Skip to content

Commit 6696b6c

Browse files
German EichbergerGerman Eichberger
German Eichberger
authored and
German Eichberger
committed
K8S-381 Connect all LXC services (UI/ETS/etc) to RPC-O MaaS
Adds process checks and (local) api checks. Note: Since most of the services except ui should not be widely exposed I am not adding checks for reaching them from the Interweb.
1 parent 367cf23 commit 6696b6c

15 files changed

+560
-3
lines changed
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,115 @@
1+
#!/usr/bin/env python
2+
3+
# Copyright 2017, Rackspace US, Inc.
4+
#
5+
# Licensed under the Apache License, Version 2.0 (the "License");
6+
# you may not use this file except in compliance with the License.
7+
# You may obtain a copy of the License at
8+
#
9+
# http://www.apache.org/licenses/LICENSE-2.0
10+
#
11+
# Unless required by applicable law or agreed to in writing, software
12+
# distributed under the License is distributed on an "AS IS" BASIS,
13+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+
# See the License for the specific language governing permissions and
15+
# limitations under the License.
16+
17+
import argparse
18+
import datetime
19+
20+
import ipaddr
21+
from maas_common import get_auth_ref
22+
from maas_common import metric
23+
from maas_common import metric_bool
24+
from maas_common import print_output
25+
from maas_common import status_err
26+
from maas_common import status_ok
27+
import requests
28+
29+
30+
def check(auth_ref, args):
31+
if args.path:
32+
path = '/{path}'.format(path=args.path)
33+
else:
34+
path = ''
35+
endpoint = '{protocol}://{ip}:{port}/{path}'.format(
36+
ip=args.ip,
37+
protocol=args.protocol,
38+
port=args.port,
39+
path=path
40+
)
41+
42+
service_name = 'maas_mk8s_{service}'.format(service=args.service)
43+
44+
try:
45+
if args.protocol.upper() == 'HTTPS':
46+
if args.certificate:
47+
verify = args.certificate
48+
else:
49+
verify = False
50+
else:
51+
verify = None
52+
53+
# time something arbitrary
54+
start = datetime.datetime.now()
55+
r = requests.head(endpoint, verify=verify)
56+
end = datetime.datetime.now()
57+
api_is_up = (r.status_code == 200)
58+
except (requests.HTTPError, requests.Timeout, requests.ConnectionError):
59+
api_is_up = False
60+
metric_bool('client_success', False, m_name=service_name)
61+
# Any other exception presumably isn't an API error
62+
except Exception as e:
63+
metric_bool('client_success', False, m_name=service_name)
64+
status_err(str(e), m_name=service_name)
65+
else:
66+
metric_bool('client_success', True, m_name=service_name)
67+
dt = (end - start)
68+
milliseconds = (dt.microseconds + dt.seconds * 10 ** 6) / 10 ** 3
69+
70+
status_ok(m_name=service_name)
71+
metric_bool('mk8s_{service}_local_status'.format(service=args.service),
72+
api_is_up, m_name=service_name)
73+
if api_is_up:
74+
# only want to send other metrics if api is up
75+
metric('mk8s_{service}_local_response_time'.format(
76+
service=args.service),
77+
'double', '%.3f' % milliseconds, 'ms')
78+
79+
80+
def main(args):
81+
auth_ref = get_auth_ref()
82+
check(auth_ref, args)
83+
84+
85+
if __name__ == "__main__":
86+
parser = argparse.ArgumentParser(
87+
description='Check Managed K8S service against local or'
88+
'remote address')
89+
parser.add_argument('ip', nargs='?', type=ipaddr.IPv4Address,
90+
help="Check Check Managed K8S service against "
91+
" local or remote address")
92+
parser.add_argument('--telegraf-output',
93+
action='store_true',
94+
default=False,
95+
help='Set the output format to telegraf')
96+
parser.add_argument('--port',
97+
default='8889',
98+
help='Port for the managed k8s service')
99+
parser.add_argument('--protocol',
100+
default='https',
101+
help='Protocol used to contact the managed'
102+
'k8s service')
103+
parser.add_argument('--certificate',
104+
default=None,
105+
help='Path to SSL certificate for managed'
106+
'k8s service')
107+
parser.add_argument('--service',
108+
default=None,
109+
help='Name of the k8s service')
110+
parser.add_argument('--path',
111+
default=None,
112+
help='Path after the endpoint')
113+
args = parser.parse_args()
114+
with print_output(print_telegraf=args.telegraf_output):
115+
main(args)

playbooks/maas-managed-k8.yml

+138-2
Original file line numberDiff line numberDiff line change
@@ -129,10 +129,10 @@
129129
when:
130130
- k8_config is defined
131131

132-
- name: Install local checks
132+
- name: Install k8sapi local checks
133133
template:
134134
src: "templates/rax-maas/managed_k8_api_local_check.yaml.j2"
135-
dest: "/etc/rackspace-monitoring-agent.conf.d/managed_k8_api_local_check-{{ item.clusters[0].name }}.yaml"
135+
dest: "/etc/rackspace-monitoring-agent.conf.d/managed_k8_api_local_check-{{ inventory_hostname }}-{{ item.clusters[0].name }}.yaml"
136136
owner: "root"
137137
group: "root"
138138
mode: "0644"
@@ -141,9 +141,145 @@
141141
- "{{ k8_config }}"
142142
when:
143143
- k8_config is defined
144+
vars_files:
145+
- vars/main.yml
146+
- vars/maas-managed-k8.yml
147+
tags:
148+
- maas-managed-k8
149+
150+
- name: Install checks for mk8s ui
151+
hosts: "{{ mk8s_ui_hosts | default('mk8s_ui_all') }}"
152+
gather_facts: false
153+
tasks:
154+
- name: Install mk8s ui process check
155+
template:
156+
src: "templates/rax-maas/mk8s_ui_process_check.yaml.j2"
157+
dest: "/etc/rackspace-monitoring-agent.conf.d/mk8s_ui_process_check--{{ inventory_hostname }}.yaml"
158+
owner: "root"
159+
group: "root"
160+
mode: "0644"
161+
delegate_to: "{{ physical_host | default(ansible_host) }}"
162+
163+
- name: Install mk8s ui local checks
164+
template:
165+
src: "templates/rax-maas/managed_k8s_ui_local_check.yaml.j2"
166+
dest: "/etc/rackspace-monitoring-agent.conf.d/managed_k8s_ui_local_check-{{ inventory_hostname }}.yaml"
167+
owner: "root"
168+
group: "root"
169+
mode: "0644"
170+
delegate_to: "{{ physical_host | default(ansible_host) }}"
171+
172+
- name: Install mk8s ui lb checks
173+
template:
174+
src: "templates/rax-maas/lb_ui_check_k8s.yaml.j2"
175+
dest: "/etc/rackspace-monitoring-agent.conf.d/lb_ui_check_k8s.yaml"
176+
owner: "root"
177+
group: "root"
178+
mode: "0644"
179+
delegate_to: "{{ physical_host | default(ansible_host) }}"
180+
when:
181+
- maas_remote_check | bool
182+
- not maas_private_monitoring_enabled
144183

184+
- name: Install mk8s ui private lb checks
185+
template:
186+
src: "templates/rax-maas/private_lb_ui_check_mk8s.yaml.j2"
187+
dest: "/etc/rackspace-monitoring-agent.conf.d/private_lb_ui_check_mk8s.yaml"
188+
owner: "root"
189+
group: "root"
190+
mode: "0644"
191+
delegate_to: "{{ physical_host | default(ansible_host) }}"
192+
when:
193+
- maas_private_monitoring_enabled
194+
- maas_private_monitoring_zone is defined
145195
vars_files:
146196
- vars/main.yml
147197
- vars/maas-managed-k8.yml
148198
tags:
149199
- maas-managed-k8
200+
201+
- name: Install checks for mk8s etp
202+
hosts: "{{ mk8s_etp_hosts | default('mk8s_etp_all') }}"
203+
gather_facts: false
204+
tasks:
205+
- name: Install mk8s etp process check
206+
template:
207+
src: "templates/rax-maas/mk8s_etp_process_check.yaml.j2"
208+
dest: "/etc/rackspace-monitoring-agent.conf.d/mk8s_etp_process_check--{{ inventory_hostname }}.yaml"
209+
owner: "root"
210+
group: "root"
211+
mode: "0644"
212+
delegate_to: "{{ physical_host | default(ansible_host) }}"
213+
214+
- name: Install mk8s etp local checks
215+
template:
216+
src: "templates/rax-maas/managed_k8s_etp_local_check.yaml.j2"
217+
dest: "/etc/rackspace-monitoring-agent.conf.d/managed_k8s_etp_local_check-{{ inventory_hostname }}.yaml"
218+
owner: "root"
219+
group: "root"
220+
mode: "0644"
221+
delegate_to: "{{ physical_host | default(ansible_host) }}"
222+
# Ideally ETP should not be accessible from the outside so skip those checks
223+
vars_files:
224+
- vars/main.yml
225+
- vars/maas-managed-k8.yml
226+
tags:
227+
- maas-managed-k8
228+
229+
- name: Install checks for mk8s etg
230+
hosts: "mk8s_etg_all"
231+
gather_facts: false
232+
tasks:
233+
- name: Install mk8s etg process check
234+
template:
235+
src: "templates/rax-maas/mk8s_etg_process_check.yaml.j2"
236+
dest: "/etc/rackspace-monitoring-agent.conf.d/mk8s_etg_process_check--{{ inventory_hostname }}.yaml"
237+
owner: "root"
238+
group: "root"
239+
mode: "0644"
240+
delegate_to: "{{ physical_host | default(ansible_host) }}"
241+
242+
- name: Install mk8s etg local checks
243+
template:
244+
src: "templates/rax-maas/managed_k8s_etg_local_check.yaml.j2"
245+
dest: "/etc/rackspace-monitoring-agent.conf.d/managed_k8s_etg_local_check-{{ inventory_hostname }}.yaml"
246+
owner: "root"
247+
group: "root"
248+
mode: "0644"
249+
delegate_to: "{{ physical_host | default(ansible_host) }}"
250+
# Ideally etg should not be accessible from the outside so skip those checks
251+
vars_files:
252+
- vars/main.yml
253+
- vars/maas-managed-k8.yml
254+
tags:
255+
- maas-managed-k8
256+
257+
- name: Install checks for mk8s auth
258+
hosts: "{{ mk8s_auth_hosts | default('mk8s_auth_all') }}"
259+
gather_facts: false
260+
tasks:
261+
- name: Install mk8s auth process check
262+
template:
263+
src: "templates/rax-maas/mk8s_auth_process_check.yaml.j2"
264+
dest: "/etc/rackspace-monitoring-agent.conf.d/mk8s_auth_process_check--{{ inventory_hostname }}.yaml"
265+
owner: "root"
266+
group: "root"
267+
mode: "0644"
268+
delegate_to: "{{ physical_host | default(ansible_host) }}"
269+
270+
- name: Install mk8s auth local checks
271+
template:
272+
src: "templates/rax-maas/managed_k8s_auth_local_check.yaml.j2"
273+
dest: "/etc/rackspace-monitoring-agent.conf.d/managed_k8s_auth_local_check-{{ inventory_hostname }}.yaml"
274+
owner: "root"
275+
group: "root"
276+
mode: "0644"
277+
delegate_to: "{{ physical_host | default(ansible_host) }}"
278+
# Ideally auth should not be accessible from the outside so skip those checks
279+
vars_files:
280+
- vars/main.yml
281+
- vars/maas-managed-k8.yml
282+
tags:
283+
- maas-managed-k8
284+
285+
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{% from "templates/common/macros.jinja" import get_metadata with context %}
2+
{% set label = "lb_ui_check_k8s" %}
3+
{% set check_name = label+'--'+maas_lb_name %}
4+
type : remote.http
5+
label : "{{ check_name }}"
6+
period : "{{ maas_check_period_override[label] | default(maas_check_period) }}"
7+
timeout : "{{ maas_check_timeout_override[label] | default(maas_check_timeout) }}"
8+
disabled : "{{ (inventory_hostname != groups['mk8s_ui_all'][0] or check_name | match(maas_excluded_checks_regex)) | ternary('true', 'false') }}"
9+
target_resolver : "IPv4"
10+
target_hostname : "{{ maas_external_ip_address }}"
11+
details :
12+
url : "{{ maas_k8s_ui_scheme | default(maas_scheme)}}://{{ maas_external_hostname }}:{{ mk8s_ui_port_lb }}"
13+
method : "HEAD"
14+
monitoring_zones_poll:
15+
{% for zone in maas_monitoring_zones %}
16+
- {{ zone }}
17+
{% endfor %}
18+
{{ get_metadata(label).strip() }}
19+
{# Add extra metadata options with two leading white spaces #}
20+
alarms :
21+
lb_api_alarm_mk8s_ui :
22+
label : lb_api_alarm_mk8s_ui
23+
notification_plan_id: "{{ maas_notification_plan_override[label] | default(maas_notification_plan) }}"
24+
disabled : {{ ('lb_api_alarm_mk8s_ui' | match(maas_excluded_alarms_regex)) | ternary('true', 'false') }}
25+
criteria : |
26+
:set consecutiveCount={{ maas_alarm_local_consecutive_count }}
27+
if (metric['code'] != '200') {
28+
return new AlarmStatus(CRITICAL, 'UI unavailable.');
29+
}
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
{% from "templates/common/macros.jinja" import get_metadata with context %}
2+
{% set label = "mk8s_auth_local_check" %}
3+
{% set check_name = label+'--'+inventory_hostname %}
4+
type : agent.plugin
5+
label : "{{ check_name }}"
6+
period : "{{ maas_check_period_override[label] | default(maas_check_period) }}"
7+
timeout : "{{ maas_check_timeout_override[label] | default(maas_check_timeout) }}"
8+
disabled : "{{ (check_name | match(maas_excluded_checks_regex)) | ternary('true', 'false') }}"
9+
details :
10+
file : run_plugin_in_venv.sh
11+
args : ["{{ maas_plugin_dir }}/managed_k8s_service_local_check.py", "{{ ansible_host }}", "--port", "{{ mk8s_auth_port }}", "--protocol", "{{ mk8s_auth_protocol }}", "--service auth", "--path healthcheck"]
12+
timeout : {{ (maas_check_timeout_override[label] | default(maas_check_timeout) * 1000) }}
13+
{{ get_metadata(label).strip() }}
14+
{# Add extra metadata options with two leading white spaces #}
15+
alarms :
16+
mk8s_auth_local_status :
17+
label : mk8s_auth_local_status-{{ inventory_hostname }}
18+
notification_plan_id : "{{ maas_notification_plan_override[label] | default(maas_notification_plan) }}"
19+
disabled : {{ (('mk8s_auth_local_status-'+inventory_hostname) | match(maas_excluded_alarms_regex)) | ternary('true', 'false') }}
20+
criteria : |
21+
:set consecutiveCount={{ maas_alarm_local_consecutive_count }}
22+
if (metric["mk8s_auth_local_status"] != 1) {
23+
return new AlarmStatus(CRITICAL, "Managed K8S auth unavailable");
24+
}
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
{% from "templates/common/macros.jinja" import get_metadata with context %}
2+
{% set label = "managed_k8s_etg_local_check" %}
3+
{% set check_name = label+'--'+inventory_hostname %}
4+
type : agent.plugin
5+
label : "{{ check_name }}"
6+
period : "{{ maas_check_period_override[label] | default(maas_check_period) }}"
7+
timeout : "{{ maas_check_timeout_override[label] | default(maas_check_timeout) }}"
8+
disabled : "{{ (check_name | match(maas_excluded_checks_regex)) | ternary('true', 'false') }}"
9+
details :
10+
file : run_plugin_in_venv.sh
11+
args : ["{{ maas_plugin_dir }}/managed_k8s_service_local_check.py", "{{ ansible_host }}", "--port", "{{ mk8s_etg_port }}", "--protocol", "{{ mk8s_etg_protocol }}", "--service etg", "--path healthcheck"]
12+
timeout : {{ (maas_check_timeout_override[label] | default(maas_check_timeout) * 1000) }}
13+
{{ get_metadata(label).strip() }}
14+
{# Add extra metadata options with two leading white spaces #}
15+
alarms :
16+
managed_k8s_etg_local_status :
17+
label : managed_k8s_etg_local_status--{{ inventory_hostname }}
18+
notification_plan_id : "{{ maas_notification_plan_override[label] | default(maas_notification_plan) }}"
19+
disabled : {{ (('managed_k8s_etg_local_status--'+inventory_hostname) | match(maas_excluded_alarms_regex)) | ternary('true', 'false') }}
20+
criteria : |
21+
:set consecutiveCount={{ maas_alarm_local_consecutive_count }}
22+
if (metric["managed_k8s_etg_local_status"] != 1) {
23+
return new AlarmStatus(CRITICAL, "Managed K8S etg unavailable");
24+
}
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
{% from "templates/common/macros.jinja" import get_metadata with context %}
2+
{% set label = "managed_k8s_etp_local_check" %}
3+
{% set check_name = label+'--'+inventory_hostname %}
4+
type : agent.plugin
5+
label : "{{ check_name }}"
6+
period : "{{ maas_check_period_override[label] | default(maas_check_period) }}"
7+
timeout : "{{ maas_check_timeout_override[label] | default(maas_check_timeout) }}"
8+
disabled : "{{ (check_name | match(maas_excluded_checks_regex)) | ternary('true', 'false') }}"
9+
details :
10+
file : run_plugin_in_venv.sh
11+
args : ["{{ maas_plugin_dir }}/managed_k8s_service_local_check.py", "{{ ansible_host }}", "--port", "{{ mk8s_etp_port }}", "--protocol", "{{ mk8s_etp_protocol }}", "--service etp", "--path healthcheck"]
12+
timeout : {{ (maas_check_timeout_override[label] | default(maas_check_timeout) * 1000) }}
13+
{{ get_metadata(label).strip() }}
14+
{# Add extra metadata options with two leading white spaces #}
15+
alarms :
16+
managed_k8s_etp_local_status :
17+
label : managed_k8s_etp_local_status--{{ inventory_hostname }}
18+
notification_plan_id : "{{ maas_notification_plan_override[label] | default(maas_notification_plan) }}"
19+
disabled : {{ (('managed_k8s_etp_local_status--'+inventory_hostname) | match(maas_excluded_alarms_regex)) | ternary('true', 'false') }}
20+
criteria : |
21+
:set consecutiveCount={{ maas_alarm_local_consecutive_count }}
22+
if (metric["managed_k8s_etp_local_status"] != 1) {
23+
return new AlarmStatus(CRITICAL, "Managed K8S ETP unavailable");
24+
}

0 commit comments

Comments
 (0)