{"id":15674962,"url":"https://github.com/alexellis/tinkerbot","last_synced_at":"2025-05-06T23:40:25.530Z","repository":{"id":57530385,"uuid":"271259258","full_name":"alexellis/tinkerbot","owner":"alexellis","description":"ChatOps for Tinkerbell","archived":false,"fork":false,"pushed_at":"2020-06-11T13:18:02.000Z","size":3006,"stargazers_count":14,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-31T04:04:31.251Z","etag":null,"topics":["chatops","openfaas","slack","tinkerbell"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alexellis.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-06-10T11:31:44.000Z","updated_at":"2023-06-10T05:52:16.000Z","dependencies_parsed_at":"2022-09-10T11:01:52.264Z","dependency_job_id":null,"html_url":"https://github.com/alexellis/tinkerbot","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexellis%2Ftinkerbot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexellis%2Ftinkerbot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexellis%2Ftinkerbot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alexellis%2Ftinkerbot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alexellis","download_url":"https://codeload.github.com/alexellis/tinkerbot/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252788376,"owners_count":21804280,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chatops","openfaas","slack","tinkerbell"],"created_at":"2024-10-03T15:53:49.416Z","updated_at":"2025-05-06T23:40:25.509Z","avatar_url":"https://github.com/alexellis.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# tinkerbot\n\nChatOps for Tinkerbell\n\ntinkerbot is a Slackbot which brings ChatOps to Packet's Tinkerbell project for bare-metal automation.\n\n## How does it work?\n\ntinkerbot makes use of both the gRPC API of Tinkerbell, and the HTTP REST API of ELK where Tinkerbell stores all its logs.\n\nThe bot is written in Go using the [OpenFaaS](https://www.openfaas.com/) `golang-middleware` template and is packaged as a Docker container. \n\nIn this README you'll find instructions for configuring and deploying tinkerbot to your Tinkerbell provisioner using OpenFaaS on k3s, however you may also be able to run tinkerbot with the lighter-weight [faasd](https://github.com/openfaas/faasd) project which does not require Kubernetes.\n\n## Commands:\n\n### Logs\n\nFetch logs from ELK for a specific Tinkerbell component\n\n```\n/logs INDEX\n```\n\nExamples include:\n\n```\n/logs worker\n/logs tink-server\n/logs boots\n/logs nginx\n/logs registry\n```\n\n### Workflows\n\nGet a list of workflows\n\n```\n/workflow\n```\n\n### Events\n\nGet the events for the latest updated workflow.\n\n```\n/events\n```\n\n\u003e This command is ideal for debugging or for monitoring an in-flight workflow.\n\nGet the events for a given workflow\n\n```\n/events \u003cWORKFLOW_ID\u003e\n```\n\n## Installation\n\n### Pre-reqs\n\n* You will need your own Slack workspace, or administrative access to create and install a Slack app\n* OpenFaaS installed with reachability to your ElasticSearch server, i.e. on the provisioner\n* A public IP for Slack to send webhooks for the Slash commands, or use [inlets](https://inlets.dev/) for this\n\n### Setup OpenFaaS and Kubernetes on your provisioner\n\nOn the provisioner install k3d, which can leverage the existing installation of Docker to run Kubernetes in a container with k3s.\n\n```bash\ncurl -s https://raw.githubusercontent.com/rancher/k3d/master/install.sh | bash\n```\n\nCreate a cluster with k3d:\n\n```bash\ncurl -LO https://storage.googleapis.com/kubernetes-release/release/v1.18.0/bin/linux/amd64/kubectl\nchmod +x kubectl\nsudo mv kubectl /usr/local/bin/\n\nk3d create cluster --name tinkerbot --server-arg \"--no-deploy=traefik\" --server-arg \"--no-deploy=servicelb\"\nexport KUBECONFIG=\"$(k3d get-kubeconfig --name tinkerbot)\"\n```\n\nNow install arkade, to install openfaas:\n\n```bash\ncurl -sLS https://dl.get-arkade.dev | sudo sh\n```\n\nInstall OpenFaaS:\n\n```bash\narkade install openfaas\n```\n\nDo not follow the instructions printed.\n\n### Expose your OpenFaaS gateway on the provisioner\n\n\u003e If you are running on-premises, or at home, then use the [inlets-operator for Kubernetes instead](https://github.com/inlets/inlets-operator/).\n\nSince we are running k3d within a container, it will not be accessible by Slack for incoming webhooks required for the bot. We will run the [inlets](https://inlets.dev) server process on the provisioner and connect from a pod inside k3s to forward all traffic to the outside world.\n\n```bash\ncurl -sLS https://inletsctl.inlets.dev | sudo sh\n\n# Download the OSS inlets version\nsudo inletsctl download\n\n# Set to your Packet provisioner's public IP\nexport PUBLIC_IP=192.168.0.61\n\ninletsctl kfwd --if $PUBLIC_IP \\\n  --from gateway:8080 \\\n  --namespace openfaas \u0026\n```\n\nThe command above started an inlets server on your public host, and then started an inlets client as a Pod inside the k3s cluster. This allows the OpenFaaS gateway to be exposed on the host for Slack and for our use.\n\n### Log into OpenFaaS\n\nNow that we have exposed OpenFaaS on the public IP, we can log into it.\n\n```bash\n# Set the OpenFaaS URL to the public IP:\nexport PUBLIC_IP=192.168.0.61\n\nexport OPENFAAS_URL=http://$PUBLIC_IP:8080\n```\n\nRun `arkade info openfaas` and follow the instructions:\n\n```bash\ncurl -SLsf https://cli.openfaas.com | sudo sh\n\n# Forward the gateway to your machine\nkubectl rollout status -n openfaas deploy/gateway\n\n# If basic auth is enabled, you can now log into your gateway:\nPASSWORD=$(kubectl get secret -n openfaas basic-auth -o jsonpath=\"{.data.basic-auth-password}\" | base64 --decode; echo)\n\necho -n $PASSWORD | faas-cli login --username admin --password-stdin\n```\n\nCheck that the login worked, you should see no functions listed for the following:\n\n```bash\nfaas-cli list\nFunction                      \tInvocations    \tReplicas\n```\n\n### Create a Slack app\n\nSlack uses \"apps\" to integrate with its API. Create an app and install it to your Slack workspace.\n\nClick Workspace Settings -\u003e API\n\nCreate a new Slack command for each command you want to enable:\n\n![Add the commands](./docs/add-command.png)\n\nFor request URL enter the following, changing $IP to the IP address of your provisioner and port 8080:\n\n```\nhttp://$IP:8080/function/tinkerbot\n```\n\nSo add - `/logs` and `/last-workflow` to start with.\n\nYou will need to enter the public IP of your OpenFaaS gateway, or your inlets tunnel if you are using a tool like k3d or KinD.\n\nOnce you have created the command, you can install it to a workspace:\n\n![Install app](./docs/install-app.png)\n\n### Configure the bot\n\nYou will create the following secrets:\n\n* `validation-token` - Slack token for verification - navigate to Basic Information -\u003e App Credentials and copy the text from `Verification Token`\n\nRun the following:\n\n```bash\nexport VALIDATION_TOKEN=\"w7ub1M8Jk2mYHEtpmtgXiLzr\"\n\nfaas-cli secret create validation-token --from-literal $VALIDATION_TOKEN\n```\n\nNow edit stack.yml and update the environment variable for where your ELK cluster is located. This is probably the public IP of your provisioner.\n\n```yaml\n    environment:\n      elk_host: http://192.168.1.1:9200/\n```\n\nHere, I am using an IP on my local network. By default Tinkerbell exposes ElasticSearch on all interfaces on your provisioner. Check the interfaces with `ip addr` or `ifconfig`.\n\nIf you are using the `workflow` command, you'll also need to add the following entries (changing the IP as per the step above):\n\n```yaml\n    environment:\n      TINKERBELL_GRPC_AUTHORITY: 192.168.1.1:42113\n      TINKERBELL_CERT_URL: http://192.168.1.1:42114/cert\n```\n\n\u003e Note: TINKERBELL_GRPC_AUTHORITY does not include a URL scheme\n\n### Deploy the bot\n\n```bash\nfaas-cli deploy -f stack.yml\n```\n\nYou can view the bot's logs with `faas-cli logs tinkerbot`.\n\n### Try out the bot\n\nLogs from Nginx:\n\n![Nginx logs](./docs/nginx-logs.png)\n\nLogs from the worker:\n\n![Worker logs](./docs/worker-logs.png)\n\nShowing the list of workflows:\n\n![Workflows](./docs/workflows.png)\n\nShowing the events for the latest updated workflow:\n\n![Events](./docs/events.png)\n\n## Taking it further\n\n* Enable HTTPS for OpenFaaS\n\n  You can enable HTTPS for OpenFaaS [using this guide for inlets PRO](https://docs.inlets.dev/#/get-started/quickstart-ingresscontroller-cert-manager?id=expose-your-ingresscontroller-and-get-tls-from-letsencrypt) or if you installed Kubernetes directly on the provisioner, [you can try this guide](https://blog.alexellis.io/tls-the-easy-way-with-openfaas-and-k3sup/).\n\n* Do you want to hack on the functions?\n\n  If you wish to hack on the bot and deploy a new version, replace `alexellis2` in the `image:` field with your own Docker Hub account, and then run `faas-cli up` instead of `faas-cli deploy`.\n\n  If you want to work on the code, you can run `faas-cli build/up`, or for quicker iterations just run `go test ./tinkerbot/cmd/` or `go build` within the `./tinkerbot/cmd/` folder.\n\n* What if I don't want to run Kubernetes?\n\n  You can try [faasd](https://github.com/openfaas/faasd) which only requires containerd, which should already be installed on your provisioner.\n\n* Why do I need to run OpenFaaS on the provisioner?\n\n  You need to run OpenFaaS on the provisioner, or on another host within the same private network so that it can access the gRPC API and ELK.\n\n## Getting help and contributing\n\nFeel free to join the [Packet community Slack](https://slack.packet.com) and start a discussion in the `#tinkerbell` channel.\n\nIf you'd like specific help about OpenFaaS, join [the OpenFaaS community on Slack](https://slack.openfaas.io/)\n\nLicense: MIT\n\nThis project follows the [Developer Certificate of Origin](https://developercertificate.org), all PRs must include a Signed-off-by: line using `git commit -s`.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexellis%2Ftinkerbot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falexellis%2Ftinkerbot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falexellis%2Ftinkerbot/lists"}