The opendev project has been moving away from puppet and this is one of
the puppet modules that is no longer used. To simplify things for us we
are taking the extra step of retiring this repo.
Change-Id: Ibbd66faf35447c5e8587c6996cd5011fcede688a
The HTTP Strict Transport Security (HSTS) mechanism defined in IETF
RFC 6797 allows us to indicate to clients that the site to which
they are connecting should only every be reached over an encrypted
HTTPS connection, in an effort to thwart protocol downgrade attacks
which could convince a client to fall back to plaintext HTTP. Set
such a policy header for the SSL vhost, valid for one year, and
indicate that this policy also applies to any subdomains of the
hostname with which the site is served (even though it's unlikely
that there would ever be any in this case, this is useful for
consistency with inclusion in other vhost templates in the future).
While HSTS policy can't prevent downgrade attacks the very first
time a client connects to this site, thereafter their browser would
be wary of connecting over plain HTTP for subsequent connections for
a full year.
Change-Id: If5c2f3b70e7f7646bf6168e8942aee0ecb7c2ec8
I think I chose a bad example to cargo-cult copy from in
Ic133e3abc09343541210c061af544f7b37480f27; the variables are not being
found. Use scope.lookupvar() (the once place where I did use this is
working).
Change-Id: If3af4eb6a7d29ddde16f08cb7f55e64ad058d12d
If passed the new ssl file parameters, configure and install a SSL
version of the apache config.
For graphite.opendev.org it is intended to use the letsencrypt
certificates provisioned by the base ansible run for this.
Change-Id: Ic133e3abc09343541210c061af544f7b37480f27
Django 1.8 in Xenial hits changes to the app loading made in 1.7 [1].
On Xenail and above, ship a slightly different wsgi loader that uses
the new-style loading.
[1] https://docs.djangoproject.com/en/dev/releases/1.7/#app-loading-changes
Change-Id: Ia741af25391603fe81c0185b586b5841910f714a
An extra comma snuck in with
I1fec03b32441a1962190f9bd8e24e8bec2318ab5; also use non-printing
statements to tidy it up a bit.
Change-Id: I955eef2ca658d5375ed2e38279ecd58db1ed4968
By default we're not listening on an ipv6 address; so any stats sent
there just go missing. Set up by default to listen to '::' (and add
required ipv6 argument) which, thanks to dual-stack, means ipv4 & 6
packets are all accounted for.
Change-Id: I1fec03b32441a1962190f9bd8e24e8bec2318ab5
Turns out this is a bit of a pain, and we found out via a full disk.
Firstly, carbon wants to rotate it's own log files, but doesn't
compress or cleanup. Disable this with ENABLE_LOGROTATION=False,
which has been around for a while. This is copied from the upstream
example config.
Secondly, we were missing the console.log file. Change the rotate to
just one for "*.log", and also add "sharedscripts" so the post-rotate
is only run once per rotation of all files.
Thirdly, copytruncate doesn't work [2]. It needs to be "nocreate";
the file is moved and carbon starts a new one (as suggested by the
config comment). This is updated in the combined rotate section.
[1] https://github.com/graphite-project/carbon/pull/68
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733856
Change-Id: I946bb728971db79a2f4d08f2787c0768b958fb53
When running in apache 2.4, the following sort of error was observed
when trying to access the graphite Web app:
AH01630: client denied by server configuration:
/var/lib/graphite/webapp/content/js/composer.js, referer: httpcomposer/?
This change conditionally adds the appropriate permissions to allow
static web content to be served.
Change-Id: I7826a2fdb1b47d39eb7a4a43c6896a16fdbb32c8
In the default configuration, statsd emits 0 values for every known
counter, timer, and guage for every interval. In our system, we
have a lot of sparsely updated timers and counters -- those
associated with a job -- so the longer statsd runs, the more 0
metrics it constantly emits.
Many of these metrics are null much of the time anyway -- each time
statsd restarts it forgets all of these metrics and so the databases
will have nulls until it sees a metric anyway.
This change tells statsd not to send 0 values for timecs and counters
that have not reported during the update interval.
Guages will still report their last value.
Change-Id: I87c85f82f6d38506977bc9bf26d34f6e66746b01
When graphite aggregates data from a high resolution database into
a lower resolution database, this value determines how many samples
must be present in order for data to be aggregated. A value of
0.3 means 30% of the possible high-resolution values must be present
in order for data to be aggregated; if less than 30% are present,
then a null value will be stored instead.
Because so much of our data, particularly related to individual jobs,
providers, etc, are so sporadic, set this value to 0 globally. This
means that all min, max, and average values will be available in all
databases.
Change-Id: I5f416e798e7abedfde776c9571b6fc8cea5f3a33
Graphite needs to enable simple CORS requests so that third-party
services that want to pull data via the API to build things like
interactive graphs and visualization dashboards can do that.
Change-Id: I34a422c787118425aa484fa980aadd47cbf197e2
In order to make more efficient use of disk space, let's change the
default retention policy. Being able to react to changes with a
10-seccond precision less likely to be usefule as the data gets older,
and our historic data does not give much insight beyond a 1-hour
precision.
This change does not effect already created metrics, changing that would
require a manual run of whisper-resize.py on the data directories. This
only effects new metrics.
Old retention:
10-second precision for 6 hours
60-second precision for 7 days
10-minute precision for 5 years
New retention
10-second precision for 8 hours
60-second precision for 7 days
1-hour precision for 1 year
1-day precision for 5 years
Change-Id: I08d73d092fc73c271e9092f551f38f395e006ca4
grahpite.o.o currently has a manually installed fix for carbon
issue #55 in place, but in case we lose that, setting MAX_CPM
to >=60 should work around the problem.
https://github.com/graphite-project/carbon/issues/55
Change-Id: I53bbe348737edc0c513bb1b34b753018d20c3d60
Reviewed-on: https://review.openstack.org/18750
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
This matches the rule for summing .count metrics. It means
that a minimum of 0% of the existing values must be non-null
in order for the new value to be non-null. That's good for
sums of exact counts.
Change-Id: Ic3f50888ada274a36e8f0385e6fffddf88ba6dfe
Reviewed-on: https://review.openstack.org/18747
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Change-Id: I13fc4d58b74c816ec2329ef792544e88e3c15594
Reviewed-on: https://review.openstack.org/18746
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Change-Id: I7d57a77f8c778403d40e7cb151feafe38867e1d7
Reviewed-on: https://review.openstack.org/18739
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Most of this is from the statsd README.
Change-Id: I22e4619375c10de2cb010b06071ed3b473197e92
Reviewed-on: https://review.openstack.org/18737
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Some paths were not set correctly in graphite config files.
Fix up permissions in /var/lib/graphite.
Use 'service', but don't ensure it's running.
Change-Id: I363319473a332c16687e16887bfe83e1468c8ece
Reviewed-on: https://review.openstack.org/17617
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Clark Boylan