对接企业微信机器人报错:{\“errcode\“:60020,\“errmsg\“:\“not allow to access from your ip, hint: [169917845713115
Prometheus+altermanager对接企业微信机器人报错内容:
level=debug ts=2023-11-05T10:00:57.435Z caller=wechat.go:190 integration=wechat response="{\"errcode\":60020,\"errmsg\":\"not allow to access from your ip, hint: [1699178457562583222455115], from ip: 36.112.180.226, more info at https://open.work.weixin.qq.com/devtool/query?e=60020\"}" incident="{}:{alertname=\"kubernetes-etcd\"}"
解决方案:企业微信机器人添加企业可信IP 即可!
但是但是,第一次配置可信IP地址,需要先配置设置接收消息服务器URL,步骤如下:
打开一台有公网IP的服务器,进行下面操作:
wget https://github.com/sbzhu/weworkapi_python/archive/refs/heads/master.zip
unzip master.zip
mv weworkapi_python-master weworkapi_python
vim wechat.py
#-*- encoding:utf-8 -*-
from flask import abort, request
from flask import Flask
from xml.dom.minidom import parseString
import _thread
import time
import os
import sys
sys.path.append("weworkapi_python/callback") # 正确的模块导入路径
from WXBizMsgCrypt3 import WXBizMsgCrypt # https://github.com/sbzhu/weworkapi_python 项目地址
app = Flask(__name__)
# 对应步骤4中接受消息回调模式中的URL,如域名是'www.example.com' 那么在步骤4中填入的url就为"http://www.example.com/hook_path"
@app.route('/hook_path', methods=['GET','POST'])
def douban():
if request.method == 'GET':
echo_str = signature(request, 0)
return(echo_str)
elif request.method == 'POST':
echo_str = signature2(request, 0)
return(echo_str)
qy_api = [
WXBizMsgCrypt("XXXXXXX", "XXXXXXX", "XXXXXXX"),
] #对应接受消息回调模式中的token,EncodingAESKey 和 企业信息中的企业id
# 开启消息接受模式时验证接口连通性
def signature(request, i):
msg_signature = request.args.get('msg_signature', '')
timestamp = request.args.get('timestamp', '')
nonce = request.args.get('nonce', '')
echo_str = request.args.get('echostr', '')
ret,sEchoStr=qy_api[i].VerifyURL(msg_signature, timestamp,nonce,echo_str)
if (ret != 0):
print("ERR: VerifyURL ret: " + str(ret))
return("failed")
else:
return(sEchoStr)
# 实际接受消息
def signature2(request, i):
msg_signature = request.args.get('msg_signature', '')
timestamp = request.args.get('timestamp', '')
nonce = request.args.get('nonce', '')
data = request.data.decode('utf-8')
ret,sMsg=qy_api[i].DecryptMsg(data,msg_signature, timestamp,nonce)
if (ret != 0):
print("ERR: DecryptMsg ret: " + str(ret))
return("failed")
else:
with open ("/var/log/qywx.log", 'a+') as f: # 消息接收日志
doc = parseString(sMsg)
collection = doc.documentElement
name_xml = collection.getElementsByTagName("FromUserName")
msg_xml = collection.getElementsByTagName("Content")
type_xml = collection.getElementsByTagName("MsgType")
pic_xml = collection.getElementsByTagName("PicUrl")
msg = ""
name = ""
msg_type = type_xml[0].childNodes[0].data
if msg_type == "text": #文本消息
name = name_xml[0].childNodes[0].data #发送者id
msg = msg_xml[0].childNodes[0].data #发送的消息内容
f.write(time.strftime('[%Y-%m-%d %H:%M:%S]') + "[ch%d] %s:%s\n" % (i, name, msg))
_thread.start_new_thread(os.system, ("python3 command.py '%s' '%s' '%d' '%d'" % (name, msg, i, 0), )) #此处将消息进行外部业务处理
elif msg_type == "image": #图片消息
name = name_xml[0].childNodes[0].data
pic_url = pic_xml[0].childNodes[0].data
f.write(time.strftime('[%Y-%m-%d %H:%M:%S]') + "[ch%d] %s:图片消息\n" % (i, name))
_thread.start_new_thread(os.system, ("python3 command.py '%s' '%s' '%d' '%d'" % (name, pic_url, i, 1), )) #此处将消息进行外部业务处理
f.close()
return("ok")
if __name__=='__main__':
app.run("0.0.0.0", 888) #本地监听端口,可自定义
共修改三处配置,如下
qy_api = [
WXBizMsgCrypt("XXXXXXX", "XXXXXXX", "XXXXXXX"),
] #对应接受消息回调模式中的token,EncodingAESKey 和 企业信息中的企业id
执行 wechat.py 脚本,如果缺py依赖就pip3 install 安装一下,此处不在赘述!!
python3 wechat.py
如下图表示启动成功:
http://公网IP地址:888/hook_path
OK,设置完成!,接下来可以添加企业可信IP了。
最后最后,告警也是成功发送到了企业微信,如下图:
至此结束!!