Operations grimoire/Notifications center: Difference between revisions
From Nasqueron Agora
No edit summary |
|||
| Line 7: | Line 7: | ||
* [[Operations grimoire/RabbitMQ|RabbitMQ broker]] | * [[Operations grimoire/RabbitMQ|RabbitMQ broker]] | ||
== Start a new container == | == Run it == | ||
=== Start a new container === | |||
<code>run-notifications</code> | <code>run-notifications</code> | ||
== Upgrade a live container == | === Upgrade a live container === | ||
# Enter notifications container as app user : <code>docker exec -it --user=app notifications bash</code> | # Enter notifications container as app user : <code>docker exec -it --user=app notifications bash</code> | ||
# Check we're on the master branch and the history is clean | # Check we're on the master branch and the history is clean | ||
| Line 28: | Line 29: | ||
git rebase master | git rebase master | ||
</code> | </code> | ||
== Configure it == | |||
=== Add a new GitHub organization === | |||
# Generate a random string to be used as a secret token shared between GitHub and the notifications center | |||
# On Dwellers, add credentials to /data/notifications/storage/app/credentials.json | |||
# On GitHub, go to organization settings, then Webhooks, e.g. https://github.com/organizations/acme/settings/hooks | |||
# Add webhook: | |||
## URL should be https://notifications.nasqueron.org/gate/GitHub/Acme where Acme is the ucfirst name of the organization account | |||
## Your secret token go to secret field | |||
## Switch from push events to "Send me everything". | |||
## Let default settings: active, SSL verification, application/json | |||
# Run the CLI client to receive notifications (`notifications` on Ysul, require to be in the `notifications` group, editable through /etc/group) | |||
# GitHub will then fire immediately a ping, check in recent deliveries it's 200 | |||
# Fix and redeliver it if not | |||
# Check in the CLI you've got a correct reply, e.g. [16:36:13] <Eglide/orgz> « Anything added dilutes everything else. » — GitHub Webhooks ping zen aphorism. | |||
For payload delivery code returned by notifications.nasqueron.org, a 500 means probably a JSON syntax error in credentials.json, a 403 tokens don't match, note the center doesn't verify token if an empty string is left in the config (or you made a typo to the property). | |||
== Links == | == Links == | ||
| Line 34: | Line 52: | ||
{{Configuration as Code}} | {{Configuration as Code}} | ||
{{Vault secrets migration}} | |||
Revision as of 16:51, 25 July 2016
The notifications centers is an HTTP to HTTP and HTTP to AQMP gateway for our CI infrastructure.
It allows to receive events from GitHub, Docker Hub and Phabricator, and send them to a RabbitMQ broker (white-rabbit) or Phabricator.
Requirements
Run it
Start a new container
run-notifications
Upgrade a live container
- Enter notifications container as app user :
docker exec -it --user=app notifications bash - Check we're on the master branch and the history is clean
- Update code rebasing the production branch against origin/master
- If composer has been touched,
composer update(could be faster to docker pull, stop this container and start a new container) - If entered as root, fix ownership with
chown -R app:app /var/wwwroot/default - Restart PHP FPM with
sv restart php-fpm - Run
php optimizeto refresh compiled class - Restart again PHP FPM with
sv restart php-fpm
How to rebase against master?
git fetch
git checkout master
git rebase origin/master
git checkout production
git rebase master
Configure it
Add a new GitHub organization
- Generate a random string to be used as a secret token shared between GitHub and the notifications center
- On Dwellers, add credentials to /data/notifications/storage/app/credentials.json
- On GitHub, go to organization settings, then Webhooks, e.g. https://github.com/organizations/acme/settings/hooks
- Add webhook:
- URL should be https://notifications.nasqueron.org/gate/GitHub/Acme where Acme is the ucfirst name of the organization account
- Your secret token go to secret field
- Switch from push events to "Send me everything".
- Let default settings: active, SSL verification, application/json
- Run the CLI client to receive notifications (`notifications` on Ysul, require to be in the `notifications` group, editable through /etc/group)
- GitHub will then fire immediately a ping, check in recent deliveries it's 200
- Fix and redeliver it if not
- Check in the CLI you've got a correct reply, e.g. [16:36:13] <Eglide/orgz> « Anything added dilutes everything else. » — GitHub Webhooks ping zen aphorism.
For payload delivery code returned by notifications.nasqueron.org, a 500 means probably a JSON syntax error in credentials.json, a 403 tokens don't match, note the center doesn't verify token if an empty string is left in the config (or you made a typo to the property).
Links
Configuration as code.
This service should be properly defined in rOPS repository as a Salt state.
Vault secrets migration.
This service have secrets. They should be properly migrated in Vault.
