Skip to content

Deploy Gnocchi

Gnocchi is used by Ceilometer to aggregate and index metric data from various OpenStack services. It consists of several components: a HTTP REST API, an optional statsd-compatible daemon, and an asynchronous processing daemon (named gnocchi-metricd).

Gnocchi Architecture

Create Secrets

Information about the secretes used

Manual secret generation is only required if you haven't run the create-secrets.sh script located in /opt/genestack/bin.

Example secret generation
kubectl --namespace openstack create secret generic gnocchi-admin \
        --type Opaque \
        --from-literal=password="$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)"
kubectl --namespace openstack create secret generic gnocchi-db-password \
        --type Opaque \
        --from-literal=password="$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)"
kubectl --namespace openstack create secret generic gnocchi-pgsql-password \
        --type Opaque \
        --from-literal=password="$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)"

Object Storage Options

Create ceph-etc configmap

While the below example should work fine for most environments, depending on your use case it may be necessary to provide additional client configuration options for ceph. The below simply creates the expected ceph-etc ConfigMap for the ceph.conf needed by Gnocchi to establish a connection to the mon host(s) via the rados client.

kubectl apply -n openstack -f - <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
  name: ceph-etc
  namespace: openstack
data:
  ceph.conf: |
    [global]
    mon_host = $(for pod in $(kubectl get pods -n rook-ceph | grep rook-ceph-mon | awk '{print $1}'); do \
        echo -n "$(kubectl get pod $pod -n rook-ceph -o go-template --template='{{.status.podIP}}'):6789,"; done \
        | sed 's/,$//')
EOF

Verify the ceph-etc configmap is sane

Below is an example of what you're looking for to verify the configmap was created as expected - a CSV of the mon hosts, colon seperated with default mon port, 6789.

kubectl get configmap -n openstack ceph-etc -o "jsonpath={.data['ceph\.conf']}"

Should yield output like:

[global]
    mon_host = 172.31.3.7:6789,172.31.1.112:6789,172.31.0.46:6789

Note

You will need the mon_host and client.admin keyring details for your external ceph cluster before proceeding.

Create ceph-etc configmap

Be sure to replace the mon_host value, REPLACE_ME below!

kubectl apply -n openstack -f - <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
  name: ceph-etc
  namespace: openstack
data:
  ceph.conf: |
    [global]
    cephx = true
    cephx_cluster_require_signatures = true
    cephx_require_signatures = false
    cephx_service_require_signatures = false
    debug_ms = 0/0
    log_file = /dev/stdout
    mon_cluster_log_file = /dev/stdout
    mon_host = REPLACE_ME

    [client.admin]
    keyring = /etc/ceph/ceph.client.admin.keyring
EOF

Create the admin keyring secret

Be sure to replace the key value, REPLACE_ME below!

KEYRING=$(base64 -w0 <<EOF

[client.admin]
    key = REPLACE_ME
    caps mds = "allow *"
    caps mgr = "allow *"
    caps mon = "allow *"
    caps osd = "allow *"
EOF
)
kubectl get ns rook-ceph &> /dev/null || kubectl create ns rook-ceph
kubectl apply -n rook-ceph -f - <<EOF
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: rook-ceph-admin-keyring
  namespace: rook-ceph
data:
  keyring: ${KEYRING}
EOF
unset KEYRING

Check back later for more information.

Run the package deployment

Run the Gnocchi deployment Script bin/install-gnocchi.sh

#!/bin/bash
pushd /opt/genestack/submodules/openstack-helm-infra || exit
    helm upgrade --install gnocchi ./gnocchi \
        --namespace=openstack \
        --timeout 10m \
        -f /opt/genestack/base-helm-configs/gnocchi/gnocchi-helm-overrides.yaml \
        -f /etc/genestack/helm-configs/gnocchi/gnocchi-helm-overrides.yaml \
        --set conf.ceph.admin_keyring="$(kubectl get secret --namespace rook-ceph rook-ceph-admin-keyring -o jsonpath='{.data.keyring}' | base64 -d)" \
        --set conf.gnocchi.keystone_authtoken.memcache_secret_key="$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" \
        --set endpoints.oslo_cache.auth.memcache_secret_key="$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" \
        --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \
        --set endpoints.identity.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-admin -o jsonpath='{.data.password}' | base64 -d)" \
        --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \
        --set endpoints.oslo_db.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-db-password -o jsonpath='{.data.password}' | base64 -d)" \
        --set endpoints.oslo_db_postgresql.auth.admin.password="$(kubectl --namespace openstack get secret postgres.postgres-cluster.credentials.postgresql.acid.zalan.do -o jsonpath='{.data.password}' | base64 -d)" \
        --set endpoints.oslo_db_postgresql.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-pgsql-password -o jsonpath='{.data.password}' | base64 -d)" \
        --post-renderer /etc/genestack/kustomize/kustomize.sh \
        --post-renderer-args gnocchi/overlay "$@"
popd || exit

Tip

You may need to provide custom values to configure your openstack services, for a simple single region or lab deployment you can supply an additional overrides flag using the example found at base-helm-configs/aio-example-openstack-overrides.yaml. In other cases such as a multi-region deployment you may want to view the Multi-Region Support guide to for a workflow solution.

Validate the metric endpoint

Pip install gnocchiclient and python-ceilometerclient

kubectl exec -it openstack-admin-client -n openstack -- /var/lib/openstack/bin/pip install python-ceilometerclient gnocchiclient

Confirm healthcheck response

curl http://gnocchi-api.openstack.svc.cluster.local:8041/healthcheck -D -
HTTP/1.1 200 OK
Date: Fri, 09 Aug 2024 20:33:24 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 0
Vary: Accept-Encoding
Content-Type: text/plain; charset=UTF-8

Verify metric list functionality

kubectl exec -it openstack-admin-client -n openstack -- openstack metric list --debug
RESP BODY: []