From 2d535d5f5ec8a2d9c619f02a2a7cbdfbd4d92f15 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Mon, 16 Nov 2015 14:29:03 -0600 Subject: [PATCH] Update Master SHAs - 17 Jan 2016 This patch does the following: - updates the Master SHAs for new development work. - includes updates to policy, paste and rootwrap files as required - moves the Aodh repository to openstack_services as it now has implemented a stable branch - Updated the keystone-wsgi file as it was still running the code from liberty - add 2 package requirements to keystone which must be present for the new wsgi file. - updates tempest.conf.j2 to replace ssh_auth_method with auth_method, and change auth_method to 'keypair' (configured is no longer an a valid option) Change-Id: I933c24c03518865d9d40519dafb2ba46769a5453 Signed-off-by: Kevin Carter --- defaults/main.yml | 3 + files/rootwrap.d/ipmi.filters | 7 + tasks/ceilometer_post_install.yml | 25 +++ tasks/ceilometer_pre_install.yml | 1 + templates/event_definitions.yaml.j2 | 170 ++++++++++++++++- templates/event_pipeline.yaml.j2 | 2 +- templates/gnocchi_resources.yaml.j2 | 176 ++++++++++++++++++ .../osprofiler_event_definitions.yaml.j2 | 31 +++ templates/pipeline.yaml.j2 | 11 +- templates/rootwrap.conf.j2 | 27 +++ 10 files changed, 442 insertions(+), 11 deletions(-) create mode 100644 files/rootwrap.d/ipmi.filters create mode 100644 templates/gnocchi_resources.yaml.j2 create mode 100644 templates/osprofiler_event_definitions.yaml.j2 create mode 100644 templates/rootwrap.conf.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 05022b60..1e744974 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -134,8 +134,11 @@ ceilometer_service_names: ## Tunable overrides ceilometer_policy_overrides: {} +ceilometer_rootwrap_conf_overrides: {} ceilometer_ceilometer_conf_overrides: {} ceilometer_api_paste_ini_overrides: {} ceilometer_event_definitions_yaml_overrides: {} ceilometer_event_pipeline_yaml_overrides: {} ceilometer_pipeline_yaml_overrides: {} +ceilometer_gnocci_resources_yaml_overrides: {} +ceilometer_osprofiler_event_definitions_yaml_overrides: {} diff --git a/files/rootwrap.d/ipmi.filters b/files/rootwrap.d/ipmi.filters new file mode 100644 index 00000000..2ef74b04 --- /dev/null +++ b/files/rootwrap.d/ipmi.filters @@ -0,0 +1,7 @@ +# ceilometer-rootwrap command filters for IPMI capable nodes +# This file should be owned by (and only-writeable by) the root user + +[Filters] +# ceilometer/ipmi/nodemanager/node_manager.py: 'ipmitool' +ipmitool: CommandFilter, ipmitool, root + diff --git a/tasks/ceilometer_post_install.yml b/tasks/ceilometer_post_install.yml index 73d8dc29..099294ba 100644 --- a/tasks/ceilometer_post_install.yml +++ b/tasks/ceilometer_post_install.yml @@ -31,6 +31,10 @@ dest: "/etc/ceilometer/api_paste.ini" config_overrides: "{{ ceilometer_api_paste_ini_overrides }}" config_type: "ini" + - src: "rootwrap.conf.j2" + dest: "/etc/ceilometer/rootwrap.conf" + config_overrides: "{{ ceilometer_rootwrap_conf_overrides }}" + config_type: "ini" - src: "event_pipeline.yaml.j2" dest: "/etc/ceilometer/event_pipeline.yaml" config_overrides: "{{ ceilometer_event_pipeline_yaml_overrides }}" @@ -43,6 +47,14 @@ dest: "/etc/ceilometer/pipeline.yaml" config_overrides: "{{ ceilometer_pipeline_yaml_overrides }}" config_type: "yaml" + - src: "gnocchi_resources.yaml.j2" + dest: "/etc/ceilometer/gnocchi_resources.yaml" + config_overrides: "{{ ceilometer_gnocci_resources_yaml_overrides }}" + config_type: "yaml" + - src: "osprofiler_event_definitions.yaml.j2" + dest: "/etc/ceilometer/osprofiler_event_definitions.yaml" + config_overrides: "{{ ceilometer_osprofiler_event_definitions_yaml_overrides }}" + config_type: "yaml" - src: "policy.json.j2" dest: "/etc/ceilometer/policy.json" config_overrides: "{{ ceilometer_policy_overrides }}" @@ -52,6 +64,19 @@ - ceilometer-config - ceilometer-post-install +- name: Drop rootwrap filters + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ ceilometer_system_user_name }}" + group: "{{ ceilometer_system_group_name }}" + with_items: + - { src: "rootwrap.d/ipmi.filters", dest: "/etc/ceilometer/rootwrap.d/ipmi.filters" } + notify: + - Restart ceilometer services + tags: + - ceilometer-config + - name: Get ceilometer command path command: which ceilometer register: ceilometer_command_path diff --git a/tasks/ceilometer_pre_install.yml b/tasks/ceilometer_pre_install.yml index 5288dabf..bec4f326 100644 --- a/tasks/ceilometer_pre_install.yml +++ b/tasks/ceilometer_pre_install.yml @@ -56,6 +56,7 @@ with_items: - { path: "/openstack", mode: "0755", owner: "root", group: "root" } - { path: "/etc/ceilometer" } + - { path: "/etc/ceilometer/rootwrap.d" } - { path: "{{ ceilometer_system_user_home }}" } - { path: "{{ ceilometer_system_user_home }}/.ssh", mode: "0700" } - { path: "/var/cache/ceilometer", mode: "0700" } diff --git a/templates/event_definitions.yaml.j2 b/templates/event_definitions.yaml.j2 index a5ab2e2c..763ff49f 100644 --- a/templates/event_definitions.yaml.j2 +++ b/templates/event_definitions.yaml.j2 @@ -8,15 +8,9 @@ instance_id: fields: payload.instance_id host: - fields: publisher_id - plugin: - name: split - parameters: - segment: 1 - max_split: 1 + fields: publisher_id.`split(., 1, 1)` service: - fields: publisher_id - plugin: split + fields: publisher_id.`split(., 0, -1)` memory_mb: type: int fields: payload.memory_mb @@ -96,6 +90,12 @@ fields: payload.snapshot_id volume_id: fields: payload.volume_id +- event_type: ['image_volume_cache.*'] + traits: + image_id: + fields: payload.image_id + host: + fields: payload.host - event_type: ['image.update', 'image.upload', 'image.delete'] traits: &glance_crud project_id: @@ -331,6 +331,10 @@ fields: ['payload.ipsec_site_connection.id', 'payload.id'] - event_type: '*http.*' traits: &http_audit + project_id: + fields: payload.initiator.project_id + user_id: + fields: payload.initiator.id typeURI: fields: payload.typeURI eventType: @@ -366,4 +370,152 @@ <<: *http_audit reason_code: fields: payload.reason.reasonCode - +- event_type: ['dns.domain.create', 'dns.domain.update', 'dns.domain.delete'] + traits: &dns_domain_traits + status: + fields: payload.status + retry: + fields: payload.retry + description: + fields: payload.description + expire: + fields: payload.expire + email: + fields: payload.email + ttl: + fields: payload.ttl + action: + fields: payload.action + name: + fields: payload.name + resource_id: + fields: payload.id + created_at: + fields: payload.created_at + updated_at: + fields: payload.updated_at + version: + fields: payload.version + parent_domain_id: + fields: parent_domain_id + serial: + fields: payload.serial +- event_type: dns.domain.exists + traits: + <<: *dns_domain_traits + audit_period_beginning: + type: datetime + fields: payload.audit_period_beginning + audit_period_ending: + type: datetime + fields: payload.audit_period_ending +- event_type: trove.* + traits: &trove_base_traits + state: + fields: payload.state_description + instance_type: + fields: payload.instance_type + user_id: + fields: payload.user_id + resource_id: + fields: payload.instance_id + instance_type_id: + fields: payload.instance_type_id + launched_at: + type: datetime + fields: payload.launched_at + instance_name: + fields: payload.instance_name + state: + fields: payload.state + nova_instance_id: + fields: payload.nova_instance_id + service_id: + fields: payload.service_id + created_at: + type: datetime + fields: payload.created_at + region: + fields: payload.region +- event_type: ['trove.instance.create', 'trove.instance.modify_volume', 'trove.instance.modify_flavor', 'trove.instance.delete'] + traits: &trove_common_traits + name: + fields: payload.name + availability_zone: + fields: payload.availability_zone + instance_size: + type: int + fields: payload.instance_size + volume_size: + type: int + fields: payload.volume_size + nova_volume_id: + fields: payload.nova_volume_id +- event_type: trove.instance.create + traits: + <<: [*trove_base_traits, *trove_common_traits] +- event_type: trove.instance.modify_volume + traits: + <<: [*trove_base_traits, *trove_common_traits] + old_volume_size: + type: int + fields: payload.old_volume_size + modify_at: + type: datetime + fields: payload.modify_at +- event_type: trove.instance.modify_flavor + traits: + <<: [*trove_base_traits, *trove_common_traits] + old_instance_size: + type: int + fields: payload.old_instance_size + modify_at: + type: datetime + fields: payload.modify_at +- event_type: trove.instance.delete + traits: + <<: [*trove_base_traits, *trove_common_traits] + deleted_at: + type: datetime + fields: payload.deleted_at +- event_type: trove.instance.exists + traits: + <<: *trove_base_traits + display_name: + fields: payload.display_name + audit_period_beginning: + type: datetime + fields: payload.audit_period_beginning + audit_period_ending: + type: datetime + fields: payload.audit_period_ending +- event_type: profiler.* + traits: + project: + fields: payload.project + service: + fields: payload.service + name: + fields: payload.name + base_id: + fields: payload.base_id + trace_id: + fields: payload.trace_id + parent_id: + fields: payload.parent_id + timestamp: + fields: payload.timestamp + host: + fields: payload.info.host + path: + fields: payload.info.request.path + query: + fields: payload.info.request.query + method: + fields: payload.info.request.method + scheme: + fields: payload.info.request.scheme + db.statement: + fields: payload.info.db.statement + db.params: + fields: payload.info.db.params diff --git a/templates/event_pipeline.yaml.j2 b/templates/event_pipeline.yaml.j2 index d6c5e256..10275f74 100644 --- a/templates/event_pipeline.yaml.j2 +++ b/templates/event_pipeline.yaml.j2 @@ -10,4 +10,4 @@ sinks: transformers: triggers: publishers: - - direct:// + - notifier:// diff --git a/templates/gnocchi_resources.yaml.j2 b/templates/gnocchi_resources.yaml.j2 new file mode 100644 index 00000000..57875611 --- /dev/null +++ b/templates/gnocchi_resources.yaml.j2 @@ -0,0 +1,176 @@ +--- + +resources: + - resource_type: identity + archive_policy: low + metrics: + - 'identity.authenticate.success' + - 'identity.authenticate.pending' + - 'identity.authenticate.failure' + - 'identity.user.created' + - 'identity.user.deleted' + - 'identity.user.updated' + - 'identity.group.created' + - 'identity.group.deleted' + - 'identity.group.updated' + - 'identity.role.created' + - 'identity.role.deleted' + - 'identity.role.updated' + - 'identity.project.created' + - 'identity.project.deleted' + - 'identity.project.updated' + - 'identity.trust.created' + - 'identity.trust.deleted' + - 'identity.role_assignment.created' + - 'identity.role_assignment.deleted' + + - resource_type: ceph_account + metrics: + - 'radosgw.objects' + - 'radosgw.objects.size' + - 'radosgw.objects.containers' + - 'radosgw.api.request' + - 'radosgw.containers.objects' + - 'radosgw.containers.objects.size' + + - resource_type: instance + metrics: + - 'instance' + - 'memory' + - 'memory.usage' + - 'memory.resident' + - 'vcpus' + - 'cpu' + - 'cpu.delta' + - 'cpu_util' + - 'disk.root.size' + - 'disk.ephemeral.size' + - 'disk.read.requests' + - 'disk.read.requests.rate' + - 'disk.write.requests' + - 'disk.write.requests.rate' + - 'disk.read.bytes' + - 'disk.read.bytes.rate' + - 'disk.write.bytes' + - 'disk.write.bytes.rate' + - 'disk.latency' + - 'disk.iops' + - 'disk.capacity' + - 'disk.allocation' + - 'disk.usage' + attributes: + host: resource_metadata.host + image_ref: resource_metadata.image_ref + display_name: resource_metadata.display_name + flavor_id: resource_metadata.(instance_flavor_id|(flavor.id)) + server_group: resource_metadata.user_metadata.server_group + + - resource_type: instance_network_interface + metrics: + - 'network.outgoing.packets.rate' + - 'network.incoming.packets.rate' + - 'network.outgoing.packets' + - 'network.incoming.packets' + - 'network.outgoing.bytes.rate' + - 'network.incoming.bytes.rate' + - 'network.outgoing.bytes' + - 'network.incoming.bytes' + attributes: + name: resource_metadata.vnic_name + instance_id: resource_metadata.instance_id + + - resource_type: instance_disk + metrics: + - 'disk.device.read.requests' + - 'disk.device.read.requests.rate' + - 'disk.device.write.requests' + - 'disk.device.write.requests.rate' + - 'disk.device.read.bytes' + - 'disk.device.read.bytes.rate' + - 'disk.device.write.bytes' + - 'disk.device.write.bytes.rate' + - 'disk.device.latency' + - 'disk.device.iops' + - 'disk.device.capacity' + - 'disk.device.allocation' + - 'disk.device.usage' + attributes: + name: resource_metadata.disk_name + instance_id: resource_metadata.instance_id + + - resource_type: image + metrics: + - 'image' + - 'image.size' + - 'image.download' + - 'image.serve' + attributes: + name: resource_metadata.name + container_format: resource_metadata.container_format + disk_format: resource_metadata.disk_format + + - resource_type: ipmi + metrics: + - 'hardware.ipmi.node.power' + - 'hardware.ipmi.node.temperature' + - 'hardware.ipmi.node.inlet_temperature' + - 'hardware.ipmi.node.outlet_temperature' + - 'hardware.ipmi.node.fan' + - 'hardware.ipmi.node.current' + - 'hardware.ipmi.node.voltage' + - 'hardware.ipmi.node.airflow' + - 'hardware.ipmi.node.cups' + - 'hardware.ipmi.node.cpu_util' + - 'hardware.ipmi.node.mem_util' + - 'hardware.ipmi.node.io_util' + + - resource_type: network + metrics: + - 'bandwidth' + - 'network' + - 'network.create' + - 'network.update' + - 'subnet' + - 'subnet.create' + - 'subnet.update' + - 'port' + - 'port.create' + - 'port.update' + - 'router' + - 'router.create' + - 'router.update' + - 'ip.floating' + - 'ip.floating.create' + - 'ip.floating.update' + + - resource_type: stack + metrics: + - 'stack.create' + - 'stack.update' + - 'stack.delete' + - 'stack.resume' + - 'stack.suspend' + + - resource_type: swift_account + metrics: + - 'storage.objects.incoming.bytes' + - 'storage.objects.outgoing.bytes' + - 'storage.api.request' + - 'storage.objects.size' + - 'storage.objects' + - 'storage.objects.containers' + - 'storage.containers.objects' + - 'storage.containers.objects.size' + + - resource_type: volume + metrics: + - 'volume' + - 'volume.size' + - 'volume.create' + - 'volume.delete' + - 'volume.update' + - 'volume.resize' + - 'volume.attach' + - 'volume.detach' + attributes: + display_name: resource_metadata.display_name diff --git a/templates/osprofiler_event_definitions.yaml.j2 b/templates/osprofiler_event_definitions.yaml.j2 new file mode 100644 index 00000000..d2a87539 --- /dev/null +++ b/templates/osprofiler_event_definitions.yaml.j2 @@ -0,0 +1,31 @@ +--- +- event_type: profiler.* + traits: + project: + fields: payload.project + service: + fields: payload.service + name: + fields: payload.name + base_id: + fields: payload.base_id + trace_id: + fields: payload.trace_id + parent_id: + fields: payload.parent_id + timestamp: + fields: payload.timestamp + host: + fields: payload.info.host + path: + fields: payload.info.request.path + query: + fields: payload.info.request.query + method: + fields: payload.info.request.method + scheme: + fields: payload.info.request.scheme + db.statement: + fields: payload.info.db.statement + db.params: + fields: payload.info.db.params diff --git a/templates/pipeline.yaml.j2 b/templates/pipeline.yaml.j2 index ca1086a7..a5bd5148 100644 --- a/templates/pipeline.yaml.j2 +++ b/templates/pipeline.yaml.j2 @@ -12,6 +12,7 @@ sources: - "cpu" sinks: - cpu_sink + - cpu_delta_sink - name: disk_source interval: 600 meters: @@ -50,6 +51,15 @@ sinks: scale: "100.0 / (10**9 * (resource_metadata.cpu_number or 1))" publishers: - notifier:// + - name: cpu_delta_sink + transformers: + - name: "delta" + parameters: + target: + name: "cpu.delta" + growth_only: True + publishers: + - notifier:// - name: disk_sink transformers: - name: "rate_of_change" @@ -80,4 +90,3 @@ sinks: type: "gauge" publishers: - notifier:// - diff --git a/templates/rootwrap.conf.j2 b/templates/rootwrap.conf.j2 new file mode 100644 index 00000000..cee5c61a --- /dev/null +++ b/templates/rootwrap.conf.j2 @@ -0,0 +1,27 @@ +# Configuration for ceilometer-rootwrap +# This file should be owned by (and only-writeable by) the root user + +[DEFAULT] +# List of directories to load filter definitions from (separated by ','). +# These directories MUST all be only writeable by root ! +filters_path=/etc/ceilometer/rootwrap.d,/usr/share/ceilometer/rootwrap + +# List of directories to search executables in, in case filters do not +# explicitely specify a full path (separated by ',') +# If not specified, defaults to system PATH environment variable. +# These directories MUST all be only writeable by root ! +exec_dirs={{ ceilometer_bin }},/sbin,/usr/sbin,/bin,/usr/bin + +# Enable logging to syslog +# Default value is False +use_syslog=False + +# Which syslog facility to use. +# Valid values include auth, authpriv, syslog, user0, user1... +# Default value is 'syslog' +syslog_log_facility=syslog + +# Which messages to log. +# INFO means log all usage +# ERROR means only log unsuccessful attempts +syslog_log_level=ERROR