2025-06-23 23:10:14 source=engine:app google_trace_id=none logger=apps.alerts.grafana_alerting_sync_manager.grafana_alerting_sync GrafanaAlertingSyncManager: Failed to update contact point (POST) for is_grafana_datasource True; response: {'url': 'http://10.9.9.2:3000/api/alertmanager/grafana/config/api/v1/alerts', 'connected': False, 'status_code': 403, 'message': '403 Client Error: Forbidden for url: http://10.9.9.2:3000/api/alertmanager/grafana/config/api/v1/alerts'}

x-environment: &oncall-environment
  DATABASE_TYPE: sqlite3
  BROKER_TYPE: redis
  BASE_URL: $DOMAIN
  SECRET_KEY: $SECRET_KEY
  FEATURE_PROMETHEUS_EXPORTER_ENABLED: ${FEATURE_PROMETHEUS_EXPORTER_ENABLED:-false}
  PROMETHEUS_EXPORTER_SECRET: ${PROMETHEUS_EXPORTER_SECRET:-}
  REDIS_URI: redis://redis:6379/0
  DJANGO_SETTINGS_MODULE: settings.hobby
  CELERY_WORKER_QUEUE: "default,critical,long,slack,telegram,webhook,retry,celery,grafana"
  CELERY_WORKER_CONCURRENCY: "1"
  CELERY_WORKER_MAX_TASKS_PER_CHILD: "100"
  CELERY_WORKER_SHUTDOWN_INTERVAL: "65m"
  CELERY_WORKER_BEAT_ENABLED: "True"
  GRAFANA_API_URL: http://grafana:3000
  LOG_LEVEL: debug
  GRAFANA_TOKEN: "glsa_o1V3oLwW4hOWI0wKG1GXfKLBShn2Eblkablablabla"
  GRAFANA_USER: ${GRAFANA_USER:-}
  GRAFANA_PASSWORD: ${GRAFANA_PASSWORD:-}

services:
  engine:
    image: grafana/oncall
    restart: always
    command: sh -c "uwsgi --ini uwsgi.ini"
    ports:
      - "8080:8080/tcp"
    networks:
      - "prometheus_back-tier"
      - "prometheus_front-tier"
    environment: *oncall-environment
    volumes:
      - oncall_data:/var/lib/oncall
    depends_on:
      oncall_db_migration:
        condition: service_completed_successfully
      redis:
        condition: service_healthy

  celery:
    image: grafana/oncall
    restart: always
    command: sh -c "./celery_with_exporter.sh"
    environment: *oncall-environment
    networks:
      - "prometheus_back-tier"
      - "prometheus_front-tier"
    volumes:
      - oncall_data:/var/lib/oncall
    depends_on:
      oncall_db_migration:
        condition: service_completed_successfully
      redis:
        condition: service_healthy

  oncall_db_migration:
    image: grafana/oncall
    command: python manage.py migrate --noinput
    environment: *oncall-environment
    networks:
      - "prometheus_back-tier"
      - "prometheus_front-tier"
    volumes:
      - oncall_data:/var/lib/oncall
    depends_on:
      redis:
        condition: service_healthy

  redis:
    image: redis:7.0.15
    restart: always
    expose:
      - 6379
    volumes:
      - redis_data:/data
    networks:
      - "prometheus_back-tier"
      - "prometheus_front-tier"
    deploy:
      resources:
        limits:
          memory: 500m
          cpus: "0.5"
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      timeout: 5s
      interval: 5s
      retries: 10

volumes:
  oncall_data:
  redis_data:

networks:
  prometheus_back-tier:
    external: true
    name: "prometheus_back-tier"
  prometheus_front-tier:
    external: true
    name: "prometheus_front-tier"

DOMAIN=http://10.9.9.2:8080
# Remove 'with_grafana' below if you want to use existing grafana
# Add 'with_prometheus' below to optionally enable a local prometheus for oncall metrics
# e.g. COMPOSE_PROFILES=with_grafana,with_prometheus
COMPOSE_PROFILES=
# to setup an auth token for prometheus exporter metrics:
# PROMETHEUS_EXPORTER_SECRET=my_random_prometheus_secret
# also, make sure to enable the /metrics endpoint:
# FEATURE_PROMETHEUS_EXPORTER_ENABLED=True
SECRET_KEY=my_random_secret_must_be_more_than_32_characters_long
GRAFANA_USER=admin
GRAFANA_PASSWORD=test123

networks:
  prometheus_back-tier:
    external: true
    name: "prometheus_back-tier"
  prometheus_front-tier:
    external: true
    name: "prometheus_front-tier"

services:
  prometheus_grafana:
    container_name: grafana
    image: "grafana/grafana:12.0.0"
    env_file:
      - path: "./grafana.env"
        required: true
    networks:
      - "prometheus_back-tier"
      - "prometheus_front-tier"
    ports:
      - "3000:3000/tcp"
    restart: "always"
    volumes:
      - ./grafana/provisioning:/etc/grafana/provisioning
      - ./grafana/tmp/certs:/tmp/certs
      - ./grafana/grafana.ini:/etc/grafana/grafana.ini
      - prometheus_grafana_data:/var/lib/grafana
  prometheus_prometheus:
    image: "prom/prometheus:v3.3.1"
    command:
      - "--config.file=/etc/prometheus/prometheus.yml"
      - "--storage.tsdb.path=/prometheus"
      - "--web.console.libraries=/usr/share/prometheus/console_libraries"
      - "--web.console.templates=/usr/share/prometheus/consoles"
      - "--web.enable-remote-write-receiver"
      - "--enable-feature=native-histograms"
    networks:
      - "prometheus_front-tier"
      - "prometheus_back-tier"
    ports:
      - "9090:9090/tcp"
    restart: "always"
    volumes:
      - ./prometheus:/etc/prometheus
      - prometheus_prometheus_data:/prometheus
volumes:
  prometheus_grafana_data:
    external: true
  prometheus_prometheus_data:
    external: true

GF_SECURITY_ADMIN_PASSWORD=foobar
GF_USERS_ALLOW_SIGN_UP=false
GF_FEATURE_TOGGLES_ENABLE=externalServiceAccounts
GRAFANA_CLOUD_ONCALL_API_URL=https://oncall-prod-eu-west-0.grafana.net/oncall
GF_AUTH_MANAGED_SERVICE_ACCOUNTS_ENABLED=true
PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
GF_PATHS_CONFIG=/etc/grafana/grafana.ini
GF_PATHS_DATA=/var/lib/grafana
GF_PATHS_HOME=/usr/share/grafana
GF_PATHS_LOGS=/var/log/grafana
GF_PATHS_PLUGINS=/var/lib/grafana/plugins
GF_PATHS_PROVISIONING=/etc/grafana/provisioning