blob: 04e79edfdde77e868ce74291196367f9a50136cc [file] [log] [blame]
Simon Pasquier418cacc2016-11-24 17:19:05 +01001
2==================================
3aodh
4==================================
5
Nadya Shakhat1014c4e2017-04-28 16:49:27 +04006Aodh is an alarming service for OpenStack. It used to be a part of Ceilometer, but starting from Mitaka it
7is a separate project. Aodh supports several types of alarms like threshold, event, composite and gnocchi-specific.
Dmitry Kalashnik69f49552017-12-07 15:56:43 +04008In cluster mode, coordination is enabled via tooz with Redis backend.
Nadya Shakhat1014c4e2017-04-28 16:49:27 +04009MySQL is used as a data backend for alarms and alarm history.
Simon Pasquier418cacc2016-11-24 17:19:05 +010010
11Sample pillars
12==============
13
Nadya Shakhat1014c4e2017-04-28 16:49:27 +040014Cluster aodh service
Simon Pasquier418cacc2016-11-24 17:19:05 +010015
16.. code-block:: yaml
17
18 aodh:
19 server:
20 enabled: true
Nadya Shakhat1014c4e2017-04-28 16:49:27 +040021 version: mitaka
22 ttl: 86400
Dmitry Kalashnik69f49552017-12-07 15:56:43 +040023 cluster: true
Dzmitry Stremkouskib59600e2018-10-25 16:53:15 +020024 enable_proxy_headers_parsing: True
25 database:
26 engine: "mysql+pymysql"
27 host: 10.0.106.20
28 port: 3306
29 name: aodh
30 user: aodh
31 password: password
32 bind:
33 host: 10.0.106.20
34 port: 8042
35 identity:
36 engine: keystone
37 host: 10.0.106.20
38 port: 35357
39 tenant: service
40 user: aodh
41 password: password
42 message_queue:
43 engine: rabbitmq
44 port: 5672
45 user: openstack
46 password: password
47 virtual_host: '/openstack'
48 cache:
49 members:
50 - host: 10.10.10.10
51 port: 11211
52 - host: 10.10.10.11
53 port: 11211
54 - host: 10.10.10.12
55 port: 11211
Simon Pasquier418cacc2016-11-24 17:19:05 +010056
Mykyta Karpin4e6d69b2018-07-12 18:19:47 +030057Setting alarm history cleanup
58
59In order to allow alarm cleanup from one node of the cluster,
60server:role field should be set to primary and all others to
61secondaey to avoid race conditions. On the example below
62expirer is set to run every day at 2:00 AM. By default
63it will be run every hour.
64
65.. code-block:: yaml
66
67 aodh:
68 server:
69 role: primary
70 expirer:
71 cron:
72 minute: 0
73 hour: 2
Simon Pasquier418cacc2016-11-24 17:19:05 +010074
Dmitry Kalashnik69f49552017-12-07 15:56:43 +040075Enhanced logging with logging.conf
76----------------------------------
77
78By default logging.conf is disabled.
79
80That is possible to enable per-binary logging.conf with new variables:
81 * openstack_log_appender - set it to true to enable log_config_append for all OpenStack services;
82 * openstack_fluentd_handler_enabled - set to true to enable FluentHandler for all Openstack services.
Oleksii Chupryn2ac67002018-05-04 14:06:32 +030083 * openstack_ossyslog_handler_enabled - set to true to enable OSSysLogHandler for all Openstack services.
Dmitry Kalashnik69f49552017-12-07 15:56:43 +040084
Oleksii Chupryn2ac67002018-05-04 14:06:32 +030085Only WatchedFileHandler, OSSysLogHandler and FluentHandler are available.
Dmitry Kalashnik69f49552017-12-07 15:56:43 +040086
87Also it is possible to configure this with pillar:
88
89.. code-block:: yaml
90
91 aodh:
92 server:
93 logging:
94 log_appender: true
95 log_handlers:
96 watchedfile:
97 enabled: true
98 fluentd:
99 enabled: true
Oleksii Chupryn2ac67002018-05-04 14:06:32 +0300100 ossyslog:
101 enabled: true
Dmitry Kalashnik69f49552017-12-07 15:56:43 +0400102
Oleksandr Shyshko0b912d82018-09-04 18:47:40 +0300103Enable x509 and ssl communication between Aodh and Galera cluster.
104---------------------
105By default communication between Aodh and Galera is unsecure.
106
107aodh:
108 server:
109 database:
110 x509:
111 enabled: True
112
113You able to set custom certificates in pillar:
114
115aodh:
116 server:
117 database:
118 x509:
119 cacert: (certificate content)
120 cert: (certificate content)
121 key: (certificate content)
122
123You can read more about it here:
124 https://docs.openstack.org/security-guide/databases/database-access-control.html
125
Oleksandr Bryndzii152fbfc2018-10-04 11:40:58 +0300126Aodh server with memcached caching and security strategy:
127
128.. code-block:: yaml
129
130 aodh:
131 server:
132 enabled: true
133 ...
134 cache:
135 engine: memcached
136 members:
137 - host: 127.0.0.1
138 port: 11211
139 - host: 127.0.0.1
140 port: 11211
141 security:
142 enabled: true
143 strategy: ENCRYPT
144 secret_key: secret
145
Mykyta Karpin551da192019-04-04 11:12:22 +0000146Setup redis coordination_backend url:
147---------------------------
148.. code-block:: yaml
149
150 aodh:
151 server:
152 coordination_backend:
153 engine: redis
154 redis:
155 password: pswd
156 user: openstack
157 db: '0'
158 sentinel:
159 host: 127.0.0.1
160 master_name: master_1
161 fallback:
162 - host: 127.0.1.1
163 - host: 127.0.2.1
164
Oleksandr Pidrepnyi94a84092019-05-13 18:07:26 +0300165Change default options using configmap template settings
166========================================================
167
168.. code-block:: yaml
169
170 aodh:
171 server:
172 configmap:
173 DEFAULT:
174 rest_notifier_max_retries: 0
175 notifier_topic: alarming
176 api:
177 user_alarm_quota: 10
178 project_alarm_quota: 10
179 alarm_max_actions: -1
180
Simon Pasquier418cacc2016-11-24 17:19:05 +0100181Development and testing
182=======================
183
184Development and test workflow with `Test Kitchen <http://kitchen.ci>`_ and
185`kitchen-salt <https://github.com/simonmcc/kitchen-salt>`_ provisioner plugin.
186
187Test Kitchen is a test harness tool to execute your configured code on one or more platforms in isolation.
188There is a ``.kitchen.yml`` in main directory that defines *platforms* to be tested and *suites* to execute on them.
189
190Kitchen CI can spin instances locally or remote, based on used *driver*.
191For local development ``.kitchen.yml`` defines a `vagrant <https://github.com/test-kitchen/kitchen-vagrant>`_ or
192`docker <https://github.com/test-kitchen/kitchen-docker>`_ driver.
193
194To use backend drivers or implement your CI follow the section `INTEGRATION.rst#Continuous Integration`__.
195
196The `Busser <https://github.com/test-kitchen/busser>`_ *Verifier* is used to setup and run tests
197implementated in `<repo>/test/integration`. It installs the particular driver to tested instance
198(`Serverspec <https://github.com/neillturner/kitchen-verifier-serverspec>`_,
199`InSpec <https://github.com/chef/kitchen-inspec>`_, Shell, Bats, ...) prior the verification is executed.
200
201Usage:
202
203.. code-block:: shell
204
205 # list instances and status
206 kitchen list
207
208 # manually execute integration tests
209 kitchen [test || [create|converge|verify|exec|login|destroy|...]] [instance] -t tests/integration
210
211 # use with provided Makefile (ie: within CI pipeline)
212 make kitchen
213
214
215
216Read more
217=========
218
Nadya Shakhat1014c4e2017-04-28 16:49:27 +0400219* https://docs.openstack.org/cli-reference/aodh.html
220* https://docs.openstack.org/developer/aodh/