Merge "Add prometheus main dashboard"

commit: ffb15612f7f8032f68fb3085e2375c67dfa98c44 [log] [tgz]
author: Martin Polreich <mpolreich@mirantis.com> Wed Oct 18 11:22:09 2017 +0000
committer: Gerrit Code Review <gerrit2@7cd0c2eb159e> Wed Oct 18 11:22:09 2017 +0000
tree: 1ed477a25e377f6cc8618d9274c9ca5facfa9c37
parent: 83c94880e9f0294f69b302c6fe54bfda7bb3e797 [diff]
parent: a7dbb72d176e4f40b9b35a14076472173bb0d5d6 [diff]
diff --git a/README.rst b/README.rst
index bb7146f..89593bd 100644
--- a/README.rst
+++ b/README.rst

@@ -664,6 +664,18 @@
         policy:
           admin_or_token_subject: 'rule:admin_required or rule:token_subject'
 
+Setting up default admin project name and domain
+
+.. code-block:: yaml
+
+
+    keystone:
+      server:
+        ....
+        admin_project:
+          name: "admin"
+          domain: "default"
+
 Usage
 =====
 

diff --git a/keystone/files/grafana_dashboards/keystone_prometheus.json b/keystone/files/grafana_dashboards/keystone_prometheus.json
index 1d0e495..6d64799 100755
--- a/keystone/files/grafana_dashboards/keystone_prometheus.json
+++ b/keystone/files/grafana_dashboards/keystone_prometheus.json

@@ -21,8 +21,8 @@
           "colorValue": true,
           "colors": [
             "rgba(245, 54, 54, 0.9)",
-            "rgba(237, 129, 40, 0.89)",
-            "rgba(50, 172, 45, 0.97)"
+            "rgba(50, 172, 45, 0.97)",
+            "rgba(237, 129, 40, 0.89)"
           ],
           "datasource": null,
           "format": "none",
@@ -79,7 +79,7 @@
               "step": 60
             }
           ],
-          "thresholds": "1,0",
+          "thresholds": "0.5,1.5",
           "title": "API Availability",
           "type": "singlestat",
           "valueFontSize": "80%",
@@ -91,13 +91,18 @@
             },
             {
               "op": "=",
+              "text": "DOWN",
+              "value": "0"
+            },
+            {
+              "op": "=",
               "text": "OK",
               "value": "1"
             },
             {
               "op": "=",
-              "text": "DOWN",
-              "value": "0"
+              "text": "UNKNOWN",
+              "value": "2"
             }
           ],
           "valueName": "current"

diff --git a/keystone/files/keystonercv3 b/keystone/files/keystonercv3
index 9da173c..bf2b3ad 100644
--- a/keystone/files/keystonercv3
+++ b/keystone/files/keystonercv3

@@ -9,4 +9,5 @@
 export OS_PASSWORD={{ server.admin_password }}
 export OS_REGION_NAME={{ server.region }}
 export OS_INTERFACE=internal
+export OS_ENDPOINT_TYPE="internal"
 export OS_CACERT="{{ server.cacert }}"

diff --git a/keystone/files/ocata/keystone.conf.Debian b/keystone/files/ocata/keystone.conf.Debian
index 59b1cff..c15982f 100644
--- a/keystone/files/ocata/keystone.conf.Debian
+++ b/keystone/files/ocata/keystone.conf.Debian

@@ -2612,6 +2612,9 @@
 # Name of the domain that owns the `admin_project_name`. If left unset, then
 # there is no admin project. `[resource] admin_project_name` must also be set
 # to use this option. (string value)
+{%- if server.admin_project is defined %}
+admin_project_domain_name = {{ server.admin_project.domain }}
+{%- endif %}
 #admin_project_domain_name = <None>
 
 # This is a special project which represents cloud-level administrator
@@ -2622,6 +2625,9 @@
 # means of cross-project role assignments. `[resource]
 # admin_project_domain_name` must also be set to use this option. (string
 # value)
+{%- if server.admin_project is defined %}
+admin_project_name = {{ server.admin_project.name }}
+{%- endif %}
 #admin_project_name = <None>
 
 # This controls whether the names of projects are restricted from containing

diff --git a/keystone/files/ocata/keystone.conf.RedHat b/keystone/files/ocata/keystone.conf.RedHat
index 663854e..7f4d9f1 100644
--- a/keystone/files/ocata/keystone.conf.RedHat
+++ b/keystone/files/ocata/keystone.conf.RedHat

@@ -2560,6 +2560,9 @@
 # Name of the domain that owns the `admin_project_name`. If left unset, then
 # there is no admin project. `[resource] admin_project_name` must also be set
 # to use this option. (string value)
+{%- if server.admin_project is defined %}
+admin_project_domain_name = {{ server.admin_project.domain }}
+{%- endif %}
 #admin_project_domain_name = <None>
 
 # This is a special project which represents cloud-level administrator
@@ -2570,6 +2573,9 @@
 # means of cross-project role assignments. `[resource]
 # admin_project_domain_name` must also be set to use this option. (string
 # value)
+{%- if server.admin_project is defined %}
+admin_project_name = {{ server.admin_project.name }}
+{%- endif %}
 #admin_project_name = <None>
 
 # This controls whether the names of projects are restricted from containing
@@ -3058,4 +3064,4 @@
 # unless you are providing a custom entry point. (string value)
 #driver = sql
 [extra_headers]
-Distribution = Ubuntu
\ No newline at end of file
+Distribution = Ubuntu

diff --git a/keystone/map.jinja b/keystone/map.jinja
index 35a2613..01dc3f4 100644
--- a/keystone/map.jinja
+++ b/keystone/map.jinja

@@ -62,6 +62,7 @@
 {% set monitoring = salt['grains.filter_by']({
     'default': {
         'error_log_rate': 0.2,
+        'http_response_time_p90': 0.3,
         'failed_auths': {
             'percentage': 50,
             'all_auths_rate': 0.1,

diff --git a/keystone/meta/prometheus.yml b/keystone/meta/prometheus.yml
index 33a5b3c..fc3568f 100644
--- a/keystone/meta/prometheus.yml
+++ b/keystone/meta/prometheus.yml

@@ -14,6 +14,17 @@
         summary: "Endpoint check for '{{ $labels.service }}' is down"
         description: >-
             Endpoint check for '{{ $labels.service }}' is down for 2 minutes
+    KeystoneAPIServiceDown:
+      if: >-
+        http_response_status{service=~"keystone.*"} == 0
+      for: 2m
+      labels:
+        severity: down
+        service: "{{ $labels.service }}"
+      annotations:
+        summary: "HTTP check for '{{ $labels.service }}' down"
+        description: >-
+            The HTTP check for '{{ $labels.service }}' is down on {{ $labels.host }} for 2 minutes.
     KeystoneErrorLogsTooHigh:
 {%- endraw %}
       {%- set log_threshold = monitoring.error_log_rate|float %}
@@ -38,5 +49,17 @@
       annotations:
         summary: 'Too many failed authentications in Keystone'
         description: 'The rate of failed authentications in Keystone over the last 5 minutes is too high (current value={{ $value }}, threshold={%- endraw %}{{ auth_threshold }}).'
+    KeystoneAPITooSlow:
+      {%- set response_time_threshold = monitoring.http_response_time_p90|float %}
+      if: >-
+        max by(host) (openstack_keystone_http_response_times_upper_90{http_method=~"^(GET|POST)$",http_status="2xx"}) >= {{ response_time_threshold }}
+{%- raw %}
+      for: 2m
+      labels:
+        severity: warning
+        service: keystone
+      annotations:
+        summary: 'Keystone API too slow'
+        description: 'The 90th percentile of the Keystone API response times for GET and POST requests is too high on node {{ $labels.host }} (current value={{ $value }}s, threshold={%- endraw %}{{ response_time_threshold }}s).'
 
 {%- endif %}

diff --git a/keystone/server.sls b/keystone/server.sls
index fc29a27..97fa2e0 100644
--- a/keystone/server.sls
+++ b/keystone/server.sls

@@ -259,7 +259,7 @@
 {%- if not grains.get('noservices', False) %}
 keystone_syncdb:
   cmd.run:
-  - name: keystone-manage db_sync; sleep 1
+  - name: keystone-manage db_sync && sleep 1
   - timeout: 120
   - require:
     - service: {{ keystone_service }}
commit	ffb15612f7f8032f68fb3085e2375c67dfa98c44	[log] [tgz]
author	Martin Polreich <mpolreich@mirantis.com>	Wed Oct 18 11:22:09 2017 +0000
committer	Gerrit Code Review <gerrit2@7cd0c2eb159e>	Wed Oct 18 11:22:09 2017 +0000
tree	1ed477a25e377f6cc8618d9274c9ca5facfa9c37
parent	83c94880e9f0294f69b302c6fe54bfda7bb3e797 [diff]
parent	a7dbb72d176e4f40b9b35a14076472173bb0d5d6 [diff]