From 712c89760cb7fd9e72ca3a03a69a8dacc18aabe2 Mon Sep 17 00:00:00 2001 From: Doug Szumski Date: Mon, 22 Oct 2018 12:32:19 +0000 Subject: [PATCH] Add support for deploying Monasca Grafana The Monasca Grafana fork allows users to log into Grafana with their OpenStack user credentials and see metrics associated with their OpenStack project. The long term goal is to enable Keystone support in upstream Grafana, but this work seems to have stalled. Partially-Implements: blueprint monasca-grafana Change-Id: Icc04613b2571c094ae23b66d0bcc38b58c0ee4e1 --- ansible/group_vars/all.yml | 1 + ansible/inventory/all-in-one | 3 + ansible/inventory/multinode | 3 + ansible/roles/haproxy/tasks/precheck.yml | 27 +++++++++ ansible/roles/monasca/defaults/main.yml | 32 +++++++++++ ansible/roles/monasca/handlers/main.yml | 22 ++++++++ ansible/roles/monasca/tasks/bootstrap.yml | 7 ++- ansible/roles/monasca/tasks/config.yml | 20 +++++++ ansible/roles/monasca/tasks/deploy.yml | 5 +- ansible/roles/monasca/tasks/precheck.yml | 11 ++++ .../templates/monasca-grafana/grafana.ini.j2 | 55 +++++++++++++++++++ .../monasca-grafana/monasca-grafana.json.j2 | 23 ++++++++ doc/source/reference/monasca-guide.rst | 3 - etc/kolla/passwords.yml | 1 + .../add-monasca-grafana-c31d4407c33939e4.yaml | 5 ++ 15 files changed, 212 insertions(+), 6 deletions(-) create mode 100644 ansible/roles/monasca/templates/monasca-grafana/grafana.ini.j2 create mode 100644 ansible/roles/monasca/templates/monasca-grafana/monasca-grafana.json.j2 create mode 100644 releasenotes/notes/add-monasca-grafana-c31d4407c33939e4.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index af8da2a11e..656b3802f2 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -261,6 +261,7 @@ monasca_api_port: "8070" monasca_log_api_port: "5607" monasca_agent_forwarder_port: "17123" monasca_agent_statsd_port: "8125" +monasca_grafana_server_port: "3001" mongodb_port: "27017" mongodb_web_port: "28017" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index ee01155e24..3608ff3a32 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -464,6 +464,9 @@ monasca-agent [monasca-api:children] monasca +[monasca-grafana:children] +monasca + [monasca-log-api:children] monasca diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index c6904f52b0..fbfe25a517 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -473,6 +473,9 @@ monasca-agent [monasca-api:children] monasca +[monasca-grafana:children] +monasca + [monasca-log-api:children] monasca diff --git a/ansible/roles/haproxy/tasks/precheck.yml b/ansible/roles/haproxy/tasks/precheck.yml index 6a615dccbe..b6024babfb 100644 --- a/ansible/roles/haproxy/tasks/precheck.yml +++ b/ansible/roles/haproxy/tasks/precheck.yml @@ -572,6 +572,33 @@ - haproxy_stat.find('monasca_log_api_external') == -1 - "host_running_haproxy == 'None'" +- name: Checking free port for Monasca Grafana API internal HAProxy + wait_for: + host: "{{ kolla_internal_vip_address }}" + port: "{{ monasca_grafana_server_port }}" + connect_timeout: 1 + timeout: 1 + state: stopped + when: + - enable_monasca | bool + - inventory_hostname in groups['haproxy'] + - haproxy_stat.find('monasca_grafana_server') == -1 + - "host_running_haproxy == 'None'" + +- name: Checking free port for Monasca Grafana API public HAProxy + wait_for: + host: "{{ kolla_external_vip_address }}" + port: "{{ monasca_grafana_server_port }}" + connect_timeout: 1 + timeout: 1 + state: stopped + when: + - haproxy_enable_external_vip | bool + - enable_monasca | bool + - inventory_hostname in groups['haproxy'] + - haproxy_stat.find('monasca_grafana_server_external') == -1 + - "host_running_haproxy == 'None'" + - name: Checking free port for Mongodb HAProxy wait_for: host: "{{ kolla_internal_vip_address }}" diff --git a/ansible/roles/monasca/defaults/main.yml b/ansible/roles/monasca/defaults/main.yml index 3ecbea78e5..09a05de277 100644 --- a/ansible/roles/monasca/defaults/main.yml +++ b/ansible/roles/monasca/defaults/main.yml @@ -138,12 +138,35 @@ monasca_services: - "/etc/localtime:/etc/localtime:ro" - "kolla_logs:/var/log/kolla" dimensions: "{{ monasca_agent_dimensions }}" + monasca-grafana: + container_name: monasca_grafana + group: monasca-grafana + enabled: true + image: "{{ monasca_grafana_image_full }}" + volumes: + - "{{ node_config_directory }}/monasca-grafana/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "monasca_grafana:/var/lib/grafana/" + - "kolla_logs:/var/log/kolla/" + dimensions: "{{ monasca_grafana_dimensions }}" + haproxy: + monasca_grafana_server: + enabled: "{{ enable_monasca }}" + mode: "http" + external: false + port: "{{ monasca_grafana_server_port }}" + monasca_grafana_server_external: + enabled: "{{ enable_monasca }}" + mode: "http" + external: true + port: "{{ monasca_grafana_server_port }}" #################### # Databases #################### monasca_database_name: "monasca" monasca_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}monasca{% endif %}" +monasca_grafana_database_name: "monasca_grafana" monasca_database_address: "{{ database_address }}" monasca_database_port: "{{ database_port }}" @@ -193,6 +216,10 @@ monasca_agent_check_frequency: 30 monasca_log_pipeline_threads: 2 monasca_metric_pipeline_threads: 2 +# Local password for Grafana. This account allows you to bypass Keystone +# authentication. This must *not* match any OpenStack username. +monasca_grafana_admin_username: "grafana_local_admin" + #################### # Docker #################### @@ -229,6 +256,10 @@ monasca_persister_image: "{{ docker_registry ~ '/' if docker_registry else '' }} monasca_persister_tag: "{{ monasca_tag }}" monasca_persister_image_full: "{{ monasca_persister_image }}:{{ monasca_persister_tag }}" +monasca_grafana_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ monasca_install_type }}-monasca-grafana" +monasca_grafana_tag: "{{ monasca_tag }}" +monasca_grafana_image_full: "{{ monasca_grafana_image }}:{{ monasca_grafana_tag }}" + monasca_agent_dimensions: "{{ default_container_dimensions }}" monasca_api_dimensions: "{{ default_container_dimensions }}" monasca_log_api_dimensions: "{{ default_container_dimensions }}" @@ -238,6 +269,7 @@ monasca_log_metrics_dimensions: "{{ default_container_dimensions }}" monasca_thresh_dimensions: "{{ default_container_dimensions }}" monasca_notification_dimensions: "{{ default_container_dimensions }}" monasca_persister_dimensions: "{{ default_container_dimensions }}" +monasca_grafana_dimensions: "{{ default_container_dimensions }}" #################### # OpenStack diff --git a/ansible/roles/monasca/handlers/main.yml b/ansible/roles/monasca/handlers/main.yml index 0fc5df7611..e194cf22ee 100644 --- a/ansible/roles/monasca/handlers/main.yml +++ b/ansible/roles/monasca/handlers/main.yml @@ -237,3 +237,25 @@ - config_json.changed | bool or monasca_agent_statsd_confs.changed | bool or monasca_agent_statsd_container.changed | bool + +- name: Restart monasca-grafana container + vars: + service_name: "monasca-grafana" + service: "{{ monasca_services[service_name] }}" + config_json: "{{ monasca_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + monasca_grafana_container: "{{ check_monasca_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" + become: true + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes }}" + dimensions: "{{ service.dimensions }}" + when: + - kolla_action != "config" + - inventory_hostname in groups[service.group] + - service.enabled | bool + - config_json.changed | bool + or monasca_grafana_confs.changed | bool + or monasca_grafana_container.changed | bool diff --git a/ansible/roles/monasca/tasks/bootstrap.yml b/ansible/roles/monasca/tasks/bootstrap.yml index 0e9d437152..9e6ba22a5b 100644 --- a/ansible/roles/monasca/tasks/bootstrap.yml +++ b/ansible/roles/monasca/tasks/bootstrap.yml @@ -7,10 +7,13 @@ login_port: "{{ monasca_database_port }}" login_user: "{{ database_user }}" login_password: "{{ database_password }}" - name: "{{ monasca_database_name }}" + name: "{{ item }}" register: database run_once: True delegate_to: "{{ groups['monasca-api'][0] }}" + with_items: + - "{{ monasca_database_name }}" + - "{{ monasca_grafana_database_name }}" when: - not use_preconfigured_databases | bool @@ -25,7 +28,7 @@ name: "{{ monasca_database_user }}" password: "{{ monasca_database_password }}" host: "%" - priv: "{{ monasca_database_name }}.*:ALL" + priv: "{{ monasca_database_name }}.*:ALL/{{ monasca_grafana_database_name }}.*:ALL" append_privs: "yes" run_once: True delegate_to: "{{ groups['monasca-api'][0] }}" diff --git a/ansible/roles/monasca/tasks/config.yml b/ansible/roles/monasca/tasks/config.yml index 8ff57270a0..dfc2d9a4b1 100644 --- a/ansible/roles/monasca/tasks/config.yml +++ b/ansible/roles/monasca/tasks/config.yml @@ -357,6 +357,26 @@ notify: - Restart monasca-persister container +- name: Copying over monasca-grafana config file + vars: + service: "{{ monasca_services['monasca-grafana'] }}" + merge_configs: + sources: + - "{{ role_path }}/templates/monasca-grafana/{{ item }}.j2" + - "{{ node_custom_config }}/monasca/{{ item }}" + - "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/{{ item }}" + dest: "{{ node_config_directory }}/monasca-grafana/{{ item }}" + mode: "0660" + become: true + register: monasca_grafana_confs + with_items: + - grafana.ini + when: + - inventory_hostname in groups[service['group']] + - service.enabled | bool + notify: + - Restart monasca-grafana container + - name: Check monasca containers become: true kolla_docker: diff --git a/ansible/roles/monasca/tasks/deploy.yml b/ansible/roles/monasca/tasks/deploy.yml index 762153508a..b34874cc42 100644 --- a/ansible/roles/monasca/tasks/deploy.yml +++ b/ansible/roles/monasca/tasks/deploy.yml @@ -7,6 +7,7 @@ - include_tasks: config.yml when: inventory_hostname in groups['monasca-agent'] or inventory_hostname in groups['monasca-api'] or + inventory_hostname in groups['monasca-grafana'] or inventory_hostname in groups['monasca-log-api'] or inventory_hostname in groups['monasca-log-transformer'] or inventory_hostname in groups['monasca-log-persister'] or @@ -16,7 +17,8 @@ inventory_hostname in groups['monasca-persister'] - include_tasks: bootstrap.yml - when: inventory_hostname in groups['monasca-api'] + when: inventory_hostname in groups['monasca-api'] or + inventory_hostname in groups['monasca-grafana'] - name: Flush handlers meta: flush_handlers @@ -24,6 +26,7 @@ - include_tasks: check.yml when: inventory_hostname in groups['monasca-agent'] or inventory_hostname in groups['monasca-api'] or + inventory_hostname in groups['monasca-grafana'] or inventory_hostname in groups['monasca-log-api'] or inventory_hostname in groups['monasca-log-transformer'] or inventory_hostname in groups['monasca-log-persister'] or diff --git a/ansible/roles/monasca/tasks/precheck.yml b/ansible/roles/monasca/tasks/precheck.yml index 0dafcf2f74..56f77a7b20 100644 --- a/ansible/roles/monasca/tasks/precheck.yml +++ b/ansible/roles/monasca/tasks/precheck.yml @@ -47,3 +47,14 @@ when: - inventory_hostname in groups[monasca_services['monasca-agent-statsd']['group']] - container_facts['monasca_agent_statsd'] is not defined + +- name: Checking free port for monasca-grafana server + wait_for: + host: "{{ api_interface_address }}" + port: "{{ monasca_grafana_server_port }}" + connect_timeout: 1 + timeout: 1 + state: stopped + when: + - inventory_hostname in groups[monasca_services['monasca-grafana']['group']] + - container_facts['monasca_grafana'] is not defined diff --git a/ansible/roles/monasca/templates/monasca-grafana/grafana.ini.j2 b/ansible/roles/monasca/templates/monasca-grafana/grafana.ini.j2 new file mode 100644 index 0000000000..6e6df704d9 --- /dev/null +++ b/ansible/roles/monasca/templates/monasca-grafana/grafana.ini.j2 @@ -0,0 +1,55 @@ +[paths] +data = /var/lib/grafana +logs = /var/log/kolla/monasca +plugins = /var/lib/grafana/plugins +provisioning = /etc/grafana/provisioning + +[users] +login_hint = OpenStack credentials +allow_org_create = false +allow_sign_up = false + +[server] +protocol = http +http_addr = {{ api_interface_address }} +http_port = {{ monasca_grafana_server_port }} +router_logging = true +static_root_path = public +enable_gzip = false + +[database] +type = mysql +host = {{ monasca_database_address }}:{{ monasca_database_port }} +name = {{ monasca_grafana_database_name }} +user = {{ monasca_database_user }} +password = {{ monasca_database_password }} +ssl_mode = disable + +[alerting] +enabled = false +execute_alerts = false + +[session] +provider = mysql +provider_config = {{ monasca_database_user }}:{{ monasca_database_password }}@tcp({{ monasca_database_address }}:{{ monasca_database_port }})/{{ monasca_grafana_database_name }} + +cookie_name = monasca_grafana_sess +cookie_secure = false +session_life_time = 86400 + +[analytics] +reporting_enabled = false +check_for_updates = false + +[security] +admin_user = {{ monasca_grafana_admin_username }} +admin_password = {{ monasca_grafana_admin_password }} + +[auth.keystone] +enabled = true +auth_url = {{ keystone_internal_url }} +default_domain = {{ default_project_domain_name }} +default_role = Viewer +admin_roles = admin +editor_roles = _member_ +verify_ssl_cert = false diff --git a/ansible/roles/monasca/templates/monasca-grafana/monasca-grafana.json.j2 b/ansible/roles/monasca/templates/monasca-grafana/monasca-grafana.json.j2 new file mode 100644 index 0000000000..b3fd0a6128 --- /dev/null +++ b/ansible/roles/monasca/templates/monasca-grafana/monasca-grafana.json.j2 @@ -0,0 +1,23 @@ +{ + "command": "/usr/sbin/grafana-server --config=/etc/grafana/grafana.ini", + "config_files": [ + { + "source": "{{ container_config_directory }}/grafana.ini", + "dest": "/etc/grafana/grafana.ini", + "owner": "monasca", + "perm": "0600" + } + ], + "permissions": [ + { + "path": "/var/lib/grafana", + "owner": "monasca:monasca", + "recurse": true + }, + { + "path": "/var/log/kolla/monasca", + "owner": "monasca:monasca", + "recurse": true + } + ] +} diff --git a/doc/source/reference/monasca-guide.rst b/doc/source/reference/monasca-guide.rst index ac1943699b..a34b717e46 100644 --- a/doc/source/reference/monasca-guide.rst +++ b/doc/source/reference/monasca-guide.rst @@ -54,9 +54,6 @@ custom Kafka configuration: echo "log.message.format.version=0.9.0.0" >> /etc/kolla/config/kafka.server.properties -Finally it should be noted that support for Kibana and Grafana integration has -not yet been enabled. This will be added in the future. - Stand-alone configuration (optional) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 03c3ce87fe..ebbda636d2 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -130,6 +130,7 @@ murano_agent_rabbitmq_password: monasca_agent_password: monasca_database_password: +monasca_grafana_admin_password: monasca_keystone_password: ironic_database_password: diff --git a/releasenotes/notes/add-monasca-grafana-c31d4407c33939e4.yaml b/releasenotes/notes/add-monasca-grafana-c31d4407c33939e4.yaml new file mode 100644 index 0000000000..ee15c6c266 --- /dev/null +++ b/releasenotes/notes/add-monasca-grafana-c31d4407c33939e4.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Add support for deploying the Monasca fork of Grafana, which includes + Keystone integration.