Update for issuing LVAlerts and managing credentials

Containerized versions of the service will now get their LVAlert credentials from the environment. Also add a script for processing environment variables and starting LVAlert overseer.

Update for issuing LVAlerts and managing credentials
b2331e04 · Tanner Prestegard · GraceDB · 78adb0c3 · b2331e04 · b2331e04
Commit b2331e04 authored 6 years ago by Tanner Prestegard Committed by GraceDB 6 years ago
--- a/Dockerfile
+++ b/Dockerfile
@@ -76,6 +76,10 @@ RUN DJANGO_SETTINGS_MODULE=${SETTINGS_MODULE} \
    DJANGO_DB_PASSWORD=fake_password \
    DJANGO_SECRET_KEY=fake_key \
    DJANGO_PRIMARY_FQDN=fake_fqdn \
+    LVALERT_USER=fake_user \
+    LVALERT_PASSWORD=fake_password \
+    LVALERT_SERVER=fake_server \
+    LVALERT_OVERSEER_PORT=2 \
    python manage.py collectstatic --noinput
 RUN rm -rf /app/logs/* /app/project_data/*

--- a/config/settings/base.py
+++ b/config/settings/base.py
@@ -86,13 +86,16 @@ SEND_PHONE_ALERTS = False
 SEND_EMAIL_ALERTS = False
 # Use LVAlert Overseer?
 USE_LVALERT_OVERSEER = True
-# LVAlert servers
-ALERT_XMPP_SERVERS = ["lvalert-test.cgca.uwm.edu"]
 # For each LVAlert server, a separate instance of LVAlert Overseer
 # must be running and listening on a distinct port.
-LVALERT_OVERSEER_PORTS = {
+#   lvalert_server: LVAlert server which overseer sends messages to
-    "lvalert-test.cgca.uwm.edu": 8001,
+#   listen_port: port which that instance of overseer is listening on
-}
+LVALERT_OVERSEER_INSTANCES = [
+    {
+        "lvalert_server": "lvalert-test.cgca.uwm.edu",
+        "listen_port": 8001,
+    },
+]
 # Access and authorization ----------------------------------------------------
 # Some proper names related to authorization

--- a/config/settings/container/base.py
+++ b/config/settings/container/base.py
@@ -26,6 +26,27 @@ SERVER_FQDN = os.environ.get('DJANGO_PRIMARY_FQDN', None)
 if SERVER_FQDN is None:
    raise ImproperlyConfigured('Could not get FQDN from envvars.')
+# Get LVAlert server
+lvalert_server = os.environ.get('LVALERT_SERVER', None)
+if lvalert_server is None:
+    raise ImproperlyConfigured('Could not get LVAlert server from envvars.')
+# Get LVAlert Overseer listen port
+lvalert_overseer_port = os.environ.get('LVALERT_OVERSEER_PORT', None)
+if lvalert_overseer_port is None:
+    raise ImproperlyConfigured('Could not get LVAlert overseer port '
+        'from envvars.')
+# Get LVAlert username
+lvalert_user = os.environ.get('LVALERT_USER', None)
+if lvalert_user is None:
+    raise ImproperlyConfigured('Could not get LVAlert username from envvars.')
+# Get LVAlert password
+lvalert_password = os.environ.get('LVALERT_PASSWORD', None)
+if lvalert_password is None:
+    raise ImproperlyConfigured('Could not get LVAlert password from envvars.')
 # Get Twilio account information from environment
 # FIXME
 TWILIO_ACCOUNT_SID = os.environ.get('DJANGO_TWILIO_ACCOUNT_SID', 'abcd')
@@ -49,6 +70,16 @@ DATABASES = {
 # Main server "hostname" - a little hacky but OK
 SERVER_HOSTNAME = SERVER_FQDN.split('.')[0]
+# LVAlert Overseer settings - get from environment
+LVALERT_OVERSEER_INSTANCES = [
+    {
+        "lvalert_server": lvalert_server,
+        "listen_port": int(lvalert_overseer_port),
+        "username": lvalert_user,
+        "password": lvalert_password,
+    },
+]
 # Use full client certificate to authenticate
 REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = (
    'api.backends.GraceDbAuthenticatedAuthentication',

--- a/config/settings/container/production.py
+++ b/config/settings/container/production.py
@@ -3,12 +3,6 @@ from .base import *
 DEBUG = False
-# LVAlert Overseer settings
-ALERT_XMPP_SERVERS = ["lvalert.cgca.uwm.edu"]
-LVALERT_OVERSEER_PORTS = {
-    "lvalert.cgca.uwm.edu": 8000,
-}
 # Turn on alerts
 SEND_XMPP_ALERTS = True
 SEND_PHONE_ALERTS = True

--- a/config/settings/vm/production.py
+++ b/config/settings/vm/production.py
@@ -4,10 +4,12 @@
 from .base import *
 # LVAlert Overseer settings
-ALERT_XMPP_SERVERS = ["lvalert.cgca.uwm.edu"]
+LVALERT_OVERSEER_INSTANCES = [
-LVALERT_OVERSEER_PORTS = {
+    {
-    "lvalert.cgca.uwm.edu": 8000,
+        "lvalert_server": "lvalert.cgca.uwm.edu",
-}
+        "listen_port": 8000,
+    },
+]
 # Turn on alerts
 SEND_XMPP_ALERTS = True

--- a/gracedb/alerts/lvalert.py
+++ b/gracedb/alerts/lvalert.py
@@ -33,10 +33,20 @@ def send_with_lvalert_overseer(node_name, message, manager, port):
    return True if rdict.get('success', None) is not None else False
-def send_with_lvalert_client(node, message, server):
+def send_with_lvalert_client(node, message, server, username=None,
+    password=None, **kwargs):
+    # Set up for initializing LVAlertClient instance
+    client_settings = {
+        'server': server
+    }
+    if username is not None:
+        client_settings['username'] = username
+    if password is not None:
+        client_settings['password'] = password
    # Instantiate client
-    client = LVAlertClient(server=server)
+    client = LVAlertClient(**client_settings)
    # Client setup
    client.connect(reattempt=False)
@@ -46,6 +56,9 @@ def send_with_lvalert_client(node, message, server):
    # Send message
    client.publish(node, message)
+    # Disconnect
+    client.disconnect()
 # OLD
 def send_with_lvalert_send(node, message, server):

--- a/gracedb/alerts/xmpp.py
+++ b/gracedb/alerts/xmpp.py
@@ -102,8 +102,9 @@ def issue_xmpp_alerts(event_or_superevent, alert_type, serialized_object,
        manager = Manager()
    # Loop over LVAlert servers and nodes, issuing the alert to each
-    for server in settings.ALERT_XMPP_SERVERS:
+    for overseer_instance in settings.LVALERT_OVERSEER_INSTANCES:
-        port = settings.LVALERT_OVERSEER_PORTS[server]
+        server = overseer_instance.get('lvalert_server')
+        port = overseer_instance.get('listen_port')
        for node_name in node_names:
            # Calculate unique message_id and log
@@ -132,7 +133,10 @@ def issue_xmpp_alerts(event_or_superevent, alert_type, serialized_object,
            # use basic lvalert-client send
            if (not settings.USE_LVALERT_OVERSEER) or (not success):
                try:
-                    send_with_lvalert_client(node_name, msg, server)
+                    lvalert_settings_dict = overseer_instance.copy()
+                    server = lvalert_settings_dict.pop('lvalert_server')
+                    send_with_lvalert_client(node_name, msg, server,
+                        **lvalert_settings_dict)
                except Exception as e:
                    logger.critical(("issue_xmpp_alerts: error sending "
                        "message with lvalert client: {e}").format(e=e))

--- a/scripts/start_lvalert_overseer.sh
+++ b/scripts/start_lvalert_overseer.sh
+#! /usr/bin/env bash
+set -e
+# Ensure required environment variables are present
+if [[ -z "${LVALERT_USER}" ]]; then
+    echo "The environment variable \$LVALERT_USER must be set."
+    exit 1
+fi
+if [[ -z "${LVALERT_PASSWORD}" ]]; then
+    echo "The environment variable \$LVALERT_PASSWORD must be set."
+    exit 1
+fi
+if [[ -z "${LVALERT_SERVER}" ]]; then
+    echo "The environment variable \$LVALERT_SERVER must be set."
+    exit 1
+fi
+if [[ -z "${LVALERT_OVERSEER_PORT}" ]]; then
+    echo "The environment variable \$LVALERT_OVERSEER_PORT must be set."
+    exit 1
+fi
+# Get directory for logs
+LOG_DIR=$(dirname $(readlink -f "$0"))/../../logs
+# Run LVAlert Overseer
+lvalert_overseer --username="${LVALERT_USER}" \
+    --password="${LVALERT_PASSWORD}" \
+    --server="${LVALERT_SERVER}" \
+    --port="${LVALERT_OVERSEER_PORT}" \
+    --audit-filename="${LOG_DIR}/overseer_audit.log" \
+    --error-filename="${LOG_DIR}/overseer_error.log"
+#Send script to Tom with info about overseer stuff
+#fix lvalert failover to use - do we need .netrc file still? or can use env vars?
+#is the way in which the failover gets the credentials going to be any different from the way that the overseer script will?