diff --git a/doc/source/install-guide/configure-aodh.rst b/doc/source/install-guide/configure-aodh.rst new file mode 100644 index 0000000000..78184a9d36 --- /dev/null +++ b/doc/source/install-guide/configure-aodh.rst @@ -0,0 +1,111 @@ +`Home `_ OpenStack-Ansible Installation Guide + +Configuring the Aodh service (optional) +--------------------------------------------- + +The Alarming services of the Telemetry perform the following functions: + + - Creates an API endpoint for controlling alarms. + + - Alows you to set alarms based on threshold evaluation for a collection of samples. + +Aodh on OSA requires a monogodb backend to be configured prior to running the aodh +playbooks. The connection data will then need to be given in the ``user_variables.yml`` +file(See section Configuring User Data below). + + +Setting up a Mongodb database for Aodh +############################################ + +1. Install the MongoDB package: + + .. code-block:: shell + + apt-get install mongodb-server mongodb-clients python-pymongo + +2. Edit the ``/etc/mongodb.conf`` file and change the bind_ip to the management interface of the node your running this on. + + .. code-block:: shell + + bind_ip = 10.0.0.11 + +3. Edit the ``/etc/mongodb.conf`` file and enable smallfiles + + .. code-block:: shell + + smallfiles = true + +4. Restart the mongodb service + + .. code-block:: shell + + service mongodb restart + +5. Create the aodh database + + .. code-block:: shell + + # mongo --host controller --eval ' + db = db.getSiblingDB("aodh"); + db.addUser({user: "aodh", + pwd: "AODH_DBPASS", + roles: [ "readWrite", "dbAdmin" ]})' + + MongoDB shell version: 2.4.x + connecting to: controller:27017/test + { + "user" : "aodh", + "pwd" : "72f25aeee7ad4be52437d7cd3fc60f6f", + "roles" : [ + "readWrite", + "dbAdmin" + ], + "_id" : ObjectId("5489c22270d7fad1ba631dc3") + } + +NOTE: The ``AODH_DBPASS`` must match the ``aodh_container_db_password`` in the ``/etc/openstack_deploy/user_secrets.yml`` file. This is how ansible knows how to configure the connection string within the aodh configuration files. + +Configuring the hosts +##################### + +Aodh can be configured by specifying the ``metering-alarm_hosts`` directive in the ``/etc/openstack_deploy/conf.d/aodh.yml`` file. Below is the example included in the ``etc/openstack_deploy/conf.d/aodh.yml.example`` file: + +.. code-block:: yaml + + # The infra nodes that the aodh services will run on. + metering-alarm_hosts: + infra1: + ip: 172.20.236.111 + infra2: + ip: 172.20.236.112 + infra3: + ip: 172.20.236.113 + +The ``metering-alarm_hosts`` houses serveral services: + + - An API server (aodh-api). Runs on one or more central management servers to provide access to the alarm information stored in the data store. + + - An alarm evaluator (aodh-evaluator). Runs on one or more central management servers to determine when alarms fire due to the associated statistic trend crossing a threshold over a sliding time window. + + - A notification listener (aodh-listener). Runs on a central management server and fire alarms based on defined rules against event captured by the Telemetry module's notification agents. + + - An alarm notifier (aodh-notifier). Runs on one or more central management servers to allow alarms to be set based on the threshold evaluation for a collection of samples. + +These services communicate by using the OpenStack messaging bus. Only the API server has access to the data store. + + +Configuring the user data +######################### +In addtion to adding these hosts in the ``/etc/openstack_deploy/conf.d/aodh.yml`` file, other configurations must be specified in the ``/etc/openstack_deploy/user_variables.yml`` file. These configurations are listed below, along with a description: + + +The type of database backend aodh will use. Currently only mongodb is supported: +``aodh_db_type: mongodb`` + +The IP address of the MonogoDB host: +``aodh_db_ip: localhost`` + +The port of the Mongodb service: +``aodh_db_port: 27017`` + +Once all of these steps are complete, you are ready to run the os-aodh-install.yml playbook! Or, if deploying a new stack, simply run setup-openstack.yml. The aodh playbooks will run as part of this playbook. diff --git a/doc/source/install-guide/configure-ceilometer.rst b/doc/source/install-guide/configure-ceilometer.rst index f832d92158..c937c23369 100644 --- a/doc/source/install-guide/configure-ceilometer.rst +++ b/doc/source/install-guide/configure-ceilometer.rst @@ -11,9 +11,15 @@ The Telemetry module(Ceilometer) performs the following functions: - Publishes collected data to various targets including data stores and message queues. - - Creates alarms when collected data breaks defined rules. +.. note:: -Ceilometer on OSA requires a monogodb backend to be configured prior to running the ceilometer playbooks. A connection string will then need to be given in the ``user_variables.yml`` file(See section Configuring User Data below). + The alarming functionality was moved to a separate component in Liberty. It will be handled + by the metering-alarm containers through the aodh services. For configuring these services, + please see the Aodh docs. + +Ceilometer on OSA requires a monogodb backend to be configured prior to running the ceilometer +playbooks. The connection data will then need to be given in the ``user_variables.yml`` +file(See section Configuring User Data below). Setting up a Mongodb database for ceilometer @@ -97,10 +103,6 @@ The ``metering-infra_hosts`` houses serveral services: - A collector (ceilometer-collector): Runs on central management server(s) and dispatches collected telemetry data to a data store or external consumer without modification. - - An alarm evaluator (ceilometer-alarm-evaluator): Runs on one or more central management servers to determine when alarms fire due to the associated statistic trend crossing a threshold over a sliding time window. - - - An alarm notifier (ceilometer-alarm-notifier): Runs on one or more central management servers to allow alarms to be set based on the threshold evaluation for a collection of samples. - - An API server (ceilometer-api): Runs on one or more central management servers to provide data access from the data store. diff --git a/etc/openstack_deploy/conf.d/aodh.yml.aio b/etc/openstack_deploy/conf.d/aodh.yml.aio new file mode 100644 index 0000000000..0807144f81 --- /dev/null +++ b/etc/openstack_deploy/conf.d/aodh.yml.aio @@ -0,0 +1,3 @@ +metering-alarm_hosts: + aio1: + ip: 172.29.236.100 diff --git a/etc/openstack_deploy/conf.d/aodh.yml.example b/etc/openstack_deploy/conf.d/aodh.yml.example new file mode 100644 index 0000000000..140dac7bef --- /dev/null +++ b/etc/openstack_deploy/conf.d/aodh.yml.example @@ -0,0 +1,8 @@ +# The infra nodes that will be running the alarming services +metering-alarm_hosts: + infra1: + ip: 172.20.236.111 + infra2: + ip: 172.20.236.112 + infra3: + ip: 172.20.236.113 diff --git a/etc/openstack_deploy/env.d/aodh.yml b/etc/openstack_deploy/env.d/aodh.yml new file mode 100644 index 0000000000..f163419225 --- /dev/null +++ b/etc/openstack_deploy/env.d/aodh.yml @@ -0,0 +1,35 @@ +--- +component_skel: + aodh_api: + belongs_to: + - aodh_all + aodh_listener: + belongs_to: + - aodh_all + aodh_alarm_evaluator: + belongs_to: + - aodh_all + aodh_alarm_notifier: + belongs_to: + - aodh_all + +container_skel: + aodh_container: + belongs_to: + - metering-alarm_containers + contains: + - aodh_api + - aodh_listener + - aodh_alarm_evaluator + - aodh_alarm_notifier + properties: + service_name: aodh + container_release: trusty + +physical_skel: + metering-alarm_containers: + belongs_to: + - all_containers + metering-alarm_hosts: + belongs_to: + - hosts diff --git a/etc/openstack_deploy/env.d/ceilometer.yml b/etc/openstack_deploy/env.d/ceilometer.yml index c4b052baa7..ef379ec88d 100644 --- a/etc/openstack_deploy/env.d/ceilometer.yml +++ b/etc/openstack_deploy/env.d/ceilometer.yml @@ -12,12 +12,6 @@ component_skel: ceilometer_collector: belongs_to: - ceilometer_all - ceilometer_alarm_evaluator: - belongs_to: - - ceilometer_all - ceilometer_alarm_notifier: - belongs_to: - - ceilometer_all ceilometer_api: belongs_to: - ceilometer_all @@ -29,8 +23,6 @@ container_skel: contains: - ceilometer_agent_central - ceilometer_agent_notification - - ceilometer_alarm_evaluator - - ceilometer_alarm_notifier - ceilometer_api properties: service_name: ceilometer diff --git a/etc/openstack_deploy/user_secrets.yml b/etc/openstack_deploy/user_secrets.yml index bf21afb555..a631a2c1df 100644 --- a/etc/openstack_deploy/user_secrets.yml +++ b/etc/openstack_deploy/user_secrets.yml @@ -39,6 +39,11 @@ ceilometer_service_password: ceilometer_telemetry_secret: ceilometer_rabbitmq_password: +## Aodh Options: +aodh_container_db_password: +aodh_service_password: +aodh_rabbitmq_password: + ## Cinder Options cinder_container_mysql_password: cinder_service_password: diff --git a/etc/openstack_deploy/user_variables.yml b/etc/openstack_deploy/user_variables.yml index 782a661ed6..810140916b 100644 --- a/etc/openstack_deploy/user_variables.yml +++ b/etc/openstack_deploy/user_variables.yml @@ -24,6 +24,11 @@ cinder_ceilometer_enabled: False glance_ceilometer_enabled: False nova_ceilometer_enabled: False +## Aodh Options +aodh_db_type: mongodb +aodh_db_ip: localhost +aodh_db_port: 27017 + ## Glance Options # Set glance_default_store to "swift" if using Cloud Files or swift backend # or "rbd" if using ceph backend; the latter will trigger ceph to get diff --git a/playbooks/defaults/repo_packages/openstack_other.yml b/playbooks/defaults/repo_packages/openstack_other.yml index 468ee1c150..af5341fa54 100644 --- a/playbooks/defaults/repo_packages/openstack_other.yml +++ b/playbooks/defaults/repo_packages/openstack_other.yml @@ -31,6 +31,12 @@ tempest_git_install_branch: fda037385c0d5fe001cf097637a160242a25f797 # HEAD of " tempest_git_dest: "/opt/tempest_{{ tempest_git_install_branch | replace('/', '_') }}" +## aodh service +aodh_git_repo: https://git.openstack.org/openstack/aodh +aodh_git_install_branch: 61028410a058224207e296aa18c91eecd0b20ab9 # HEAD of "master" as of Oct 7, 2015. +aodh_git_dest: "/opt/aodh_{{ aodh_git_install_branch | replace('/', '_') }}" + + ## NOVNC from source novncproxy_git_repo: https://github.com/kanaka/novnc novncproxy_git_install_branch: a0e7ab43dca0ce11a713694ee4cf530bd3b17c5a # HEAD of "master" as of 14.10.2015 diff --git a/playbooks/inventory/group_vars/hosts.yml b/playbooks/inventory/group_vars/hosts.yml index c618f4487c..f35b024603 100644 --- a/playbooks/inventory/group_vars/hosts.yml +++ b/playbooks/inventory/group_vars/hosts.yml @@ -83,6 +83,16 @@ dhcp_domain: openstacklocal #openstack_service_adminuri_proto: http #openstack_service_internaluri_proto: http +## Aodh +# DB info +aodh_database_name: aodh +aodh_database_user: aodh +aodh_db_type: mongodb +aodh_db_ip: localhost +aodh_db_port: 27017 +aodh_connection_string: "{{ aodh_db_type }}://{{ aodh_database_user }}:{{ aodh_container_db_password }}@{{ aodh_db_ip }}:{{ aodh_db_port }}/{{ aodh_database_name }}" +aodh_connection_string: "{{ aodh_db_type }}://{{ aodh_database_user }}:{{ aodh_container_db_password }}@{{ aodh_db_ip }}:{{ aodh_db_port }}/{{ aodh_database_name }}" + ## Ceilometer ceilometer_service_port: 8777 diff --git a/playbooks/os-aodh-install.yml b/playbooks/os-aodh-install.yml new file mode 100644 index 0000000000..68f3a277ec --- /dev/null +++ b/playbooks/os-aodh-install.yml @@ -0,0 +1,74 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install the aodh components + hosts: aodh_all + max_fail_percentage: 20 + user: root + pre_tasks: + - name: Use the lxc-openstack aa profile + lxc_container: + name: "{{ container_name }}" + container_config: + - "lxc.aa_profile=lxc-openstack" + register: container_config + delegate_to: "{{ physical_host }}" + when: not is_metal | bool + tags: + - lxc-aa-profile + - name: Wait for container ssh + wait_for: + port: "22" + delay: "{{ ssh_delay }}" + search_regex: "OpenSSH" + host: "{{ ansible_ssh_host }}" + delegate_to: "{{ physical_host }}" + when: container_config is defined and container_config | changed + register: ssh_wait_check + until: ssh_wait_check | success + retries: 3 + tags: + - ssh-wait + - name: Sort the rabbitmq servers + dist_sort: + value_to_lookup: "{{ container_name }}" + ref_list: "{{ groups['metering-alarm_all'] }}" + src_list: "{{ rabbitmq_servers }}" + register: servers + - name: Set rabbitmq servers + set_fact: + rabbitmq_servers: "{{ servers.sorted_list }}" + - name: Create log dir + file: + path: "{{ item.path }}" + state: directory + with_items: + - { path: "/openstack/log/{{ inventory_hostname }}-aodh" } + when: is_metal | bool + tags: + - aodh-logs + - aodh-log-dirs + roles: + - { role: "os_aodh", tags: [ "os-aodh" ] } + - { role: "openstack_openrc", tags: [ "openstack-openrc" ] } + - role: "rsyslog_client" + rsyslog_client_log_rotate_file: aodh_log_rotate + rsyslog_client_log_dir: "/var/log/aodh" + rsyslog_client_config_name: "99-aodh-rsyslog-client.conf" + tags: + - "aodh-rsyslog-client" + vars: + ansible_hostname: "{{ container_name }}" + is_metal: "{{ properties.is_metal|default(false) }}" diff --git a/playbooks/roles/os_aodh/CONTRIBUTING.rst b/playbooks/roles/os_aodh/CONTRIBUTING.rst new file mode 100644 index 0000000000..587887acec --- /dev/null +++ b/playbooks/roles/os_aodh/CONTRIBUTING.rst @@ -0,0 +1,85 @@ +OpenStack aodh +############## +:tags: openstack, aodh, cloud, ansible +:category: \*nix + +contributor guidelines +^^^^^^^^^^^^^^^^^^^^^^ + +Filing Bugs +----------- + +Bugs should be filed on Launchpad, not GitHub: "https://bugs.launchpad.net/openstack-ansible" + + +When submitting a bug, or working on a bug, please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * Steps to reproduce the problem if possible. + + +Submitting Code +--------------- + +Changes to the project should be submitted for review via the Gerrit tool, following +the workflow documented at: "http://docs.openstack.org/infra/manual/developers.html#development-workflow" + +Pull requests submitted through GitHub will be ignored and closed without regard. + + +Extra +----- + +Tags: + If it's a bug that needs fixing in a branch in addition to Master, add a '\-backport-potential' tag (eg ``juno-backport-potential``). There are predefined tags that will autocomplete. + +Status: + Please leave this alone, it should be New till someone triages the issue. + +Importance: + Should only be touched if it is a Blocker/Gating issue. If it is, please set to High, and only use Critical if you have found a bug that can take down whole infrastructures. + + +Style guide +----------- + +When creating tasks and other roles for use in Ansible please create then using the YAML dictionary format. + +Example YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: + thing1: "some-stuff" + thing2: "some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Example **NOT** in YAML dictionary format: + .. code-block:: yaml + + - name: The name of the tasks + module_name: thing1="some-stuff" thing2="some-other-stuff" + tags: + - some-tag + - some-other-tag + + +Usage of the ">" and "|" operators should be limited to Ansible conditionals and command modules such as the ansible ``shell`` module. + + +Issues +------ + +When submitting an issue, or working on an issue please ensure the following criteria are met: + * The description clearly states or describes the original problem or root cause of the problem. + * Include historical information on how the problem was identified. + * Any relevant logs are included. + * If the issue is a bug that needs fixing in a branch other than Master, add the ‘backport potential’ tag TO THE ISSUE (not the PR). + * The provided information should be totally self-contained. External access to web services/sites should not be needed. + * If the issue is needed for a hotfix release, add the 'expedite' label. + * Steps to reproduce the problem if possible. diff --git a/playbooks/roles/os_aodh/LICENSE b/playbooks/roles/os_aodh/LICENSE new file mode 100644 index 0000000000..e06d208186 --- /dev/null +++ b/playbooks/roles/os_aodh/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/playbooks/roles/os_aodh/README.rst b/playbooks/roles/os_aodh/README.rst new file mode 100644 index 0000000000..daeef61f0d --- /dev/null +++ b/playbooks/roles/os_aodh/README.rst @@ -0,0 +1,24 @@ +OpenStack Aodh +############## +:tags: openstack, ceilometer, cloud, ansible, aodh +:category: \*nix + +Role to install aodh as the alarm functionality of Telemetry + +This role will install the following: + * aodh-api + * aodh-listener + * aodh-alarm-evaluator + * aodh-alarm-notifier + +.. code-block:: yaml + + - name: Install aodh services + hosts: aodh_all + user: root + roles: + - { role: "os_aodh", tags: [ "os-aodh" ] } + vars: + external_lb_vip_address: 172.16.24.1 + internal_lb_vip_address: 192.168.0.1 + galera_address: "{{ internal_lb_vip_address }}" diff --git a/playbooks/roles/os_aodh/defaults/main.yml b/playbooks/roles/os_aodh/defaults/main.yml new file mode 100644 index 0000000000..08ba6d681d --- /dev/null +++ b/playbooks/roles/os_aodh/defaults/main.yml @@ -0,0 +1,94 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## Verbosity Options +debug: False +verbose: False + +## System info +aodh_system_user_name: aodh +aodh_system_group_name: aodh +aodh_system_shell: /bin/false +aodh_system_comment: aodh system user +aodh_system_user_home: "/var/lib/{{ aodh_system_user_name }}" + +## DB info +aodh_database_name: aodh +aodh_database_user: aodh +aodh_db_type: mongodb +aodh_db_ip: localhost +aodh_db_port: 27017 +aodh_connection_string: "{{ aodh_db_type }}://{{ aodh_database_user }}:{{ aodh_container_db_password }}@{{ aodh_db_ip }}:{{ aodh_db_port }}/{{ aodh_database_name }}" + +## RabbitMQ info +aodh_rabbitmq_userid: aodh +aodh_rabbitmq_vhost: /aodh + + +#Aodh services info +aodh_role_name: admin + +aodh_alarm_notifier_program_name: aodh-alarm-notifier +aodh_alarm_evaluator_program_name: aodh-alarm-evaluator +aodh_listener_program_name: aodh-listener +aodh_api_program_name: aodh-api + +## Service Type and Data +aodh_service_region: RegionOne +aodh_service_endpoint_type: internalURL +aodh_service_name: aodh +aodh_service_port: 8042 +aodh_service_proto: http +aodh_service_type: alarming +aodh_service_description: "Telemetry" +aodh_service_project_domain_id: default +aodh_service_user_domain_id: default +aodh_service_user_name: aodh +aodh_keystone_auth_plugin: password +aodh_service_tenant_name: service +aodh_service_project_name: service +aodh_service_publicuri: "{{ aodh_service_proto }}://{{ external_lb_vip_address }}:{{ aodh_service_port }}" +aodh_service_publicurl: "{{ aodh_service_publicuri }}" +aodh_service_internaluri: "{{ aodh_service_proto }}://{{ internal_lb_vip_address }}:{{ aodh_service_port }}" +aodh_service_internalurl: "{{ aodh_service_internaluri }}" +aodh_service_adminuri: "{{ aodh_service_proto }}://{{ internal_lb_vip_address }}:{{ aodh_service_port }}" +aodh_service_adminurl: "{{ aodh_service_adminuri }}" + +# Common apt packages +aodh_apt_packages: + - rpcbind + +# Common pip packages +aodh_pip_packages: + - aodh + - python-ceilometerclient + - ceilometermiddleware + - MySQL-python + - python-memcached + - pycrypto + - warlock + - pymongo + +## Service Names +aodh_service_names: + - "aodh-api" + - "aodh-alarm-notifier" + - "aodh-alarm-evaluator" + - "aodh-listener" + +## Tunable overrides +aodh_policy_overrides: {} +aodh_aodh_conf_overrides: {} +aodh_api_paste_ini_overrides: {} diff --git a/playbooks/roles/os_aodh/handlers/main.yml b/playbooks/roles/os_aodh/handlers/main.yml new file mode 100644 index 0000000000..bc9c136ee0 --- /dev/null +++ b/playbooks/roles/os_aodh/handlers/main.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Restart aodh api + service: + name: "{{ aodh_api_program_name }}" + state: "restarted" + pattern: "{{ aodh_api_program_name }}" + +- name: Restart aodh alarm_notifier + service: + name: "{{ aodh_alarm_notifier_program_name }}" + state: "restarted" + pattern: "{{ aodh_alarm_notifier_program_name }}" + +- name: Restart aodh alarm_evaluator + service: + name: "{{ aodh_alarm_evaluator_program_name }}" + state: "restarted" + pattern: "{{ aodh_alarm_evaluator_program_name }}" + +- name: Restart aodh listener + service: + name: "{{ aodh_listener_program_name }}" + state: "restarted" + pattern: "{{ aodh_listener_program_name }}" + +- name: Restart aodh services + service: + name: "{{ item }}" + state: "restarted" + pattern: "{{ item }}" + with_items: aodh_service_names + failed_when: false diff --git a/playbooks/roles/os_aodh/meta/main.yml b/playbooks/roles/os_aodh/meta/main.yml new file mode 100644 index 0000000000..0c45c564e8 --- /dev/null +++ b/playbooks/roles/os_aodh/meta/main.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +galaxy_info: + author: rcbops + description: Installation and setup of aodh + company: Rackspace + license: Apache2 + min_ansible_version: 1.9.2 + platforms: + - name: Ubuntu + versions: + - trusty + categories: + - cloud + - python + - ceilometer + - aodh + - development + - openstack +dependencies: + - apt_package_pinning + - openstack_openrc + - pip_lock_down diff --git a/playbooks/roles/os_aodh/tasks/aodh_install.yml b/playbooks/roles/os_aodh/tasks/aodh_install.yml new file mode 100644 index 0000000000..f4f5e9a01d --- /dev/null +++ b/playbooks/roles/os_aodh/tasks/aodh_install.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: latest + update_cache: yes + cache_valid_time: 600 + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: aodh_apt_packages + tags: + - aodh-apt-packages + + +- name: Install pip packages + pip: + name: "{{ item }}" + state: present + extra_args: "{{ pip_install_options|default('') }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: + - "{{ aodh_pip_packages }}" + tags: + - aodh-pip-packages diff --git a/playbooks/roles/os_aodh/tasks/aodh_messaging_setup.yml b/playbooks/roles/os_aodh/tasks/aodh_messaging_setup.yml new file mode 100644 index 0000000000..ddb2cc2d4c --- /dev/null +++ b/playbooks/roles/os_aodh/tasks/aodh_messaging_setup.yml @@ -0,0 +1,37 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure Rabbitmq vhost + rabbitmq_vhost: + name: "{{ aodh_rabbitmq_vhost }}" + state: "present" + delegate_to: "{{ groups['rabbitmq_all'][0] }}" + tags: + - aodh-rabbitmq + - aodh-rabbitmq-vhost + +- name: Ensure rabbitmq user + rabbitmq_user: + user: "{{ aodh_rabbitmq_userid }}" + password: "{{ aodh_rabbitmq_password }}" + vhost: "{{ aodh_rabbitmq_vhost }}" + configure_priv: ".*" + read_priv: ".*" + write_priv: ".*" + state: "present" + delegate_to: "{{ groups['rabbitmq_all'][0] }}" + tags: + - aodh-rabbitmq + - aodh-rabbitmq-user diff --git a/playbooks/roles/os_aodh/tasks/aodh_post_install.yml b/playbooks/roles/os_aodh/tasks/aodh_post_install.yml new file mode 100644 index 0000000000..9345d573f1 --- /dev/null +++ b/playbooks/roles/os_aodh/tasks/aodh_post_install.yml @@ -0,0 +1,42 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Copy aodh config + config_template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ aodh_system_user_name }}" + group: "{{ aodh_system_group_name }}" + mode: "0644" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + with_items: + - src: "aodh.conf.j2" + dest: "/etc/aodh/aodh.conf" + config_overrides: "{{ aodh_aodh_conf_overrides }}" + config_type: "ini" + - src: "api_paste.ini.j2" + dest: "/etc/aodh/api_paste.ini" + config_overrides: "{{ aodh_api_paste_ini_overrides }}" + config_type: "ini" + - src: "policy.json" + dest: "/etc/aodh/policy.json" + config_overrides: "{{ aodh_policy_overrides }}" + config_type: "json" + notify: Restart aodh services + tags: + - aodh-config + - aodh-post-install + diff --git a/playbooks/roles/os_aodh/tasks/aodh_pre_install.yml b/playbooks/roles/os_aodh/tasks/aodh_pre_install.yml new file mode 100644 index 0000000000..d31aa1460d --- /dev/null +++ b/playbooks/roles/os_aodh/tasks/aodh_pre_install.yml @@ -0,0 +1,82 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create the system group + group: + name: "{{ aodh_system_group_name }}" + state: "present" + system: "yes" + tags: + - aodh-group + +- name: Create the aodh system user + user: + name: "{{ aodh_system_user_name }}" + group: "{{ aodh_system_group_name }}" + comment: "{{ aodh_system_comment }}" + shell: "{{ aodh_system_shell }}" + system: "yes" + createhome: "yes" + home: "{{ aodh_system_user_home }}" + tags: + - aodh-user + +- name: Create aodh dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(aodh_system_user_name) }}" + group: "{{ item.group|default(aodh_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/etc/aodh" } + - { path: "{{ aodh_system_user_home }}" } + - { path: "{{ aodh_system_user_home }}/.ssh", mode: "0700" } + - { path: "/var/cache/aodh", mode: "0700" } + tags: + - aodh-dirs + +- name: Test for log directory or link + shell: | + if [ -h "/var/log/aodh" ]; then + chown -h {{ aodh_system_user_name }}:{{ aodh_system_group_name }} "/var/log/aodh" + chown -R {{ aodh_system_user_name }}:{{ aodh_system_group_name }} "$(readlink /var/log/aodh)" + else + exit 1 + fi + register: log_dir + failed_when: false + changed_when: log_dir.rc != 0 + tags: + - aodh-dirs + - aodh-logs + +- name: Create aodh log dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(aodh_system_user_name) }}" + group: "{{ item.group|default(aodh_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/var/log/aodh" } + when: log_dir.rc != 0 + tags: + - aodh-dirs + - aodh-logs + +- include: aodh_messaging_setup.yml + when: > + inventory_hostname == groups['aodh_api'][0] diff --git a/playbooks/roles/os_aodh/tasks/aodh_service_add.yml b/playbooks/roles/os_aodh/tasks/aodh_service_add.yml new file mode 100644 index 0000000000..31761a4c98 --- /dev/null +++ b/playbooks/roles/os_aodh/tasks/aodh_service_add.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure aodh service + keystone: + command: "ensure_service" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + description: "{{ service_description }}" + register: add_service + until: add_service|success + retries: 5 + delay: 2 + tags: + - aodh-setup + - aodh-service-add + +- name: Ensure aodh user + keystone: + command: "ensure_user" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ service_user_name }}" + tenant_name: "{{ service_tenant_name }}" + role_name: "{{ role_name }}" + password: "{{ aodh_service_password }}" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - aodh-setup + - aodh-service-add + +- name: Ensure aodh user to admin role + keystone: + command: "ensure_user_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ aodh_service_user_name }}" + tenant_name: "{{ aodh_service_project_name }}" + role_name: "{{ aodh_role_name }}" + register: add_admin_role + until: add_admin_role|success + retries: 5 + delay: 10 + tags: + - aodh-api-setup + - aodh-service-add + - aodh-setup + + +# Create an endpoint +- name: Ensure aodh endpoint + keystone: + command: "ensure_endpoint" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + region_name: "{{ service_region }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + endpoint_list: + - url: "{{ service_publicurl }}" + interface: "public" + - url: "{{ service_adminurl }}" + interface: "admin" + - url: "{{ service_internalurl }}" + interface: "internal" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - aodh-setup + - aodh-service-add diff --git a/playbooks/roles/os_aodh/tasks/aodh_service_setup.yml b/playbooks/roles/os_aodh/tasks/aodh_service_setup.yml new file mode 100644 index 0000000000..b0f0d98132 --- /dev/null +++ b/playbooks/roles/os_aodh/tasks/aodh_service_setup.yml @@ -0,0 +1,30 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: aodh_service_add.yml + vars: + service_user_name: "{{ aodh_service_user_name }}" + service_tenant_name: "{{ aodh_service_tenant_name }}" + service_name: "{{ aodh_service_name }}" + service_type: "{{ aodh_service_type }}" + service_region: "{{aodh_service_region }}" + service_description: "{{ aodh_service_description }}" + service_password: "{{ aodh_service_password }}" + service_internalurl: "{{ aodh_service_internalurl }}" + service_publicurl: "{{ aodh_service_publicurl }}" + service_adminurl: "{{ aodh_service_adminurl }}" + role_name: "{{ aodh_role_name }}" + tags: + - aodh-add-service diff --git a/playbooks/roles/os_aodh/tasks/aodh_upstart_common_init.yml b/playbooks/roles/os_aodh/tasks/aodh_upstart_common_init.yml new file mode 100644 index 0000000000..c05ab025ab --- /dev/null +++ b/playbooks/roles/os_aodh/tasks/aodh_upstart_common_init.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Place the init script + template: + src: "aodh-upstart-init.j2" + dest: "/etc/init/{{ program_name }}.conf" + mode: "0644" + owner: "root" + group: "root" + notify: + - Restart aodh services + tags: + - upstart-init + - aodh-init + +- name: Reload init scripts + shell: | + initctl reload-configuration + notify: + - Restart aodh services + tags: + - upstart-init + - aodh-init + +- name: Load service + service: + name: "{{ program_name }}" + enabled: "yes" + notify: + - Restart aodh services + tags: + - upstart-init + - aodh-init diff --git a/playbooks/roles/os_aodh/tasks/aodh_upstart_init.yml b/playbooks/roles/os_aodh/tasks/aodh_upstart_init.yml new file mode 100644 index 0000000000..f53eb7939c --- /dev/null +++ b/playbooks/roles/os_aodh/tasks/aodh_upstart_init.yml @@ -0,0 +1,58 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: aodh_upstart_common_init.yml + vars: + program_name: "{{ aodh_alarm_notifier_program_name }}" + service_name: "{{ aodh_service_name }}" + system_user: "{{ aodh_system_user_name }}" + system_group: "{{ aodh_system_group_name }}" + service_home: "{{ aodh_system_user_home }}" + when: inventory_hostname in groups['aodh_alarm_notifier'] + tags: + - aodh-alarm-notifier-init + +- include: aodh_upstart_common_init.yml + vars: + program_name: "{{ aodh_alarm_evaluator_program_name }}" + service_name: "{{ aodh_service_name }}" + system_user: "{{ aodh_system_user_name }}" + system_group: "{{ aodh_system_group_name }}" + service_home: "{{ aodh_system_user_home }}" + when: inventory_hostname in groups['aodh_alarm_evaluator'] + tags: + - aodh-alarm-evaluator-init + +- include: aodh_upstart_common_init.yml + vars: + program_name: "{{ aodh_api_program_name }}" + service_name: "{{ aodh_service_name }}" + system_user: "{{ aodh_system_user_name }}" + system_group: "{{ aodh_system_group_name }}" + service_home: "{{ aodh_system_user_home }}" + when: inventory_hostname in groups['aodh_api'] + tags: + - aodh-api-init + +- include: aodh_upstart_common_init.yml + vars: + program_name: "{{ aodh_listener_program_name }}" + service_name: "{{ aodh_service_name }}" + system_user: "{{ aodh_system_user_name }}" + system_group: "{{ aodh_system_group_name }}" + service_home: "{{ aodh_system_user_home }}" + when: inventory_hostname in groups['aodh_listener'] + tags: + - aodh-listener-init diff --git a/playbooks/roles/os_aodh/tasks/main.yml b/playbooks/roles/os_aodh/tasks/main.yml new file mode 100644 index 0000000000..96a33e660c --- /dev/null +++ b/playbooks/roles/os_aodh/tasks/main.yml @@ -0,0 +1,23 @@ +--- +# Copyright 2015, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: aodh_pre_install.yml +- include: aodh_install.yml +- include: aodh_post_install.yml +- include: aodh_upstart_init.yml + +- include: aodh_service_setup.yml + when: > + inventory_hostname == groups['aodh_api'][0] diff --git a/playbooks/roles/os_aodh/templates/aodh-upstart-init.j2 b/playbooks/roles/os_aodh/templates/aodh-upstart-init.j2 new file mode 100644 index 0000000000..9455552fd5 --- /dev/null +++ b/playbooks/roles/os_aodh/templates/aodh-upstart-init.j2 @@ -0,0 +1,42 @@ +# {{ ansible_managed }} + +# vim:set ft=upstart ts=2 et: + +description "{{ program_name }}" +author "Kevin Carter " + +start on runlevel [2345] +stop on runlelvel [016] + +respawn +respawn limit 10 5 + +# Set the RUNBIN environment variable +env RUNBIN="/usr/local/bin/{{ program_name }}" + +# Change directory to service users home +chdir "{{ service_home }}" + +# Pre start actions +pre-start script + mkdir -p "/var/run/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/run/{{ program_name }}" + + mkdir -p "/var/lock/{{ program_name }}" + chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}" +end script + +# Post stop actions +post-stop script + rm "/var/run/{{ program_name }}/{{ program_name }}.pid" +end script + +# Run the start up job +exec start-stop-daemon --start \ + --chuid {{ system_user }} \ + --make-pidfile \ + --pidfile /var/run/{{ program_name }}/{{ program_name }}.pid \ + --exec "{{ program_override|default('$RUNBIN') }}" \ + -- {{ program_config_options|default('') }} \ + --log-file=/var/log/{{ service_name }}/{{ program_name }}.log + diff --git a/playbooks/roles/os_aodh/templates/aodh.conf.j2 b/playbooks/roles/os_aodh/templates/aodh.conf.j2 new file mode 100644 index 0000000000..4bca3adbef --- /dev/null +++ b/playbooks/roles/os_aodh/templates/aodh.conf.j2 @@ -0,0 +1,53 @@ +#{{ ansible_managed}} + +[DEFAULT] +auth_strategy = keystone +rpc_backend = rabbit +verbose = {{ verbose }} +debug = {{ debug }} + +[oslo_messaging_rabbit] +rpc_backend = rabbit +rabbit_port = {{ rabbitmq_port }} +rabbit_userid = {{ aodh_rabbitmq_userid }} +rabbit_password = {{ aodh_rabbitmq_password }} +rabbit_virtual_host = {{ aodh_rabbitmq_vhost }} +rabbit_hosts = {{ rabbitmq_servers }} + +[api] +port = {{ aodh_service_port }} + +[database] +connection = {{ aodh_connection_string }} + +[keystone_authtoken] +insecure = {{ keystone_service_internaluri_insecure | bool }} +auth_plugin = {{ aodh_keystone_auth_plugin }} +signing_dir = {{ aodh_system_user_home }}/cache/api +auth_url = {{ keystone_service_adminuri }} +auth_uri = {{ keystone_service_internaluri }} +project_domain_id = {{ aodh_service_project_domain_id }} +user_domain_id = {{ aodh_service_user_domain_id }} +project_name = {{ aodh_service_project_name }} +username = {{ aodh_service_user_name }} +password = {{ aodh_service_password }} + +memcached_servers = {{ memcached_servers }} + +token_cache_time = 300 +revocation_cache_time = 60 + +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_encryption_key }} + +# if your keystone deployment uses PKI, and you value security over performance: +check_revocations_for_cached = False + +[service_credentials] +os_auth_url = {{ keystone_service_internalurl }} +os_username = {{ aodh_service_user_name }} +os_tenant_name = {{ aodh_service_tenant_name }} +os_password = {{ aodh_service_password }} +os_region_name = {{ aodh_service_region }} +os_endpoint_type = {{ aodh_service_endpoint_type }} diff --git a/playbooks/roles/os_aodh/templates/api_paste.ini.j2 b/playbooks/roles/os_aodh/templates/api_paste.ini.j2 new file mode 100644 index 0000000000..4611f6268a --- /dev/null +++ b/playbooks/roles/os_aodh/templates/api_paste.ini.j2 @@ -0,0 +1,18 @@ +# aodh API WSGI Pipeline +# Define the filters that make up the pipeline for processing WSGI requests +# Note: This pipeline is PasteDeploy's term rather than aodh's pipeline +# used for processing samples + +# Remove authtoken from the pipeline if you don't want to use keystone authentication +[pipeline:main] +pipeline = request_id authtoken api-server + +[app:api-server] +paste.app_factory = aodh.api.app:app_factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory +oslo_config_project = aodh + +[filter:request_id] +paste.filter_factory = oslo_middleware:RequestId.factory diff --git a/playbooks/roles/os_aodh/templates/policy.json b/playbooks/roles/os_aodh/templates/policy.json new file mode 100644 index 0000000000..4950c516f5 --- /dev/null +++ b/playbooks/roles/os_aodh/templates/policy.json @@ -0,0 +1,21 @@ +{ + "context_is_admin": "role:admin", + "context_is_project": "project_id:%(target.project_id)s", + "context_is_owner": "user_id:%(target.user_id)s", + "segregation": "rule:context_is_admin", + "service_role": "role:service", + "iaas_role": "role:iaas", + + "telemetry:get_alarm": "rule:context_is_admin", + "telemetry:query_alarm": "rule:context_is_admin", + "telemetry:get_alarm_state": "rule:context_is_admin", + "telemetry:get_alarms": "rule:context_is_admin", + "telemetry:create_alarm": "rule:context_is_admin", + "telemetry:set_alarm": "rule:context_is_admin", + "telemetry:delete_alarm": "rule:context_is_admin", + + "telemetry:alarm_history": "rule:context_is_admin", + "telemetry:change_alarm_state": "rule:context_is_admin", + "telemetry:query_alarm_history": "rule:context_is_admin" +} + diff --git a/playbooks/roles/os_ceilometer/defaults/main.yml b/playbooks/roles/os_ceilometer/defaults/main.yml index 15a37c6871..6bc23b9696 100644 --- a/playbooks/roles/os_ceilometer/defaults/main.yml +++ b/playbooks/roles/os_ceilometer/defaults/main.yml @@ -13,9 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Defines that the role will be deployed on a host machine -is_metal: true - ## Verbosity Options debug: False verbose: True @@ -55,12 +52,9 @@ ceilometer_rabbitmq_vhost: /ceilometer #Ceilometer services info ceilometer_role_name: admin -ceilometer_api_host_address: 0.0.0.0 -ceilometer_api_service_port: 8777 + ceilometer_collector_program_name: ceilometer-collector ceilometer_compute_program_name: ceilometer-agent-compute -ceilometer_alarm_notifier_program_name: ceilometer-alarm-notifier -ceilometer_alarm_evaluator_program_name: ceilometer-alarm-evaluator ceilometer_api_program_name: ceilometer-api ceilometer_agent_notification_program_name: ceilometer-agent-notification ceilometer_agent_central_program_name: ceilometer-agent-central @@ -109,8 +103,6 @@ ceilometer_pip_packages: ## Service Names ceilometer_service_names: - "ceilometer-api" - - "ceilometer-alarm-notifier" - - "ceilometer-alarm-evaluator" - "ceilometer-collector" - "ceilometer-agent-notification" - "ceilometer-agent-central" @@ -124,4 +116,3 @@ ceilometer_api_paste_ini_overrides: {} ceilometer_event_definitions_yaml_overrides: {} ceilometer_event_pipeline_yaml_overrides: {} ceilometer_pipeline_yaml_overrides: {} - diff --git a/playbooks/roles/os_ceilometer/handlers/main.yml b/playbooks/roles/os_ceilometer/handlers/main.yml index 3c9d0bfa08..f392cf88ce 100644 --- a/playbooks/roles/os_ceilometer/handlers/main.yml +++ b/playbooks/roles/os_ceilometer/handlers/main.yml @@ -32,18 +32,6 @@ state: "restarted" pattern: "{{ ceilometer_compute_program_name }}" -- name: Restart ceilometer alarm_notifier - service: - name: "{{ ceilometer_alarm_notifier_program_name }}" - state: "restarted" - pattern: "{{ ceilometer_alarm_notifier_program_name }}" - -- name: Restart ceilometer alarm_evaluator - service: - name: "{{ ceilometer_alarm_evaluator_program_name }}" - state: "restarted" - pattern: "{{ ceilometer_alarm_evaluator_program_name }}" - - name: Restart ceilometer agent_notification service: name: "{{ ceilometer_agent_notification_program_name }}" diff --git a/playbooks/roles/os_ceilometer/tasks/ceilometer_upstart_init.yml b/playbooks/roles/os_ceilometer/tasks/ceilometer_upstart_init.yml index 69034f3ba8..6332cf7d59 100644 --- a/playbooks/roles/os_ceilometer/tasks/ceilometer_upstart_init.yml +++ b/playbooks/roles/os_ceilometer/tasks/ceilometer_upstart_init.yml @@ -13,28 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: ceilometer_upstart_common_init.yml - vars: - program_name: "{{ ceilometer_alarm_notifier_program_name }}" - service_name: "{{ ceilometer_service_name }}" - system_user: "{{ ceilometer_system_user_name }}" - system_group: "{{ ceilometer_system_group_name }}" - service_home: "{{ ceilometer_system_user_home }}" - when: inventory_hostname in groups['ceilometer_alarm_notifier'] - tags: - - ceilometer-alarm-notifier-init - -- include: ceilometer_upstart_common_init.yml - vars: - program_name: "{{ ceilometer_alarm_evaluator_program_name }}" - service_name: "{{ ceilometer_service_name }}" - system_user: "{{ ceilometer_system_user_name }}" - system_group: "{{ ceilometer_system_group_name }}" - service_home: "{{ ceilometer_system_user_home }}" - when: inventory_hostname in groups['ceilometer_alarm_evaluator'] - tags: - - ceilometer-alarm-evaluator-init - - include: ceilometer_upstart_common_init.yml vars: program_name: "{{ ceilometer_api_program_name }}" diff --git a/playbooks/roles/os_ceilometer/templates/ceilometer.conf.j2 b/playbooks/roles/os_ceilometer/templates/ceilometer.conf.j2 index 704261f420..e7517fc8a2 100644 --- a/playbooks/roles/os_ceilometer/templates/ceilometer.conf.j2 +++ b/playbooks/roles/os_ceilometer/templates/ceilometer.conf.j2 @@ -23,7 +23,7 @@ port = 8777 [database] metering_connection = {{ ceilometer_connection_string }} event_connection = {{ ceilometer_connection_string }} -alarm_connection = {{ ceilometer_connection_string }} +alarm_connection = {{ aodh_connection_string }} [keystone_authtoken] signing_dir = /var/cache/ceilometer diff --git a/playbooks/setup-openstack.yml b/playbooks/setup-openstack.yml index ed25582176..3aee004b27 100644 --- a/playbooks/setup-openstack.yml +++ b/playbooks/setup-openstack.yml @@ -21,4 +21,5 @@ - include: os-heat-install.yml - include: os-horizon-install.yml - include: os-ceilometer-install.yml +- include: os-aodh-install.yml - include: os-swift-install.yml diff --git a/playbooks/vars/configs/haproxy_config.yml b/playbooks/vars/configs/haproxy_config.yml index 30f11d4e3c..6687ff3c9b 100644 --- a/playbooks/vars/configs/haproxy_config.yml +++ b/playbooks/vars/configs/haproxy_config.yml @@ -180,3 +180,8 @@ haproxy_service_configs: haproxy_backend_nodes: "{{ groups['ceilometer_api_container'] }}" haproxy_port: 8777 haproxy_balance_type: http + - service: + haproxy_service_name: aodh_api + haproxy_backend_nodes: "{{ groups['metering-alarm_all'] }}" + haproxy_port: 8042 + haproxy_balance_type: http diff --git a/scripts/bootstrap-aio.sh b/scripts/bootstrap-aio.sh index 8db8660fb2..1a379fec65 100755 --- a/scripts/bootstrap-aio.sh +++ b/scripts/bootstrap-aio.sh @@ -317,15 +317,24 @@ if [ ${DEPLOY_CEILOMETER} == "yes" ]; then mongo --host $MONGO_HOST --eval ' ' && break sleep 5 done - #Adding the ceilometer database + # Adding the ceilometer database mongo --host $MONGO_HOST --eval ' db = db.getSiblingDB("ceilometer"); db.addUser({user: "ceilometer", pwd: "ceilometer", roles: [ "readWrite", "dbAdmin" ]})' + # Adding the aodh alarm database + mongo --host $MONGO_HOST --eval ' + db = db.getSiblingDB("aodh"); + db.addUser({user: "aodh", + pwd: "aodh", + roles: [ "readWrite", "dbAdmin" ]})' + # change the generated passwords for mongodb access sed -i "s/ceilometer_container_db_password:.*/ceilometer_container_db_password: ceilometer/" /etc/openstack_deploy/user_secrets.yml + sed -i "s/aodh_container_db_password:.*/aodh_container_db_password: aodh/" /etc/openstack_deploy/user_secrets.yml + sed -i "s/aodh_db_ip:.*/aodh_db_ip: ${MONGO_HOST}/" /etc/openstack_deploy/user_variables.yml # Change the Ceilometer user variables necessary for deployment sed -i "s/ceilometer_db_ip:.*/ceilometer_db_ip: ${MONGO_HOST}/" /etc/openstack_deploy/user_variables.yml # Enable Ceilometer for Swift diff --git a/scripts/run-playbooks.sh b/scripts/run-playbooks.sh index 70a20dc42e..e5c9dd0dc5 100755 --- a/scripts/run-playbooks.sh +++ b/scripts/run-playbooks.sh @@ -169,6 +169,7 @@ pushd "playbooks" # role if [ "${DEPLOY_CEILOMETER}" == "yes" ]; then install_bits os-ceilometer-install.yml + install_bits os-aodh-install.yml fi if [ "${DEPLOY_SWIFT}" == "yes" ]; then