Blame - README.rst - salt-formulas/panko

blob: 3d87973b0fa16d04f0bc926c3aa3dfb0135a5235 [file] [log] [blame]

Petr Jediný	07dfda5	2017-06-17 13:51:58 +0200	[diff] [blame]	1	=============
				2	Panko Formula
				3	=============
				4
				5	Panko is a component of the OpenStack Telemetry project and is designed to
				6	provide a metadata indexing, event storage service which enables users to
				7	capture the state information of OpenStack resources at a given time. Its aim
				8	is to enable a scalable means of storing both short and long term data for
				9	use cases such as auditing and system debugging.
				10
				11	Sample pillars
				12	==============
				13
				14	Single panko service
				15
				16	.. code-block:: yaml
				17
				18	panko:
				19	server:
				20	enabled: true
				21	version: pike
Dzmitry Stremkouski	1c748e8	2018-10-25 16:48:44 +0200	[diff] [blame]	22	enable_proxy_headers_parsing: True
Petr Jediný	07dfda5	2017-06-17 13:51:58 +0200	[diff] [blame]	23	database:
				24	engine: mysql
				25	host: 10.20.0.101
				26	port: 3306
				27	name: panko
				28	user: panko
				29	password: segreto
				30	bind:
				31	host: 10.20.0.102
				32	port: 8977
				33	identity:
				34	engine: keystone
				35	host: 10.20.0.101
				36	port: 35357
				37	user: panko
				38	password: segreto
				39	region: RegionOne
				40	tenant: service
				41	endpoint_type: internalURL
				42	cache:
				43	engine: memcached
				44	members:
				45	- host: 10.20.0.102
				46	port: 11211
				47	- host: 10.20.0.103
				48	port: 11211
				49	- host: 10.20.0.104
				50	port: 11211
				51
Mykyta Karpin	c06d5e8	2018-07-17 17:00:51 +0300	[diff] [blame]	52	Setting event cleanup
				53
				54	In order to allow events cleanup from one node of the cluster,
				55	server:role field should be set to primary and all others to
				56	secondary to avoid race conditions. On the example below
				57	expirer is set to run every day at 2:00 AM. By default
				58	it will be run every hour.
				59
				60	.. code-block:: yaml
				61
				62	panko:
				63	server:
				64	role: primary
				65	expirer:
				66	cron:
				67	minute: 0
				68	hour: 2
				69
Roman Lubianyi	072d6b4	2020-07-22 14:36:31 +0300	[diff] [blame^]	70	Configuration of policy.json file:
				71
				72	.. code-block:: yaml
				73
				74	panko:
				75	server:
				76	...
				77	policy:
				78	'context_is_admin': 'role:admin'
				79	'segregation': 'rule:context_is_admin'
				80	# Add key without value to remove line from policy.json
				81	'telemetry:events:index':
Mykyta Karpin	c06d5e8	2018-07-17 17:00:51 +0300	[diff] [blame]	82
sgarbuz	49d5faa	2018-05-15 13:16:33 +0300	[diff] [blame]	83	Enhanced logging with logging.conf
				84	----------------------------------
				85
				86	By default logging.conf is disabled.
				87
				88	That is possible to enable per-binary logging.conf with new variables:
				89	* openstack_log_appender - set it to true to enable log_config_append for all OpenStack services;
				90	* openstack_fluentd_handler_enabled - set to true to enable FluentHandler for all Openstack services.
				91
				92	Only WatchedFileHandler and FluentHandler are available.
				93
				94	Also it is possible to configure this with pillar:
				95
				96	.. note:: This works only if service doesnt run under apache-wsgi
				97
				98	.. code-block:: yaml
				99
				100	panko:
				101	server:
				102	logging:
				103	log_appender: true
				104	log_handlers:
				105	watchedfile:
				106	enabled: true
				107	fluentd:
				108	enabled: true
				109
Oleksandr Shyshko	3f85206	2018-09-10 14:20:22 +0300	[diff] [blame]	110	Enable x509 and ssl communication between Panko and Galera cluster.
				111	---------------------
				112	By default communication between Panko and Galera is unsecure.
				113
				114	panko:
				115	server:
				116	database:
				117	x509:
				118	enabled: True
				119
				120	You able to set custom certificates in pillar:
				121
				122	panko:
				123	server:
				124	database:
				125	x509:
				126	cacert: (certificate content)
				127	cert: (certificate content)
				128	key: (certificate content)
				129
				130	You can read more about it here:
				131	https://docs.openstack.org/security-guide/databases/database-access-control.html
Petr Jediný	07dfda5	2017-06-17 13:51:58 +0200	[diff] [blame]	132
Oleksandr Bryndzii	dcb7d7b	2018-10-04 12:19:42 +0300	[diff] [blame]	133	Panko server with memcached caching and security strategy:
				134	--------------------
				135	.. code-block:: yaml
				136
				137	panko:
				138	server:
				139	enabled: true
				140	...
				141	cache:
				142	engine: memcached
				143	members:
				144	- host: 127.0.0.1
				145	port: 11211
				146	- host: 127.0.0.1
				147	port: 11211
				148	security:
				149	enabled: true
				150	strategy: ENCRYPT
				151	secret_key: secret
Oleksandr Pidrepnyi	31c752a	2019-05-13 18:19:30 +0300	[diff] [blame]	152
				153	Change default options using configmap template settings
				154	========================================================
				155
				156	.. code-block:: yaml
				157
				158	panko:
				159	server:
				160	configmap:
				161	DEFAULT:
				162	api_paste_config: api_paste.ini
				163	api:
				164	default_api_return_limit: 100
				165	storage:
				166	max_retries: 10
				167
Petr Jediný	07dfda5	2017-06-17 13:51:58 +0200	[diff] [blame]	168	More information
				169	================
				170
				171	* https://wiki.openstack.org/wiki/Telemetry
				172	* https://docs.openstack.org/developer/panko/
				173	* https://github.com/openstack/panko
				174	* https://bugs.launchpad.net/panko