Commit Graph

197 Commits

Author SHA1 Message Date
Matthias Runge ca45bbdca0 Retire panko, the code is no longer maintained.
The contents of this repository are still available in the Git source
code management system. To see the contents of this repository before it
reached its end of life, please check out the previous commit with
"git checkout HEAD^1".

For any further questions, please email
openstack-discuss@lists.openstack.org or join #openstack-telemetry on OFTC.

Change-Id: Ic8a7001e708d8da7cf8951eefd0a96762ea5fa46
2021-05-27 11:36:44 +02:00
Thomas Goirand e8a71c83ad Add a /healthcheck by default
This patch adds a /healthcheck URL by default, using oslo.middleware,
so that operators can use it to configure haproxy / monitoring.

Change-Id: Idf9a184f969e5f77de0c2f2a2b99c2931f5647e0
2020-07-02 11:26:09 +02:00
Tovin Seven 619b7e1ee0 Integrate OSprofiler in Panko
* Add osprofiler wsgi middleware. This middleware is used for 2 things:
  1) It checks that person who wants to trace is trusted and knows
     secret HMAC key.
  2) It starts tracing in case of proper trace headers
     and adds first wsgi trace point, with info about HTTP request

* Traces HTTP API calls
* Traces DB (SQLAlchemy) calls

Demo: https://tovin07.github.io/panko/openstack-event-list.html

HOW TO TEST?

1. Install devstack with panko as usual

2. Install osprofiler

    pip install osprofiler

3. Add these line to /etc/panko/panko.conf

   [profiler]
   enabled = true
   hmac_keys = SECRET_KEY
   connection_string = redis://localhost:6379 # example when using redis

4. Pass HMAC_KEYS to client commands
    - panko client with `--profile <HMAC_KEYS>`
    - openstack client with `--os-profiler <HMAC_KEYS>`

Output will look like this:

To display trace use the command:

  osprofiler trace show --html <TRACE_ID>

5. Use osprofiler to get the trace

    osprofiler trace show \
        --connection-string redis://localhost:6379 \
        --out out.html \
        --html <TRACE_ID>

6. Open that html file with browser and view the result

Change-Id: Ic934acbe1340a3e00361f2709f34725e0e4aa3ba
2019-04-12 02:18:28 +00:00
Lance Bragstad 52417d4ab8 Move default policies into code
This is part of a community effort to provide better user experience
for those having to maintain RBAC policy. More information on this
effort can be found below:

  https://governance.openstack.org/tc/goals/queens/policy-in-code.html

bp policy-and-docs-in-code
Co-authored-By: Hieu LE <hieulq@vn.fujitsu.com>
Change-Id: I9bad70abcf5543c3e5e5da25c56c408ee3ff0346
2017-11-08 04:35:54 +00:00
gord chung 36da6822c5 add noauth api pipeline
Change-Id: Ib12fa4270c6780338cb9eba486833c32f3809c27
2017-05-25 22:42:00 +00:00
Hanxi Liu daa9aeef06 Add http_proxy_to_wsgi to panko config-generator
The http_proxy_to_wsgi was recently added. However, in order to have
this configuration added by the config generator, we need to add it
to the relevant conf file.

Change-Id: I6773ecc94f1b867cae0cc081030914c587937a70
2016-10-17 17:22:18 +00:00
Hanxi Liu 90faa85ecc Add http_proxy_to_wsgi to api-paste
This sets up the HTTPProxyToWSGI middleware in front of Panko. The
purpose of thise middleware is to set up the request URL correctly in
case there is a proxy (For instance, a loadbalancer such as HAProxy)
in front of Panko.

So, for instance, when TLS connections are being terminated in the
proxy, and one tries to get the versions from the / resource of
Aodh, one will notice that the protocol is incorrect; It will show
'http' instead of 'https'. So this middleware handles such cases.
Thus helping Keystone discovery work correctly.

The HTTPProxyToWSGI is off by default and needs to be enabled via a
configuration value.

Change-Id: Ifa9dad55cfedeb8b804d675d3d4856af6096b039
Closes-Bug: #1590608
2016-10-10 16:45:37 +08:00
Thomas Herve 6c7d12e7be Pass oslo_config_project to keystone conf
The api_paste section of keystone_authtoken is missing
oslo_config_project, so it's unable to find the config at startup.

Change-Id: I4c3884d5a4041283bfcf18b2ad3cc26bc0a17b23
2016-09-08 14:48:25 +02:00
Julien Danjou 3009be7ee7 Rename to Panko
Change-Id: I50b5f6c7b74a4431ccb7af271c11fe9c027f83ab
Signed-off-by: Julien Danjou <julien@danjou.info>
2016-06-14 17:00:22 +02:00
Julien Danjou ba4f572fd3 Remove code that is not related to events storage and API
Change-Id: I63128835613eb5959244c2fd34bc266ddcf4251c
2016-06-14 17:00:22 +02:00
gordon chung 8599ec50ec drop magnetodb support
this project is abandoned.

Change-Id: Ie23096b31cab1f9980b8256a6de762e582504393
2016-04-04 13:03:20 -04:00
ZhiQiang Fan c569fcd5ed remove unused field 'triggers' defined in sample event_pipeline.yaml
this field is not used anywhere.

Change-Id: I0511c0022627cdcca474e8d3210286e2aabb1df7
2016-03-19 05:10:03 +08:00
Jenkins 8bcc7bddaf Merge "Moved CORS middleware configuration into oslo-config-generator" 2016-03-07 15:48:49 +00:00
Jenkins 23fd1b7502 Merge "gnocchi dispatch: Added new resource type support" 2016-03-07 13:52:08 +00:00
Jenkins b39c6216e2 Merge "Add the meter example file 'lbaas-v2-meter-definitions.yaml'" 2016-03-07 08:18:59 +00:00
Lianhao Lu aff5ed1bfd gnocchi dispatch: Added new resource type support
Added new resource types support of snmp related metrics: host,
host_disk, host_network_interface.

Change-Id: I220608e85629d89c44f778c82e0be67bb4ea6f3b
Depends-On: I0be08864ee10cefa252dc89885fda5fcc89a4e8a
Closes-Bug: #1518338
2016-03-07 05:39:10 +00:00
Jenkins 99ddb6fae9 Merge "[sahara] add events definitions regarding new notifications" 2016-03-03 02:27:35 +00:00
Vitaly Gridnev 85ca3e89a6 [sahara] add events definitions regarding new notifications
on sahara side we added new events related to current cluster
health. we want to collect statistic based on the cluster health,
like how many healthy clusters we have, and so on.
Health of the cluster will describe current state of cluster more
precisely.

Partially-implements blueprint: cluster-verification
Depends-On: Iac74a7bdec0f59a3720e17a682268faea36a45f3

Change-Id: Iea0f37cd2fe31e740a1ac5d02fd96c2f6b35495c
2016-03-02 21:39:19 +00:00
Michael Krotscheck 309345268b Moved CORS middleware configuration into oslo-config-generator
The default values needed for ceilometer's implementation of cors
middleware have been moved from paste.ini into the configuration
hooks provided by oslo.config. Furthermore, these values have been
added to ceilometer's default configuration parsing. This ensures
that if a value remains unset in ceilometer.conf, it will be set
to use sane defaults, and that an operator modifying the
configuration file will be presented with a default set of
necessary sane headers.

Closes-Bug: 1551836
Change-Id: Iaab90bfa1811bf6d56696648a000f02ee3306285
2016-03-02 04:48:34 -08:00
jizilian 3fafaa6fcb Add the meter example file 'lbaas-v2-meter-definitions.yaml'
Based on the discussion result with Gordon:

In this change set, add the meter example file
'lbaas-v2-meter-definitions.yaml' in the directory
'etc/ceilometer/examples' to help the users to configure to
translate the LbaaS v2 events to examples when they need.

Co-Authored-By: Xia Linjuan <ljxiash@cn.ibm.com>
DocImpact: Need to update the doc about the configuration
Change-Id: Ied6778e26ba6d70ee1407279ce0025e8bf169f22
2016-03-02 02:04:08 -05:00
Jenkins 8c880a2f30 Merge "Add /usr/local/{sbin,bin} to rootwrap exec_dirs" 2016-03-01 22:29:17 +00:00
Jenkins b79f2dd015 Merge "Change default policy to allow create_samples" 2016-03-01 14:28:05 +00:00
Jenkins 3a9b47e098 Merge "Enable the Load Balancer v2 events" 2016-03-01 14:20:20 +00:00
Rabi Mishra e054ffdb15 Change default policy to allow create_samples
https://review.openstack.org/#/c/234823/ has broken heat
integration tests as the default policy no longer allows
to create_samples without admin privileges.

Change-Id: I28980ff4cd82950bc713da519e0e49b62fc77a22
Closes-Bug: #1551383
2016-03-01 07:01:16 +00:00
Xia Linjuan cbf3eed761 Enable the Load Balancer v2 events
In this change set, add the following new event definitions to
receive the events of LBaaS v2.

a. loadbalancer
b. listener
c. healthmonitor

These events can be used for billing when the users use the LBaaS
service.

Co-Authored-By: Zi Lian Ji <jizilian@cn.ibm.com>
Change-Id: I6db28a934bac4a1d83cc1b61d879dc2b16989b3a
Implements: blueprint lbaas-v2-enablement
2016-03-01 01:39:25 -05:00
Jenkins 1af401653c Merge "Fix events rbac" 2016-02-29 16:18:50 +00:00
Chaozhe.Chen 58389f1822 Add /usr/local/{sbin,bin} to rootwrap exec_dirs
I noticed that nova, neutron and cinder's rootwrap exec_dirs include
/usr/local/{sbin,bin} which is a standardised location for admins to
install non-distro executables, and these executables are no less
"trustworthy" than /usr/bin and friends.  See neutron and cinder's
rootwrap.conf (and probably others), and typical distro default values
for sudoers/secure_path for extremely similar precedents that all include
/usr/local/*bin.

See the same patch of nova for more information:
https://review.openstack.org/#/c/280052/1
And see I710cf142b834381c00e651cfc062299ae755c33f for brief discussion
of doing this via devstack before.

Change-Id: If5ed1d7d81fdac10fc2b1608aafe20833e0f2980
2016-02-22 13:52:38 +08:00
gordon chung f63470e0e2 Fix events rbac
Rbac context is limited not by policy but is inherently built in
as we cannot enforce policy on a list.

This patch drops the dummy policy, the invalid context_is_project
and context_is_admin policies, and ensures policy rbac can restrict
on admin appropriately.

Closes-Bug: #1504495
Change-Id: Id3b1ad71aea46456c6e6c1995776b988017d4786
2016-01-21 09:38:59 +00:00
Dong Ma 45e1d22607 Added CORS support to Ceilometer
This adds the CORS support middleware to Ceilometer, allowing a deployer
to optionally configure rules under which a javascript client may
break the single-origin policy and access the API directly. Included
are Ceilometer's custom headers, so that anyone activating this
middleware does not have to explicitly enable them.

The paste.ini method of deploying the middleware was
chosen, because it needs to be able to annotate responses created
by keystonemiddleware.

OpenStack CrossProject Spec:
   http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html
Oslo_Middleware Docs:
   http://docs.openstack.org/developer/oslo.middleware/cors.html
OpenStack Cloud Admin Guide:
   http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html

Change-Id: I90d2a53c40e3c353abe3cf37bd7deb3a07aeb043
2016-01-14 09:46:07 -08:00
Jenkins b1829f1f61 Merge "Add OSprofiler-specific events definitions" 2016-01-13 08:41:49 +00:00
Dina Belova 7253eb758c Add OSprofiler-specific events definitions
Change-Id: I282bf449486db626efa92fcce6d035106d5006bf
2016-01-12 16:09:36 -05:00
Julien Danjou 0ae0e3ba14 gnocchi: fix stack resource type
There's no "orchestration" type in Gnocchi, it's called "stack".

Change-Id: I28d98aee7b953d9dfb423571c297046226309602
2015-12-22 16:30:09 +01:00
gordon chung c5b8b79903 add cpu.delta to gnocchi resources
we added cpu.delta in liberty to capture cputime between polls.
this adds it to the metric list for instance resource.

Change-Id: Ib494f7d119cda370aa8291fd404dad38c0c53817
2015-11-26 18:11:48 -05:00
Julien Danjou 6bc86f75ea Remove alarming code
Since we moved all the alarming code and subsystem to the Aodh project,
remove it from Ceilometer.

Depends-On: I3983128d2d964b0f1f3326948b27f5d94df65a04
Depends-On: I99c9f2be0bbc70f289da5c2ba22698b8b7dc4495
Change-Id: Id169a914c1d1f2f5ad03ebb515d3d052204d5c5c
2015-11-24 13:44:58 +01:00
Chris Dent 94ce728f31 Mv gabbi_pipeline.yaml into test directories
Otherwise people may think that it is available for installation. It
is not, it is for testing only.

Change-Id: Iad19536fba569c6a9d43c07c64746e7f6ffde986
2015-11-03 16:30:01 +00:00
liusheng 3587ce9fdf Using oslo-config-generator to instead of generate-config-file.sh
We don't need a separate script to wrap the oslo-config-generator. Like
other projects, we can just specify a config-generator config file to
define the namespaces.

Change-Id: I9ee06658d49163f041df18a62b33fa2804f545b8
2015-10-20 17:38:57 +08:00
Jenkins 2e7691c53d Merge "fix image_ref attr in gnocchi resource" 2015-10-17 11:39:31 +00:00
gordon chung 30999f152c fix image_ref attr in gnocchi resource
image_ref attr should match to image_ref in metadata, not image_ref_url

Closes-Bug: #1506595
Change-Id: Iddaf2f286657c108af51f761232375a6514e83f1
2015-10-16 09:10:20 -04:00
Mehdi Abaakouk d12d60da15 Deprecate event trait plugin 'split'
'split' plugin can be replaced by an jsonpath expresion
since jsonpath-rw-ext>=0.1.8.

This change deprecates it

Depends-On: I8cd971d6dd98cd6c4c3dc83696969c47e8cdd8ac
Change-Id: Iac2253c81dacaa1b2a2258569716d20916fc9920
2015-10-09 11:06:04 +00:00
Julien Danjou 6fa2f7d522 Remove deprecated archive policy map for Gnocchi
Change-Id: I3de9685dad82f02fc2f4b2b680cf4eac8fe1ca66
2015-09-29 12:35:32 +02:00
Jenkins bf3e38085d Merge "add delta transfomer support" 2015-09-22 14:09:43 +00:00
Mehdi Abaakouk ac5811d758 gnocchi: add two new resources
This change add instance_network_interface and instance_disk to
Gnocchi dispatcher.

It also adds some missing metadata to samples to build the Gnocchi
resource.

Change-Id: Ic7babe73befbe0fff741d0c0c764ded493dc8c8e
2015-09-17 11:31:22 +02:00
gordon chung 6ef079953e add delta transfomer support
this patch adds support for a delta transformer. the transformer's
only functionality is to calculate the delta between current sample
and previous sample.

conditions:
- it will disregard any out of order samples
- a growth_only param is available to capture only positive deltas
- supports renaming to a new meter name using same schema as other
  transformers.

using this transformer, we also create a cpu.delta meter which will
enable another view of cpu meter. this delta meter will allow for
(relatively) accurate cputime calculations and will cope with cputime
resets.

DocImpact

Change-Id: Iabcad20d500e3157e4d19f8b2ebffd770218165b
Closes-Bug: #1417949
2015-09-16 19:42:15 +00:00
Patrick East 3bac98f1af Update event_definitions for Cinder Image Cache
With the new Image-Volume cache added in to Cinder there will be some
new notifications sent from the Cinder services. This adds new event
definitions for them.

Change-Id: Ice70049dd13018be863eee8f3ba02d977e5ab88c
Closes-Bug: #1493960
2015-09-09 11:33:21 -07:00
Jenkins f20e063e63 Merge "gnocchi: cleanup instance resource definition" 2015-09-04 04:58:11 +00:00
Jenkins 5ffa165a11 Merge "Add user_id,project_id traits to audit events" 2015-09-03 18:10:19 +00:00
Mehdi Abaakouk ecc6ad8854 gnocchi: cleanup instance resource definition
Change-Id: I5f953217f616e1c2d62d884fd808746c65a66436
2015-09-01 08:10:33 +02:00
Divya 52235d0748 Control Events RBAC from policy.json
The ceilometer events RBAC is currently hard-coded so
that only an admin user can view events.The end-user
should be able to customize who should be able to view
events rather than hard-coding the control to admins.
This changeset adds two new rules into the policy.json
so that RBAC for events index and show methods can be
configured using the policy.json file.

DocImpact

Change-Id: I7bf4d385b9ee8fa8f1097b6400cbbc4135f2a9b6
blueprint: events-rbac
2015-08-27 20:19:23 +02:00
Divya 6a532111bc Add user_id,project_id traits to audit events
The ceilometer audit events stored at the ceilometer database
currently don't have user_id/project_id associated with them
even though this information is available as part of the event
message payload. The user_id and project_id information has to
be stored as traits so that there's user/project context for each
event and these traits are required to apply RBAC-based rules
and filters on events. For eg., presence of these traits enable
db queries - like get all events for a project/user against events.
The audit event definition in the events yaml file already stores
payload.initiator.id as initiator_id but the initiator_id trait
is not a common trait across all events and thus this trait cannot
be used to apply RBAC filter against events.This changeset will
thus add user_id and project_id traits to the audit events namely
*.http.* and add useri_id and project_id as default traits for all
events.

DocImpact

Change-Id: If4034342c4e60d519f0ec96ae8895dcf78f8ad3b
blueprint: events-rbac
2015-08-26 20:23:29 +02:00
Mehdi Abaakouk a832d13465 gnocchi: move to jsonpath_rw_ext
This change use jsonpath_rw_ext instead of jsonpath_rw

It also remove the useless attributes list by a dict in the
yaml configuration.

Change-Id: I6014181d6d4d45ffa9769da9670b11d79d6910fc
2015-08-25 12:56:15 +00:00