Anton is an fork of Holly.
Anton currently runs on anton.laterpay.net, which is hosted on irc.laterpay.net.
At this point Anton has diverged a lot from Holly, however some of our changes might make it upstream at some point :).
In production, Anton runs via DJB supervise (or any other watcher process). On LaterPay servers it's deployed as a RPM
and subsequently run from its service directory /opt/lp-supervise/run which loads Anton's run script.
Anton is configured through environment variables set in its supervisord/daemontools config.
Here is an example config:
[program:anton]
user=anton
command=/srv/anton/.env/bin/python /srv/anton/holly.py
autostart=true
autorestart=true
environment=IRC_SERVER="YOUR.IRCSER.VER"
IRC_PORT="8080",
HTTP_BINDADDRESS="127.0.0.1",
HTTP_PORT="8000",
JENKINS_CHANNEL="#laterpay-ci",
GITHUB_AUTH_TOKEN="[create an auth token]"
...
| Variable | Description |
|---|---|
| DATA_PATH | The path to a folder where Anton can store it's SQLite database files (Default: ./data) |
| IRC_SERVER | The hostname or IP address of the IRC server which Anton should connect to. (Default: 127.0.0.1) |
| IRC_PORT | The port that Anton should connect to. (Default: 6667) |
| HTTP_BINDADDRESS | The IP address that Anton should bind its webhook listener to. (Default: 127.0.0.1) |
| HTTP_PORT | The port that Anton should listen on for HTTP webhooks. (Default: 8000) |
| HTTP_ROOT | A path prefix for HTTP handlers. There isn't much reason to ever change this. (Default: "/bot") |
| BOT_USERNAME | The bot's IRC username (Default: "anton") |
| BOT_REALNAME | The bot's IRC real name (Default: "anton") |
| BOT_NICKNAME | The bot's IRC nickname (Default: "antonia") |
| BOT_CHANNELS | A comma-separated list of channels the bot should connect to. (Default: "#twilightzone") |
| SENTRY_DSN | An optional DSN that will connect Anton's error handling to a Sentry instance |
| Variable | Description |
|---|---|
| JENKINS_CHANNEL | The channel where Anton posts webhook calls made to the Jenkins CI handler (Default: #twilightzone) |
| TICKET_PROVIDER | If you want to connect Anton to a ticket tracker, it currently supports JIRA and GitHub tickets. Set this to either anton.modules.tickets.jira.JiraTicketProvider or anton.modules.tickets.github.GitHubTicketProvider accordingly. |
| GITHUB_CHANNEL | The channel where Anton posts webhook calls made to the GitHub handler (Default: #twilightzone) |
| GITHUB_AUTH_TOKEN | A GitHub OAuth2 token for Anton (see below for docs on how to create this) |
| GITHUB_DEFAULT_ORGANIZATION | The default organization to search (Default: 'laterpay') |
| GITHUB_DEFAULT_REPO | The default repository name to search (Default: 'laterpay') |
| JIRA_URL | A HTTP(S) URL pointing to your organization's JIRA (Default: "https://laterpay.atlassian.net") |
| JIRA_AUTH_TOKEN | A JIRA OAuth1 token (see below for docs on how to create this) |
| JIRA_AUTH_SECRET | A JIRA OAuth1 secret key (see below for docs on how to create this) |
| JIRA_AUTH_ID | The JIRA application link ID (Default: "anton") |
| JIRA_AUTH_PRIVATEKEY | A RSA private key, starting with "-----BEGIN RSA PRIVATE KEY-----" registered with JIRA. |
By sending a HTTP POST to GitHub via curl. The following example is adapted from the original docs.
curl -u 'laterpay-jenkins' -d '{"scopes":["repo"],"note":"OAuth Token for LaterPay Bots (authorized by [YOUREMAILADDRESS])"}' https://api.github.com/authorizations
This will return a JSON object that has your GitHub auth token. The note will show up in your GitHub user account.
As in the above example, LaterPay has a dedicated jenkins user on GitHub that we use for this kind of thing.
JIRA has the most convoluted setup path for OAuth imaginable. That said: Here is how you authorize Anton on JIRA:
First, use openssl to generate a RSA key pair:
openssl genrsa -out anton.secretkey 2048
openssl rsa -pubout -in anton.secretkey
Now follow these steps:
- Log into JIRA as an Administrator
- Go to Settings -> Add-Ons -> Application Links
- Enter the URL of your Anton bot (or any URL, really) and click "Create New Link"
- Click "Continue"
- Enter an application name like "Anton IRC bot" and select "Generic Application", leave the other fields empty.
- Click "Continue"
- Now click "Edit" next to the "Anton IRC bot" entry
- Click on "Incoming Authentication"
- Set consumer key to the value of
JIRA_AUTH_IDin Anton's config (for example: "anton") - Set consumer name to "Anton IRC bot"
- Paste the public key without the
-----BEGIN PUBLIC KEY-----and-----END PUBLIC KEY-----lines into the "Public Key" field - Click "Save"
- Log out of JIRA!
You will need to put the private key either into config.py or into the JIRA_AUTH_PRIVATEKEY environment variable.
In this case, it's good to know that DJB envdir will replace ASCII 0 with newline characters when reading files
in an envdir.
Finally it's time to authorize Anton. Do NOT use an JIRA administrator account for this (because: security!). Inside Anton's virtualenv run this:
bin/jirashell -s [your JIRA server URL] -od -ck [JIRA_AUTH_ID] -k /path/to/anton.secretkey -pt
- If, like me, you don't have browsers on your development VMs, you'll need to patch
lib/python2.7/site-packages/tools/jirashell.pyline 52 to outputauth_url! I submitted a pull request for that. - This command will launch a browser and go to your JIRA server. This is why you logged out before. Now log in with an unprivileged account (for example a member of the "Developers" group, which has access to all tickets which you want the bot to have access to).
- Authorize the application.
jirashellwill output a OAuth1 token and secret. You need to put these intoJIRA_AUTH_TOKENandJIRA_AUTH_SECRET.
Finally... you're done.
Anton supports GitHub post requests and Jenkins callbacks.
Clone it, create a virtualenv and pip install it:
git clone https://github.com/laterpay/anton.git anton
virtualenv .env
.env/bin/pip install -e anton
Kristian (holly@doismellburning.co.uk) is maintaining Holly for the long term; contact him if you have any Holly issues/questions/opinions. LaterPay's fork was primarily architected by @jdelic.