vexxhost/openstack-monitoring
Code Issues Proposed changes

initial commit

Browse Source 
Change-Id: I87aa6de6ab5c8311ad76396cf4b35396f88d8735
This commit is contained in:
Mohammed Naser 2019-07-31 14:44:39 -04:00
parent e101f4a97a
commit 08fc5bcea1
28 changed files with 1008 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
.tox
doc/build

3
doc/requirements.txt Normal file
View File

@ -0,0 +1,3 @@
doc8==0.8.0
reno==2.11.3
Sphinx==2.1.2

3
doc/source/conf.py Normal file
View File

@ -0,0 +1,3 @@
project = 'openstack-monitoring'
copyright = '2019, VEXXHOST, Inc.'
author = 'VEXXHOST, Inc.'

67
doc/source/index.rst Normal file
View File

@ -0,0 +1,67 @@
OpenStack-Ansible Monitoring
============================
``openstack-monitoring`` is a repository that contains a set of playbooks which
deploy ``sensu-client``, configure it to point towards the RabbitMQ cluster
that hosts your ``sensu-server`` and sets up monitoring for an OpenStack
cloud deployed using OpenStack-Ansible.
Usage
-----
The playbooks are quite straightforward to use. You'll need to clone them
locally on your OpenStack-Ansible deploy node as they rely on the inventory
structure used by OpenStack-Ansible to work.
#. Clone the latest version of the ``openstack-monitoring`` Git repository in
the ``/opt/openstack-monitoring`` directory:
.. code::
git clone https://opendev.org/vexxhost/openstack-monitoring /opt/openstack-monitoring
#. Add the following variables inside your ``user_variables.yml`` file in order
for the playbooks to ensure that they point towards the RabbitMQ which your
``sensu-server`` is configured to listen to.
.. code::
sensu_rabbitmq_host:
sensu_rabbitmq_user:
#. Add the following variables inside your ``user_secrets.yml`` file in order
for the playbooks to authenticate to your RabbitMQ server (for Sensu) and
for the monitoring accounts which will be created by the playbooks.
.. code::
sensu_rabbitmq_password:
sensu_monitoring_galera_password:
sensu_monitoring_rabbitmq_password:
.. note::
All of the variables that start with ``sensu_monitoring`` are used for the
monitoring infrastructure. The playbooks will create a MySQL user account
and RabbitMQ user account which will be used for monitoring.
#. You can choose to run individual playbooks from within the ``playbooks``
folder or you can opt to run all the playbooks right away by using
the ``setup-everything.yml`` playbook.
.. code::
openstack-ansible setup-everything.yml
The playbooks are named after the same ones inside OpenStack-Ansible so
it should be very easy to find which ones that you need to run specifically
if you need that.
Contributing
------------
This project is hosted inside OpenDev, so it uses Gerrit for code review for
changes. You can read more about how the process works by checking out
the `Learn the Gerrit Workflow in the Sandbox`_ article.
.. _`Learn the Gerrit Workflow in the Sandbox`: https://docs.openstack.org/infra/manual/sandbox.html

42
playbooks/ceph-install.yml Normal file
View File

@ -0,0 +1,42 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Monitor ceph mons
hosts: ceph-mon
gather_facts: "{{ osa_gather_facts | default(True) }}"
user: root
roles:
- role: sensu_common
tasks:
- import_tasks: common-tasks/install-plugins.yml
vars:
sensu_plugins: ['sensu-plugins-ceph']
- import_tasks: common-tasks/configure-sudo.yml
vars:
sensu_commands:
- /opt/sensu/embedded/bin/check-ceph.rb -d
- import_tasks: common-tasks/setup-checks.yml
vars:
sensu_checks:
- name: ceph
command: sudo check-ceph.rb -d
vars:
sensu_service: ceph
environment: "{{ deployment_environment_variables | default({}) }}"
tags:
- ceph
- ceph-mon

20
playbooks/common-tasks/configure-sudo.yml Normal file
View File

@ -0,0 +1,20 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Allow sensu to sudo
copy:
content: "sensu ALL=(ALL) NOPASSWD: {{ sensu_commands|join('\n') }}\n"
dest: "/etc/sudoers.d/sensu_{{ sensu_service }}"
mode: 0440

21
playbooks/common-tasks/install-plugins.yml Normal file
View File

@ -0,0 +1,21 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install Sensu plugins
gem:
name: "{{ item }}"
executable: /opt/sensu/embedded/bin/gem
user_install: false
with_items: "{{ sensu_plugins }}"

24
playbooks/common-tasks/setup-checks.yml Normal file
View File

@ -0,0 +1,24 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Add checks
sensu_check:
name: "{{ item.name }}"
command: "{{ item.command }}"
interval: "{{ item.interval | default(60) }}"
standalone: true
path: "/etc/sensu/conf.d/{{ sensu_service }}.json"
notify: Restart sensu-client
with_items: "{{ sensu_checks }}"

66
playbooks/galera-install.yml Normal file
View File

@ -0,0 +1,66 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Monitor galera
hosts: galera_all
gather_facts: "{{ osa_gather_facts | default(True) }}"
user: root
roles:
- role: sensu_common
tasks:
- name: Install missing libraries
yum:
name:
- MariaDB-devel
- MariaDB-shared
state: present
- import_tasks: common-tasks/install-plugins.yml
vars:
sensu_plugins: ['sensu-plugins-mysql', 'sensu-plugins-percona']
- name: Create monitoring user
run_once: true
mysql_user:
name: sensu
password: "{{ sensu_monitoring_galera_password }}"
host: "%"
priv: 'test.*:ALL/*.*:PROCESS'
- name: Create .my.cnf file
template:
src: my.cnf.j2
dest: /opt/sensu/.my.cnf
- import_tasks: common-tasks/setup-checks.yml
vars:
sensu_checks:
- name: mysql-alive
command: "check-mysql-alive.rb -h{{ galera_wsrep_address }} -i /opt/sensu/.my.cnf"
- name: mysql-status
command: "check-mysql-status.rb -h{{ galera_wsrep_address }} -i /opt/sensu/.my.cnf"
- name: mysql-innodb-lock
command: "check-mysql-innodb-lock.rb -h{{ galera_wsrep_address }} -i /opt/sensu/.my.cnf"
- name: mysql-connections
command: "check-mysql-connections.rb -h{{ galera_wsrep_address }} -i /opt/sensu/.my.cnf -a -w 80 -c 90"
- name: percona-cluster-size
command: "check-percona-cluster-size.rb -i /opt/sensu/.my.cnf -e {{ groups['galera_all'] | length }}"
vars:
galera_server_id: "{{ inventory_hostname | string_2_int }}"
galera_wsrep_node_name: "{{ container_name | default(inventory_hostname) }}"
sensu_service: galera
environment: "{{ deployment_environment_variables | default({}) }}"
tags:
- galera

41
playbooks/haproxy-install.yml Normal file
View File

@ -0,0 +1,41 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Monitor haproxy
hosts: haproxy
gather_facts: "{{ osa_gather_facts | default(True) }}"
user: root
roles:
- role: sensu_common
tasks:
- import_tasks: common-tasks/install-plugins.yml
vars:
sensu_plugins: ['sensu-plugins-haproxy']
- import_tasks: common-tasks/configure-sudo.yml
vars:
sensu_commands:
- /opt/sensu/embedded/bin/check-haproxy.rb -S /var/run/haproxy.stat -c 100 -b 100 -B 100 -A
- import_tasks: common-tasks/setup-checks.yml
vars:
sensu_checks:
- name: haproxy
command: sudo check-haproxy.rb -S /var/run/haproxy.stat -c 100 -b 100 -B 100 -A
vars:
sensu_service: haproxy
environment: "{{ deployment_environment_variables | default({}) }}"
tags:
- haproxy

321
playbooks/library/rabbitmq_user.py Normal file
View File

@ -0,0 +1,321 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2013, Chatham Financial <oss@chathamfinancial.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: rabbitmq_user
short_description: Adds or removes users to RabbitMQ
description:
- Add or remove users to RabbitMQ and assign permissions
version_added: "1.1"
author: '"Chris Hoffman (@chrishoffman)"'
options:
user:
description:
- Name of user to add
required: true
aliases: [username, name]
password:
description:
- Password of user to add.
- To change the password of an existing user, you must also specify
C(update_password=always).
tags:
description:
- User tags specified as comma delimited
permissions:
description:
- a list of dicts, each dict contains vhost, configure_priv, write_priv, and read_priv,
and represents a permission rule for that vhost.
- This option should be preferable when you care about all permissions of the user.
- You should use vhost, configure_priv, write_priv, and read_priv options instead
if you care about permissions for just some vhosts.
default: []
vhost:
description:
- vhost to apply access privileges.
- This option will be ignored when permissions option is used.
default: /
node:
description:
- erlang node name of the rabbit we wish to configure
default: rabbit
version_added: "1.2"
configure_priv:
description:
- Regular expression to restrict configure actions on a resource
for the specified vhost.
- By default all actions are restricted.
- This option will be ignored when permissions option is used.
default: ^$
write_priv:
description:
- Regular expression to restrict configure actions on a resource
for the specified vhost.
- By default all actions are restricted.
- This option will be ignored when permissions option is used.
default: ^$
read_priv:
description:
- Regular expression to restrict configure actions on a resource
for the specified vhost.
- By default all actions are restricted.
- This option will be ignored when permissions option is used.
default: ^$
force:
description:
- Deletes and recreates the user.
type: bool
default: 'no'
state:
description:
- Specify if user is to be added or removed
default: present
choices: [present, absent]
update_password:
description:
- C(on_create) will only set the password for newly created users. C(always) will update passwords if they differ.
required: false
default: on_create
choices: [ on_create, always ]
version_added: "2.6"
'''
EXAMPLES = '''
# Add user to server and assign full access control on / vhost.
# The user might have permission rules for other vhost but you don't care.
- rabbitmq_user:
user: joe
password: changeme
vhost: /
configure_priv: .*
read_priv: .*
write_priv: .*
state: present
# Add user to server and assign full access control on / vhost.
# The user doesn't have permission rules for other vhosts
- rabbitmq_user:
user: joe
password: changeme
permissions:
- vhost: /
configure_priv: .*
read_priv: .*
write_priv: .*
state: present
'''
from ansible.module_utils.basic import AnsibleModule
class RabbitMqUser(object):
def __init__(self, module, username, password, tags, permissions,
node, bulk_permissions=False):
self.module = module
self.username = username
self.password = password
self.node = node
if not tags:
self.tags = list()
else:
self.tags = tags.split(',')
self.permissions = permissions
self.bulk_permissions = bulk_permissions
self._tags = None
self._permissions = []
self._rabbitmqctl = module.get_bin_path('rabbitmqctl', True)
def _exec(self, args, run_in_check_mode=False):
if not self.module.check_mode or run_in_check_mode:
cmd = [self._rabbitmqctl, '-q']
if self.node is not None:
cmd.extend(['-n', self.node])
rc, out, err = self.module.run_command(cmd + args, check_rc=True)
return out.splitlines()
return list()
def get(self):
users = self._exec(['list_users'], True)
for user_tag in users:
if '\t' not in user_tag:
continue
user, tags = user_tag.split('\t')
if user == self.username:
for c in ['[', ']', ' ']:
tags = tags.replace(c, '')
if tags != '':
self._tags = tags.split(',')
else:
self._tags = list()
self._permissions = self._get_permissions()
return True
return False
def _get_permissions(self):
perms_out = [perm for perm in self._exec(['list_user_permissions', self.username], True) if perm.strip()]
# NOTE(mnaser): Fix for RabbitMQ >= 3.7.9
if perms_out[0] == 'vhost\tconfigure\twrite\tread':
perms_out.pop(0)
perms_list = list()
for perm in perms_out:
vhost, configure_priv, write_priv, read_priv = perm.split('\t')
if not self.bulk_permissions:
if vhost == self.permissions[0]['vhost']:
perms_list.append(dict(vhost=vhost, configure_priv=configure_priv,
write_priv=write_priv, read_priv=read_priv))
break
else:
perms_list.append(dict(vhost=vhost, configure_priv=configure_priv,
write_priv=write_priv, read_priv=read_priv))
return perms_list
def check_password(self):
return self._exec(['authenticate_user', self.username, self.password], True)
def add(self):
if self.password is not None:
self._exec(['add_user', self.username, self.password])
else:
self._exec(['add_user', self.username, ''])
self._exec(['clear_password', self.username])
def delete(self):
self._exec(['delete_user', self.username])
def change_password(self):
if self.password is not None:
self._exec(['change_password', self.username, self.password])
else:
self._exec(['clear_password', self.username])
def set_tags(self):
self._exec(['set_user_tags', self.username] + self.tags)
def set_permissions(self):
for permission in self._permissions:
if permission not in self.permissions:
cmd = ['clear_permissions', '-p']
cmd.append(permission['vhost'])
cmd.append(self.username)
self._exec(cmd)
for permission in self.permissions:
if permission not in self._permissions:
cmd = ['set_permissions', '-p']
cmd.append(permission['vhost'])
cmd.append(self.username)
cmd.append(permission['configure_priv'])
cmd.append(permission['write_priv'])
cmd.append(permission['read_priv'])
self._exec(cmd)
def has_tags_modifications(self):
return set(self.tags) != set(self._tags)
def has_permissions_modifications(self):
return sorted(self._permissions) != sorted(self.permissions)
def main():
arg_spec = dict(
user=dict(required=True, aliases=['username', 'name']),
password=dict(default=None, no_log=True),
tags=dict(default=None),
permissions=dict(default=list(), type='list'),
vhost=dict(default='/'),
configure_priv=dict(default='^$'),
write_priv=dict(default='^$'),
read_priv=dict(default='^$'),
force=dict(default='no', type='bool'),
state=dict(default='present', choices=['present', 'absent']),
node=dict(default=None),
update_password=dict(default='on_create', choices=['on_create', 'always'])
)
module = AnsibleModule(
argument_spec=arg_spec,
supports_check_mode=True
)
username = module.params['user']
password = module.params['password']
tags = module.params['tags']
permissions = module.params['permissions']
vhost = module.params['vhost']
configure_priv = module.params['configure_priv']
write_priv = module.params['write_priv']
read_priv = module.params['read_priv']
force = module.params['force']
state = module.params['state']
node = module.params['node']
update_password = module.params['update_password']
bulk_permissions = True
if not permissions:
perm = {
'vhost': vhost,
'configure_priv': configure_priv,
'write_priv': write_priv,
'read_priv': read_priv
}
permissions.append(perm)
bulk_permissions = False
rabbitmq_user = RabbitMqUser(module, username, password, tags, permissions,
node, bulk_permissions=bulk_permissions)
result = dict(changed=False, user=username, state=state)
if rabbitmq_user.get():
if state == 'absent':
rabbitmq_user.delete()
result['changed'] = True
else:
if force:
rabbitmq_user.delete()
rabbitmq_user.add()
rabbitmq_user.get()
result['changed'] = True
elif update_password == 'always':
if not rabbitmq_user.check_password():
rabbitmq_user.change_password()
result['changed'] = True
if rabbitmq_user.has_tags_modifications():
rabbitmq_user.set_tags()
result['changed'] = True
if rabbitmq_user.has_permissions_modifications():
rabbitmq_user.set_permissions()
result['changed'] = True
elif state == 'present':
rabbitmq_user.add()
rabbitmq_user.set_tags()
rabbitmq_user.set_permissions()
result['changed'] = True
module.exit_json(**result)
if __name__ == '__main__':
main()

36
playbooks/memcached-install.yml Normal file
View File

@ -0,0 +1,36 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Monitor memcached
hosts: memcached
gather_facts: "{{ osa_gather_facts | default(True) }}"
user: root
roles:
- role: sensu_common
tasks:
- import_tasks: common-tasks/install-plugins.yml
vars:
sensu_plugins: ['sensu-plugins-memcached']
- import_tasks: common-tasks/setup-checks.yml
vars:
sensu_checks:
- name: memcached-stats
command: "check-memcached-stats.rb -h {{ memcached_listen }} -p {{ memcached_port }}"
vars:
sensu_service: memcached
environment: "{{ deployment_environment_variables | default({}) }}"
tags:
- memcached

53
playbooks/openstack-hosts-setup.yml Normal file
View File

@ -0,0 +1,53 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Basic host setup
hosts: "{{ openstack_host_group|default('hosts') }}"
gather_facts: "{{ osa_gather_facts | default(True) }}"
user: root
roles:
- role: "sensu_client"
vars:
sensu_service: host
tasks:
- import_tasks: common-tasks/install-plugins.yml
vars:
sensu_plugins:
- sensu-plugins-chrony
- sensu-plugins-cpu-checks
- sensu-plugins-disk-checks
- sensu-plugins-entropy-checks
- sensu-plugins-load-checks
- import_tasks: common-tasks/configure-sudo.yml
vars:
sensu_command: /opt/sensu/embedded/bin/check-disk-usage.rb -x proc
- import_tasks: common-tasks/setup-checks.yml
vars:
sensu_checks:
- name: chrony
command: check-chrony.rb
- name: cpu
command: check-cpu.rb
- name: disk-usage
command: sudo check-disk-usage.rb -x proc
- name: entropy
command: check-entropy.rb
- name: load
command: check-load.rb
environment: "{{ deployment_environment_variables | default({}) }}"
tags:
- openstack-hosts

83
playbooks/rabbitmq-install.yml Normal file
View File

@ -0,0 +1,83 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Monitor rabbitmq
hosts: "{{ rabbitmq_host_group | default('rabbitmq_all') }}"
gather_facts: "{{ osa_gather_facts | default(True) }}"
user: root
roles:
- role: sensu_common
tasks:
- import_tasks: common-tasks/install-plugins.yml
vars:
sensu_plugins: ['sensu-plugins-rabbitmq']
- name: Get list of all virtual hosts
changed_when: false
shell: rabbitmqctl -s list_vhosts
register: _rabbitmqctl_vhosts
tags:
- skip_ansible_lint
# NOTE(mnaser): rabbitmq_user is currently broken when using newer
# versions of RabbitMQ. This is why it's vendored in
# these playbooks.
#
# see: https://github.com/ansible/ansible/issues/48890
- name: Create monitoring user
run_once: true
rabbitmq_user:
user: sensu
password: "{{ sensu_monitoring_rabbitmq_password }}"
tags: monitoring
permissions: "{{ _rabbitmq_permissions }}"
vars:
_rabbitmq_permissions: |-
{% set permissions = [] %}
{% for vhost in _rabbitmqctl_vhosts.stdout_lines %}
{% set _ = permissions.append({
'vhost': vhost,
'configure_priv': '.*',
'read_priv': '.*',
'write_priv': '.*'
}) %}
{% endfor %}
{{ permissions }}
- name: Create auth file
template:
src: rabbitmq.ini.j2
dest: /opt/sensu/rabbitmq.ini
- import_tasks: common-tasks/setup-checks.yml
vars:
sensu_checks:
- name: rabbitmq-alive
command: "check-rabbitmq-alive.rb -w {{ rabbitmq_management_bind_address }} -i /opt/sensu/rabbitmq.ini"
- name: rabbitmq-amqp
command: "check-rabbitmq-amqp-alive.rb -w {{ rabbitmq_management_bind_address }} -i /opt/sensu/rabbitmq.ini"
- name: rabbitmq-cluster-health
command: "check-rabbitmq-cluster-health.rb -w {{ rabbitmq_management_bind_address }} -i /opt/sensu/rabbitmq.ini"
- name: rabbitmq-messages
command: "check-rabbitmq-messages.rb --host {{ rabbitmq_management_bind_address }} -i /opt/sensu/rabbitmq.ini --warn 100 --critical 250"
- name: rabbitmq-network-partitions
command: "check-rabbitmq-network-partitions.rb --host {{ rabbitmq_management_bind_address }} -i /opt/sensu/rabbitmq.ini"
- name: rabbitmq-node-health
command: "check-rabbitmq-node-health.rb --host {{ rabbitmq_management_bind_address }} -i /opt/sensu/rabbitmq.ini"
vars:
sensu_service: rabbitmq
environment: "{{ deployment_environment_variables | default({}) }}"
tags:
- galera

20
playbooks/roles/sensu_client/defaults/main.yml Normal file
View File

@ -0,0 +1,20 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE(mnaser): These need to be defined for things this role to connect
# to your RabbitMQ properly.
# sensu_rabbitmq_host:
# sensu_rabbitmq_user:
# sensu_rabbitmq_password:

2
playbooks/roles/sensu_client/files/sudoers Normal file
View File

@ -0,0 +1,2 @@
# allow using only the binary name instead of the full path in check definitions
Defaults:sensu secure_path="/opt/sensu/embedded/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

25
playbooks/roles/sensu_client/meta/main.yml Normal file
View File

@ -0,0 +1,25 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
galaxy_info:
author: VEXXHOST, Inc.
description: Installs and configures sensu-client
license: Apache-2.0
min_ansible_version: 2.7
platforms:
- name: el7
dependencies:
- sensu_common

42
playbooks/roles/sensu_client/tasks/main.yml Normal file
View File

@ -0,0 +1,42 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install repositories
yum_repository:
name: sensu
description: sensu
baseurl: https://sensu.global.ssl.fastly.net/yum/$releasever/$basearch/
gpgkey: https://repositories.sensuapp.org/yum/pubkey.gpg
- name: Install packages
package:
name: sensu
state: installed
- name: Configure RabbitMQ
template:
src: rabbitmq.json.j2
dest: /etc/sensu/conf.d/rabbitmq.json
notify: Restart sensu-client
- name: Configure sudoers
copy:
src: sudoers
dest: /etc/sudoers.d/sensu
- name: Start service
service:
name: sensu-client
state: started

7
playbooks/roles/sensu_client/templates/rabbitmq.json.j2 Normal file
View File

@ -0,0 +1,7 @@
{
"rabbitmq": {
"host": "{{ sensu_rabbitmq_host }}",
"user": "{{ sensu_rabbitmq_user }}",
"password": "{{ sensu_rabbitmq_password }}"
}
}

19
playbooks/roles/sensu_common/handlers/main.yml Normal file
View File

@ -0,0 +1,19 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Restart sensu-client
service:
name: sensu-client
state: restarted

18
playbooks/setup-everything.yml Normal file
View File

@ -0,0 +1,18 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- import_playbook: setup-hosts.yml
- import_playbook: setup-infrastructure.yml
# - import_playbook: setup-openstack.yml

16
playbooks/setup-hosts.yml Normal file
View File

@ -0,0 +1,16 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- import_playbook: openstack-hosts-setup.yml

20
playbooks/setup-infrastructure.yml Normal file
View File

@ -0,0 +1,20 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- import_playbook: haproxy-install.yml
- import_playbook: memcached-install.yml
- import_playbook: galera-install.yml
- import_playbook: rabbitmq-install.yml
- import_playbook: ceph-install.yml

7
playbooks/templates/my.cnf.j2 Normal file
View File

@ -0,0 +1,7 @@
# {{ ansible_managed }}
[client]
host = {{ galera_wsrep_address }}
user = sensu
password = {{ sensu_galera_password }}

3
playbooks/templates/rabbitmq.ini.j2 Normal file
View File

@ -0,0 +1,3 @@
[auth]
username = sensu
password = {{ sensu_monitoring_rabbitmq_password }}

1
test-requirements.txt Normal file
View File

@ -0,0 +1 @@
ansible-lint==4.1.0

19
tox.ini Normal file
View File

@ -0,0 +1,19 @@
[tox]
minversion = 2.0
skipsdist = True
[testenv]
basepython = python3
[testenv:linters]
deps =
-r{toxinidir}/test-requirements.txt
commands =
ansible-lint playbooks/setup-everything.yml
[testenv:docs]
deps =
-r{toxinidir}/doc/requirements.txt
commands =
doc8 doc
sphinx-build -W -b html -d doc/build/doctrees doc/source doc/build/html

27
zuul.d/project.yaml Normal file
View File

@ -0,0 +1,27 @@
---
# Copyright 2019 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- project:
check:
jobs:
- opendev-tox-docs
- tox-linters
gate:
jobs:
- opendev-tox-docs
- tox-linters
promote:
jobs:
- opendev-promote-docs