x
/
fuel-plugin-lma-collector
Code Issues Proposed changes
fuel-plugin-lma-collector/deployment_scripts/puppet/manifests/controller.pp

526 lines
18 KiB
Puppet
Raw Blame History

# Copyright 2015 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
prepare_network_config(hiera('network_scheme', {}))
$messaging_address = get_network_role_property('mgmt/messaging', 'ipaddr')
$memcache_address = get_network_role_property('mgmt/memcache', 'ipaddr')
$network_metadata = hiera_hash('network_metadata')
include lma_collector::params
$ceilometer = hiera_hash('ceilometer', {})
$lma_collector = hiera_hash('lma_collector')
$rabbit = hiera_hash('rabbit')
$management_vip = hiera('management_vip')
$storage_options = hiera_hash('storage', {})
$murano = hiera_hash('murano')
$sahara = hiera_hash('sahara')
$contrail = hiera('contrail', false)
if $ceilometer['enabled'] {
$notification_topics = ['notifications', 'lma_notifications']
}
else {
$notification_topics = ['lma_notifications']
}
if $rabbit['user'] {
$rabbitmq_user = $rabbit['user']
}
else {
$rabbitmq_user = 'nova'
}
# Make sure the LMA service is configured with the "pacemaker" provider
include lma_collector::params
Service<| title == $lma_collector::params::service_name |> {
provider => 'pacemaker'
}
# OpenStack notifications are always useful for indexation and metrics collection
class { 'lma_collector::notifications::input':
topic => 'lma_notifications',
host => $messaging_address,
port => hiera('amqp_port', '5673'),
user => $rabbitmq_user,
password => $rabbit['password'],
}
# Sahara notifications
if $sahara['enabled'] {
include sahara::params
$sahara_api_service = $::sahara::params::api_service_name
$sahara_engine_service = $::sahara::params::engine_service_name
sahara_config { 'DEFAULT/enable_notifications':
value => true,
notify => Service[$sahara_api_service, $sahara_engine_service],
}
sahara_config { 'DEFAULT/notification_topics':
value => $notification_topics,
notify => Service[$sahara_api_service, $sahara_engine_service],
}
sahara_config { 'DEFAULT/notification_driver':
value => 'messaging',
notify => Service[$sahara_api_service, $sahara_engine_service],
}
service { [$sahara_api_service, $sahara_engine_service]:
hasstatus => true,
hasrestart => true,
}
}
# Nova notifications
include nova::params
$nova_api_service = $::nova::params::api_service_name
$nova_conductor_service = $::nova::params::conductor_service_name
$nova_scheduler_service = $::nova::params::scheduler_service_name
nova_config { 'DEFAULT/notification_topics':
value => $notification_topics,
notify => Service[$nova_api_service, $nova_conductor_service, $nova_scheduler_service],
}
nova_config { 'DEFAULT/notification_driver':
value => 'messaging',
notify => Service[$nova_api_service, $nova_conductor_service, $nova_scheduler_service],
}
nova_config { 'DEFAULT/notify_on_state_change':
value => 'vm_and_task_state',
notify => Service[$nova_api_service, $nova_conductor_service, $nova_scheduler_service],
}
service { [$nova_api_service, $nova_conductor_service, $nova_scheduler_service]:
hasstatus => true,
hasrestart => true,
}
# Cinder notifications
include cinder::params
$cinder_api_service = $::cinder::params::api_service
$cinder_scheduler_service = $::cinder::params::scheduler_service
$cinder_volume_service = $::cinder::params::volume_service
if $storage_options['volumes_ceph'] {
# In this case, cinder-volume runs on controller node
$cinder_services = [$cinder_api_service, $cinder_scheduler_service, $cinder_volume_service]
} else {
$cinder_services = [$cinder_api_service, $cinder_scheduler_service]
}
cinder_config { 'DEFAULT/notification_topics':
value => $notification_topics,
notify => Service[$cinder_services],
}
cinder_config { 'DEFAULT/notification_driver':
value => 'messaging',
notify => Service[$cinder_services],
}
service { $cinder_services:
hasstatus => true,
hasrestart => true,
}
# Keystone notifications
# Keystone is executed as a WSGI application inside Apache so the Apache
# service needs to be restarted if necessary
include apache::params
include apache::service
keystone_config { 'DEFAULT/notification_topics':
value => $notification_topics,
notify => Class['apache::service'],
}
keystone_config { 'DEFAULT/notification_driver':
value => 'messaging',
notify => Class['apache::service'],
}
# Neutron notifications
include neutron::params
neutron_config { 'DEFAULT/notification_topics':
value => $notification_topics,
notify => Service[$::neutron::params::server_service],
}
neutron_config { 'DEFAULT/notification_driver':
value => 'messaging',
notify => Service[$::neutron::params::server_service],
}
service { $::neutron::params::server_service:
hasstatus => true,
hasrestart => true,
}
# Glance notifications
include glance::params
$glance_api_service = $::glance::params::api_service_name
$glance_registry_service = $::glance::params::registry_service_name
# Default value is 'image.localhost' for Glance
$glance_publisher_id = "image.${::hostname}"
glance_api_config { 'DEFAULT/notification_topics':
value => $notification_topics,
notify => Service[$glance_api_service],
}
glance_api_config { 'DEFAULT/notification_driver':
value => 'messaging',
notify => Service[$glance_api_service],
}
glance_api_config { 'DEFAULT/default_publisher_id':
value => $glance_publisher_id,
notify => Service[$glance_api_service],
}
glance_registry_config { 'DEFAULT/notification_topics':
value => $notification_topics,
notify => Service[$glance_registry_service],
}
glance_registry_config { 'DEFAULT/notification_driver':
value => 'messaging',
notify => Service[$glance_registry_service],
}
glance_registry_config { 'DEFAULT/default_publisher_id':
value => $glance_publisher_id,
notify => Service[$glance_registry_service],
}
service { [$glance_api_service, $glance_registry_service]:
hasstatus => true,
hasrestart => true,
}
# Heat notifications
include heat::params
$heat_api_service = $::heat::params::api_service_name
$heat_engine_service = $::heat::params::engine_service_name
heat_config { 'DEFAULT/notification_topics':
value => $notification_topics,
notify => Service[$heat_api_service, $heat_engine_service],
}
heat_config { 'DEFAULT/notification_driver':
value => $driver,
notify => Service[$heat_api_service, $heat_engine_service],
}
service { $heat_api_service:
hasstatus => true,
hasrestart => true,
}
# The heat-engine service is managed by Pacemaker.
service { $heat_engine_service:
hasstatus => true,
hasrestart => true,
provider => 'pacemaker',
}
# OpenStack logs are useful for deriving HTTP metrics, so we enable them even
# if Elasticsearch is disabled.
lma_collector::logs::openstack { 'nova': }
# For every virtual network that exists, Neutron spawns one metadata proxy
# service that will log to a separate file in the Neutron log directory.
# Eventually it may be hundreds of these files and Heka will have trouble
# coping with the situation. See bug #1547402 for details.
lma_collector::logs::openstack { 'neutron':
service_match => '(dhcp-agent|l3-agent|metadata-agent|neutron-netns-cleanup|openvswitch-agent|server)',
}
lma_collector::logs::openstack { 'cinder': }
lma_collector::logs::openstack { 'glance': }
lma_collector::logs::openstack { 'heat': }
lma_collector::logs::openstack { 'keystone': }
class {'lma_collector::logs::keystone_wsgi': }
lma_collector::logs::openstack { 'horizon': }
if $murano['enabled'] {
lma_collector::logs::openstack { 'murano': }
}
if $sahara['enabled'] {
lma_collector::logs::openstack { 'sahara': }
}
if ! $storage_options['objects_ceph'] {
class { 'lma_collector::logs::swift':
file_match => 'swift-all\.log\.?(?P<Seq>\d*)$',
priority => '["^Seq"]',
}
}
# Logs
if $lma_collector['elasticsearch_mode'] != 'disabled' {
class { 'lma_collector::logs::mysql': }
class { 'lma_collector::logs::rabbitmq': }
class { 'lma_collector::logs::pacemaker': }
}
# Metrics
$influxdb_mode = $lma_collector['influxdb_mode']
if $influxdb_mode != 'disabled' {
$nova = hiera_hash('nova', {})
$neutron = hiera_hash('quantum_settings', {})
$cinder = hiera_hash('cinder', {})
$haproxy_socket = '/var/lib/haproxy/stats'
if $storage_options['volumes_ceph'] or $storage_options['images_ceph'] or
$storage_options['objects_ceph'] or $storage_options['ephemeral_ceph']{
$ceph_enabled = true
} else {
$ceph_enabled = false
}
class { 'lma_collector::logs::counter':
hostname => $::hostname,
}
class { 'lma_collector::collectd::base':
processes => ['hekad', 'collectd'],
# collectd plugins on controller do many network I/O operations, so
# it is recommended to increase this value
read_threads => 10,
}
class { 'lma_collector::collectd::rabbitmq':
queue => ['/^(\\w*notifications\\.(error|info|warn)|[a-z]+)$/'],
}
$pacemaker_master_resource = 'vip__management'
class { 'lma_collector::collectd::pacemaker':
resources => [
'vip__public',
'vip__management',
'vip__vrouter_pub',
'vip__vrouter',
],
master_resource => $pacemaker_master_resource,
hostname => $::fqdn,
}
$openstack_service_config = {
user => 'nova',
password => $nova['user_password'],
tenant => 'services',
keystone_url => "http://${management_vip}:5000/v2.0",
pacemaker_master_resource => $pacemaker_master_resource,
}
$openstack_services = {
'nova' => $openstack_service_config,
'cinder' => $openstack_service_config,
'glance' => $openstack_service_config,
'keystone' => $openstack_service_config,
'neutron' => $openstack_service_config,
}
create_resources(lma_collector::collectd::openstack, $openstack_services)
# FIXME(elemoine) use the special attribute * when Fuel uses a Puppet version
# that supports it.
class { 'lma_collector::collectd::openstack_checks':
user => $openstack_service_config[user],
password => $openstack_service_config[password],
tenant => $openstack_service_config[tenant],
keystone_url => $openstack_service_config[keystone_url],
pacemaker_master_resource => $openstack_service_config[pacemaker_master_resource],
}
# FIXME(elemoine) use the special attribute * when Fuel uses a Puppet version
# that supports it.
class { 'lma_collector::collectd::hypervisor':
user => $openstack_service_config[user],
password => $openstack_service_config[password],
tenant => $openstack_service_config[tenant],
keystone_url => $openstack_service_config[keystone_url],
pacemaker_master_resource => $openstack_service_config[pacemaker_master_resource],
# Fuel sets cpu_allocation_ratio to 8.0 in nova.conf
cpu_allocation_ratio => 8.0,
}
class { 'lma_collector::collectd::mysql':
username => 'nova',
password => $nova['db_password'],
}
lma_collector::collectd::dbi_mysql_status{ 'mysql_status':
username => 'nova',
dbname => 'nova',
password => $nova['db_password'],
}
class { 'lma_collector::collectd::haproxy':
socket => $haproxy_socket,
# Ignore internal stats ('Stats' for 6.1, 'stats' for 7.0) and lma proxies
proxy_ignore => ['Stats', 'stats', 'lma'],
proxy_names => {
'cinder-api' => 'cinder-api',
'glance-api' => 'glance-api',
'glance-registry' => 'glance-registry-api',
'heat-api' => 'heat-api',
'heat-api-cfn' => 'heat-cfn-api',
'heat-api-cloudwatch' => 'heat-cloudwatch-api',
'horizon' => 'horizon-web',
'horizon-ssl' => 'horizon-https',
'keystone-1' => 'keystone-public-api',
'keystone-2' => 'keystone-admin-api',
'murano' => 'murano-api',
'mysqld' => 'mysqld-tcp',
'neutron' => 'neutron-api',
'nova-api-1' => 'nova-ec2-api',
'nova-api-2' => 'nova-api',
'nova-novncproxy' => 'nova-novncproxy-websocket',
'nova-metadata-api' => 'nova-metadata-api',
'sahara' => 'sahara-api',
'swift' => 'swift-api',
},
}
if $ceph_enabled {
class { 'lma_collector::collectd::ceph_mon': }
}
class { 'lma_collector::collectd::memcached':
host => $memcache_address,
}
class { 'lma_collector::collectd::apache': }
class { 'lma_collector::logs::http_metrics': }
# Notification are always collected, lets extract metrics from there
class { 'lma_collector::notifications::metrics': }
# Enable Apache status module
class { 'lma_collector::mod_status': }
# Enable service heartbeat metrics
class { 'lma_collector::metrics::service_heartbeat':
services => ['haproxy', 'memcached']
}
# AFD filters
class { 'lma_collector::afd::api': }
class { 'lma_collector::afd::workers': }
# VIP checks
if $influxdb_mode == 'remote' {
$use_local_influxdb = false
$use_remote_influxdb = true
$influxdb_server = $lma_collector['influxdb_address']
} elsif $influxdb_mode == 'local'{
$use_local_influxdb = true
$use_remote_influxdb = false
$influxdb_vip_name = 'influxdb'
if $network_metadata['vips'][$influxdb_vip_name] {
$influxdb_server = $network_metadata['vips'][$influxdb_vip_name]['ipaddr']
} else {
# compatibility with the InfluxDB-Grafana plugin 0.8
$influxdb_grafana = hiera_hash('influxdb_grafana', {})
$influxdb_nodes = get_nodes_hash_by_roles($network_metadata, ['influxdb_grafana'])
$influxdb_server = $influxdb_nodes[0]['internal_address']
}
} else {
$use_local_influxdb = false
$use_remote_influxdb = false
}
if $use_local_influxdb or $use_remote_influxdb {
$influxdb_url = "http://${influxdb_server}:${lma_collector::params::influxdb_port}/ping"
}
$vip_urls = {
'influxdb' => $influxdb_url,
}
$expected_codes = {
'influxdb' => 204,
}
class { 'lma_collector::collectd::http_check':
urls => delete_undef_values($vip_urls),
expected_codes => $expected_codes,
timeout => 1,
max_retries => 3,
pacemaker_master_resource => $pacemaker_master_resource,
}
}
$alerting_mode = $lma_collector['alerting_mode']
$deployment_id = hiera('deployment_id')
if $alerting_mode == 'remote' {
$use_nagios = true
$nagios_url = $lma_collector['nagios_url']
$nagios_user = $lma_collector['nagios_user']
$nagios_password = $lma_collector['nagios_password']
} elsif $alerting_mode == 'local' {
$infra_alerting_nodes = get_nodes_hash_by_roles($network_metadata, ['infrastructure_alerting', 'primary-infrastructure_alerting'])
if size(keys($infra_alerting_nodes)) > 0 {
$use_nagios = true
$lma_infra_alerting = hiera_hash('lma_infrastructure_alerting', false)
if $network_metadata['vips']['infrastructure_alerting_mgmt_vip'] {
$nagios_server = $network_metadata['vips']['infrastructure_alerting_mgmt_vip']['ipaddr']
} else {
# compatibility with the LMA Infrastructure Alerting plugin 0.8
$nagios_nodes = get_nodes_hash_by_roles($network_metadata, ['infrastructure_alerting'])
$nagios_server = $nagios_nodes[0]['internal_address']
}
$nagios_user = $lma_infra_alerting['nagios_user']
$nagios_password = $lma_infra_alerting['nagios_password']
# Important: $http_port and $http_path must match the
# lma_infra_monitoring configuration.
$http_port = $lma_collector::params::nagios_http_port
$http_path = $lma_collector::params::nagios_http_path
$nagios_url = "http://${nagios_server}:${http_port}/${http_path}"
}
} elsif $alerting_mode == 'standalone' {
$use_nagios = false
$subject = "${lma_collector::params::smtp_subject} environment ${deployment_id}"
class { 'lma_collector::smtp_alert':
send_from => $lma_collector['alerting_send_from'],
send_to => [$lma_collector['alerting_send_to']],
subject => $subject,
host => $lma_collector['alerting_smtp_host'],
auth => $lma_collector['alerting_smtp_auth'],
user => $lma_collector['alerting_smtp_user'],
password => $lma_collector['alerting_smtp_password'],
}
} else {
fail("'${alerting_mode}' mode not supported for the infrastructure alerting service")
}
if $use_nagios {
lma_collector::gse_nagios { 'global_clusters':
openstack_deployment_name => $deployment_id,
url => $nagios_url,
user => $nagios_user,
password => $nagios_password,
message_type => $lma_collector['gse_cluster_global']['output_message_type'],
virtual_hostname => $lma_collector::params::nagios_hostname_for_cluster_global,
}
lma_collector::gse_nagios { 'node_clusters':
openstack_deployment_name => $deployment_id,
url => $nagios_url,
user => $nagios_user,
password => $nagios_password,
message_type => $lma_collector['gse_cluster_node']['output_message_type'],
virtual_hostname => $lma_collector::params::nagios_hostname_for_cluster_nodes,
}
}
View Git Blame Copy Permalink