![Paul Bourke](/assets/img/avatar_default.png)
Certain services such as Murano and trove require access to a rabbitmq instance from tenant networks. [0] Exposing the internal rabbitmq to end users is a security hole, hence there are two options, 1) use vhosts in the existing rabbitmq, or two a separate rabbitmq instances. Given the importance of rabbitmq to the OpenStack deployment, we have decided to go with a separate instance. Refer to [1] for more detail on the various options. This change makes the rabbitmq role generic so that it can be reused, in this case to start 'outward_rabbitmq'. It needs to be exposed via haproxy both for network isolation and also because this is what Murano configuration requires. Follow on patches will be added to add a vhost in this outward instance for Murano and other services which require access. Based on the original work by bdaca[2] [0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html [1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html [2] https://review.openstack.org/#/c/374525 Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d Partial-Bug: #1620374 Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd Co-Authored-By: Bartłomiej Daca <bartek.daca@gmail.com>
82 lines
3.4 KiB
Django/Jinja
82 lines
3.4 KiB
Django/Jinja
[global_tags]
|
|
[agent]
|
|
interval = "10s"
|
|
round_interval = true
|
|
metric_batch_size = 1000
|
|
metric_buffer_limit = 10000
|
|
collection_jitter = "0s"
|
|
flush_interval = "10s"
|
|
flush_jitter = "0s"
|
|
debug = false
|
|
quiet = false
|
|
hostname = ""
|
|
omit_hostname = false
|
|
[[outputs.influxdb]]
|
|
urls = [{% for host in groups['influxdb'] %}"{{ influxdb_proto }}://{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address']}}:{{ influxdb_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
|
|
database = "telegraf" # required
|
|
retention_policy = "autogen"
|
|
write_consistency = "any"
|
|
timeout = "5s"
|
|
[[inputs.cpu]]
|
|
percpu = true
|
|
totalcpu = true
|
|
fielddrop = ["time_*"]
|
|
[[inputs.disk]]
|
|
ignore_fs = ["tmpfs", "devtmpfs"]
|
|
[[inputs.diskio]]
|
|
[[inputs.influxdb]]
|
|
urls = [{% for host in groups['influxdb'] %}"{{ influxdb_proto }}://{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address']}}:{{ influxdb_http_port }}/debug/vars"{% if not loop.last %},{% endif %}{% endfor %}]
|
|
[[inputs.kernel]]
|
|
[[inputs.mem]]
|
|
[[inputs.processes]]
|
|
[[inputs.swap]]
|
|
[[inputs.system]]
|
|
[[inputs.net]]
|
|
interfaces = []
|
|
{% if inventory_hostname in groups['haproxy'] and enable_haproxy | bool %}
|
|
[[inputs.haproxy]]
|
|
servers = ["{{ haproxy_proto }}://{{ haproxy_user }}:{{ haproxy_password }}@{{ api_interface_address }}:{{ haproxy_stats_port }}"]
|
|
{% endif %}
|
|
{% if inventory_hostname in groups['memcached'] and enable_memcached | bool %}
|
|
[[inputs.memcached]]
|
|
servers = ["{{ api_interface_address }}:{{ memcached_port }}"]
|
|
{% endif %}
|
|
{% if inventory_hostname in groups['elasticsearch'] and enable_elasticsearch | bool %}
|
|
[[inputs.elasticsearch]]
|
|
servers = ["{{ elasticsearch_proto }}://{{ api_interface_address }}:{{ elasticsearch_port }}"]
|
|
local = true
|
|
cluster_health = true
|
|
{% endif %}
|
|
{% if inventory_hostname in groups['rabbitmq'] and enable_rabbitmq | bool %}
|
|
[[inputs.rabbitmq]]
|
|
url = "{{ rabbitmq_proto }}://{{ api_interface_address }}:{{ rabbitmq_management_port }}"
|
|
username = "{{ rabbitmq_user }}"
|
|
password = "{{ rabbitmq_password }}"
|
|
{% endif %}
|
|
{% if inventory_hostname in groups['outward-rabbitmq'] and enable_outward_rabbitmq | bool %}
|
|
[[inputs.rabbitmq]]
|
|
url = "{{ outward_rabbitmq_proto }}://{{ api_interface_address }}:{{ outward_rabbitmq_management_port }}"
|
|
username = "{{ outward_rabbitmq_user }}"
|
|
password = "{{ outward_rabbitmq_password }}"
|
|
{% endif %}
|
|
{% if inventory_hostname in groups['mariadb'] and enable_mariadb | bool %}
|
|
[[inputs.mysql]]
|
|
servers = ["{{ database_user }}:{{ database_password }}@{{ mariadb_proto }}({{ api_interface_address }}:{{ database_port }})/"]
|
|
perf_events_statements_digest_text_limit = 120
|
|
perf_events_statements_limit = 250
|
|
perf_events_statements_time_limit = 86400
|
|
table_schema_databases = []
|
|
gather_table_schema = true
|
|
gather_process_list = true
|
|
gather_info_schema_auto_inc = true
|
|
gather_slave_status = true
|
|
gather_binary_logs = true
|
|
gather_table_io_waits = true
|
|
gather_table_lock_waits = true
|
|
gather_index_io_waits = true
|
|
gather_event_waits = true
|
|
gather_file_events_stats = true
|
|
gather_perf_events_statements = true
|
|
interval_slow = "30m"
|
|
{% endif %}
|