OpenStack-Ansible Monasca

OpenStack-Ansible Monasca

Ansible role for deploying Monasca Monitoring-as-a-Service.

This role installs the following Systemd services:

  • monasca-api
  • monasca-notification
  • monasca-persister
  • monasca-thresh

To clone or view the source code for this repository, visit the role repository for os_monasca.

Default variables

#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>

## Verbosity Options
debug: False

# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
monasca_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"

# Set the package/pattern install state for distribution and pip packages
# Options are 'present' and 'latest'
monasca_package_state: "latest"
monasca_pattern_state: "latest"
monasca_pip_package_state: "latest"

monasca_developer_mode: false
monasca_api_git_repo: "https://git.openstack.org/openstack/monasca-api"
monasca_api_git_install_branch: master
monasca_common_git_repo: "https://git.openstack.org/openstack/monasca-common"
monasca_common_git_install_branch: master
monasca_thresh_git_repo: "https://git.openstack.org/openstack/monasca-thresh"
monasca_thresh_git_install_branch: master
monasca_notification_git_repo: "https://git.openstack.org/openstack/monasca-notification"
monasca_notification_git_install_branch: master
monasca_persister_git_repo: "https://git.openstack.org/openstack/monasca-persister"
monasca_persister_git_install_branch: master
monasca_python_client_git_repo: "https://git.openstack.org/openstack/python-monascaclient"
monasca_python_client_git_install_branch: master
monasca_statsd_git_repo: "https://git.openstack.org/openstack/monasca-statsd"
monasca_statsd_git_install_branch: master

monasca_developer_constraints:
  - "git+{{ monasca_api_git_repo }}@{{ monasca_api_git_install_branch }}#egg=monasca-api"
  - "git+{{ monasca_common_git_repo }}@{{ monasca_common_git_install_branch }}#egg=monasca-common"
  - "git+{{ monasca_thresh_git_repo }}@{{ monasca_thresh_git_install_branch }}#egg=monasca-thresh"
  - "git+{{ monasca_notification_git_repo }}@{{ monasca_notification_git_install_branch }}#egg=monasca-notification"
  - "git+{{ monasca_persister_git_repo }}@{{ monasca_persister_git_install_branch }}#egg=monasca-persister"
  - "git+{{ monasca_python_client_git_repo }}@{{ monasca_python_client_git_install_branch }}#egg=python-monascaclient"

# TODO(odyssey4me):
# This can be simplified once all the roles are using
# python_venv_build. We can then switch to using a
# set of constraints in pip.conf inside the venv,
# perhaps prepared by giving a giving a list of
# constraints to the role.
monasca_pip_install_args: >-
  {{ monasca_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
  {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''), '') }}
  {{ pip_install_options | default('') }}

# Name of the virtual env to deploy into
monasca_venv_tag: "{{ venv_tag | default('untagged') }}"
monasca_bin: "/openstack/venvs/monasca-{{ monasca_venv_tag }}/bin"
monasca_etc_dir: "{{ monasca_bin | dirname }}/etc/monasca"

# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
monasca_venv_download: "{{ not monasca_developer_mode | bool }}"
monasca_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/monasca.tgz

## System info
monasca_system_user_name: monasca
monasca_system_group_name: monasca
monasca_system_shell: /bin/false
monasca_system_comment: monasca system user
monasca_system_user_home: "/var/lib/{{ monasca_system_user_name }}"

## Database info
monasca_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
monasca_galera_address: "{{ galera_address | default('127.0.0.1') }}"
monasca_galera_database: monasca
monasca_galera_user: monasca

## InfluxDB info
monasca_influxdb_database: monasca
monasca_api_influxdb_user: monasca_api
#monasca_api_influxdb_password: password
monasca_persister_influxdb_user: monasca_persister
#monasca_persister_influxdb_password: password
monasca_influxdb_host: "{{ influxdb_host }}"
monasca_influxdb_port: "{{ influxdb_port }}"
monasca_influxdb_admin: root
monasca_influxdb_admin_password: root
monasca_influxdb_replication_factor: 1
monasca_influxdb_retention_policy: "90d"
monasca_influxdb_shard_duration: "7d"
monasca_influxdb_users:
  - username: "{{ monasca_api_influxdb_user }}"
    password: "{{ monasca_api_influxdb_password }}"
  - username: "{{ monasca_persister_influxdb_user }}"
    password: "{{ monasca_persister_influxdb_password }}"

# Keystone AuthToken/Middleware
monasca_keystone_auth_plugin: password
monasca_service_project_domain_name: Default
monasca_service_user_domain_name: default

monasca_role_name: admin
monasca_api_bind_address: 0.0.0.0

## Service Type and Data
monasca_service_region: RegionOne
monasca_service_name: monasca
monasca_service_port: 8070
monasca_service_proto: http
monasca_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(monasca_service_proto) }}"
monasca_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(monasca_service_proto) }}"
monasca_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(monasca_service_proto) }}"
monasca_service_type: monitoring
monasca_service_description: "OpenStack Monitoring Service"
monasca_service_user_name: monasca
monasca_service_project_name: service
monasca_service_project_domain_id: default
monasca_service_user_domain_id: default
monasca_service_publicuri: "{{ monasca_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ monasca_service_port }}"
monasca_service_publicurl: "{{ monasca_service_publicuri }}/v2.0"
monasca_service_internaluri: "{{ monasca_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ monasca_service_port }}"
monasca_service_internalurl: "{{ monasca_service_internaluri }}/v2.0"
monasca_service_adminuri: "{{ monasca_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ monasca_service_port }}"
monasca_service_adminurl: "{{ monasca_service_adminuri }}/v2.0"

## Monasca configuration
monasca_log_level: INFO
monasca_user_roles:
  - monasca-user
monasca_agent_roles:
  - monasca-agent
monasca_read_only_user_roles:
  - monasca-read-only-user

monasca_agent_user_name: monasca-agent
monasca_agent_project_name: admin
monasca_partition_interval_recheck_seconds: 15

## Kafka configuration
kafka_events_partitions: 12
kafka_metrics_partitions: 64
# This should be the number of systems running the Notification Engine
kafka_retry_notifications_partitions: "{{ groups['monasca_notification'] | length }}"
kafka_replicas: "{{ groups['monasca_kafka'] | length }}"

kafka_topics:
  metrics:
    replicas: "{{ kafka_replicas }}"
    partitions: "{{ kafka_metrics_partitions }}"
  events:
    replicas: "{{ kafka_replicas }}"
    partitions: "{{ kafka_events_partitions }}"
  alarm-state-transitions:
    replicas: "{{ kafka_replicas }}"
    partitions: "{{ kafka_events_partitions }}"
  alarm-notifications:
    replicas: "{{ kafka_replicas }}"
    partitions: "{{ kafka_events_partitions }}"
  retry-notifications:
    replicas: "{{ kafka_replicas }}"
    partitions: "{{ kafka_retry_notifications_partitions }}"
  60-seconds-notifications:
    replicas: "{{ kafka_replicas }}"
    partitions: "{{ kafka_retry_notifications_partitions }}"

monasca_notification_address: root@localhost
monasca_notification_name: 'Default Email'
monasca_notification_type: EMAIL

monasca_default_alarms:
  - name: "Host Status"
    description: "Alarms when the specified host is down or not reachable"
    severity: "HIGH"
    expression: "host_alive_status > 0"
  - name: "HTTP Status"
    description: "Alarms when the specified HTTP endpoint is down or not reachable"
    severity: "HIGH"
    expression: "http_status > 0"
    match_by: ["service", "component", "hostname", "url"]
  - name: "CPU Usage"
    description: "Alarms when CPU usage is high"
    expression: "avg(cpu.idle_perc) < 10 times 3"
  - name: "Disk Inode Usage"
    description: "Alarms when disk inode usage is high"
    expression: "disk.inode_used_perc > 90"
    match_by: ["hostname", "device"]
  - name: "Disk Usage"
    description: "Alarms when disk usage is high"
    expression: "disk.space_used_perc > 90"
    match_by: ["hostname", "device"]
  - name: "Memory Usage"
    description: "Alarms when memory usage is high"
    severity: "MEDIUM"
    expression: "avg(mem.usable_perc) < 10 times 3"
  - name: "Kernel Crash Dumps"
    description: "Kernel crash dumps are available on disk"
    expression: "crash.dump_count > 1"
  - name: "Network Errors"
    description: "Alarms when either incoming or outgoing network errors are high"
    severity: "MEDIUM"
    expression: "net.in_errors_sec > 5 or net.out_errors_sec > 5"
  - name: "Process Check"
    description: "Alarms when the specified process is not running"
    severity: "HIGH"
    expression: "process.pid_count < 1"
    match_by: ["process_name", "hostname"]
  - name: "Instance CPU Usage"
    description: "Alarms when the CPU usage of the specified instance is high"
    expression: "avg(cpu.utilization_norm_perc) > 90 times 3"
    match_by: ["resource_id"]
  - name: "RabbitMQ Queue Depth"
    description: "Alarms when the depth of the message queue is high"
    expression: "avg(rabbitmq.queue.messages) > 10 times 3"
    severity: "MEDIUM"
    match_by: ["queue", "hostname"]
  - name: "MySQL Slow Query Rate"
    description: "Alarms when the slow query rate is high"
    expression: "avg(mysql.performance.slow_queries) > 10 times 3"
  - name: "Apache Status"
    description: "Alarms on failure to reach the Apache status endpoint"
    expression: "apache.status > 0"
    severity: "HIGH"
  - name: "Apache Idle Worker Count"
    description: "Alarms when there are no idle workers in the Apache server"
    expression: "avg(apache.performance.idle_worker_count) < 1 times 3"
    severity: "MEDIUM"
  - name: "NTP Time Sync"
    description: "Alarms when the NTP time offset is high"
    expression: "ntp.offset > 5 or ntp.offset < -5"
  - name: "Kafka Consumer Lag"
    description: "Alarms when the specified consumer_group is not keeping up with the incoming messages"
    severity: "MEDIUM"
    expression: "avg(kafka.consumer_lag) > 1000 times 3"
    match_by: ["consumer_group", "hostname"]
  - name: "Monasca Agent Collection Time"
    description: "Alarms when the elapsed time the Monasca Agent takes to collect metrics is high"
    expression: "avg(monasca.collection_time_sec) > 5 times 3"
  - name: "Monasca Notification DB Query Time"
    description: "Alarms when the elapsed time for queries to the Configuration DB by the Monasca Notification Engine is high"
    expression: "avg(monasca.config_db_time) > 5 times 3"
  - name: "Monasca Notification Email Time"
    description: "Alarms when the elapsed time to send emails by the Monasca Notification Engine is high"
    expression: "avg(monasca.email_time) > 2 times 3"
  - name: "ZooKeeper Latency"
    description: "Alarms when the ZooKeeper latency is high"
    expression: "avg(zookeeper.avg_latency_sec) > 1 times 3"
  - name: "HAProxy Backend Status"
    description: "Alarms when the backend status is unavailable"
    expression: "last(haproxy.count_per_status{status=unavailable})>0"
    severity: "CRITICAL"
    match_by: ["component"]


## Cap the maximum number of threads / workers when a user value is unspecified.
monasca_api_workers_max: 16
monasca_api_workers: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, monasca_api_workers_max] | min }}"
monasca_persister_workers_max: 16
monasca_persister_workers: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, monasca_persister_workers_max] | min }}"

monasca_service_in_ldap: False

monasca_pip_packages:
  - cryptography
  - gunicorn
  - influxdb
  - keystoneauth1
  - monasca-api
  - monasca-common
  - monasca-persister
  - monasca-notification
  - monasca-statsd
  - osprofiler
  - PyOpenSSL
  - python-monascaclient
  - python-memcached
  - future

## Service Names
monasca_services:
  monasca-api:
    group: monasca_api
    service_name: monasca-api
    service_init_bin: "{{ monasca_bin }}/gunicorn"
    service_init_options: "-n monasca-api -k eventlet --worker-connections=2000 --backlog=1000 --paste /etc/monasca/api-config.ini -w {{ monasca_api_workers }}"
    init_config_overrides: "{{ monasca_api_init_overrides }}"
  monasca-persister:
    group: monasca_persister
    service_name: monasca-persister
    service_init_bin: "{{ monasca_bin }}/python {{ monasca_bin }}/../lib/python2.7/site-packages/monasca_persister/persister.py"
    service_init_options: "--config-file /etc/monasca/persister.conf"
    init_config_overrides: "{{ monasca_persister_init_overrides }}"
  monasca-thresh:
    group: monasca_thresh
    service_name: monasca-thresh
    service_init_bin: "/opt/storm/current/bin/storm jar /usr/share/monasca-thresh/thresh/target/monasca-thresh-{{ _monasca_thresh_version.stdout | default('2.1.1') }}-shaded.jar"
    service_init_options: "monasca.thresh.ThresholdingEngine /etc/monasca/thresh-config.yml thresh-cluster"
    init_config_overrides: "{{ monasca_thresh_init_overrides }}"
  monasca-notification:
    group: monasca_notification
    service_name: monasca-notification
    init_config_overrides: "{{ monasca_notification_init_overrides }}"

monasca_api_init_overrides: {}
monasca_persister_init_overrides: {}
monasca_thresh_init_overrides: {}
monasca_notification_init_overrides: {}

# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
monasca_role_project_group: monasca_all

monasca_api_config_overrides: {}
monasca_api_config_ini_overrides: {}
monasca_api_logging_config_overrides: {}
monasca_persister_config_overrides: {}
monasca_persister_logging_config_overrides: {}
monasca_thresh_config_overrides: {}
monasca_notification_config_overrides: {}

monasca_opensuse_mirror_url: "http://download.opensuse.org"

Dependencies

This role needs pip >= 7.1 installed on the target host.

Example playbook

---
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Please check your inventory to install the appropriate
# dependencies for your monasca install

# Please also make sure the appropriate roles are installed.
- name: Install monasca dependencies
  include: monasca-dependencies.yml

- name: Install monasca server
  hosts: monasca_all
  user: root
  roles:
    - { role: "os_monasca", tags: [ "os-monasca" ] }
  vars:
    external_lb_vip_address: 172.16.24.1
    internal_lb_vip_address: 192.168.0.1
    monasca_galera_address: "{{ internal_lb_vip_address }}"
    monasca_container_mysql_password: "SuperSecretePassword1"
    monasca_service_password: "SuperSecretePassword2"
    monasca_influxdb_admin_password: "secrete"
    monasca_api_influxdb_password: "secrete"
    monasca_persister_influxdb_password: "secrete"
    monasca_agent_password: "secrete"
    grafana_mysql_host: "{{ monasca_galera_address }}"
    grafana_admin_password: "secrete"
    grafana_galera_password: "secrete"

Tags

This role supports the following tags:

  • monasca-install: used to install and upgrade;
  • monasca-config: used to manage configuration;
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.