For using 3rd party Octavia providers (such as OVN provider) an
octavia-driver-agent container must be running to expose those providers to
use.
OVN CI job has been extended with deploying Octavia and testing OVN Load
Balancer.
Closes-Bug: #1903506
Depends-On: https://review.opendev.org/c/openstack/kolla/+/771191
Change-Id: Ibafa8b7307981f2a51e630cc113d18af6162171c
One use case for this is so that you can generate config in a CI job
without access to the container repository. It also removes the
dependency of having docker configured for config generation.
TrivialFix
Change-Id: I0d388851c8b953af0494e44ae569e7eb9e15c326
Allow users to import custom grafana dashboards.
Dashboards as JSON files should be placed into
"{{ node_custom_config }}/grafana/dashboards/" folder.
Change-Id: Id0f83b8d08541b3b74649f097b10c9450201b426
ELK 7 requires some minor changes from the existing ELK 6 config.
Depends-On: Icfa3db5788b25f70ee75411dbaf20d8d4a6a734b
Change-Id: I9815d202a77da0477aea43d714a5def8a24724fa
This change enables the use of Docker healthchecks for ceilometer
services.
Implements: blueprint container-health-check
Change-Id: Ieed654e694e9a0a63fd3f0906395bc7bf7c07552
The rabbitmq_prometheus plugin is available in RabbitMQ 3.8.
https://www.rabbitmq.com/prometheus.html
Implements: blueprint rabbitmq-prometheus
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Change-Id: I4d69a93a6c70db8d40626042cdbe773747b238ae
This change enables the use of Docker healthchecks for haproxy services.
Implements: blueprint container-health-check
Change-Id: I4b486e9c78e9a01a0f5983b83aca00ea3a001dcc
This change enables the use of Docker healthchecks for qdrouterd services.
Implements: blueprint container-health-check
Change-Id: If689be90690251180972454ed0baee658cc5e895
In I165199fc98fb98f227f2a20284e1bab03ef65b5b and
Ic745300b27e50132d80d03787fa4abfada2d0173 we provided flags to disable
Docker's control of iptables and bridge networking respectively. The
original behaviour was maintained for backwards compatibility, to allow
the patches to be backported.
This patch changes the default behaviour to disable the manipulation of
iptables and disabling bridge networking.
Related-Bug: #1849275
Related-Bug: #1848249
Change-Id: I4e8206f13a847ff79e06c36d22068597458b6c3d
Docker is using 172.17.0.0/16 by default for bridge networking on
docker0, and this might cause routing problems for operator networks.
This change introduces docker_disable_default_network to disable the
bridge networking by putting "bridge: none"[1] to daemon.json
Bridge networking does not work without iptables, so we set the default
for docker_disable_default_network to
docker_disable_default_iptables_rules.
For better defaults, this feature will be enabled by default in
Wallaby.
[1] https://docs.docker.com/engine/reference/commandline/dockerd/
Change-Id: Ic745300b27e50132d80d03787fa4abfada2d0173
Closes-Bug: #1848249
Related-Bug: #1849275
This change enables the use of Docker healthchecks for elasticsearch services.
Implements: blueprint container-health-check
Change-Id: Ib50d56cc206a80b20a4f96e95bcdd8d11269234f
This change enables the use of Docker healthchecks for kuryr
services.
Implements: blueprint container-health-check
Change-Id: Ia4401f97140e2c2acc37d5ee3aaf90544747c547
This change enables the use of Docker healthchecks for kibana services.
Implements: blueprint container-health-check
Change-Id: If7525e193c245435410b4071aed6d3b566424219
This change enables the use of Docker healthchecks for zun
services.
Implements: blueprint container-health-check
Change-Id: I32ffa9754820098bb4d3325b25fc7a1a624507d5
According the documentation [1] there need to configure auth_uri in the
[filter:s3token] section instead of www_authenticate_uri which cause an
error 'swift.common.wsgi.ConfigFileError: Invalid auth_uri; must
include scheme and host' during start the swift-proxy-server container.
1. https://docs.openstack.org/swift/ussuri/middleware.html#s3-token-middleware
Change-Id: I6b8f5807ebb746428a501dca13eae30763dede8d
Closes-Bug: 1862765
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
This change enables the use of Docker healthchecks for vitrage services.
Implements: blueprint container-health-check
Change-Id: Icd2a8471a08b737352cfe941b5d38b02ed3b19fe
This change enables the use of Docker healthchecks for aodh services.
Implements: blueprint container-health-check
Change-Id: Ic477ac77f7ea5c50de473382fb1ec63d78043267
This change enables the use of Docker healthchecks for gnocchi services.
Implements: blueprint container-health-check
Change-Id: Ib1eb766d061c376c0bdd693dd6ea1e5b3e3fc02a
This change enables the use of Docker healthchecks for ironic services.
Implements: blueprint container-health-check
Change-Id: If0a11db5470899c3a0e69ca94fdd0903daadcf8b
This change enables the use of Docker healthchecks for designate services.
Implements: blueprint container-health-check
Change-Id: Ide66a914b790ad9c106ba932a923654a960f7abf
This change enables the use of Docker healthchecks for kafka services.
Implements: blueprint container-health-check
Change-Id: I31c978be7f8687de1e41b168712aceed28c67a8a
The merge_configs action plugin is updated with an option to control
whether whitespace should be used around equal signs. The default
remains to use whitespace: only zookeeper.cfg doesn't use them.
This is to avoid issues with the zkCleanup.sh script which expects no
whitespace. The ZooKeeper documentation also uses no whitespace in
configuration file examples.
Change-Id: Ia082a1c002cc4e8b04f7696fdee827b747c6d13f
Closes-Bug: #1917490
In services which use the Apache HTTP server to service HTTP requests,
there exists a TimeOut directive [1] which defaults to 60 seconds. APIs
which come under heavy load, such as Cinder, can sometimes exceed this
which results in a HTTP 504 Gateway timeout, or similar. However, the
request can still be serviced without error. For example, if Nova calls
the Cinder API to detach a volume, and this operation takes longer
than the shortest of the two timeouts, Nova will emit a stack trace
with a 504 Gateway timeout. At some time later, the request to detach
the volume will succeed. The Nova and Cinder DBs then become
out-of-sync with each other, and frequently DB surgery is required.
Although strictly this category of bugs should be fixed in OpenStack
services, it is not realistic to expect this to happen in the short
term. Therefore, this change makes it easier to set the Apache HTTP
timeout via a new variable.
An example of a related bug is here:
https://bugs.launchpad.net/nova/+bug/1888665
Whilst this timeout can currently be set by overriding the WSGI
config for individual services, this change makes it much easier.
Change-Id: Ie452516655cbd40d63bdad3635fd66693e40ce34
Closes-Bug: #1917648
This change allows a user to forward control plane logs
directly to Elasticsearch from Fluentd, rather than via
the Monasca Log API when Monasca is enabled. The Monasca
Log API can continue to handle tenant logs.
For many use cases this is simpler, reduces resource
consumption and helps to decouple control plane logging
services from tenant logging services.
It may not always be desired, so is optional and off by
default.
Change-Id: I195e8e4b73ca8f573737355908eb30a3ef13b0d6
The Monasca alerting pipeline provides multi-tenancy alerts and
notifications. It runs as an Apache Storm topology and generally
places a significant memory and CPU burden on monitoring hosts,
particularly when there are lot of metrics. This is fine if the
alerting service is in use, but sometimes it is not. For example
you may use Prometheus for monitoring the control plane, and
wish to offer tenants a monitoring service via Monasca without
alerting and notification functionality. In this case it makes
sense to disable this part of the Monasca pipeline and this patch
adds support for that.
If the service is ever re-enabled, all alerts and notifications
should spawn back automatically since they are persisted in the
central mysql database cluster.
Change-Id: I84aa04125c621712f805f41c8efbc92c8e156db9
The Log Metrics service is an admin only service. We now have
support in Fluentd via the Prometheus plugin to create metrics
from logs. These metrics can be scraped into Monasca or Prometheus.
It therefore makes sense to deprecate this service, starting by
disabling it by default, and then removing it in the Xena release.
This should improve the stability of the Monasca metrics pipeline
by ensuring that all metrics pass via the Monasca API for
validation, and ensure that metrics generated from logs are
available to both Prometheus and Monasca users by default.
Change-Id: I704feb4434c1eece3eb00c19dc5f934fd4bc27b4
Historically Monasca Log Transformer has been for log
standardisation and processing. For example, logs from different
sources may use slightly different error levels such as WARN, 5,
or WARNING. Monasca Log Transformer is a place where these could
be 'squashed' into a single error level to simplify log searches
based on labels such as these.
However, in Kolla Ansible, we do this processing in Fluentd so
that the simpler Fluentd -> Elastic -> Kibana pipeline also
benefits. This helps to avoid spreading out log parsing
configuration over many services, with the Fluentd Monasca output
plugin being yet another potential place for processing (which
should be avoided). It therefore makes sense to remove this
service entirely, and squash any existing configuration which
can't be moved to Fluentd into the Log Perister service. I.e.
by removing this pipeline, we don't loose any functionality,
we encourage log processing to take place in Fluentd, or at least
outside of Monasca, and we make significant gains in efficiency
by removing a topic from Kafka which contains a copy of all logs
in transit.
Finally, users forwarding logs from outside the control plane,
eg. from tenant instances, should be encouraged to process the
logs at the point of sending using whichever framework they are
forwarding them with. This makes sense, because all Logstash
configuration in Monasca is only accessible by control plane
admins. A user can't typically do any processing inside Monasca,
with or without this change.
Change-Id: I65c76d0d1cd488725e4233b7e75a11d03866095c