From f17bc6d3121f7e95fe3d445f4772215ac62ce259 Mon Sep 17 00:00:00 2001
From: "xiuting.xu" <xiutingxt.xu@gmail.com>
Date: Thu, 25 Sep 2025 14:23:20 +0800
Subject: [PATCH] =?UTF-8?q?[#6]=20alertmanager=E7=9A=84=E5=AE=B9=E5=99=A8?=
 =?UTF-8?q?=E5=8C=96=E9=83=A8=E7=BD=B2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/alert/alertmanager/build/Dockerfile       | 79 +++++++++++++++++++
 .../{ => alertmanager/build}/alertmanager.yml |  0
 src/alert/alertmanager/build/dns-monitor.sh   |  1 +
 .../alertmanager/build/start-am-supervised.sh | 26 ++++++
 src/alert/alertmanager/build/supervisord.conf | 39 +++++++++
 5 files changed, 145 insertions(+)
 create mode 100644 src/alert/alertmanager/build/Dockerfile
 rename src/alert/{ => alertmanager/build}/alertmanager.yml (100%)
 create mode 100644 src/alert/alertmanager/build/dns-monitor.sh
 create mode 100644 src/alert/alertmanager/build/start-am-supervised.sh
 create mode 100644 src/alert/alertmanager/build/supervisord.conf

diff --git a/src/alert/alertmanager/build/Dockerfile b/src/alert/alertmanager/build/Dockerfile
new file mode 100644
index 0000000..a3db3ea
--- /dev/null
+++ b/src/alert/alertmanager/build/Dockerfile
@@ -0,0 +1,79 @@
+# 基于 Ubuntu 24.04
+FROM ubuntu:24.04
+
+# 切换到 root 用户
+USER root
+
+# 安装必要依赖
+RUN apt-get update && \
+    apt-get install -y wget supervisor net-tools inetutils-ping vim ca-certificates passwd && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# 设置 Alertmanager 版本
+ARG ALERTMANAGER_VERSION=0.28.1
+
+# 下载并解压 Alertmanager 二进制
+RUN wget https://github.com/prometheus/alertmanager/releases/download/v${ALERTMANAGER_VERSION}/alertmanager-${ALERTMANAGER_VERSION}.linux-amd64.tar.gz && \
+    tar xvf alertmanager-${ALERTMANAGER_VERSION}.linux-amd64.tar.gz && \
+    mv alertmanager-${ALERTMANAGER_VERSION}.linux-amd64 /usr/local/alertmanager && \
+    rm alertmanager-${ALERTMANAGER_VERSION}.linux-amd64.tar.gz
+
+
+RUN mkdir -p /usr/share/alertmanager && \
+    mkdir -p /private/argus/alert/alertmanager && \
+    mkdir -p /private/argus/etc && \
+    rm -rf /alertmanager && \
+    ln -s /private/argus/alert/alertmanager /alertmanager
+
+# 创建 alertmanager 用户（可自定义 UID/GID）
+# 创建 alertmanager 用户组
+RUN groupadd -g 2015 alertmanager
+
+# 创建 alertmanager 用户并指定组
+RUN useradd -M -s /usr/sbin/nologin -u 2133 -g 2015 alertmanager
+
+RUN chown -R alertmanager:alertmanager /usr/share/alertmanager && \
+    chown -R alertmanager:alertmanager /private/argus/alert/alertmanager && \
+    chown -R alertmanager:alertmanager /private/argus/etc
+
+# 配置内网 apt 源 (如果指定了内网选项)
+RUN if [ "$USE_INTRANET" = "true" ]; then \
+        echo "Configuring intranet apt sources..." && \
+        cp /etc/apt/sources.list /etc/apt/sources.list.bak && \
+        echo "deb [trusted=yes] http://10.68.64.1/ubuntu2204/ jammy main" > /etc/apt/sources.list && \
+        echo 'Acquire::https::Verify-Peer "false";' > /etc/apt/apt.conf.d/99disable-ssl-check && \
+        echo 'Acquire::https::Verify-Host "false";' >> /etc/apt/apt.conf.d/99disable-ssl-check; \
+    fi
+
+
+# 配置部署时使用的 apt 源
+RUN if [ "$USE_INTRANET" = "true" ]; then \
+    echo "deb [trusted=yes] https://10.92.132.52/mirrors/ubuntu2204/ jammy main" > /etc/apt/sources.list; \
+    fi
+
+# 创建 supervisor 日志目录
+RUN mkdir -p /var/log/supervisor
+
+# 复制 supervisor 配置文件
+COPY src/alert/alertmanager/build/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
+# 复制启动脚本
+COPY src/alert/alertmanager/build/start-am-supervised.sh /usr/local/bin/start-am-supervised.sh
+RUN chmod +x /usr/local/bin/start-am-supervised.sh
+
+# 复制 Alertmanager 配置文件
+COPY src/alert/alertmanager/build/alertmanager.yml /etc/alertmanager/alertmanager.yml
+
+# 复制 DNS 监控脚本
+COPY src/alert/alertmanager/build/dns-monitor.sh /usr/local/bin/dns-monitor.sh
+RUN chmod +x /usr/local/bin/dns-monitor.sh
+
+# 保持 root 用户，由 supervisor 控制 user 切换
+USER root
+
+# 暴露端口（Alertmanager 默认端口 9093）
+EXPOSE 9093
+
+# 使用 supervisor 作为入口点
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+
diff --git a/src/alert/alertmanager.yml b/src/alert/alertmanager/build/alertmanager.yml
similarity index 100%
rename from src/alert/alertmanager.yml
rename to src/alert/alertmanager/build/alertmanager.yml
diff --git a/src/alert/alertmanager/build/dns-monitor.sh b/src/alert/alertmanager/build/dns-monitor.sh
new file mode 100644
index 0000000..910215c
--- /dev/null
+++ b/src/alert/alertmanager/build/dns-monitor.sh
@@ -0,0 +1 @@
+../../../bind/build/dns-monitor.sh
\ No newline at end of file
diff --git a/src/alert/alertmanager/build/start-am-supervised.sh b/src/alert/alertmanager/build/start-am-supervised.sh
new file mode 100644
index 0000000..effe495
--- /dev/null
+++ b/src/alert/alertmanager/build/start-am-supervised.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+set -euo pipefail
+
+echo "[INFO] Starting Alertmanager under supervisor..."
+
+ALERTMANAGER_BASE_PATH=${ALERTMANAGER_BASE_PATH:-/private/argus/alert/alertmanager}
+
+echo "[INFO] Alertmanager base path: ${ALERTMANAGER_BASE_PATH}"
+
+# 生成配置文件
+echo "[INFO] Generating Alertmanager configuration file..."
+sed "s|\${ALERTMANAGER_BASE_PATH}|${ALERTMANAGER_BASE_PATH}|g" \
+    /etc/alertmanager/alertmanager.yml > ${ALERTMANAGER_BASE_PATH}/alertmanager.yml
+
+
+# 记录容器 IP 地址
+DOMAIN=alertmanager.alert.argus.com
+IP=$(ifconfig | grep -A 1 eth0 | grep inet | awk '{print $2}')
+echo "current IP: ${IP}"
+echo "${IP}" > /private/argus/etc/${DOMAIN}
+
+
+echo "[INFO] Starting Alertmanager process..."
+
+# 启动 Alertmanager 主进程
+exec /usr/local/alertmanager/alertmanager --config.file=/etc/alertmanager/alertmanager.yml --storage.path=/alertmanager
diff --git a/src/alert/alertmanager/build/supervisord.conf b/src/alert/alertmanager/build/supervisord.conf
new file mode 100644
index 0000000..7aa335c
--- /dev/null
+++ b/src/alert/alertmanager/build/supervisord.conf
@@ -0,0 +1,39 @@
+[supervisord]
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+pidfile=/var/run/supervisord.pid
+user=root
+
+[program:alertmanager]
+command=/usr/local/bin/start-am-supervised.sh
+user=alertmanager
+stdout_logfile=/var/log/supervisor/alertmanager.log
+stderr_logfile=/var/log/supervisor/alertmanager_error.log
+autorestart=true
+startretries=3
+startsecs=10
+stopwaitsecs=20
+killasgroup=true
+stopasgroup=true
+
+# [program:dns-monitor]
+# command=/usr/local/bin/dns-monitor.sh
+# user=root
+# stdout_logfile=/var/log/supervisor/dns-monitor.log
+# stderr_logfile=/var/log/supervisor/dns-monitor_error.log
+# autorestart=true
+# startretries=3
+# startsecs=5
+# stopwaitsecs=10
+# killasgroup=true
+# stopasgroup=true
+
+[unix_http_server]
+file=/var/run/supervisor.sock
+chmod=0700
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface