openstack/cloudkitty
Code Issues Proposed changes
Files
master
cloudkitty/doc/source/admin/configuration/storage.rst
jlarriba 1a838653fb Support TLS connections to Loki storage 
The Loki storage could be behind an HTTPS proxy that requires TLS
encrypted connections. This change supports two different
TLS configurations:

* Connect via one-way TLS as a normal HTTPS connection via the
ca_file parameter to provide encryption

* Connect via two-way TLS as a mutual TLS connection for encryption
and authentication. If cert_file and key_file are provided, they
will be sent to Loki to authenticate the requests.

Both methods supports the insecure parameter in case the ca_file
has not been provided or it is incorrect. With that, the driver
will not verify the certificates.

Depends-On: https://review.opendev.org/c/openstack/cloudkitty/+/950868
Change-Id: Idfbd5f6e85b572b129b8595fa1eb122b80827d90
Signed-off-by: jlarriba <jlarriba@redhat.com>
2025-10-10 16:49:11 +00:00

146 lines
4.2 KiB
ReStructuredText
Raw Permalink Blame History

===============================
Storage backend configuration
===============================
Common options
==============
.. note::
Two storage backend interfaces are available: v1 and v2. Each supports one
or several drivers. The v2 storage interface is required to use
CloudKitty's v2 API. It is retrocompatible with the v1 API. However, it is
not possible to use the v2 API with the v1 storage interface.
The main storage backend options are specified in the ``[storage]`` section of
the configuration file. The following options are available:
* ``version``: Defaults to 2. Version of the storage interface to use
(must be 1 or 2).
* ``backend``: Defaults to ``influxdb``. Storage driver to use.
Supported v1 drivers are:
- ``sqlalchemy``
Supported v2 drivers are:
- ``influxdb``
- ``elasticsearch``
- ``opensearch``
- ``loki``
Driver-specific options
=======================
SQLAlchemy (v1)
---------------
This backend has no specific options. It uses the ``connection`` option of the
``database`` section. Example of value for this option:
.. code-block:: ini
[database]
connection = mysql+pymysql://cloudkitty_user:cloudkitty_password@mariadb_host/cloudkitty_database
InfluxDB (v2)
-------------
Section: ``storage_influxdb``.
* ``username``: InfluxDB username.
* ``password``: InfluxDB password.
* ``database``: InfluxDB database.
* ``retention_policy``: Retention policy to use (defaults to ``autogen``)
* ``host``: Defaults to ``localhost``. InfluxDB host.
* ``port``: Default to 8086. InfluxDB port.
* ``use_ssl``: Defaults to false. Set to true to use SSL for InfluxDB
connections.
* ``insecure``: Defaults to false. Set to true to authorize insecure HTTPS
connections to InfluxDB.
* ``cafile``: Path of the CA certificate to trust for HTTPS connections.
.. note:: CloudKitty will push one point per collected metric per collect
period to InfluxDB. Depending on the size of your infra and the
capacities of your InfluxDB host / cluster, you might want to do
regular exports of your data and create a custom retention policy on
cloudkitty's database.
Elasticsearch (v2)
------------------
Section ``storage_elasticsearch``:
* ``host``: Defaults to ``http://localhost:9200``. Elasticsearch host, along
with port and protocol.
* ``index_name``: Defaults to ``cloudkitty``. Elasticsearch index to use.
* ``insecure``: Defaults to ``false``. Set to true to allow insecure HTTPS
connections to Elasticsearch.
* ``cafile``: Path of the CA certificate to trust for HTTPS connections.
* ``scroll_duration``: Defaults to 30. Duration (in seconds) for which the
Elasticsearch scroll contexts should be kept alive.
OpenSearch 2.x (v2)
-------------------
Section ``storage_opensearch``:
* ``host``: Defaults to ``http://localhost:9200``. OpenSearch 2.x host, along
with port and protocol.
* ``index_name``: Defaults to ``cloudkitty``. OpenSearch index to use.
* ``insecure``: Defaults to ``false``. Set to true to allow insecure HTTPS
connections to OpenSearch.
* ``cafile``: Path of the CA certificate to trust for HTTPS connections.
* ``scroll_duration``: Defaults to 30. Duration (in seconds) for which the
OpenSearch scroll contexts should be kept alive.
Loki (v2)
-------------------
Section ``storage_loki``:
* ``url``: Defaults to ``http://localhost:3100/loki/api/v1``. Loki host, along
with port and protocol.
* ``tenant``: Defaults to cloudkitty. Loki tenant.
* ``stream``: Defaults to ``{"service": "cloudkitty"}``. The labels that are
going to be used to define the Loki stream as Python dict.
* ``buffer_size``: Defaults to ``1``. The number of messages that will be
grouped together before launching a Loki HTTP POST request.
* ``content_type``: Defaults to ``application/json``. The http Content-Type
that will be used to send info to Loki. It can also be
``application/x-protobuf`` (not supported yet).
* ``insecure``: Defaults to ``false``. Set to true to allow insecure HTTPS
connections to Loki.
* ``ca_file``: Path of the CA certificate to trust for HTTPS connections.
* ``cert_file``: Path to a client cert for establishing mTLS connections to
Loki.
* ``key_file``: Path to a client key for establishing mTLS connections to
Loki.
View Git Blame Copy Permalink