Category: auto-remediation

Stackstorm using Configuration variables in python runner actions

What do you do when you don’t want a caller of the api to know the connection credentials to a service on stackstorm? But also don’t want to have to set these variables in the environment when calling the action from a rule?

You should use pack configuration

Setup your Pack Config Schema

You need to set a pack configuration schema first.


host:
    description: "ip or hostname of fortimail server"
    type: "string"
    required: true
user:
    description: "name of user logging in to fortimail"
    type: "string"
    secret: true
    required: true
password:
    description: "password of user logging in to fortimail"
    type: "string"
    required: true
    secret: true

 

Configure your Config Interactively

Instead of setting the credentials in a file (IaC) you can configure a pack interactively with:

st2 pack config cloudflare

The generated file will be created at:

/opt/stackstorm/configs/<pack>.yaml

Using Pack ConfigurationĀ  in Actions

You can use config_context to access the pack config variables:


---
name: "send_sms"
runner_type: "python-script"
description: "This sends an SMS using twilio."
enabled: true
entry_point: "send_sms.py"
parameters:
    from_number:
        type: "string"
        description: "Your twilio 'from' number in E.164 format. Example +14151234567."
        required: false
        position: 0
        default: "{{config_context.from_number}}"

Get Pack Config from a Python Runner

If you want to get a pack config value from the python runner you can use:

Within def run(self, variable1, variable2):


if self.config.get('hosts', None):
    _hosts = self.config['hosts']
else:
    raise ValueError("Need to define 'hosts' in either action or in config")

Provided you are extending from st2common.runners.base_action.Action

Introduction to Alerta: Open Source Aggregated Alerts

There are a number of platforms available these days to assist operations in terms of dealing with alerts. Namely Pagerduty, VictorOps and OpsGenie. These are unfortunately pay for tools/

These tools are known as monitoring aggregation

I was looking through the integrations of elastalert and found that there is an integration for alerta.io, so I checked the website and it seemed to check all the boxed of monitoring aggregation.

I used the docker compose way of setting it up quickly, but if you want to set it up proper then follow the alerta.io deployment guide.

Update some config:


docker exec -u root -it alerta_web_1 /bin/bash
apt update
apt install vim
# Edit the config in /app/alertad.conf
# Restart the container

Add the housekeeping cron job:


echo "* * * * * root /venv/bin/alerta housekeeping" >/etc/cron.daily/alerta

The default timeout period for an alert is 86400 seconds, or one day.

Check out the alerta plugins

What popular alerting and monitoring tools does alerta.io integrate with?

Add a simple custom action and action alias to stackstorm

In this post I will demonstrate adding a ping action to stackstorm. Then make that action available from chatops (slack) using an action alias.

The Scenario

On a team of network engineers often certain ip addresses need to be checked if they are accessible. This is done using the ping command. If an engineers would like to give visibility on the status of that ping command, she could make that ping command via her chat application. Then everyone in the same room would be able to see the result.

Create the Ping Action

Lets check what this action does, ssh into your stackstorm instance and run:


[cent@st2 packs]$ ping -c 4 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=59 time=3.15 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=59 time=2.99 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=59 time=2.69 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=59 time=2.73 ms

--- 1.1.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 2.696/2.894/3.157/0.201 ms

this is what we want to do, but instead of manually typing the command we want stackstorm to do the action.

Let us use the core.local action to run the command:


[cent@st2 packs]$ st2 run core.local -- ping -c 4 1.1.1.1
..
id: 5cdeb8bb52364c6d5cb1d90f
status: succeeded
parameters: 
  cmd: ping -c 4 1.1.1.1
result: 
  failed: false
  return_code: 0
  stderr: ''
  stdout: 'PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
    64 bytes from 1.1.1.1: icmp_seq=1 ttl=59 time=3.17 ms
    64 bytes from 1.1.1.1: icmp_seq=2 ttl=59 time=3.09 ms
    64 bytes from 1.1.1.1: icmp_seq=3 ttl=59 time=2.89 ms
    64 bytes from 1.1.1.1: icmp_seq=4 ttl=59 time=2.75 ms

    --- 1.1.1.1 ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3003ms
    rtt min/avg/max/mdev = 2.759/2.981/3.171/0.167 ms'
  succeeded: true

So now stackstorm has run the action.

Now create a custom pack folder in /opt/stackstorm/packs and create a folder within that called actions and then create a file called ping.yaml within that. That file should contain:


---
description: Action that executes the Linux ping command on the localhost.
runner_type: "local-shell-cmd"
enabled: true
entry_point: ''
name: ping
parameters:
  ip:
    description: The ip address to ping
    type: string
    required: true
  cmd:
    description: Arbitrary Linux command to be executed on the local host.
    required: true
    type: string
    default: 'ping -c4 {{ip}}'
    immutable: true
  kwarg_op:
    immutable: true
  sudo:
    default: false
    immutable: true
  sudo_password:
    immutable: true

 

We are running a local shell command, I’m not 100% on the other paramters and if they are even needed but the cmd command is and is defaulted to ping -c4 {{ ip}} where we intepolate ip.

Now we reload stackstorm to pickup the action: st2ctl reload

Then we run the action: st2 action run my_pack.ping ip=1.1.1.1

Sorted.

Create the Action Alias

Now we are going to create the alias so that the ping can be called from slack.

In /opt/stackstorm/packs/my_pack/aliases/ping.yaml add:

 


---
name: "ping"
pack: "my_pack"
action_ref: "my_pack.ping"
description: "Execute a local ping."
formats:
  - "ping {{ ip }}"

Now you need to reload stackstorm: sudo sysctl reload.
The action should now be available on slack (if you have set chatops up).

Next thing, is the alias will not show up in help if you have not restarted the chatops service, so let us do that now: sudo systemctl restart chatops

when you do !help your alias will now be there:

st2-ping-custom-alias

So let’s run it (remember you can also @botname to run the command): @mybot ping 8.8.8.8

stackstorm-ping-alias-with-slack

So that is a good demo.