Open mancharagopan opened 5 years ago
@mancharagopan you can explore bitsensor/elastalert
. They have wrapped elastalert in an API server and built a docker image too.
I tried and i need some help. Nobody responding to issues there. that's why i asked help here. Here may be some one used it.
I guess, shouldn't be much of a problem in making a Dockerfile for vanilla ElastAlert too, I could add a PR. @Qmando ?
hey @mancharagopan , just in case it help you. This is what i did.
Dockerfile:
FROM python:2
MAINTAINER "Luis Cañas-Díaz <lcanas@bitergia.com>"
RUN pip install elastalert
RUN apt-get install git
COPY entrypoint /
CMD ["/entrypoint"]
entrypoint:
#!/bin/bash
function error_exit
{
echo "${1:-'Unknown Error'}" 1>&2
exit 1
}
function wait_for_es
{
echo "Waiting for Elasticsearch to startup (max 5min)"
WAIT=0
while [ $WAIT -lt 300 ]; do
curl ${ELASTICSEARCH_URL}/_cluster/health 2>/dev/null && break
sleep 1
(( WAIT++ ))
done
}
mkdir /repos/
if [ "$REPO_RULES" != "" ]; then
rm -rf /repos/rules
git clone $REPO_RULES /repos/rules/
else
error_exit "Missing environment variable REPO_RULES"
fi
if [ "$ELASTICSEARCH_URL" == "" ]; then
ELASTICSEARCH_URL="http://elasticsearch:9200"
fi
wait_for_es
cd /repos/rules
elastalert-create-index
python -m elastalert.elastalert --verbose --start 2018-11-01
The entrypoint uses some variables:
@sanacl Does your repo include a config.yaml?
I ask because I used your dockerfile and entrypoint as a reference, ran this and got an error in the container:
Waiting for Elasticsearch to startup (max 5min)
Traceback (most recent call last):
File "/usr/local/bin/elastalert-create-index", line 10, in <module>
sys.exit(main())
File "/usr/local/lib/python2.7/site-packages/elastalert/create_index.py", line 84, in main
host = args.host if args.host else raw_input('Enter Elasticsearch host: ')
EOFError: EOF when reading a line
Traceback (most recent call last):
File "/usr/local/lib/python2.7/runpy.py", line 174, in _run_module_as_main
"__main__", fname, loader, pkg_name)
File "/usr/local/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/usr/local/lib/python2.7/site-packages/elastalert/elastalert.py", line 1923, in <module>
sys.exit(main(sys.argv[1:]))
File "/usr/local/lib/python2.7/site-packages/elastalert/elastalert.py", line 1917, in main
client = ElastAlerter(args)
File "/usr/local/lib/python2.7/site-packages/elastalert/elastalert.py", line 108, in __init__
self.conf = load_rules(self.args)
File "/usr/local/lib/python2.7/site-packages/elastalert/config.py", line 456, in load_rules
conf = yaml_loader(filename)
File "/usr/local/lib/python2.7/site-packages/staticconf/loader.py", line 167, in yaml_loader
with open(filename) as fh:
IOError: [Errno 2] No such file or directory: 'config.yaml'
{"cluster_name":"kubernetes-logging","status":"green","timed_out":false,"number_of_nodes":2,"number_of_data_nodes":2,"active_primary_shards":31,"active_shards":62,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}Enter Elasticsearch host:
@sanacl Additional question is where do you setup the smtp server settings?
It doesn't look like this setup handles the config.yaml. You would have to add it yourself to the image or bind mount it to the container.
You can put the SMTP config in the rules or in the config.yaml file.
Can anyone help me with the elastalert docker installation?