blob: 73eba31094c0bf1a21a362bc69bd56db479dafe5 [file] [log] [blame]
=============
Panko Formula
=============
Panko is a component of the OpenStack Telemetry project and is designed to
provide a metadata indexing, event storage service which enables users to
capture the state information of OpenStack resources at a given time. Its aim
is to enable a scalable means of storing both short and long term data for
use cases such as auditing and system debugging.
Sample pillars
==============
Single panko service
.. code-block:: yaml
panko:
server:
enabled: true
version: pike
enable_proxy_headers_parsing: True
database:
engine: mysql
host: 10.20.0.101
port: 3306
name: panko
user: panko
password: segreto
bind:
host: 10.20.0.102
port: 8977
identity:
engine: keystone
host: 10.20.0.101
port: 35357
user: panko
password: segreto
region: RegionOne
tenant: service
endpoint_type: internalURL
cache:
engine: memcached
members:
- host: 10.20.0.102
port: 11211
- host: 10.20.0.103
port: 11211
- host: 10.20.0.104
port: 11211
Setting event cleanup
In order to allow events cleanup from one node of the cluster,
server:role field should be set to primary and all others to
secondary to avoid race conditions. On the example below
expirer is set to run every day at 2:00 AM. By default
it will be run every hour.
.. code-block:: yaml
panko:
server:
role: primary
expirer:
cron:
minute: 0
hour: 2
Configuration of policy.json file:
.. code-block:: yaml
panko:
server:
...
policy:
'context_is_admin': 'role:admin'
'segregation': 'rule:context_is_admin'
# Add key without value to remove line from policy.json
'telemetry:events:index':
Enhanced logging with logging.conf
----------------------------------
By default logging.conf is disabled.
That is possible to enable per-binary logging.conf with new variables:
* openstack_log_appender - set it to true to enable log_config_append for all OpenStack services;
* openstack_fluentd_handler_enabled - set to true to enable FluentHandler for all Openstack services.
Only WatchedFileHandler and FluentHandler are available.
Also it is possible to configure this with pillar:
.. note:: This works only if service doesnt run under apache-wsgi
.. code-block:: yaml
panko:
server:
logging:
log_appender: true
log_handlers:
watchedfile:
enabled: true
fluentd:
enabled: true
Enable x509 and ssl communication between Panko and Galera cluster.
---------------------
By default communication between Panko and Galera is unsecure.
panko:
server:
database:
x509:
enabled: True
You able to set custom certificates in pillar:
panko:
server:
database:
x509:
cacert: (certificate content)
cert: (certificate content)
key: (certificate content)
You can read more about it here:
https://docs.openstack.org/security-guide/databases/database-access-control.html
Panko server with memcached caching and security strategy:
--------------------
.. code-block:: yaml
panko:
server:
enabled: true
...
cache:
engine: memcached
members:
- host: 127.0.0.1
port: 11211
- host: 127.0.0.1
port: 11211
security:
enabled: true
strategy: ENCRYPT
secret_key: secret
Change default options using configmap template settings
========================================================
.. code-block:: yaml
panko:
server:
configmap:
DEFAULT:
api_paste_config: api_paste.ini
api:
default_api_return_limit: 100
storage:
max_retries: 10
Change files/directories permissions for panko service:
=======================================
In order to change file permissions the following should be set:
'files' - block to set permissions for files.
- full path to file
- user ( default value is 'root' ) this parameter is optional.
- group ( default value is 'panko' ) this parameter is optional
- mode ( default value is '0640' ) this parameter is optional
'directories' - block to set permissions for directories.
- full path to directory
- user ( default value is 'root' ) this parameter is optional
- group ( default value is 'panko' ) this parameter is optional
- mode ( default value is '0750' ) this parameter is optional
.. code-block:: yaml
panko:
files:
/etc/panko/panko.conf:
user: 'root'
group: 'panko'
mode: '0750'
directories:
/etc/panko:
user: 'root'
group: 'panko'
mode: '0750'
More information
================
* https://wiki.openstack.org/wiki/Telemetry
* https://docs.openstack.org/developer/panko/
* https://github.com/openstack/panko
* https://bugs.launchpad.net/panko