Paul Bourke d8fe3ea780 Add a new 'outward' rabbitmq instance
Certain services such as Murano and trove require access to a rabbitmq
instance from tenant networks. [0]

Exposing the internal rabbitmq to end users is a security hole, hence
there are two options, 1) use vhosts in the existing rabbitmq, or two a
separate rabbitmq instances. Given the importance of rabbitmq to the
OpenStack deployment, we have decided to go with a separate instance.
Refer to [1] for more detail on the various options.

This change makes the rabbitmq role generic so that it can be reused, in
this case to start 'outward_rabbitmq'. It needs to be exposed via
haproxy both for network isolation and also because this is what Murano
configuration requires.

Follow on patches will be added to add a vhost in this outward instance
for Murano and other services which require access.

Based on the original work by bdaca[2]

[0] http://murano.readthedocs.io/en/stable-liberty/intro/architecture.html
[1] http://lists.openstack.org/pipermail/openstack-dev/2016-December/109091.html
[2] https://review.openstack.org/#/c/374525

Change-Id: Ib2bcc7ed4bf4f883a7cd1dfad3db89201e3cfd8d
Partial-Bug: #1620374
Depends-On: I020eb6219f89a310451becde41f6f1c7f54baadd
Co-Authored-By: Bartłomiej Daca <bartek.daca@gmail.com>
2017-06-15 11:12:22 +00:00

82 lines
3.4 KiB
Django/Jinja

[global_tags]
[agent]
interval = "10s"
round_interval = true
metric_batch_size = 1000
metric_buffer_limit = 10000
collection_jitter = "0s"
flush_interval = "10s"
flush_jitter = "0s"
debug = false
quiet = false
hostname = ""
omit_hostname = false
[[outputs.influxdb]]
urls = [{% for host in groups['influxdb'] %}"{{ influxdb_proto }}://{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address']}}:{{ influxdb_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
database = "telegraf" # required
retention_policy = "autogen"
write_consistency = "any"
timeout = "5s"
[[inputs.cpu]]
percpu = true
totalcpu = true
fielddrop = ["time_*"]
[[inputs.disk]]
ignore_fs = ["tmpfs", "devtmpfs"]
[[inputs.diskio]]
[[inputs.influxdb]]
urls = [{% for host in groups['influxdb'] %}"{{ influxdb_proto }}://{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address']}}:{{ influxdb_http_port }}/debug/vars"{% if not loop.last %},{% endif %}{% endfor %}]
[[inputs.kernel]]
[[inputs.mem]]
[[inputs.processes]]
[[inputs.swap]]
[[inputs.system]]
[[inputs.net]]
interfaces = []
{% if inventory_hostname in groups['haproxy'] and enable_haproxy | bool %}
[[inputs.haproxy]]
servers = ["{{ haproxy_proto }}://{{ haproxy_user }}:{{ haproxy_password }}@{{ api_interface_address }}:{{ haproxy_stats_port }}"]
{% endif %}
{% if inventory_hostname in groups['memcached'] and enable_memcached | bool %}
[[inputs.memcached]]
servers = ["{{ api_interface_address }}:{{ memcached_port }}"]
{% endif %}
{% if inventory_hostname in groups['elasticsearch'] and enable_elasticsearch | bool %}
[[inputs.elasticsearch]]
servers = ["{{ elasticsearch_proto }}://{{ api_interface_address }}:{{ elasticsearch_port }}"]
local = true
cluster_health = true
{% endif %}
{% if inventory_hostname in groups['rabbitmq'] and enable_rabbitmq | bool %}
[[inputs.rabbitmq]]
url = "{{ rabbitmq_proto }}://{{ api_interface_address }}:{{ rabbitmq_management_port }}"
username = "{{ rabbitmq_user }}"
password = "{{ rabbitmq_password }}"
{% endif %}
{% if inventory_hostname in groups['outward-rabbitmq'] and enable_outward_rabbitmq | bool %}
[[inputs.rabbitmq]]
url = "{{ outward_rabbitmq_proto }}://{{ api_interface_address }}:{{ outward_rabbitmq_management_port }}"
username = "{{ outward_rabbitmq_user }}"
password = "{{ outward_rabbitmq_password }}"
{% endif %}
{% if inventory_hostname in groups['mariadb'] and enable_mariadb | bool %}
[[inputs.mysql]]
servers = ["{{ database_user }}:{{ database_password }}@{{ mariadb_proto }}({{ api_interface_address }}:{{ database_port }})/"]
perf_events_statements_digest_text_limit = 120
perf_events_statements_limit = 250
perf_events_statements_time_limit = 86400
table_schema_databases = []
gather_table_schema = true
gather_process_list = true
gather_info_schema_auto_inc = true
gather_slave_status = true
gather_binary_logs = true
gather_table_io_waits = true
gather_table_lock_waits = true
gather_index_io_waits = true
gather_event_waits = true
gather_file_events_stats = true
gather_perf_events_statements = true
interval_slow = "30m"
{% endif %}