Monasca REST API
Go to file
Craig Bryant bd3255629a Fix find AlarmDefinition by dimension
Some of the SQL wasn't updated when the tables were renamed

Also, rename SubAlarmQueries to match its use in AlarmDefinitions

Fix alarm.sql so AlarmDefinitionMySqlRepositoryImplTest runs

Add more comprehensive unit tests that would have caught this error

Change-Id: I4bd9519fb1b24f9763f1bb34bbd960c69879eb80
2015-02-13 07:39:03 -07:00
docs Merge "First step to removing use of application/json-patch+json" 2015-02-06 18:18:33 +00:00
download Get the java build working in StackForge 2015-02-09 14:28:44 -07:00
etc enable microservice 2014-12-04 14:07:28 -05:00
java Fix find AlarmDefinition by dimension 2015-02-13 07:39:03 -07:00
monasca Limit the changes that can be made to Alarm Definition 2015-02-11 12:17:01 -07:00
.coveragerc initial python implementation 2014-09-15 13:18:10 -04:00
.gitignore initial python implementation 2014-09-15 13:18:10 -04:00
.gitreview Get initial build to work. 2014-07-15 15:35:50 -06:00
.testr.conf initial python implementation 2014-09-15 13:18:10 -04:00
babel.cfg initial python implementation 2014-09-15 13:18:10 -04:00
es-impl-requirements.txt implementation specific requirement files 2014-12-09 09:08:25 -05:00
LICENSE Added license file 2014-05-01 16:22:11 -07:00
pom.xml Get the java build working in StackForge 2015-02-09 14:28:44 -07:00
README.md Get the java build working in StackForge 2015-02-09 14:28:44 -07:00
ref-impl-requirements.txt Remove peewee and replace with mysqldb 2014-12-16 13:12:58 -07:00
requirements.txt Limit the changes that can be made to Alarm Definition 2015-02-11 12:17:01 -07:00
setup.cfg enable microservice 2014-12-04 14:07:28 -05:00
setup.py initial python implementation 2014-09-15 13:18:10 -04:00
test-requirements.txt Add alarm history resource 2014-11-17 15:38:47 -07:00
tox.ini Add alarm history resource 2014-11-17 15:38:47 -07:00

Overview

monasca-api is a RESTful API server that is designed with a layered architecture layered architecture.

The full API Specification can be found in docs/monasca-api-spec.md

Java Build

Requires monasca-common from https://github.com/stackforge/monasca-common. Download and do mvn install. Then:

cd java
mvn clean package

StackForge Java Build

There is a pom.xml in the base directory that should only be used for the StackForge build. The StackForge build is a rather strange build because of the limitations of the current StackForge java jobs and infrastructure. This build depends on jars that are built in the monasca-common build. That StrackForge build uploads the completed jars to http://tarballs.openstack.org/ci/monasca-common, but they are just regular jars, and not in a maven repository. Hence, the first thing the maven build from the base project does is execute the build in the download directory. That pom.xml executes the script download.sh which downloads the required jars from http://tarballs.openstack.org/ci/monasca-common and then uses maven to install them in the local directory. The maven install needs the pom.xml so that is pulled from the jar file and then changed to have the right version before the install.

The monasca-common jars also need the base monasca-common pom.xml. So, that is pulled from gihtub.com and also installed in the local repository.

Since this is all rather complex, that part of the build only works on StackForge so follow the simple instruction above if you are building your own monasca-api.

Currently this build is executed on the bare-precise nodes in StackForge and they only have maven 2. So, this build must be kept compatible with Maven 2. If another monasca-common jar is added as a dependency to java/pom.xml, it must also be added to download/download.sh.

Combining monasca-common, monasca-thresh, monasaca-api and monasca-persister into one build would vastly simplify the builds but that is a future task.`

Usage

java -jar target/monasca-api.jar server config-file.yml

Keystone Configuration

For secure operation of the Monasca API, the API must be configured to use Keystone in the configuration file under the middleware section. Monasca only works with a Keystone v3 server. The important parts of the configuration are explained below:

  • serverVIP - This is the hostname or IP Address of the Keystone server
  • serverPort - The port for the Keystone server
  • useHttps - Whether to use https when making requests of the Keystone API
  • truststore - If useHttps is true and the Keystone server is not using a certificate signed by a public CA recognized by Java, the CA certificate can be placed in a truststore so the Monasca API will trust it, otherwise it will reject the https connection. This must be a JKS truststore
  • truststorePassword - The password for the above truststore
  • connSSLClientAuth - If the Keystone server requires the SSL client used by the Monasca server to have a specific client certificate, this should be true, false otherwise
  • keystore - The keystore holding the SSL Client certificate if connSSLClientAuth is true
  • keystorePassword - The password for the keystore
  • defaultAuthorizedRoles - An array of roles that authorize a user to access the complete Monasca API. User must have at least one of these roles. See below
  • agentAuthorizedRoles - An array of roles that authorize only the posting of metrics. See Keystone Roles below
  • adminAuthMethod - "password" if the Monasca API should adminUser and adminPassword to login to the Keystone server to check the user's token, "token" if the Monasca API should use adminToken
  • adminUser - Admin user name
  • adminPassword - Admin user password
  • adminToken - A valid admin user token if adminAuthMethod is token
  • timeToCacheToken - How long the Monasca API should cache the user's token before checking it again

Keystone Roles

The Monasca API has two levels of access:

Full access - user can read/write metrics and Alarm Definitions and Alarms

Agent access - user can only write metrics

The reason for the "Agent access" level is because the Monasca Agent must be configured to use a Keystone user. Since the user and password are configured onto the all of the systems running the Monasca Agent, this user is most in danger of being compromised. If this user is limited to only writing metrics, then the damage can be limited.

To configure the user to have full access, the user must have a role that is listed in defaultAuthorizedRoles. To configure a user to have only "Agent access", the user must have a role in agentAuthorizedRoles and none of the roles in defaultAuthorizedRoles.

Design Overview

Architectural layers

Requests flow through the following architectural layers from top to bottom:

  • Resource
    • Serves as the entrypoint into the service.
    • Responsible for handling web service requests, and performing structural request validation.
  • Application
    • Responsible for providing application level implementations for specific use cases.
  • Domain
    • Contains the technology agnostic core domain model and domain service definitions.
    • Responsible for upholding invariants and defining state transitions.
  • Infrastructure
    • Contains technology specific implementations of domain services.

Documentation

python monasca api implementation

To install the python api implementation, git clone the source and run the following command::

sudo python setup.py install

If it installs successfully, you will need to make changes to the following two files to reflect your system settings, especially where kafka server is located::

/etc/monasca/monasca.ini
/etc/monasca/monasca.conf

Once the configurations are modified to match your environment, you can start up the server by following the following instructions.

To start the server, run the following command:

Running the server in foreground mode
gunicorn -k eventlet --worker-connections=2000 --backlog=1000
         --paste /etc/monasca/monasca.ini

Running the server as daemons
gunicorn -k eventlet --worker-connections=2000 --backlog=1000
         --paste /etc/monasca/monasca.ini -D

To check if the code follows python coding style, run the following command from the root directory of this project

tox -e pep8

To run all the unit test cases, run the following command from the root directory of this project

tox -e py27   (or -e py26, -e py33)

License

Copyright (c) 2014 Hewlett-Packard Development Company, L.P.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.