Deploy Gnocchi
Gnocchi is used by Ceilometer to aggregate and index metric data from various OpenStack services. It consists of several components: a HTTP REST API, an optional statsd-compatible daemon, and an asynchronous processing daemon (named gnocchi-metricd).
Create Secrets
Information about the secretes used
Manual secret generation is only required if you haven't run the create-secrets.sh
script located in /opt/genestack/bin
.
Example secret generation
kubectl --namespace openstack create secret generic gnocchi-admin \
--type Opaque \
--from-literal=password="$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)"
kubectl --namespace openstack create secret generic gnocchi-db-password \
--type Opaque \
--from-literal=password="$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)"
kubectl --namespace openstack create secret generic gnocchi-pgsql-password \
--type Opaque \
--from-literal=password="$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)"
Object Storage Options
Create ceph-etc configmap
While the below example should work fine for most environments, depending
on your use case it may be necessary to provide additional client
configuration options for ceph. The below simply creates the expected
ceph-etc
ConfigMap for the ceph.conf
needed by Gnocchi to establish a
connection to the mon host(s) via the rados client.
kubectl apply -n openstack -f - <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: ceph-etc
namespace: openstack
data:
ceph.conf: |
[global]
mon_host = $(for pod in $(kubectl get pods -n rook-ceph | grep rook-ceph-mon | awk '{print $1}'); do \
echo -n "$(kubectl get pod $pod -n rook-ceph -o go-template --template='{{.status.podIP}}'):6789,"; done \
| sed 's/,$//')
EOF
Verify the ceph-etc configmap is sane
Below is an example of what you're looking for to verify the configmap was created as expected - a CSV of the mon hosts, colon seperated with default mon port, 6789.
Should yield output like:
Note
You will need the mon_host and client.admin keyring details for your external ceph cluster before proceeding.
Create ceph-etc configmap
Be sure to replace the mon_host value, REPLACE_ME
below!
kubectl apply -n openstack -f - <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: ceph-etc
namespace: openstack
data:
ceph.conf: |
[global]
cephx = true
cephx_cluster_require_signatures = true
cephx_require_signatures = false
cephx_service_require_signatures = false
debug_ms = 0/0
log_file = /dev/stdout
mon_cluster_log_file = /dev/stdout
mon_host = REPLACE_ME
[client.admin]
keyring = /etc/ceph/ceph.client.admin.keyring
EOF
Create the admin keyring secret
Be sure to replace the key value, REPLACE_ME
below!
KEYRING=$(base64 -w0 <<EOF
[client.admin]
key = REPLACE_ME
caps mds = "allow *"
caps mgr = "allow *"
caps mon = "allow *"
caps osd = "allow *"
EOF
)
kubectl get ns rook-ceph &> /dev/null || kubectl create ns rook-ceph
kubectl apply -n rook-ceph -f - <<EOF
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: rook-ceph-admin-keyring
namespace: rook-ceph
data:
keyring: ${KEYRING}
EOF
unset KEYRING
Check back later for more information.
Run the package deployment
Run the Gnocchi deployment Script bin/install-gnocchi.sh
#!/bin/bash
pushd /opt/genestack/submodules/openstack-helm-infra || exit
helm upgrade --install gnocchi ./gnocchi \
--namespace=openstack \
--timeout 10m \
-f /opt/genestack/base-helm-configs/gnocchi/gnocchi-helm-overrides.yaml \
-f /etc/genestack/helm-configs/gnocchi/gnocchi-helm-overrides.yaml \
--set conf.ceph.admin_keyring="$(kubectl get secret --namespace rook-ceph rook-ceph-admin-keyring -o jsonpath='{.data.keyring}' | base64 -d)" \
--set conf.gnocchi.keystone_authtoken.memcache_secret_key="$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" \
--set endpoints.oslo_cache.auth.memcache_secret_key="$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" \
--set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \
--set endpoints.identity.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-admin -o jsonpath='{.data.password}' | base64 -d)" \
--set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \
--set endpoints.oslo_db.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-db-password -o jsonpath='{.data.password}' | base64 -d)" \
--set endpoints.oslo_db_postgresql.auth.admin.password="$(kubectl --namespace openstack get secret postgres.postgres-cluster.credentials.postgresql.acid.zalan.do -o jsonpath='{.data.password}' | base64 -d)" \
--set endpoints.oslo_db_postgresql.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-pgsql-password -o jsonpath='{.data.password}' | base64 -d)" \
--post-renderer /etc/genestack/kustomize/kustomize.sh \
--post-renderer-args gnocchi/overlay "$@"
popd || exit
Tip
You may need to provide custom values to configure your openstack services, for a simple single region or lab deployment you can supply an additional overrides flag using the example found at base-helm-configs/aio-example-openstack-overrides.yaml
.
In other cases such as a multi-region deployment you may want to view the Multi-Region Support guide to for a workflow solution.
Validate the metric endpoint
Pip install gnocchiclient and python-ceilometerclient
kubectl exec -it openstack-admin-client -n openstack -- /var/lib/openstack/bin/pip install python-ceilometerclient gnocchiclient
Confirm healthcheck response
HTTP/1.1 200 OK
Date: Fri, 09 Aug 2024 20:33:24 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 0
Vary: Accept-Encoding
Content-Type: text/plain; charset=UTF-8