Ansible role for deploying Monasca Monitoring-as-a-Service.
This role installs the following Systemd services:
- monasca-api
- monasca-notification
- monasca-persister
- monasca-thresh
To clone or view the source code for this repository, visit the role repository for os_monasca.
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
## Verbosity Options
debug: False
# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
monasca_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
# Set the package/pattern install state for distribution and pip packages
# Options are 'present' and 'latest'
monasca_package_state: "latest"
monasca_pattern_state: "latest"
monasca_pip_package_state: "latest"
monasca_developer_mode: false
monasca_api_git_repo: "https://git.openstack.org/openstack/monasca-api"
monasca_api_git_install_branch: master
monasca_common_git_repo: "https://git.openstack.org/openstack/monasca-common"
monasca_common_git_install_branch: master
monasca_thresh_git_repo: "https://git.openstack.org/openstack/monasca-thresh"
monasca_thresh_git_install_branch: master
monasca_notification_git_repo: "https://git.openstack.org/openstack/monasca-notification"
monasca_notification_git_install_branch: master
monasca_persister_git_repo: "https://git.openstack.org/openstack/monasca-persister"
monasca_persister_git_install_branch: master
monasca_python_client_git_repo: "https://git.openstack.org/openstack/python-monascaclient"
monasca_python_client_git_install_branch: master
monasca_statsd_git_repo: "https://git.openstack.org/openstack/monasca-statsd"
monasca_statsd_git_install_branch: master
monasca_developer_constraints:
- "git+{{ monasca_api_git_repo }}@{{ monasca_api_git_install_branch }}#egg=monasca-api"
- "git+{{ monasca_common_git_repo }}@{{ monasca_common_git_install_branch }}#egg=monasca-common"
- "git+{{ monasca_thresh_git_repo }}@{{ monasca_thresh_git_install_branch }}#egg=monasca-thresh"
- "git+{{ monasca_notification_git_repo }}@{{ monasca_notification_git_install_branch }}#egg=monasca-notification"
- "git+{{ monasca_persister_git_repo }}@{{ monasca_persister_git_install_branch }}#egg=monasca-persister"
- "git+{{ monasca_python_client_git_repo }}@{{ monasca_python_client_git_install_branch }}#egg=python-monascaclient"
# TODO(odyssey4me):
# This can be simplified once all the roles are using
# python_venv_build. We can then switch to using a
# set of constraints in pip.conf inside the venv,
# perhaps prepared by giving a giving a list of
# constraints to the role.
monasca_pip_install_args: >-
{{ monasca_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''), '') }}
{{ pip_install_options | default('') }}
# Name of the virtual env to deploy into
monasca_venv_tag: "{{ venv_tag | default('untagged') }}"
monasca_bin: "/openstack/venvs/monasca-{{ monasca_venv_tag }}/bin"
monasca_etc_dir: "{{ monasca_bin | dirname }}/etc/monasca"
# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
monasca_venv_download: "{{ not monasca_developer_mode | bool }}"
monasca_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/monasca.tgz
## System info
monasca_system_user_name: monasca
monasca_system_group_name: monasca
monasca_system_shell: /bin/false
monasca_system_comment: monasca system user
monasca_system_user_home: "/var/lib/{{ monasca_system_user_name }}"
## Database info
monasca_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
monasca_galera_address: "{{ galera_address | default('127.0.0.1') }}"
monasca_galera_database: monasca
monasca_galera_user: monasca
## InfluxDB info
monasca_influxdb_database: monasca
monasca_api_influxdb_user: monasca_api
#monasca_api_influxdb_password: password
monasca_persister_influxdb_user: monasca_persister
#monasca_persister_influxdb_password: password
monasca_influxdb_host: "{{ influxdb_host }}"
monasca_influxdb_port: "{{ influxdb_port }}"
monasca_influxdb_admin: root
monasca_influxdb_admin_password: root
monasca_influxdb_replication_factor: 1
monasca_influxdb_retention_policy: "90d"
monasca_influxdb_shard_duration: "7d"
monasca_influxdb_users:
- username: "{{ monasca_api_influxdb_user }}"
password: "{{ monasca_api_influxdb_password }}"
- username: "{{ monasca_persister_influxdb_user }}"
password: "{{ monasca_persister_influxdb_password }}"
# Keystone AuthToken/Middleware
monasca_keystone_auth_plugin: password
monasca_service_project_domain_name: Default
monasca_service_user_domain_name: default
monasca_role_name: admin
monasca_api_bind_address: 0.0.0.0
## Service Type and Data
monasca_service_region: RegionOne
monasca_service_name: monasca
monasca_service_port: 8070
monasca_service_proto: http
monasca_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(monasca_service_proto) }}"
monasca_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(monasca_service_proto) }}"
monasca_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(monasca_service_proto) }}"
monasca_service_type: monitoring
monasca_service_description: "OpenStack Monitoring Service"
monasca_service_user_name: monasca
monasca_service_project_name: service
monasca_service_project_domain_id: default
monasca_service_user_domain_id: default
monasca_service_publicuri: "{{ monasca_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ monasca_service_port }}"
monasca_service_publicurl: "{{ monasca_service_publicuri }}/v2.0"
monasca_service_internaluri: "{{ monasca_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ monasca_service_port }}"
monasca_service_internalurl: "{{ monasca_service_internaluri }}/v2.0"
monasca_service_adminuri: "{{ monasca_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ monasca_service_port }}"
monasca_service_adminurl: "{{ monasca_service_adminuri }}/v2.0"
## Monasca configuration
monasca_log_level: INFO
monasca_user_roles:
- monasca-user
monasca_agent_roles:
- monasca-agent
monasca_read_only_user_roles:
- monasca-read-only-user
monasca_agent_user_name: monasca-agent
monasca_agent_project_name: admin
monasca_partition_interval_recheck_seconds: 15
## Kafka configuration
kafka_events_partitions: 12
kafka_metrics_partitions: 64
# This should be the number of systems running the Notification Engine
kafka_retry_notifications_partitions: "{{ groups['monasca_notification'] | length }}"
kafka_replicas: "{{ groups['monasca_kafka'] | length }}"
kafka_topics:
metrics:
replicas: "{{ kafka_replicas }}"
partitions: "{{ kafka_metrics_partitions }}"
events:
replicas: "{{ kafka_replicas }}"
partitions: "{{ kafka_events_partitions }}"
alarm-state-transitions:
replicas: "{{ kafka_replicas }}"
partitions: "{{ kafka_events_partitions }}"
alarm-notifications:
replicas: "{{ kafka_replicas }}"
partitions: "{{ kafka_events_partitions }}"
retry-notifications:
replicas: "{{ kafka_replicas }}"
partitions: "{{ kafka_retry_notifications_partitions }}"
60-seconds-notifications:
replicas: "{{ kafka_replicas }}"
partitions: "{{ kafka_retry_notifications_partitions }}"
monasca_notification_address: root@localhost
monasca_notification_name: 'Default Email'
monasca_notification_type: EMAIL
monasca_default_alarms:
- name: "Host Status"
description: "Alarms when the specified host is down or not reachable"
severity: "HIGH"
expression: "host_alive_status > 0"
- name: "HTTP Status"
description: "Alarms when the specified HTTP endpoint is down or not reachable"
severity: "HIGH"
expression: "http_status > 0"
match_by: ["service", "component", "hostname", "url"]
- name: "CPU Usage"
description: "Alarms when CPU usage is high"
expression: "avg(cpu.idle_perc) < 10 times 3"
- name: "Disk Inode Usage"
description: "Alarms when disk inode usage is high"
expression: "disk.inode_used_perc > 90"
match_by: ["hostname", "device"]
- name: "Disk Usage"
description: "Alarms when disk usage is high"
expression: "disk.space_used_perc > 90"
match_by: ["hostname", "device"]
- name: "Memory Usage"
description: "Alarms when memory usage is high"
severity: "MEDIUM"
expression: "avg(mem.usable_perc) < 10 times 3"
- name: "Kernel Crash Dumps"
description: "Kernel crash dumps are available on disk"
expression: "crash.dump_count > 1"
- name: "Network Errors"
description: "Alarms when either incoming or outgoing network errors are high"
severity: "MEDIUM"
expression: "net.in_errors_sec > 5 or net.out_errors_sec > 5"
- name: "Process Check"
description: "Alarms when the specified process is not running"
severity: "HIGH"
expression: "process.pid_count < 1"
match_by: ["process_name", "hostname"]
- name: "Instance CPU Usage"
description: "Alarms when the CPU usage of the specified instance is high"
expression: "avg(cpu.utilization_norm_perc) > 90 times 3"
match_by: ["resource_id"]
- name: "RabbitMQ Queue Depth"
description: "Alarms when the depth of the message queue is high"
expression: "avg(rabbitmq.queue.messages) > 10 times 3"
severity: "MEDIUM"
match_by: ["queue", "hostname"]
- name: "MySQL Slow Query Rate"
description: "Alarms when the slow query rate is high"
expression: "avg(mysql.performance.slow_queries) > 10 times 3"
- name: "Apache Status"
description: "Alarms on failure to reach the Apache status endpoint"
expression: "apache.status > 0"
severity: "HIGH"
- name: "Apache Idle Worker Count"
description: "Alarms when there are no idle workers in the Apache server"
expression: "avg(apache.performance.idle_worker_count) < 1 times 3"
severity: "MEDIUM"
- name: "NTP Time Sync"
description: "Alarms when the NTP time offset is high"
expression: "ntp.offset > 5 or ntp.offset < -5"
- name: "Kafka Consumer Lag"
description: "Alarms when the specified consumer_group is not keeping up with the incoming messages"
severity: "MEDIUM"
expression: "avg(kafka.consumer_lag) > 1000 times 3"
match_by: ["consumer_group", "hostname"]
- name: "Monasca Agent Collection Time"
description: "Alarms when the elapsed time the Monasca Agent takes to collect metrics is high"
expression: "avg(monasca.collection_time_sec) > 5 times 3"
- name: "Monasca Notification DB Query Time"
description: "Alarms when the elapsed time for queries to the Configuration DB by the Monasca Notification Engine is high"
expression: "avg(monasca.config_db_time) > 5 times 3"
- name: "Monasca Notification Email Time"
description: "Alarms when the elapsed time to send emails by the Monasca Notification Engine is high"
expression: "avg(monasca.email_time) > 2 times 3"
- name: "ZooKeeper Latency"
description: "Alarms when the ZooKeeper latency is high"
expression: "avg(zookeeper.avg_latency_sec) > 1 times 3"
- name: "HAProxy Backend Status"
description: "Alarms when the backend status is unavailable"
expression: "last(haproxy.count_per_status{status=unavailable})>0"
severity: "CRITICAL"
match_by: ["component"]
## Cap the maximum number of threads / workers when a user value is unspecified.
monasca_api_workers_max: 16
monasca_api_workers: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, monasca_api_workers_max] | min }}"
monasca_persister_workers_max: 16
monasca_persister_workers: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, monasca_persister_workers_max] | min }}"
monasca_service_in_ldap: False
monasca_pip_packages:
- cryptography
- gunicorn
- influxdb
- keystoneauth1
- monasca-api
- monasca-common
- monasca-persister
- monasca-notification
- monasca-statsd
- osprofiler
- PyOpenSSL
- python-monascaclient
- python-memcached
- future
## Service Names
monasca_services:
monasca-api:
group: monasca_api
service_name: monasca-api
service_init_bin: "{{ monasca_bin }}/gunicorn"
service_init_options: "-n monasca-api -k eventlet --worker-connections=2000 --backlog=1000 --paste /etc/monasca/api-config.ini -w {{ monasca_api_workers }}"
init_config_overrides: "{{ monasca_api_init_overrides }}"
monasca-persister:
group: monasca_persister
service_name: monasca-persister
service_init_bin: "{{ monasca_bin }}/python {{ monasca_bin }}/../lib/python2.7/site-packages/monasca_persister/persister.py"
service_init_options: "--config-file /etc/monasca/persister.conf"
init_config_overrides: "{{ monasca_persister_init_overrides }}"
monasca-thresh:
group: monasca_thresh
service_name: monasca-thresh
service_init_bin: "/opt/storm/current/bin/storm jar /usr/share/monasca-thresh/thresh/target/monasca-thresh-{{ _monasca_thresh_version.stdout | default('2.1.1') }}-shaded.jar"
service_init_options: "monasca.thresh.ThresholdingEngine /etc/monasca/thresh-config.yml thresh-cluster"
init_config_overrides: "{{ monasca_thresh_init_overrides }}"
monasca-notification:
group: monasca_notification
service_name: monasca-notification
init_config_overrides: "{{ monasca_notification_init_overrides }}"
monasca_api_init_overrides: {}
monasca_persister_init_overrides: {}
monasca_thresh_init_overrides: {}
monasca_notification_init_overrides: {}
# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
monasca_role_project_group: monasca_all
monasca_api_config_overrides: {}
monasca_api_config_ini_overrides: {}
monasca_api_logging_config_overrides: {}
monasca_persister_config_overrides: {}
monasca_persister_logging_config_overrides: {}
monasca_thresh_config_overrides: {}
monasca_notification_config_overrides: {}
monasca_opensuse_mirror_url: "http://download.opensuse.org"
This role needs pip >= 7.1 installed on the target host.
---
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Please check your inventory to install the appropriate
# dependencies for your monasca install
# Please also make sure the appropriate roles are installed.
- name: Install monasca dependencies
include: monasca-dependencies.yml
- name: Install monasca server
hosts: monasca_all
user: root
roles:
- { role: "os_monasca", tags: [ "os-monasca" ] }
vars:
external_lb_vip_address: 172.16.24.1
internal_lb_vip_address: 192.168.0.1
monasca_galera_address: "{{ internal_lb_vip_address }}"
monasca_container_mysql_password: "SuperSecretePassword1"
monasca_service_password: "SuperSecretePassword2"
monasca_influxdb_admin_password: "secrete"
monasca_api_influxdb_password: "secrete"
monasca_persister_influxdb_password: "secrete"
monasca_agent_password: "secrete"
grafana_mysql_host: "{{ monasca_galera_address }}"
grafana_admin_password: "secrete"
grafana_galera_password: "secrete"
This role supports the following tags:
monasca-install
: used to install and upgrade;monasca-config
: used to manage configuration;
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.