[tor-commits] [metrics-cloud/master] monitor: Use SNS notification commands
irl at torproject.org
irl at torproject.org
Thu Oct 3 10:34:14 UTC 2019
commit 40fa1252483872813eed715ce3d68989a2fabc42
Author: Iain R. Learmonth <irl at fsfe.org>
Date: Thu Oct 3 11:32:54 2019 +0100
monitor: Use SNS notification commands
---
ansible/roles/metrics-monitor/files/sns.cfg | 19 +++++++++++++++++++
cloudformation/metrics-monitor.yml | 16 +++++++++++++++-
2 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/ansible/roles/metrics-monitor/files/sns.cfg b/ansible/roles/metrics-monitor/files/sns.cfg
new file mode 100644
index 0000000..1037ffe
--- /dev/null
+++ b/ansible/roles/metrics-monitor/files/sns.cfg
@@ -0,0 +1,19 @@
+define contact {
+ use generic-contact
+ contact_name metrics-team
+ service_notification_commands notify-service-by-sns
+ host_notification_commands notify-host-by-sns
+}
+
+# 'notify-host-by-sns' command definition
+define command{
+ command_name notify-host-by-sns
+ command_line aws --region "us-east-1" sns publish --topic-arn `aws --region "us-east-1" cloudformation describe-stack-resources --stack-name metrics-monitor-hack | jq -r '.StackResources[] | select(.ResourceType == "AWS::SNS::Topic") | .PhysicalResourceId'` --subject "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" --message "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n"
+ }
+
+# 'notify-service-by-sns' command definition
+define command{
+ command_name notify-service-by-sns
+ command_line
+ command_line aws --region "us-east-1" sns publish --topic-arn `aws --region "us-east-1" cloudformation describe-stack-resources --stack-name metrics-monitor-hack | jq -r '.StackResources[] | select(.ResourceType == "AWS::SNS::Topic") | .PhysicalResourceId'` --subject "$NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$" --message "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n"
+ }
diff --git a/cloudformation/metrics-monitor.yml b/cloudformation/metrics-monitor.yml
index 39c9896..5ee6282 100644
--- a/cloudformation/metrics-monitor.yml
+++ b/cloudformation/metrics-monitor.yml
@@ -1,5 +1,5 @@
---
-# CloudFormation Stack for Tor Metrics Operational Monitoring
+# CloudFormation Stack for Hacky Tor Metrics Operational Monitoring
# This stack will only deploy on us-east-1 and will deploy in the metrics VPC
# aws cloudformation deploy --region us-east-1 --stack-name metrics-monitor --template-file metrics-monitor.yml --capabilities CAPABILITY_IAM
AWSTemplateFormatVersion: 2010-09-09
@@ -17,6 +17,8 @@ Resources:
SecurityGroupIds:
- Fn::ImportValue: !Sub 'MetricsInternetSecurityGroup'
- Fn::ImportValue: !Sub 'MetricsPingableSecurityGroup'
+ - Fn::ImportValue: !Sub 'MetricsHTTPSecurityGroup'
+ - Fn::ImportValue: !Sub 'MetricsHTTPSSecurityGroup'
AlertContact:
Type: AWS::SNS::Topic
Properties:
@@ -55,3 +57,15 @@ Resources:
Version: '2012-10-17'
Roles:
- !Ref AlerterRole
+ AlerterQueryPolicy:
+ Type: AWS::IAM::Policy
+ Properties:
+ PolicyName: AlertQueryPolicy
+ PolicyDocument:
+ Statement:
+ - Action: cloudformation:DescribeStackResources
+ Effect: Allow
+ Resource: !Ref AWS::StackId
+ Version: '2012-10-17'
+ Roles:
+ - !Ref AlerterRole
More information about the tor-commits
mailing list