Bug 1405809

Summary: [RFE] Allow setting metrics store params
Product: [oVirt] ovirt-engine Reporter: Yedidyah Bar David <didi>
Component: Backend.CoreAssignee: Yedidyah Bar David <didi>
Status: CLOSED CURRENTRELEASE QA Contact: Lukas Svaty <lsvaty>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.1.0CC: bugs, gklein, lsvaty, ylavi
Target Milestone: ovirt-4.1.0-rcKeywords: FutureFeature
Target Release: 4.1.0.3Flags: rule-engine: ovirt-4.1+
rule-engine: exception+
gklein: testing_plan_complete-
ylavi: planning_ack+
rule-engine: devel_ack+
lsvaty: testing_ack+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-27 09:36:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1402901, 1405813, 1410044    

Description Yedidyah Bar David 2016-12-18 15:21:20 UTC 
Description of problem:

Opening this bug following a discussion with ydary about bug 1371530.

Suppose that fluentd secure forward on the hosts will be configured like this:

<match **>
  @type secure_forward
  shared_key $METRICS_STORE_SECRET
  self_hostname $HOSTNAME
  secure true
  ca_cert_path $METRICS_STORE_CACERT_PATH

  <server>
    host $METRICS_STORE_HOST
    port $METRICS_STORE_PORT # default 24284
  </server>
</match>

Then we should have a few new config parameters in vdc_options, to be configured by the user using engine-config:

1. $METRICS_STORE_HOST

2. $METRICS_STORE_PORT

3. $METRICS_STORE_SECRET - needs to be stored securely, need to check how exactly

4. Whether we use engine CA for this or a 3rd party. Allow more than two values, as we might have different behavior in the future if using the internal OCP CA.

5. $METRICS_STORE_CACERT_PATH - if previous option is "engine ca", this value is not needed, and will use the engine ca. Otherwise, we will have to document how to use a 3rd party CA.

6. Turn on/off - perhaps we want the user to turn this on/off. "This" is the cron job that will configure the hosts using ansible, not actual metrics forwarding. If you want to allow on/off for metrics forwarding, that's another bug.

HOSTNAME will be set by ansible
Comment 1 Yedidyah Bar David 2017-01-16 08:38:06 UTC 
Considering that Metrics params are not really relevant for the engine, I decided to abandon the patch and revert the decision to use engine-config for them.

Current plan for the ansible stuff is to require:

1. A conf file with two params:
fluentd_fluentd_host: FQDN
fluentd_shared_key: KEY

2. A file with the ca cert to be used by the central fluentd.

Locations of these are still TBD, perhaps something like /etc/ovirt-metrics or something like that.

For current bug, the above will probably be the only thing we'll do, so it will only be a doc bug. If someone wants nicer means, such as a tool asking for above 3 items and placing them in the right place (with some simple verification/sanitization), please open another bug.
Comment 2 Yedidyah Bar David 2017-02-06 14:51:07 UTC 
For now, user will set params manually. More details in bug 1405813 comment 1.
Comment 3 Lukas Svaty 2017-03-29 14:34:12 UTC 
good enough in config, example file provided
verified with ovirt-engine-metrics-1.0.0-1.el7ev.noarch