增加Dockerfile,在hub.docker.com构建镜像

anjia0532 · Aug 14, 2017 · d0c3e37 · d0c3e37
1 parent f76d86b
commit d0c3e37
Show file tree

Hide file tree

Showing 7 changed files with 220 additions and 92 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,45 @@
+FROM python:2.7-alpine
+
+ENV SET_CONTAINER_TIMEZONE false
+ENV ELASTALERT_VERSION v0.1.18
+ENV CONTAINER_TIMEZONE Asia/Shanghai
+ENV ELASTALERT_URL https://github.com/Yelp/elastalert/archive/${ELASTALERT_VERSION}.tar.gz
+#ENV WECHAT_PLUGIN_URL https://raw.githubusercontent.com/anjia0532/elastalert-wechat-plugin/master/wechat_qiye_alert.py
+
+ENV ELASTALERT_HOME /opt/elastalert
+ENV RULES_DIRECTORY /opt/elastalert/rules
+ENV ELASTALERT_PLUGIN_DIRECTORY /opt/elastalert/elastalert_modules
+
+ENV ELASTICSEARCH_HOST http://jhipster-elasticsearch
+ENV ELASTICSEARCH_PORT 9200
+ENV ELASTICSEARCH_USERNAME ""
+ENV ELASTICSEARCH_PASSWORD ""
+
+WORKDIR /opt/elastalert
+
+
+RUN \
+
+    echo -e "http://mirrors.ustc.edu.cn/alpine/v3.4/main\nhttp://mirrors.ustc.edu.cn/alpine/v3.4/community" > /etc/apk/repositories && \
+
+    apk update && apk upgrade && apk add bash curl tar musl-dev linux-headers g++ libffi-dev libffi openssl-dev && \
+
+    mkdir -p ${ELASTALERT_PLUGIN_DIRECTORY} && \
+    mkdir -p ${RULES_DIRECTORY} && \
+
+    curl -Lo elastalert.tar.gz ${ELASTALERT_URL} && \
+    tar -xzvf elastalert.tar.gz -C ${ELASTALERT_HOME} --strip-components 1 && \
+    rm elastalert.tar.gz && \
+
+    pip install "setuptools>=11.3" && \
+    python setup.py install
+
+COPY ./start-elastalert.sh /opt/start-elastalert.sh
+RUN chmod +x /opt/start-elastalert.sh
+
+COPY ./config.yaml /opt/elastalert/
+COPY ./rules/* ${RULES_DIRECTORY}/
+COPY ./elastalert_modules/* ${ELASTALERT_PLUGIN_DIRECTORY}/
+
+# Launch Elastalert when a container is started.
+CMD ["/opt/start-elastalert.sh"]
diff --git a/README.md b/README.md
@@ -1,113 +1,37 @@
 # elastalert-wechat-plugin
-elastalert微信企业号报警插件
 
 基于ElastAlert的微信企业号报警插件
 
-
+## 使用说明
 使用说明详见 https://anjia.ml/2017/02/16/elastalert-wechat-plugin/
 
-如果遇到运行一段时间后，报警规则莫名被禁用，则 详见 https://github.com/anjia0532/elastalert-wechat-plugin/issues/2
-
-如果报 `SSLError(SSLError("bad handshake: Error([('SSL routines', SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",),)` 参见 http://www.jianshu.com/p/cb8adfca598a
+## 常见问题
+1. 如果遇到运行一段时间后，报警规则莫名被禁用，则 详见 https://github.com/anjia0532/elastalert-wechat-plugin/issues/2
 
-如果对于安全要求不高的话，可以 修改 [wechat_qiye_alert.py#L73](https://github.com/anjia0532/elastalert-wechat-plugin/blob/master/wechat_qiye_alert.py#L73) 和 [wechat_qiye_alert.py#L126](https://github.com/anjia0532/elastalert-wechat-plugin/blob/master/wechat_qiye_alert.py#L126)加入 `verify=False` 但是 此为不校验证书，容易导致中间人攻击等问题。具体解决方案自行搜索google `python2.7 SNI`
+1. 如果报 `SSLError(SSLError("bad handshake: Error([('SSL routines', SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",),)` 参见 [简书#SSLError](http://www.jianshu.com/p/cb8adfca598a)，如果对于安全要求不高的话，可以 修改 [wechat_qiye_alert.py#L73](https://github.com/anjia0532/elastalert-wechat-plugin/blob/master/wechat_qiye_alert.py#L73) 和 [wechat_qiye_alert.py#L126](https://github.com/anjia0532/elastalert-wechat-plugin/blob/master/wechat_qiye_alert.py#L126)加入 `verify=False` 但是 此为不校验证书，容易导致中间人攻击等问题。具体解决方案自行搜索google `python2.7 SNI`
 
+## 使用Docker
 ubuntu 16.04 python 2.7.12 正常，如果条件允许，建议使用docker镜像，减少环境差异导致的各种奇葩问题
 
-Dockerfile
-
-```Dockerfile
-FROM python:2.7-alpine
-
-ENV SET_CONTAINER_TIMEZONE false
-ENV ELASTALERT_VERSION v0.1.18
-ENV CONTAINER_TIMEZONE Asia/Shanghai
-ENV ELASTALERT_URL https://github.com/Yelp/elastalert/archive/${ELASTALERT_VERSION}.tar.gz
-#ENV WECHAT_PLUGIN_URL https://raw.githubusercontent.com/anjia0532/elastalert-wechat-plugin/master/wechat_qiye_alert.py
-
-ENV ELASTALERT_HOME /opt/elastalert
-ENV RULES_DIRECTORY /opt/elastalert/rules
-ENV ELASTALERT_PLUGIN_DIRECTORY /opt/elastalert/elastalert_modules
+docker hub repo [anjia0532/elastalert-wechat-plugin](https://hub.docker.com/r/anjia0532/elastalert-wechat-plugin/)
 
-ENV ELASTICSEARCH_HOST http://jhipster-elasticsearch
-ENV ELASTICSEARCH_PORT 9200
-ENV ELASTICSEARCH_USERNAME ""
-ENV ELASTICSEARCH_PASSWORD ""
+```bash
 
-WORKDIR /opt/elastalert
+docker pull anjia0532/elastalert-wechat-plugin
 
+```
 
-RUN \
-
-    echo -e "http://mirrors.ustc.edu.cn/alpine/v3.4/main\nhttp://mirrors.ustc.edu.cn/alpine/v3.4/community" > /etc/apk/repositories && \
-
-    apk update && apk upgrade && apk add bash curl tar musl-dev linux-headers g++ libffi-dev libffi openssl-dev && \
-    mkdir -p ${ELASTALERT_PLUGIN_DIRECTORY} && \
-    mkdir -p ${RULES_DIRECTORY} && \
-    curl -Lo elastalert.tar.gz ${ELASTALERT_URL} && \
-    tar -xzvf elastalert.tar.gz -C ${ELASTALERT_HOME} --strip-components 1 && \
-    rm elastalert.tar.gz && \
-    curl -Lo ${ELASTALERT_PLUGIN_DIRECTORY}/wechat_qiye_alert.py ${WECHAT_PLUGIN_URL} && \
-    touch ${ELASTALERT_PLUGIN_DIRECTORY}/__init__.py && \
-    pip install "setuptools>=11.3" && \
-    python setup.py install
+### 环境变量说明
 
-COPY ./start-elastalert.sh /opt/start-elastalert.sh
-RUN chmod +x /opt/start-elastalert.sh
+`ELASTICSEARCH_HOST`: elasticsearch host
 
-COPY ./config.yaml /opt/elastalert/
-COPY ./rules/* ${RULES_DIRECTORY}/
-COPY ./elastalert_modules/* ${ELASTALERT_PLUGIN_DIRECTORY}/
+`ELASTICSEARCH_PORT`: elasticsearch port
 
-# Launch Elastalert when a container is started.
-CMD ["/opt/start-elastalert.sh"]
+`ELASTICSEARCH_USERNAME`: elasticsearch用户名
 
+`ELASTICSEARCH_PASSWORD`: elasticsearch密码
 
-```
+`SET_CONTAINER_TIMEZONE`: 是否要设置时区，true|false 
 
-start-elastalert.sh
-
-```shell
-#!/bin/bash
-# Based on https://github.com/krizsan/elastalert-docker
-echo "Waiting for Elasticsearch to startup"
-while true; do
-    curl ${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT} 2>/dev/null && break
-    sleep 1
-done
-echo "Starting Alerting"
-
-# Set the timezone.
-if [ "$SET_CONTAINER_TIMEZONE" = "true" ]; then
-	unlink /etc/localtime
-	ln -s /usr/share/zoneinfo/${CONTAINER_TIMEZONE} /etc/localtime && \
-	echo "Container timezone set to: $CONTAINER_TIMEZONE"
-else
-	echo "Container timezone not modified"
-fi
-
-if [[ -n "${ELASTICSEARCH_USERNAME:-}" ]]
-then
-	flags="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
-else
-	flags=""
-fi
-
-cd /opt/elastalert
-
-if ! curl -f $flags ${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT} >/dev/null 2>&1
-then
-	echo "Elasticsearch not available at ${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"
-else
-	if ! curl -f $flags ${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/elastalert_status >/dev/null 2>&1
-	then
-		echo "Creating Elastalert index in Elasticsearch..."
-	    elastalert-create-index --index elastalert_status --old-index ""
-	else
-	    echo "Elastalert index already exists in Elasticsearch."
-	fi
-fi
-
-python -m elastalert.elastalert --verbose
+`CONTAINER_TIMEZONE`: 时区，默认北京时间东八区 `Asia/Shanghai`
 
-```
diff --git a/config.yaml b/config.yaml
@@ -0,0 +1,57 @@
+# This is the folder that contains the rule yaml files
+# Any .yaml file will be loaded as a rule
+rules_folder: /opt/elastalert/rules
+
+# How often ElastAlert will query Elasticsearch
+# The unit can be anything from weeks to seconds
+run_every:
+  minutes: 1
+
+# ElastAlert will buffer results from the most recent
+# period of time, in case some log sources are not in real time
+buffer_time:
+  minutes: 15
+
+# The Elasticsearch hostname for metadata writeback
+# Note that every rule can have its own Elasticsearch host
+es_host: elasticsearch.example.com
+
+# The Elasticsearch port
+es_port: 9200
+
+# The AWS region to use. Set this when using AWS-managed elasticsearch
+#aws_region: us-east-1
+
+# The AWS profile to use. Use this if you are using an aws-cli profile.
+# See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
+# for details
+#profile: test
+
+# Optional URL prefix for Elasticsearch
+#es_url_prefix: elasticsearch
+
+# Connect with TLS to Elasticsearch
+#use_ssl: True
+
+# Verify TLS certificates
+#verify_certs: True
+
+# GET request with body is the default option for Elasticsearch.
+# If it fails for some reason, you can pass 'GET', 'POST' or 'source'.
+# See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport
+# for details
+#es_send_get_body_as: GET
+
+# Option basic-auth username and password for Elasticsearch
+#es_username: someusername
+#es_password: somepassword
+
+# The index on es_host which is used for metadata storage
+# This can be a unmapped index, but it is recommended that you run
+# elastalert-create-index to set a mapping
+writeback_index: elastalert_status
+
+# If an alert fails for some reason, ElastAlert will retry
+# sending the alert until this time period has elapsed
+alert_time_limit:
+  days: 2
diff --git a/elastalert_modules/__init__.py b/elastalert_modules/__init__.py
diff --git a/wechat_qiye_alert.py → elastalert_modules/wechat_qiye_alert.py b/wechat_qiye_alert.py → elastalert_modules/wechat_qiye_alert.py
diff --git a/rules/log_error.yaml b/rules/log_error.yaml
@@ -0,0 +1,61 @@
+name: log_error
+type: frequency
+index: logstash-*
+# link to a kibana dashboard with correct time settings
+#use_kibana4_dashboard: "http://localhost:5601/app/kibana#/dashboard/monitoring-dashboard"
+num_events: 1
+timeframe:
+    minutes: 1
+filter:
+- query:
+    query_string:
+      query: "level:ERROR"
+
+#只需要的字段 https://elastalert.readthedocs.io/en/latest/ruletypes.html#include
+include: ["instance_name","app_name","level","logger_name","message","stack_trace"]
+# (Required)
+# The alert is use when a match is found
+alert:
+#- "email"
+- "elastalert_modules.wechat_qiye_alert.WeChatAlerter"
+#增强器 https://elastalert.readthedocs.io/en/latest/recipes/adding_enhancements.html
+#match_enhancements:
+#- "elastalert_modules.my_enhancements.MyEnhancement"
+
+# email相关配置
+# (required, email specific)
+# a list of email addresses to send alerts to
+#email:
+#接收报警邮件的邮箱
+#- "[email protected]"
+#SMTP协议的邮件服务器相关配置
+#smtp.163.com是网易163邮箱的smtp服务器
+#登陆163邮箱后，找到 【设置】>【POP3/SMTP/IMAP】>开启，然后设置【客户端授权密码】
+#smtp_host: smtp.163.com
+#smtp_port: 25
+#用户认证文件，需要user和password两个属性
+#注意将${userName}替换成具体用户名
+#smtp_auth_file: /home/sn/elkstack/elastalert/smtp_auth_file.yaml
+#回复给那个邮箱
+#email_reply_to: [email protected]
+#从哪个邮箱发送
+#from_addr: [email protected]
+
+#微信企业号相关
+# (required, email specific)
+# a list of email addresses to send alerts to
+
+#后台登陆后【设置】->【权限管理】->【普通管理组】->【创建并设置通讯录和应用权限】->【CorpID，Secret】
+#设置微信企业号的appid
+corp_id: xxx
+#设置微信企业号的Secret
+secret: xxx
+#后台登陆后【应用中心】->【选择应用】->【应用id】
+#设置微信企业号应用id
+agent_id: xx
+#部门id
+#party_id: xx
+#用户微信号
+#user_id: xx
+# 标签id，多个用 | 分隔
+tag_id: xxx
diff --git a/start-elastalert.sh b/start-elastalert.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+# Based on https://github.com/krizsan/elastalert-docker
+echo "Waiting for Elasticsearch to startup"
+while true; do
+    curl ${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT} 2>/dev/null && break
+    sleep 1
+done
+echo "Starting Alerting"
+
+# Set the timezone.
+if [ "$SET_CONTAINER_TIMEZONE" = "true" ]; then
+	unlink /etc/localtime
+	ln -s /usr/share/zoneinfo/${CONTAINER_TIMEZONE} /etc/localtime && \
+	echo "Container timezone set to: $CONTAINER_TIMEZONE"
+else
+	echo "Container timezone not modified"
+fi
+
+if [[ -n "${ELASTICSEARCH_USERNAME:-}" ]]
+then
+	flags="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
+else
+	flags=""
+fi
+
+cd /opt/elastalert
+
+if ! curl -f $flags ${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT} >/dev/null 2>&1
+then
+	echo "Elasticsearch not available at ${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"
+else
+	if ! curl -f $flags ${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/elastalert_status >/dev/null 2>&1
+	then
+		echo "Creating Elastalert index in Elasticsearch..."
+	    elastalert-create-index --index elastalert_status --old-index ""
+	else
+	    echo "Elastalert index already exists in Elasticsearch."
+	fi
+fi
+
+python -m elastalert.elastalert --verbose