Installation of mailer fails about docker-alerta HOT 7 CLOSED

ADMIN_PASSWORD is an environment variable and should be set in the docker-compose.yml file.

from docker-alerta.

The mailer integration isn't a plugin which is why it won't install using the plugin install method.

If using the docker container I suggest you install it by extending the default docker container, or create your own.

There's an example here of how to use the Alerta docker image as the base image and then installing an additional package in the virtual environment -- in your case it would be the mailer integration.

Let me know if you need more info.

from docker-alerta.

Hi Nick,

Many thanks for that pointer. Alerta is installed and running but for the last few hours, I've been battling with AUTH_REQUIRED = True
I've exhausted everything I can think of to fix it (which likely means it's something obvious!).
If I set AUTH_REQUIRED = False, I can obviously access the alerta web interface, create an admin account and then log on with that admin account. Then I can create an API for use with Alert Manager.
What I'd like to do is force the AUTH_REQUIRED = True and assign admin accounts in the alertad.conf. I'm not expecting you to troubleshoot it but if you could maybe have a look over what I have and point out anything I may have missed, I'd appreciate it.
This is what I have:

docker-compose.yml (alerta section)

postgres-db:
    image: postgres
    container_name: postgres
    restart: always
    volumes:
      - postgresql_data:/var/lib/postgresql/data
    environment:
        POSTGRES_USER: postgres
        POSTGRES_PASSWORD: postgres
        POSTGRES_DB: monitoring

  alerta:
    image: alerta/alerta-web
    container_name: alerta
    restart: always
    ports:
      - "8080:8080"
    depends_on:
      - postgres-db
    volumes:
      - ./alerta/alerta.conf:/app/alerta.conf
      - ./alerta/alertad.conf:/app/alertad.conf

volumes:
  postgresql_data:

alertad.conf...

DEBUG = True
DATABASE_URL = 'postgres://postgres:postgres@postgres-db:5432/monitoring'
AUTH_REQUIRED = True
AUTH_PROVIDER = 'basic'  # basic (default), github, gitlab, google, keycloak, pingfederate, saml2
ADMIN_USERS = ['[email protected]','[email protected]']
ADMIN_PASSWORD = 'Changeme'
SIGNUP_ENABLED = False

[DEFAULT]
timezone = Europe/London
output = json

[profile Development]
endpoint = http://server1.testnet.com:8080
key = demo-key
sslverify = off
timeout = 10.0
debug = yes

[profile Production]
endpoint = http://server1.testnet.com:8080
key = demo-key
sslverify = off
timeout = 10.0
debug = yes

[alerta-mailer]
key = demo-key
mail_to = [email protected]
mail_from = [email protected]
dashboard_url = http://server1.testnet.com:8080
smtp_username =
smtp_password =
smtp_use_ssl = False
debug = True
skip_mta = False
email_type = html

I see nothing in the logs to indicate any issues. As I can change AUTH_REQUIRED = False and I'm able to create users and APIs, it suggests that the other settings are correct. I've been deleting the postgresql_data volume in between changing settings to ensure that I spin up a new DB each time I test.

Thanks for any help you can offer!

from docker-alerta.

That explains it! It's rather confusing as the variables listed under environment variables here:
https://github.com/alerta/docker-alerta/blob/master/README.md
actually work in the alertad.conf file so I didn't think to change anything.

As best practice then, should I move anything defined as an environment variable in the link above into my docker-compose file even if it works in alertad.conf? Every additional variable I can define for alerta should stay in the alertad.conf file, correct?

I'm actually writing an overly detailed step by step install guide for the guys in my dept at work on how to get alerta installed in docker. If you'd like, I'll happily upload it to the wiki for this project when I'm done with it if you think it will be of any use. Will probably need some vetting by yourself to ensure it's accurate though!

It may take a few days as I was expecting mailer to be easier than I appear to be finding it. On that, I've written the [alerta-mailer] config in the alerta.conf file, is that correct?

Thanks again for the help.

from docker-alerta.

There are environment variables that are supported by the Alerta server and then there are additional environment variables supported by the docker container itself to make it easier to deploy using docker.

This is a common pattern and you have made use of it in your Postgres configuration as well. ie. the POSTGRES_PASSWORD environment variable you use in your docker compose file is for docker configuration only. See https://hub.docker.com/_/postgres where they explain the difference between POSTGRES_PASSWORD and PGPASSWORD .

In your case, I would put anything that is only for use by Docker into the docker-compose.yml and everything else in the alertad.conf file. At present, that would only be the ADMIN_PASSWORD variable.

I haven't used mailer for a long time though your config looks fine at first glance.

A step-by-step guide would be useful for me to see how/where people get confused. Almost all docs are at https://docs.alerta.io and tutorials at https://docs.alerta.io/en/latest/tutorials.html Your input into a tutorial on Docker would be very welcome. Thanks.

from docker-alerta.

Well, as you've asked!...
https://docs.alerta.io/en/latest/customer-views.html#roles
Section: Configuration
Authentication must be enforced and customer views enabled so in alertad.conf:
AUTH_REQUIRED = True
CUSTOMER_VIEWS = True

So we need to specify AUTH_REQUIRED = True in both the docker-compose and alertad.conf? I'm guessing not but this may have been what lead me to thinking thats where it was defined.

I'm also working on LDAP integration. I feel that this section could be helped with additional examples. Currently, it states:
LDAP_URL = 'ldap://localhost:389' # replace with your LDAP server
LDAP_DOMAINS = {
'my-domain.com': 'uid=%s,ou=users,dc=my-domain,dc=com'
}

What I'm looking to do is to have an AD security group (alerta-admins) which contains the alerta console users. I'd like alerta to only allow members of this group to log in. I've baked in the python-ldap installation into my custom docker image:
RUN pip install git+https://github.com/alerta/alerta-contrib.git#subdirectory=integrations/mailer
RUN pip install python-ldap

I've configured the following in alertad.conf:
LDAP_DOMAINS_GROUP = 'alerta-admins'
LDAP_DOMAINS_BASEDN = 'OU=IT,OU=Groups,OU=Lon,OU=UK,DC=mydomain,DC=com'
LDAP_URL = 'ldap://dc1.mydomain.com:389'

I note that I can't log onto the web console without using a username in an email format. This AD account doesn't have an email address so I've assigned it one in the email field of AD (I'm assuming this is where python-ldap/alerta combo will look for it). However, I still can't log in with my test account.
I have AUTH_PROVIDER = 'basic' in my alertad.conf file.
When I try to login, it fails. Watching the logs with docker logs -f shows me nothing in terms of any errors.
There are no restrictions FW wise between my host docker machine and the DC its trying to connect to.
Sure I'm missing something obvious again but I don't see it!....

Additional info. When you install python-ldap, even if you comment out the ldap config, you can't log in with the admin creds that you define in the environment variables for docker-compose. You're presented with the message: "User not authorized. unauthorized domain"

from docker-alerta.

Going to close this issue off as I think I've added more issues to the initial one and it's made things harder to follow. I'll raise separate issues for things I believe may be bugs.

from docker-alerta.