8e8efcfb3a
When collectd sensubility is enabled, the collectd requires access to /run/podman. This change adds a separate container to update ACL of the path before starting the collectd container. Closes-Bug: #1987641 Change-Id: I6dd514a5e52c01562645011a51afa989a60e0f93
669 lines
27 KiB
YAML
669 lines
27 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
Containerized collectd service
|
|
|
|
parameters:
|
|
ContainerCollectdImage:
|
|
description: image
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
ContainerCollectdConfigImage:
|
|
description: The container image to use for the collectd config_volume
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
KeystoneRegion:
|
|
type: string
|
|
description: Keystone region for endpoint
|
|
default: 'regionOne'
|
|
MetricsQdrPort:
|
|
default: 5666
|
|
description: Service name or port number on which the qdrouterd will accept
|
|
connections.
|
|
type: number
|
|
MetricsQdrUsername:
|
|
default: 'guest'
|
|
description: Username which should be used to authenticate to the deployed
|
|
qdrouterd.
|
|
type: string
|
|
MetricsQdrPassword:
|
|
default: 'guest'
|
|
description: Password which should be used to authenticate to the deployed
|
|
qdrouterd.
|
|
type: string
|
|
hidden: true
|
|
MonitoringSubscriptionCollectd:
|
|
default: 'overcloud-collectd'
|
|
type: string
|
|
CollectdConnectionType:
|
|
default: 'amqp1'
|
|
description: Define which write plugin should collectd use. Currently
|
|
supported are 'amqp1' and 'network'.
|
|
type: string
|
|
CollectdDefaultPollingInterval:
|
|
default: 120
|
|
type: number
|
|
description: >
|
|
Controls how often registered read functions are called and with that
|
|
the resolution of the collected data. This value can be overridden per
|
|
plugin(per role) by setting "::collectd::plugin::<plugin_name>::interval"
|
|
key in ExtraConfig(<role_name>ExtraConfig) if using puppet, and by
|
|
setting "collectd_plugin_<plugin_name>_interval" in
|
|
<role_name>ExtraConfig/CollectdVars if using ansible.
|
|
CollectdDefaultPlugins:
|
|
default:
|
|
- cpu
|
|
- df
|
|
- disk
|
|
- hugepages
|
|
- interface
|
|
- load
|
|
- memory
|
|
- unixsock
|
|
- uptime
|
|
type: comma_delimited_list
|
|
description: >
|
|
List of collectd plugins to activate on all overcloud hosts. See
|
|
the documentation for the puppet-collectd module for a list plugins
|
|
supported by the module (https://github.com/voxpupuli/puppet-collectd).
|
|
Set this key to override the default list of plugins. Use
|
|
CollectdExtraPlugins if you want to load additional plugins without
|
|
overriding the defaults.
|
|
CollectdExtraPlugins:
|
|
default: []
|
|
type: comma_delimited_list
|
|
description: >
|
|
List of collectd plugins to activate on all overcloud hosts. See
|
|
the documentation for the puppet-collectd module for a list plugins
|
|
supported by the module (https://github.com/voxpupuli/puppet-collectd).
|
|
Set this key to load plugins in addition to those in
|
|
CollectdDefaultPlugins.
|
|
CollectdServer:
|
|
type: string
|
|
description: >
|
|
Address of remote collectd server to which we will send
|
|
metrics.
|
|
default: ''
|
|
CollectdServerPort:
|
|
type: number
|
|
default: 25826
|
|
description: >
|
|
Port on remote collectd server to which we will send
|
|
metrics.
|
|
CollectdUsername:
|
|
type: string
|
|
description: >
|
|
Username for authenticating to the remote collectd server. The default
|
|
is to not configure any authentication.
|
|
default: ''
|
|
CollectdPassword:
|
|
type: string
|
|
hidden: true
|
|
description: >
|
|
Password for authenticating to the remote collectd server. The
|
|
default is to not configure any authentication.
|
|
default: ''
|
|
CollectdSecurityLevel:
|
|
type: string
|
|
description: >
|
|
Security level setting for remote collectd connection. If it is
|
|
set to Sign or Encrypt the CollectdPassword and CollectdUsername
|
|
parameters need to be set.
|
|
default: 'None'
|
|
constraints:
|
|
- allowed_values:
|
|
- None
|
|
- Sign
|
|
- Encrypt
|
|
EnableSQLAlchemyCollectd:
|
|
type: boolean
|
|
description: >
|
|
Set to true to enable the SQLAlchemy-collectd server plugin
|
|
default: false
|
|
CollectdSQLAlchemyLogMessages:
|
|
type: string
|
|
description: set to "debug" to enable message logging.
|
|
default: 'info'
|
|
CollectdSQLAlchemyBindHost:
|
|
type: string
|
|
description: >
|
|
hostname for SQLAlchemy-collectd plugin to bind on. defaults
|
|
to localhost.
|
|
default: 'localhost'
|
|
CollectdAmqpHost:
|
|
type: string
|
|
description: Hostname or IP address of the AMQP 1.0 intermediary.
|
|
default: nil
|
|
CollectdAmqpPort:
|
|
type: number
|
|
description: >
|
|
Service name or port number on which the AMQP 1.0 intermediary accepts
|
|
connections. This argument must be a string, even if the numeric form
|
|
is used.
|
|
default: 5666
|
|
CollectdAmqpUser:
|
|
type: string
|
|
description: >
|
|
User part of credentials used to authenticate to the AMQP 1.0 intermediary.
|
|
default: guest
|
|
CollectdAmqpPassword:
|
|
type: string
|
|
description: >
|
|
Password part of credentials used to authenticate to the AMQP 1.0 intermediary.
|
|
default: guest
|
|
hidden: true
|
|
CollectdAmqpTransportName:
|
|
type: string
|
|
description: Name of the AMQP 1.0 transport.
|
|
default: metrics
|
|
CollectdAmqpAddress:
|
|
type: string
|
|
description: >
|
|
This option specifies the prefix for the send-to value in the message.
|
|
default: collectd
|
|
CollectdAmqpInstances:
|
|
type: json
|
|
description: >
|
|
Hash of hashes. Each inner hash represent Instance block in plugin
|
|
configuration file. Key of outer hash represents instance name.
|
|
The 'address' value concatenated with the 'name' given will be used
|
|
as the send-to address for communications over the messaging link.
|
|
default: {}
|
|
CollectdAmqpRetryDelay:
|
|
type: number
|
|
description: >
|
|
When the AMQP 1.0 connection is lost, defines the time in seconds to wait
|
|
before attempting to reconnect.
|
|
default: 1
|
|
CollectdAmqpInterval:
|
|
type: number
|
|
description: >
|
|
Interval on which metrics should be sent to AMQP intermediary. If not set
|
|
the default for all collectd plugins is used.
|
|
default: -666
|
|
CollectdAmqpSendQueueLimit:
|
|
type: number
|
|
description: >
|
|
Number of data sets to be kept in memory, older sets will be discarded,
|
|
if set to -1, this feature is disabled.
|
|
default: -1
|
|
CollectdEnableSensubility:
|
|
type: boolean
|
|
description: Set to true if sensubility should be executed by exec plugin.
|
|
default: false
|
|
CollectdSensubilityExecSudoRule:
|
|
type: string
|
|
description: >
|
|
Given rule will be created in /etc/sudoers.d for sensubility to enable it calling
|
|
restricted commands via sensubility executor.
|
|
default: ''
|
|
CollectdSensubilityLogLevel:
|
|
type: string
|
|
description: Use for override the default logging level (WARNING).
|
|
default: WARNING
|
|
CollectdSensubilityConnection:
|
|
type: string
|
|
description: URL to Sensu sever side
|
|
default: amqp://sensu:sensu@localhost:5672//sensu
|
|
CollectdSensubilityKeepaliveInterval:
|
|
type: number
|
|
description: Interval in seconds for sending keepalive messages to Sensu server side.
|
|
default: 20
|
|
CollectdSensubilityTmpDir:
|
|
type: string
|
|
description: Path to temporary directory which is used for creation of check scripts.
|
|
default: /var/tmp/collectd-sensubility-checks
|
|
CollectdSensubilityShellPath:
|
|
type: string
|
|
description: Path to shell used for executing check scripts.
|
|
default: /usr/bin/sh
|
|
CollectdSensubilityWorkerCount:
|
|
type: number
|
|
description: Number of goroutines spawned for executing check scripts.
|
|
default: 2
|
|
CollectdSensubilityChecks:
|
|
type: json
|
|
description: JSON formatted definition of standalone checks to be scheduled on client side.
|
|
default: {}
|
|
CollectdSensubilityTransport:
|
|
type: string
|
|
description: Bus type for sent data. Options are 'sensu' (rabbitmq) and 'amqp1'
|
|
default: sensu
|
|
CollectdSensubilityResultsChannel:
|
|
type: string
|
|
description: AMQP1 channel address
|
|
default: collectd/notify
|
|
CollectdSensubilityScripts:
|
|
type: json
|
|
description: |
|
|
Hash of scripts for download for sensubility usage. The hash has to be in following format:
|
|
{"script-name": {"source": "<http URI to download script>", "checksum": "<md5sum of the script file>",
|
|
"create_bin_link": true/false <creates /usr/bin/sensubility_script-name if true which is default>}}
|
|
default: {}
|
|
CollectdEnableContainerHealthCheck:
|
|
type: boolean
|
|
description: >
|
|
Set to false if container health check should not be defined and attached
|
|
to CollectdEnableContainerHealthCheck.
|
|
default: true
|
|
CollectdContainerHealthCheckCommand:
|
|
type: string
|
|
default: /scripts/collectd_check_health.py
|
|
CollectdContainerHealthCheckInterval:
|
|
type: number
|
|
description: The frequency in seconds the docker health check is executed.
|
|
default: 10
|
|
CollectdContainerHealthCheckHandlers:
|
|
default: []
|
|
description: The Sensu event handler to use for events created by the docker health check.
|
|
type: comma_delimited_list
|
|
CollectdContainerHealthCheckOccurrences:
|
|
type: number
|
|
description: The number of event occurrences before sensu-plugin-aware handler should take action.
|
|
default: 3
|
|
CollectdContainerHealthCheckRefresh:
|
|
type: number
|
|
description: The number of seconds sensu-plugin-aware handlers should wait before taking second action.
|
|
default: 90
|
|
EnableSTF:
|
|
type: boolean
|
|
description: Set to true to enable configuration for STF client.
|
|
default: false
|
|
CollectdEnableMcelog:
|
|
type: boolean
|
|
description: Set to true to enable mcelog
|
|
default: false
|
|
CollectdEnableLibpodstats:
|
|
type: boolean
|
|
description: Set to true if collectd should run the libpodstats plugin
|
|
default: false
|
|
CollectdContainerAdditionalCapAdd:
|
|
type: comma_delimited_list
|
|
description: Additional container capabilities to add to the collectd container.
|
|
By default is appended to IPC_LOCK.
|
|
default: []
|
|
CollectdLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: collectd
|
|
file: /var/log/containers/collectd/collectd.log
|
|
|
|
|
|
conditions:
|
|
amqp_connection:
|
|
equals: [{get_param: CollectdConnectionType}, 'amqp1']
|
|
amqp_connection_set:
|
|
not: {equals: [{get_param: CollectdAmqpHost}, nil]}
|
|
amqp_interval_set:
|
|
not: {equals: [{get_param: CollectdAmqpInterval}, -666]}
|
|
amqp_send_queue_limit_set:
|
|
not: {equals: [{get_param: CollectdAmqpSendQueueLimit}, -1]}
|
|
collectd_connection:
|
|
equals: [{get_param: CollectdConnectionType}, 'network']
|
|
sensubility_needs_sudo:
|
|
not:
|
|
equals: [{get_param: CollectdSensubilityExecSudoRule}, '']
|
|
enable_libpodstats:
|
|
equals: [{get_param: CollectdEnableLibpodstats}, true]
|
|
|
|
resources:
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
RoleParametersValue:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_replace:
|
|
- map_replace:
|
|
- ContainerCollectdImage: ContainerCollectdImage
|
|
ContainerCollectdConfigImage: ContainerCollectdConfigImage
|
|
- values: {get_param: [RoleParameters]}
|
|
- values:
|
|
ContainerCollectdImage: {get_param: ContainerCollectdImage}
|
|
ContainerCollectdConfigImage: {get_param: ContainerCollectdConfigImage}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the collectd role.
|
|
value:
|
|
service_name: collectd
|
|
config_settings:
|
|
map_merge:
|
|
- tripleo::profile::base::metrics::collectd::enable_file_logging: true
|
|
collectd::plugin::logfile::log_file: /var/log/collectd/collectd.log
|
|
collectd::manage_repo: false
|
|
collectd::purge: true
|
|
collectd::recurse: true
|
|
collectd::purge_config: true
|
|
collectd::minimum_version: "5.7"
|
|
collectd::interval: {get_param: CollectdDefaultPollingInterval}
|
|
collectd::plugin::unixsock::socketgroup: root
|
|
collectd::plugin::unixsock::socketfile: /run/collectd-socket
|
|
collectd::plugin::unixsock::deletesocket: true
|
|
collectd::plugin::cpu::reportbycpu: true
|
|
collectd::plugin::cpu::reportbystate: true
|
|
collectd::plugin::cpu::reportnumcpu: false
|
|
collectd::plugin::cpu::valuespercentage: true
|
|
collectd::plugin::df::ignoreselected: true
|
|
collectd::plugin::df::reportbydevice: true
|
|
collectd::plugin::df::fstypes: ['xfs']
|
|
collectd::plugin::load::reportrelative: true
|
|
collectd::plugin::virt::connection: "qemu:///system"
|
|
collectd::plugin::virt::extra_stats:
|
|
list_join:
|
|
- ' '
|
|
- - 'pcpu'
|
|
- 'cpu_util'
|
|
- 'vcpupin'
|
|
- 'vcpu'
|
|
- 'memory'
|
|
- 'disk'
|
|
- 'disk_err'
|
|
- 'disk_allocation'
|
|
- 'disk_capacity'
|
|
- 'disk_physical'
|
|
- 'domain_state'
|
|
- 'job_stats_background'
|
|
- 'perf'
|
|
collectd::plugin::virt::hostname_format: "hostname"
|
|
tripleo.collectd.plugins.collectd:
|
|
list_concat_unique:
|
|
- {get_param: CollectdDefaultPlugins}
|
|
- if:
|
|
- {get_param: EnableSTF}
|
|
- - cpu
|
|
- df
|
|
- load
|
|
- connectivity
|
|
- intel_rdt
|
|
- ipmi
|
|
- procevent
|
|
- {get_param: CollectdExtraPlugins}
|
|
- if: # Collectd connected to QDR
|
|
- amqp_connection
|
|
- map_merge:
|
|
- tripleo::profile::base::metrics::collectd::amqp_transport_name:
|
|
get_param: CollectdAmqpTransportName
|
|
tripleo::profile::base::metrics::collectd::amqp_address:
|
|
get_param: CollectdAmqpAddress
|
|
tripleo::profile::base::metrics::collectd::amqp_instances:
|
|
get_param: CollectdAmqpInstances
|
|
tripleo::profile::base::metrics::collectd::amqp_retry_delay:
|
|
get_param: CollectdAmqpRetryDelay
|
|
tripleo::profile::base::metrics::collectd::amqp_interval:
|
|
if:
|
|
- amqp_interval_set
|
|
- {get_param: CollectdAmqpInterval}
|
|
tripleo::profile::base::metrics::collectd::amqp_default_send_queue_limit:
|
|
if:
|
|
- amqp_send_queue_limit_set
|
|
- {get_param: CollectdAmqpSendQueueLimit}
|
|
- if:
|
|
- amqp_connection_set
|
|
- tripleo::profile::base::metrics::collectd::amqp_host:
|
|
get_param: CollectdAmqpHost
|
|
tripleo::profile::base::metrics::collectd::amqp_port:
|
|
get_param: CollectdAmqpPort
|
|
tripleo::profile::base::metrics::collectd::amqp_user:
|
|
get_param: CollectdAmqpUser
|
|
tripleo::profile::base::metrics::collectd::amqp_password:
|
|
get_param: CollectdAmqpPassword
|
|
- tripleo::profile::base::metrics::collectd::amqp_host:
|
|
str_replace:
|
|
template:
|
|
"%{lookup('$NETWORK')}"
|
|
params:
|
|
$NETWORK:
|
|
get_param:
|
|
- ServiceNetMap
|
|
- str_replace:
|
|
template: "ROLENAMEMetricsQdrNetwork"
|
|
params:
|
|
ROLENAME: {get_param: RoleName}
|
|
tripleo::profile::base::metrics::collectd::amqp_port:
|
|
get_param: MetricsQdrPort
|
|
tripleo::profile::base::metrics::collectd::amqp_user:
|
|
get_param: MetricsQdrUsername
|
|
tripleo::profile::base::metrics::collectd::amqp_password:
|
|
get_param: MetricsQdrPassword
|
|
- if: # Collectd connected to external collectd instance
|
|
- collectd_connection
|
|
- tripleo::profile::base::metrics::collectd::collectd_server:
|
|
get_param: CollectdServer
|
|
tripleo::profile::base::metrics::collectd::collectd_port:
|
|
get_param: CollectdServerPort
|
|
tripleo::profile::base::metrics::collectd::collectd_username:
|
|
get_param: CollectdUsername
|
|
tripleo::profile::base::metrics::collectd::collectd_password:
|
|
get_param: CollectdPassword
|
|
tripleo::profile::base::metrics::collectd::collectd_securitylevel:
|
|
get_param: CollectdSecurityLevel
|
|
- if:
|
|
- {get_param: EnableSQLAlchemyCollectd}
|
|
- tripleo::profile::base::metrics::collectd::enable_sqlalchemy_collectd:
|
|
true
|
|
tripleo::profile::base::metrics::collectd::sqlalchemy_collectd_bind_host:
|
|
get_param: CollectdSQLAlchemyBindHost
|
|
tripleo::profile::base::metrics::collectd::sqlalchemy_collectd_log_messages:
|
|
get_param: CollectdSQLAlchemyLogMessages
|
|
- if: # Collectd should run collectd-sensubility via collectd-exec
|
|
- {get_param: CollectdEnableSensubility}
|
|
- map_merge:
|
|
- if:
|
|
- sensubility_needs_sudo
|
|
- tripleo::profile::base::metrics::collectd::sensubility::exec_sudo_rule:
|
|
get_param: CollectdSensubilityExecSudoRule
|
|
- tripleo::profile::base::metrics::collectd::enable_sensubility:
|
|
get_param: CollectdEnableSensubility
|
|
tripleo::profile::base::metrics::collectd::sensubility::connection:
|
|
get_param: CollectdSensubilityConnection
|
|
tripleo::profile::base::metrics::collectd::sensubility::log_level:
|
|
get_param: CollectdSensubilityLogLevel
|
|
tripleo::profile::base::metrics::collectd::sensubility::client_name:
|
|
str_replace:
|
|
template: "%{lookup('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK:
|
|
get_param:
|
|
- ServiceNetMap
|
|
- str_replace:
|
|
template: "ROLENAMEMetricsQdrNetwork"
|
|
params:
|
|
ROLENAME: {get_param: RoleName}
|
|
tripleo::profile::base::metrics::collectd::sensubility::client_address:
|
|
str_replace:
|
|
template: "%{lookup('NETWORK')}"
|
|
params:
|
|
NETWORK:
|
|
get_param:
|
|
- ServiceNetMap
|
|
- str_replace:
|
|
template: "ROLENAMEMetricsQdrNetwork"
|
|
params:
|
|
ROLENAME: {get_param: RoleName}
|
|
tripleo::profile::base::metrics::collectd::sensubility::keepalive_interval:
|
|
get_param: CollectdSensubilityKeepaliveInterval
|
|
tripleo::profile::base::metrics::collectd::sensubility::tmp_base_dir:
|
|
get_param: CollectdSensubilityTmpDir
|
|
tripleo::profile::base::metrics::collectd::sensubility::shell_path:
|
|
get_param: CollectdSensubilityShellPath
|
|
tripleo::profile::base::metrics::collectd::sensubility::worker_count:
|
|
get_param: CollectdSensubilityWorkerCount
|
|
tripleo::profile::base::metrics::collectd::sensubility::checks:
|
|
map_merge:
|
|
- {get_param: CollectdSensubilityChecks}
|
|
- check-container-health:
|
|
standalone: true
|
|
command: {get_param: CollectdContainerHealthCheckCommand}
|
|
interval: {get_param: CollectdContainerHealthCheckInterval}
|
|
handlers: {get_param: CollectdContainerHealthCheckHandlers}
|
|
occurrences: {get_param: CollectdContainerHealthCheckOccurrences}
|
|
refresh: {get_param: CollectdContainerHealthCheckRefresh}
|
|
tripleo::profile::base::metrics::collectd::sensubility::results_channel:
|
|
get_param: CollectdSensubilityResultsChannel
|
|
tripleo::profile::base::metrics::collectd::sensubility::transport:
|
|
get_param: CollectdSensubilityTransport
|
|
tripleo::profile::base::metrics::collectd::sensubility::amqp_port:
|
|
get_param: CollectdAmqpPort
|
|
tripleo::profile::base::metrics::collectd::sensubility::scripts:
|
|
get_param: CollectdSensubilityScripts
|
|
- {}
|
|
- if:
|
|
- {get_param: CollectdEnableLibpodstats}
|
|
- tripleo::profile::base::metrics::collectd::enable_libpodstats:
|
|
get_param: CollectdEnableLibpodstats
|
|
service_config_settings:
|
|
rsyslog:
|
|
tripleo_logging_sources_collectd:
|
|
- {get_param: CollectdLoggingSource}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: collectd
|
|
puppet_tags: collectd_client_config,exec
|
|
step_config: include tripleo::profile::base::metrics::collectd
|
|
config_image: {get_attr: [RoleParametersValue, value, ContainerCollectdConfigImage]}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/collectd.json:
|
|
command: /usr/sbin/collectd -f
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
- source: "/var/lib/kolla/config_files/src/etc/collectd.d"
|
|
dest: "/etc/"
|
|
merge: false
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/collectd
|
|
owner: collectd:collectd
|
|
recurse: true
|
|
container_config_scripts:
|
|
map_merge:
|
|
- {get_attr: [ContainersCommon, container_config_scripts]}
|
|
- collectd_check_health.py:
|
|
mode: "0755"
|
|
content: { get_file: ../../container_config_scripts/monitoring/collectd_check_health.py }
|
|
docker_config:
|
|
step_2:
|
|
if:
|
|
- {get_param: CollectdEnableSensubility}
|
|
- collectd_init_perm:
|
|
image: {get_attr: [RoleParametersValue, value, ContainerCollectdImage]}
|
|
net: none
|
|
user: root
|
|
volumes:
|
|
- /run:/run:rw
|
|
command: ['setfacl', '-R', '-m', 'u:collectd:rwx', '/run/podman']
|
|
step_3:
|
|
collectd:
|
|
image: {get_attr: [RoleParametersValue, value, ContainerCollectdImage]}
|
|
net: host
|
|
pid: host
|
|
user: root
|
|
restart: always
|
|
mem_limit: 512m
|
|
cap_add:
|
|
list_concat:
|
|
- {get_param: CollectdContainerAdditionalCapAdd}
|
|
- [IPC_LOCK]
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/containers/storage/overlay-containers:/var/lib/containers/storage/overlay-containers:ro
|
|
- /var/lib/config-data/puppet-generated/collectd:/var/lib/kolla/config_files/src:ro
|
|
- /var/log/containers/collectd:/var/log/collectd:rw,z
|
|
- /var/lib/container-config-scripts:/scripts:ro
|
|
- /run:/run:rw
|
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
deploy_steps_tasks:
|
|
- name: set enable_sensubility fact
|
|
set_fact:
|
|
enable_sensubility: {get_param: CollectdEnableSensubility}
|
|
- name: Configure rsyslog for container healthchecks
|
|
when:
|
|
- step|int == 1
|
|
block:
|
|
- name: Check if rsyslog exists
|
|
shell: systemctl list-unit-files --type=service | grep -q rsyslog
|
|
register: rsyslog_config
|
|
failed_when: rsyslog_config.rc == 2
|
|
- name: Configure if we can
|
|
when:
|
|
- rsyslog_config is changed
|
|
- rsyslog_config.rc == 0
|
|
block:
|
|
- name: Log healthchecks in dedicated file
|
|
when:
|
|
- enable_sensubility|bool
|
|
register: logconfig_add
|
|
copy:
|
|
dest: /etc/rsyslog.d/openstack-healthcheck.conf
|
|
content: |
|
|
if ($programname startswith 'podman' and ($msg contains 'container exec' or $msg contains 'healthy')) or ($programname startswith 'systemd' and $msg contains 'podman healthcheck run') then -/var/log/containers/collectd/healthchecks.stdout
|
|
& stop
|
|
- name: Remove healthcheck log
|
|
when:
|
|
- not enable_sensubility|bool
|
|
register: logconfig_rm
|
|
file:
|
|
path: /etc/rsyslog.d/openstack-healthcheck.conf
|
|
state: absent
|
|
- name: Reload rsyslogd if needed
|
|
when: logconfig_add is changed or logconfig_rm is changed
|
|
service:
|
|
name: rsyslog
|
|
state: restarted
|
|
host_prep_tasks:
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
mode: "{{ item.mode }}"
|
|
with_items:
|
|
- { 'path': /var/log/containers/collectd, 'setype': container_file_t, 'mode': '0750' }
|
|
- name: import provision_mcelog
|
|
include_role:
|
|
name: tripleo_provision_mcelog
|
|
when: {get_param: CollectdEnableMcelog}
|
|
- name: enable podman socket
|
|
ansible.builtin.service:
|
|
name: podman.socket
|
|
state: started
|
|
enabled: true
|
|
when: {get_param: CollectdEnableSensubility}
|