- {% if alarm.target == "proxy" %}
- Proxy: {{ alarm.proxy.url }}
({{ alarm.proxy.origin.domain_name }}) |
- {% elif alarm.target == "origin" %}
- Origin: {{ alarm.origin.domain_name }} |
- {% elif alarm.target == "service/cloudfront" %}
- AWS CloudFront |
- {% endif %}
- {{ alarm.alarm_type }} |
+ {{ alarm.target | describe_brn }} |
+ {{ alarm.aspect }} |
{{ alarm.alarm_state.name }} |
{{ alarm.text }} |
{{ alarm.last_updated | format_datetime }} |
diff --git a/app/terraform/alarms/eotk_aws.py b/app/terraform/alarms/eotk_aws.py
new file mode 100644
index 0000000..99f69b7
--- /dev/null
+++ b/app/terraform/alarms/eotk_aws.py
@@ -0,0 +1,54 @@
+from typing import Tuple, Optional
+
+import boto3
+from sqlalchemy import func
+
+from app import app
+from app.alarms import get_or_create_alarm
+from app.extensions import db
+from app.models.base import Group
+from app.models.alarms import AlarmState
+from app.models.onions import Eotk
+from app.terraform import BaseAutomation
+
+
+def alarms_in_region(region: str, prefix: str, aspect: str) -> None:
+ cloudwatch = boto3.client('cloudwatch',
+ aws_access_key_id=app.config['AWS_ACCESS_KEY'],
+ aws_secret_access_key=app.config['AWS_SECRET_KEY'],
+ region_name=region)
+ dist_paginator = cloudwatch.get_paginator('describe_alarms')
+ page_iterator = dist_paginator.paginate(AlarmNamePrefix=prefix)
+ for page in page_iterator:
+ for cw_alarm in page['MetricAlarms']:
+ eotk_id = cw_alarm["AlarmName"][len(prefix):].split("-")
+ group: Optional[Group] = Group.query.filter(func.lower(Group.group_name) == eotk_id[1]).first()
+ if group is None:
+ print("Unable to find group for " + cw_alarm['AlarmName'])
+ continue
+ eotk = Eotk.query.filter(
+ Eotk.group_id == group.id,
+ Eotk.region == region
+ ).first()
+ if eotk is None:
+ print("Skipping unknown instance " + cw_alarm['AlarmName'])
+ continue
+ alarm = get_or_create_alarm(eotk.brn, aspect)
+ if cw_alarm['StateValue'] == "OK":
+ alarm.update_state(AlarmState.OK, "CloudWatch alarm OK")
+ elif cw_alarm['StateValue'] == "ALARM":
+ alarm.update_state(AlarmState.CRITICAL, "CloudWatch alarm ALARM")
+ else:
+ alarm.update_state(AlarmState.UNKNOWN, f"CloudWatch alarm {cw_alarm['StateValue']}")
+
+
+class AlarmEotkAwsAutomation(BaseAutomation):
+ short_name = "monitor_eotk_aws"
+ description = "Import alarms for AWS EOTK instances"
+
+ def automate(self, full: bool = False) -> Tuple[bool, str]:
+ for region in ["us-east-2", "eu-central-1"]:
+ alarms_in_region(region, "eotk-bw-out-high-", "bandwidth-out-high")
+ alarms_in_region(region, "eotk-cpu-high-", "instance-cpu")
+ db.session.commit()
+ return True, ""
diff --git a/app/terraform/alarms/proxy_azure_cdn.py b/app/terraform/alarms/proxy_azure_cdn.py
index 22e32ff..5341580 100644
--- a/app/terraform/alarms/proxy_azure_cdn.py
+++ b/app/terraform/alarms/proxy_azure_cdn.py
@@ -4,7 +4,7 @@ from azure.identity import ClientSecretCredential
from azure.mgmt.alertsmanagement import AlertsManagementClient
from app import app
-from app.alarms import get_proxy_alarm
+from app.alarms import get_or_create_alarm
from app.models.alarms import AlarmState
from app.models.mirrors import Proxy
from app.terraform import BaseAutomation
@@ -30,7 +30,7 @@ class AlarmProxyAzureCdnAutomation(BaseAutomation):
Proxy.provider == "azure_cdn",
Proxy.destroyed.is_(None)
):
- alarm = get_proxy_alarm(proxy.id, "bandwidth-out-high")
+ alarm = get_or_create_alarm(proxy.brn, "bandwidth-out-high")
if proxy.origin.group.group_name.lower() not in firing:
alarm.update_state(AlarmState.OK, "Azure monitor alert not firing")
else:
diff --git a/app/terraform/alarms/proxy_cloudfront.py b/app/terraform/alarms/proxy_cloudfront.py
index fe4e182..d9beadc 100644
--- a/app/terraform/alarms/proxy_cloudfront.py
+++ b/app/terraform/alarms/proxy_cloudfront.py
@@ -2,60 +2,62 @@ import datetime
from typing import Tuple
import boto3
+from flask import current_app
from app import app
-from app.alarms import get_proxy_alarm
+from app.alarms import get_or_create_alarm
from app.extensions import db
from app.models.mirrors import Proxy
-from app.models.alarms import AlarmState, Alarm
+from app.models.alarms import AlarmState
from app.terraform import BaseAutomation
+def _cloudfront_quota() -> None:
+ alarm = get_or_create_alarm(
+ f"brn:{current_app.config['GLOBAL_NAMESPACE']}:0:mirror:cloudfront:quota/distributions",
+ "quota-usage"
+ )
+ alarm.last_updated = datetime.datetime.utcnow()
+ deployed_count = len(Proxy.query.filter(
+ Proxy.destroyed.is_(None)).all())
+ message = f"{deployed_count} distributions deployed"
+ if deployed_count > 370:
+ alarm.update_state(AlarmState.CRITICAL, message)
+ elif deployed_count > 320:
+ alarm.update_state(AlarmState.WARNING, message)
+ else:
+ alarm.update_state(AlarmState.OK, message)
+
+
+def _proxy_alarms() -> None:
+ cloudwatch = boto3.client('cloudwatch',
+ aws_access_key_id=app.config['AWS_ACCESS_KEY'],
+ aws_secret_access_key=app.config['AWS_SECRET_KEY'],
+ region_name='us-east-2')
+ dist_paginator = cloudwatch.get_paginator('describe_alarms')
+ page_iterator = dist_paginator.paginate(AlarmNamePrefix="bandwidth-out-high-")
+ for page in page_iterator:
+ for cw_alarm in page['MetricAlarms']:
+ dist_id = cw_alarm["AlarmName"][len("bandwidth-out-high-"):]
+ proxy = Proxy.query.filter(Proxy.slug == dist_id).first()
+ if proxy is None:
+ print("Skipping unknown proxy " + dist_id)
+ continue
+ alarm = get_or_create_alarm(proxy.brn, "bandwidth-out-high")
+ if cw_alarm['StateValue'] == "OK":
+ alarm.update_state(AlarmState.OK, "CloudWatch alarm OK")
+ elif cw_alarm['StateValue'] == "ALARM":
+ alarm.update_state(AlarmState.CRITICAL, "CloudWatch alarm ALARM")
+ else:
+ alarm.update_state(AlarmState.UNKNOWN, f"CloudWatch alarm {cw_alarm['StateValue']}")
+
+
class AlarmProxyCloudfrontAutomation(BaseAutomation):
short_name = "monitor_proxy_cloudfront"
description = "Import alarms for AWS CloudFront proxies"
def automate(self, full: bool = False) -> Tuple[bool, str]:
- cloudwatch = boto3.client('cloudwatch',
- aws_access_key_id=app.config['AWS_ACCESS_KEY'],
- aws_secret_access_key=app.config['AWS_SECRET_KEY'],
- region_name='us-east-2')
- dist_paginator = cloudwatch.get_paginator('describe_alarms')
- page_iterator = dist_paginator.paginate(AlarmNamePrefix="bandwidth-out-high-")
- for page in page_iterator:
- for cw_alarm in page['MetricAlarms']:
- dist_id = cw_alarm["AlarmName"][len("bandwidth-out-high-"):]
- proxy = Proxy.query.filter(Proxy.slug == dist_id).first()
- if proxy is None:
- print("Skipping unknown proxy " + dist_id)
- continue
- alarm = get_proxy_alarm(proxy.id, "bandwidth-out-high")
- if cw_alarm['StateValue'] == "OK":
- alarm.update_state(AlarmState.OK, "CloudWatch alarm OK")
- elif cw_alarm['StateValue'] == "ALARM":
- alarm.update_state(AlarmState.CRITICAL, "CloudWatch alarm ALARM")
- else:
- alarm.update_state(AlarmState.UNKNOWN, f"CloudWatch alarm {cw_alarm['StateValue']}")
- alarm = Alarm.query.filter(
- Alarm.alarm_type == "cloudfront-quota"
- ).first()
- if alarm is None:
- alarm = Alarm() # type: ignore
- alarm.target = "service/cloudfront"
- alarm.alarm_type = "cloudfront-quota"
- alarm.state_changed = datetime.datetime.utcnow()
- db.session.add(alarm)
- alarm.last_updated = datetime.datetime.utcnow()
- deployed_count = len(Proxy.query.filter(
- Proxy.destroyed.is_(None)).all())
- old_state = alarm.alarm_state
- if deployed_count > 370:
- alarm.alarm_state = AlarmState.CRITICAL
- elif deployed_count > 320:
- alarm.alarm_state = AlarmState.WARNING
- else:
- alarm.alarm_state = AlarmState.OK
- if alarm.alarm_state != old_state:
- alarm.state_changed = datetime.datetime.utcnow()
+ _proxy_alarms()
+ _cloudfront_quota()
db.session.commit()
return True, ""
diff --git a/app/terraform/alarms/proxy_http_status.py b/app/terraform/alarms/proxy_http_status.py
index 206cb65..ebf89c3 100644
--- a/app/terraform/alarms/proxy_http_status.py
+++ b/app/terraform/alarms/proxy_http_status.py
@@ -3,26 +3,13 @@ from typing import Tuple
import requests
from requests import RequestException
+from app.alarms import get_or_create_alarm
from app.extensions import db
-from app.models.alarms import Alarm, AlarmState
+from app.models.alarms import AlarmState
from app.models.mirrors import Proxy
from app.terraform import BaseAutomation
-def set_http_alarm(proxy_id: int, state: AlarmState, text: str) -> None:
- alarm = Alarm.query.filter(
- Alarm.proxy_id == proxy_id,
- Alarm.alarm_type == "http-status"
- ).first()
- if alarm is None:
- alarm = Alarm()
- alarm.proxy_id = proxy_id
- alarm.alarm_type = "http-status"
- alarm.target = "proxy"
- db.session.add(alarm)
- alarm.update_state(state, text)
-
-
class AlarmProxyHTTPStatusAutomation(BaseAutomation):
short_name = "alarm_http_status"
description = "Check all deployed proxies for HTTP status code"
@@ -40,28 +27,26 @@ class AlarmProxyHTTPStatusAutomation(BaseAutomation):
allow_redirects=False,
timeout=5)
r.raise_for_status()
+ alarm = get_or_create_alarm(proxy.brn, "http-status")
if r.is_redirect:
- set_http_alarm(
- proxy.id,
+ alarm.update_state(
AlarmState.CRITICAL,
f"{r.status_code} {r.reason}"
)
else:
- set_http_alarm(
- proxy.id,
+ alarm.update_state(
AlarmState.OK,
f"{r.status_code} {r.reason}"
)
except requests.HTTPError:
- set_http_alarm(
- proxy.id,
+ alarm.update_state(
AlarmState.CRITICAL,
f"{r.status_code} {r.reason}"
)
except RequestException as e:
- set_http_alarm(
- proxy.id,
+ alarm.update_state(
AlarmState.CRITICAL,
repr(e)
)
+ db.session.commit()
return True, ""
diff --git a/app/terraform/block_ooni.py b/app/terraform/block_ooni.py
index 1fa20c9..c41d37e 100644
--- a/app/terraform/block_ooni.py
+++ b/app/terraform/block_ooni.py
@@ -5,8 +5,9 @@ from typing import Dict, Tuple, Any
import requests
+from app.alarms import get_or_create_alarm
from app.extensions import db
-from app.models.alarms import Alarm, AlarmState
+from app.models.alarms import AlarmState
from app.models.mirrors import Origin
from app.terraform import BaseAutomation
@@ -58,20 +59,6 @@ def threshold_origin(domain_name: str) -> Dict[str, Any]:
return ooni
-def set_ooni_alarm(origin_id: int, country: str, state: AlarmState, text: str) -> None:
- alarm = Alarm.query.filter(
- Alarm.origin_id == origin_id,
- Alarm.alarm_type == f"origin-block-ooni-{country}"
- ).first()
- if alarm is None:
- alarm = Alarm()
- alarm.origin_id = origin_id
- alarm.alarm_type = f"origin-block-ooni-{country}"
- alarm.target = "origin"
- db.session.add(alarm)
- alarm.update_state(state, text)
-
-
class BlockOONIAutomation(BaseAutomation):
short_name = "block_ooni"
description = "Import origin and/or proxy reachability results from OONI"
@@ -82,5 +69,8 @@ class BlockOONIAutomation(BaseAutomation):
for origin in origins:
ooni = threshold_origin(origin.domain_name)
for country in ooni:
- set_ooni_alarm(origin.id, country.lower(), ooni[country]["state"], ooni[country]["message"])
+ alarm = get_or_create_alarm(origin.brn,
+ f"origin-block-ooni-{country.lower()}")
+ alarm.update_state(ooni[country]["state"], ooni[country]["message"])
+ db.session.commit()
return True, ""
diff --git a/app/terraform/eotk/aws.py b/app/terraform/eotk/aws.py
index 14c005a..c4d223b 100644
--- a/app/terraform/eotk/aws.py
+++ b/app/terraform/eotk/aws.py
@@ -65,8 +65,7 @@ class EotkAWSAutomation(TerraformAutomation):
aws = aws,
aws.second_region = aws.second_region
}
- source = "sr2c/eotk/aws"
- version = "0.0.5"
+ source = "/Users/irl/PycharmProjects/bc-dashboard/terraform/terraform-aws-eotk"
namespace = "{{ global_namespace }}"
tenant = "{{ group.group_name }}"
name = "eotk"
diff --git a/migrations/versions/31aec2f86c40_new_alarm_schema.py b/migrations/versions/31aec2f86c40_new_alarm_schema.py
new file mode 100644
index 0000000..7de589c
--- /dev/null
+++ b/migrations/versions/31aec2f86c40_new_alarm_schema.py
@@ -0,0 +1,63 @@
+"""new alarm schema
+
+Revision ID: 31aec2f86c40
+Revises: 1842ba85a5c7
+Create Date: 2022-05-18 14:22:51.028405
+
+"""
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
+
+# revision identifiers, used by Alembic.
+revision = '31aec2f86c40'
+down_revision = '1842ba85a5c7'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+ # ### commands auto generated by Alembic - please adjust! ###
+ with op.batch_alter_table('alarm', schema=None) as batch_op:
+ batch_op.execute("TRUNCATE alarm")
+ batch_op.add_column(sa.Column('aspect', sa.String(length=255), nullable=False))
+ batch_op.alter_column('last_updated',
+ existing_type=postgresql.TIMESTAMP(),
+ nullable=False)
+ batch_op.alter_column('text',
+ existing_type=sa.VARCHAR(length=255),
+ nullable=False)
+ batch_op.drop_constraint('fk_alarm_group_id_group', type_='foreignkey')
+ batch_op.drop_constraint('fk_alarm_proxy_id_proxy', type_='foreignkey')
+ batch_op.drop_constraint('fk_alarm_origin_id_origin', type_='foreignkey')
+ batch_op.drop_constraint('fk_alarm_bridge_id_bridge', type_='foreignkey')
+ batch_op.drop_column('origin_id')
+ batch_op.drop_column('alarm_type')
+ batch_op.drop_column('bridge_id')
+ batch_op.drop_column('group_id')
+ batch_op.drop_column('proxy_id')
+
+ # ### end Alembic commands ###
+
+
+def downgrade():
+ # ### commands auto generated by Alembic - please adjust! ###
+ with op.batch_alter_table('alarm', schema=None) as batch_op:
+ batch_op.add_column(sa.Column('proxy_id', sa.INTEGER(), autoincrement=False, nullable=True))
+ batch_op.add_column(sa.Column('group_id', sa.INTEGER(), autoincrement=False, nullable=True))
+ batch_op.add_column(sa.Column('bridge_id', sa.INTEGER(), autoincrement=False, nullable=True))
+ batch_op.add_column(sa.Column('alarm_type', sa.VARCHAR(length=255), autoincrement=False, nullable=False))
+ batch_op.add_column(sa.Column('origin_id', sa.INTEGER(), autoincrement=False, nullable=True))
+ batch_op.create_foreign_key('fk_alarm_bridge_id_bridge', 'bridge', ['bridge_id'], ['id'])
+ batch_op.create_foreign_key('fk_alarm_origin_id_origin', 'origin', ['origin_id'], ['id'])
+ batch_op.create_foreign_key('fk_alarm_proxy_id_proxy', 'proxy', ['proxy_id'], ['id'])
+ batch_op.create_foreign_key('fk_alarm_group_id_group', 'group', ['group_id'], ['id'])
+ batch_op.alter_column('text',
+ existing_type=sa.VARCHAR(length=255),
+ nullable=True)
+ batch_op.alter_column('last_updated',
+ existing_type=postgresql.TIMESTAMP(),
+ nullable=True)
+ batch_op.drop_column('aspect')
+
+ # ### end Alembic commands ###