feat: add epsilon spar app monitor (in progress)

Author: mbystedt

workflow-cli/configuration-opensearch/alerting/spar-onprem-devops.config.json

@@ -0,0 +1,5 @@
+{
+  "type": "service",
+  "serviceId": "644c4d322e2f63acef6bb84a",
+  "environments": ["test", "production"]
+}

workflow-cli/configuration-opensearch/alerting/spar-onprem-devops.monitor.json

@@ -0,0 +1,170 @@
+{
+  "name": "nrids_app_<%= service.name %>_<%= environment %>",
+  "type": "monitor",
+  "monitor_type": "query_level_monitor",
+  "enabled": true,
+  "schedule": {
+    "period": {
+    "interval": 1,
+    "unit": "MINUTES"
+    }
+  },
+  "inputs": [
+    {
+      "search": {
+        "indices": [
+          "nrm-metrics"
+        ],
+        "query": {
+          "size": 0,
+          "aggregations": {},
+          "query": {
+            "bool": {
+              "must": [
+                {
+                  "range": {
+                    "http.response.status_code": {
+                      "gt": 499
+                    }
+                  }
+                },
+                {
+                  "term": {
+                    "service.environment": "<%= environment %>"
+                  }
+                },
+                {
+                  "range": {
+                    "@timestamp": {
+                      "gte": "now-5m"
+                    }
+                  }
+                }
+              ]
+            }
+          }
+        }
+      }
+    }
+  ],
+  "triggers": [
+    {
+      "query_level_trigger": {
+        "id": "<%= idgen('trigger', service.name, environment) %>",
+        "name": "<%= service.name %> (<%= environment %>) is responding with http errors",
+        "severity": "1",
+        "condition": {
+          "script": {
+            "source": "ctx.results[0].hits.total.value == 0",
+            "lang": "painless"
+          }
+        },
+        "actions": [
+          {
+            "id": "<%= idgen('action-teams', service.name, environment) %>",
+            "name": "Notify Teams Channel",
+            "destination_id": "appinfra-msteams",
+            "message_template": {
+              "source": "{ \"text\": \"Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue.\n  - Trigger: {{ctx.trigger.name}}\n  - Severity: {{ctx.trigger.severity}}\n  - Period start: {{ctx.periodStart}}\n  - Period end: {{ctx.periodEnd}}\" }",
+              "lang" : "mustache"
+            },
+            "throttle_enabled": true,
+            "throttle": {
+              "value": 10,
+              "unit": "MINUTES"
+            },
+            "subject_template": {
+              "source": "",
+              "lang" : "mustache"
+            }
+          },
+          {
+            "id": "<%= idgen('action-sqs', server.name, agent.index) %>",
+            "name": "Notify Automation Queue",
+            "destination_id": "automation-sqs-sns",
+            "message_template": {
+              "source": "{ \"type\": \"agent_down\", \"server\": \"<%= server.name %>\", \"agent\": \"fluent-bit.<%= agent.index %>\", \"periodStart\": \"{{ctx.periodStart}}\", \"periodEnd\": \"{{ctx.periodEnd}}\" }",
+              "lang" : "mustache"
+            },
+            "throttle_enabled": true,
+            "throttle": {
+              "value": 10,
+              "unit": "MINUTES"
+            },
+            "subject_template": {
+              "source": "Notify",
+              "lang" : "mustache"
+            }
+          },
+          {
+            "$$OMIT": "<%= !serverTag('wildfire') || !serverTag('nonproduction') ? 'true' : 'false' %>",
+            "id": "<%= idgen('action-nonprod-wf', server.name, agent.index) %>",
+            "name": "notify",
+            "destination_id": "wf-nonprod-msteams",
+            "message_template": {
+               "source": "{\"text\": \"No logs received from <%= server.name %> between {{ctx.periodStart}} and {{ctx.periodEnd}}\"}",
+               "lang": "mustache"
+            },
+            "throttle_enabled": true,
+            "subject_template": {
+               "source": "",
+               "lang": "mustache"
+            },
+            "throttle": {
+               "value": 240,
+               "unit": "MINUTES"
+            }
+         },
+         {
+            "$$OMIT": "<%= !serverTag('wildfire') || serverTag('production') ? 'true' : 'false' %>",
+            "id": "<%= idgen('action-nonprod-wf', server.name, agent.index) %>",
+            "name": "notify",
+            "destination_id": "wf-nonprod-msteams",
+            "message_template": {
+              "source": "{\"text\": \"No logs received from <%= server.name %> between {{ctx.periodStart}} and {{ctx.periodEnd}}\"}",
+              "lang": "mustache"
+            },
+            "throttle_enabled": true,
+            "subject_template": {
+              "source": "",
+              "lang": "mustache"
+            },
+            "throttle": {
+              "value": 240,
+              "unit": "MINUTES"
+            }
+          },
+          {
+            "$$OMIT": "<%= !serverTag('wildfire') || !serverTag('production') ? 'true' : 'false' %>",
+            "id": "<%= idgen('action-prod-wf', server.name, agent.index) %>",
+            "name": "notify",
+            "destination_id": "wf-prod-msteams",
+            "message_template": {
+               "source": "{\"text\": \"No logs received from <%= server.name %> between {{ctx.periodStart}} and {{ctx.periodEnd}}\"}",
+               "lang": "mustache"
+            },
+            "throttle_enabled": true,
+            "subject_template": {
+               "source": "",
+               "lang": "mustache"
+            },
+            "throttle": {
+               "value": 30,
+               "unit": "MINUTES"
+            }
+         }
+        ]
+      }
+    }
+  ],
+  "data_sources": {
+    "alerts_history_index": ".opendistro-alerting-alert-history-write",
+    "alerts_history_index_pattern": "<.opendistro-alerting-alert-history-{now/d}-1>",
+    "alerts_index": ".opendistro-alerting-alerts",
+    "findings_enabled": false,
+    "findings_index": ".opensearch-alerting-finding-history-write",
+    "findings_index_pattern": "<.opensearch-alerting-finding-history-{now/d}-1>",
+    "query_index": ".opensearch-alerting-queries",
+    "query_index_mappings_by_type": {}
+  }
+}

workflow-cli/src/broker/broker.api.ts

@@ -36,7 +36,16 @@ export class BrokerApi {
     };
   }
 
-  public async getProjectServices(): Promise<GraphServerInstallsResponseDto[]> {
+  public getServiceDetails(serviceId: string) {
+    return axios.get(
+      `v1/collection/service/${serviceId}/details`,
+      this.axiosOptions,
+    );
+  }
+
+  public async getGraphServerInstalls(): Promise<
+    GraphServerInstallsResponseDto[]
+  > {
     if (!this.serverInstallsReq) {
       this.serverInstallsReq = axios.get<GraphServerInstallsResponseDto[]>(
         'v1/graph/data/server-installs',

workflow-cli/src/services/opensearch-monitor.service.ts

@@ -12,14 +12,32 @@ import { TYPES } from '../inversify.types';
 
 const ID_MAX_LENGTH = 20;
 
-export interface MonitorConfig {
+export interface MonitorConfiguration {
   name: string;
   server: string;
   agent: string;
   query_level_trigger_id: string;
   teams_channel_action_id: string;
   automation_queue_action_id: string;
 }
+export interface AlertAgentConfiguration {
+  type: 'agent';
+}
+export interface AlertServerConfiguration {
+  type: 'server';
+}
+
+export type EnvironmentNames = 'tools' | 'development' | 'test' | 'production';
+export interface AlertServiceConfiguration {
+  type: 'service';
+  serviceId: string;
+  environments: EnvironmentNames[];
+}
+
+export type AlertConfiguration =
+  | AlertAgentConfiguration
+  | AlertServerConfiguration
+  | AlertServiceConfiguration;
 
 const ALERT_CONFIG_DIR = path.resolve(
   __dirname,
@@ -45,9 +63,23 @@ export default class OpenSearchMonitorService extends AwsService {
     }
     return 1;
   }
+
   public async sync(settings: WorkflowSettings): Promise<any> {
-    const servers = await this.brokerApi.getProjectServices();
+    const servers = await this.brokerApi.getGraphServerInstalls();
+    const environments: EnvironmentNames[] = [
+      'tools',
+      'development',
+      'test',
+      'production',
+    ];
     let monitors: any[] = [];
+    const idgen = (...args: any) => {
+      return crypto
+        .createHash('sha256')
+        .update(args.join())
+        .digest('hex')
+        .substring(0, ID_MAX_LENGTH);
+    };
 
     if (settings.dryRun) {
       console.log('Dry run: No changes will be made');
@@ -61,26 +93,39 @@ export default class OpenSearchMonitorService extends AwsService {
         path.resolve(ALERT_CONFIG_DIR, alertFile),
         { encoding: 'utf8' },
       );
-      const alertConfig = JSON.parse(alertConfigStr);
+      const alertConfig: AlertConfiguration = JSON.parse(alertConfigStr);
       const alertMonitorStr = fs.readFileSync(
         path.join(ALERT_CONFIG_DIR, `${alertFile.slice(0, -12)}.monitor.json`),
         { encoding: 'utf8' },
       );
 
+      if (alertConfig.type === 'service') {
+        const serviceData = await this.brokerApi.getServiceDetails(
+          alertConfig.serviceId,
+        );
+        for (const environment of environments) {
+          if (alertConfig.environments.indexOf(environment) === -1) {
+            continue;
+          }
+          monitors.push(
+            JSON.parse(
+              ejs.render(alertMonitorStr, {
+                service: serviceData,
+                environment,
+                idgen,
+              }),
+            ),
+          );
+        }
+      }
+
       for (const server of servers) {
         const fbInstance = this.getFluentBitInstance(server.instances);
         if (!fbInstance) {
           // skip
           continue;
         }
         const agentCount = this.getAgentCount(fbInstance);
-        const idgen = (...args: any) => {
-          return crypto
-            .createHash('sha256')
-            .update(args.join())
-            .digest('hex')
-            .substring(0, ID_MAX_LENGTH);
-        };
         const installHas = (id: string) => {
           return (
             fbInstance.edgeProp &&