From 51c30821199f8b3170fdf5f54921f20a1082ad79 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Sun, 4 Nov 2018 19:27:43 +0100 Subject: [PATCH] nixos/prometheus: require one alertmanager configuration parameter This commit adds an assertion that checks that either `configFile` or `configuration` is configured for alertmanager. The alertmanager config can not be an empty attributeset. The check executed with `amtool` fails before the service even has the chance to start. We should probably not allow a broken alertmanager configuration anyway. This also introduces a test for alertmanager configuration that piggy backs on the existing prometheus tests. --- .../monitoring/prometheus/alertmanager.nix | 54 +++++++++++-------- nixos/tests/prometheus.nix | 22 ++++++++ 2 files changed, 53 insertions(+), 23 deletions(-) diff --git a/nixos/modules/services/monitoring/prometheus/alertmanager.nix b/nixos/modules/services/monitoring/prometheus/alertmanager.nix index cec5bb8df864..43b4a41eaf33 100644 --- a/nixos/modules/services/monitoring/prometheus/alertmanager.nix +++ b/nixos/modules/services/monitoring/prometheus/alertmanager.nix @@ -57,8 +57,8 @@ in { }; configuration = mkOption { - type = types.attrs; - default = {}; + type = types.nullOr types.attrs; + default = null; description = '' Alertmanager configuration as nix attribute set. ''; @@ -136,26 +136,34 @@ in { }; }; - - config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; - - systemd.services.alertmanager = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - script = '' - ${cfg.package}/bin/alertmanager \ - ${concatStringsSep " \\\n " cmdlineArgs} - ''; - - serviceConfig = { - User = cfg.user; - Group = cfg.group; - Restart = "always"; - PrivateTmp = true; - WorkingDirectory = "/tmp"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + config = mkMerge [ + (mkIf cfg.enable { + assertions = singleton { + assertion = cfg.configuration != null || cfg.configText != null; + message = "Can not enable alertmanager without a configuration. " + + "Set either the `configuration` or `configText` attribute."; }; - }; - }; + }) + (mkIf cfg.enable { + networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.port; + + systemd.services.alertmanager = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + script = '' + ${cfg.package}/bin/alertmanager \ + ${concatStringsSep " \\\n " cmdlineArgs} + ''; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + Restart = "always"; + PrivateTmp = true; + WorkingDirectory = "/tmp"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + }; + }; + }) + ]; } diff --git a/nixos/tests/prometheus.nix b/nixos/tests/prometheus.nix index 87a6510f40fd..f1b20a33d71e 100644 --- a/nixos/tests/prometheus.nix +++ b/nixos/tests/prometheus.nix @@ -13,6 +13,25 @@ import ./make-test.nix { }]; }]; rules = [ ''testrule = count(up{job="prometheus"})'' ]; + + # a very simple version of the alertmanager configuration just to see if + # configuration checks & service startup are working + alertmanager = { + enable = true; + listenAddress = "[::1]"; + port = 9093; + configuration = { + route.receiver = "webhook"; + receivers = [ + { + name = "webhook"; + webhook_configs = [ + { url = "http://localhost"; } + ]; + } + ]; + }; + }; }; }; }; @@ -22,5 +41,8 @@ import ./make-test.nix { $one->waitForUnit("prometheus.service"); $one->waitForOpenPort(9090); $one->succeed("curl -s http://127.0.0.1:9090/metrics"); + $one->waitForUnit("alertmanager.service"); + $one->waitForOpenPort("9093"); + $one->succeed("curl -f -s http://localhost:9093/"); ''; }