansible/roles/metrics-monitor/files/sns.cfg | 19 +++++++++++++++++++ cloudformation/metrics-monitor.yml | 16 +++++++++++++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/ansible/roles/metrics-monitor/files/sns.cfg b/ansible/roles/metrics-monitor/files/sns.cfg new file mode 100644 index 0000000..1037ffe --- /dev/null +++ b/ansible/roles/metrics-monitor/files/sns.cfg @@ -0,0 +1,19 @@ +define contact { + use generic-contact + contact_name metrics-team + service_notification_commands notify-service-by-sns + host_notification_commands notify-host-by-sns +} + +# 'notify-host-by-sns' command definition +define command{ + command_name notify-host-by-sns + command_line aws --region "us-east-1" sns publish --topic-arn `aws --region "us-east-1" cloudformation describe-stack-resources --stack-name metrics-monitor-hack | jq -r '.StackResources[] | select(.ResourceType == "AWS::SNS::Topic") | .PhysicalResourceId'` --subject "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" --message "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" + } + +# 'notify-service-by-sns' command definition +define command{ + command_name notify-service-by-sns + command_line + command_line aws --region "us-east-1" sns publish --topic-arn `aws --region "us-east-1" cloudformation describe-stack-resources --stack-name metrics-monitor-hack | jq -r '.StackResources[] | select(.ResourceType == "AWS::SNS::Topic") | .PhysicalResourceId'` --subject "$NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$" --message "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" + } diff --git a/cloudformation/metrics-monitor.yml b/cloudformation/metrics-monitor.yml index 39c9896..5ee6282 100644 --- a/cloudformation/metrics-monitor.yml +++ b/cloudformation/metrics-monitor.yml @@ -1,5 +1,5 @@ --- -# CloudFormation Stack for Tor Metrics Operational Monitoring +# CloudFormation Stack for Hacky Tor Metrics Operational Monitoring # This stack will only deploy on us-east-1 and will deploy in the metrics VPC # aws cloudformation deploy --region us-east-1 --stack-name metrics-monitor --template-file metrics-monitor.yml --capabilities CAPABILITY_IAM AWSTemplateFormatVersion: 2010-09-09 @@ -17,6 +17,8 @@ Resources: SecurityGroupIds: - Fn::ImportValue: !Sub 'MetricsInternetSecurityGroup' - Fn::ImportValue: !Sub 'MetricsPingableSecurityGroup' + - Fn::ImportValue: !Sub 'MetricsHTTPSecurityGroup' + - Fn::ImportValue: !Sub 'MetricsHTTPSSecurityGroup' AlertContact: Type: AWS::SNS::Topic Properties: @@ -55,3 +57,15 @@ Resources: Version: '2012-10-17' Roles: - !Ref AlerterRole + AlerterQueryPolicy: + Type: AWS::IAM::Policy + Properties: + PolicyName: AlertQueryPolicy + PolicyDocument: + Statement: + - Action: cloudformation:DescribeStackResources + Effect: Allow + Resource: !Ref AWS::StackId + Version: '2012-10-17' + Roles: + - !Ref AlerterRole