This module installs and makes basic configs for graphite, with carbon and whisper.
Graphite, and its components Carbon and Whisper, is an enterprise-scale monitoring tool. This module sets up a simple graphite server with all its components. Furthermore it can be used to set up more complex graphite environments with metric aggregation, clustering and so on.
What graphite affects:
- packages/services/configuration files for Graphite
- on default sets up webserver (can be disabled if manage by other module)
To install Graphite with default parameters
class { 'graphite': }
The defaults are determined by your operating system e.g. Debian systems have one set of defaults, and RedHat systems have another). This defaults should work well on testing environments with graphite as a standalone service on the machine. For production use it is recommend to use a database like MySQL and cache data in memcached (not installed with this module) and configure it here. Furthermore you should check things like gr_storage_schemas
.
class { 'graphite':
gr_max_updates_per_second => 100,
gr_timezone => 'Europe/Berlin',
secret_key => 'CHANGE_IT!',
gr_storage_schemas => [
{
name => 'carbon',
pattern => '^carbon\.',
retentions => '1m:90d'
},
{
name => 'special_server',
pattern => '^longtermserver_',
retentions => '10s:7d,1m:365d,10m:5y'
},
{
name => 'default',
pattern => '.*',
retentions => '60:43200,900:350400'
}
],
gr_django_db_engine => 'django.db.backends.mysql',
gr_django_db_name => 'graphite',
gr_django_db_user => 'graphite',
gr_django_db_password => 'MYsEcReT!',
gr_django_db_host => 'mysql.my.domain',
gr_django_db_port => '3306',
gr_memcache_hosts => ['127.0.0.1:11211']
}
This setup will use the puppetlabs-apache and bfraser-grafana modules to setup a graphite system with grafana frontend. You will also need an elasticsearch as it is required for grafana.
include '::apache'
apache::vhost { 'graphite.my.domain':
port => '80',
docroot => '/opt/graphite/webapp',
wsgi_application_group => '%{GLOBAL}',
wsgi_daemon_process => 'graphite',
wsgi_daemon_process_options => {
processes => '5',
threads => '5',
display-name => '%{GROUP}',
inactivity-timeout => '120',
},
wsgi_import_script => '/opt/graphite/conf/graphite_wsgi.py',
wsgi_import_script_options => {
process-group => 'graphite',
application-group => '%{GLOBAL}'
},
wsgi_process_group => 'graphite',
wsgi_script_aliases => {
'/' => '/opt/graphite/conf/graphite_wsgi.py'
},
headers => [
'set Access-Control-Allow-Origin "*"',
'set Access-Control-Allow-Methods "GET, OPTIONS, POST"',
'set Access-Control-Allow-Headers "origin, authorization, accept"',
],
directories => [{
path => '/media/',
order => 'deny,allow',
allow => 'from all'}
]
}->
class { 'graphite':
gr_web_server => 'none',
gr_disable_webapp_cache => true,
}
class {'grafana':
# see manual of this module
}
If you use a system which ships Apache 2.4, then you will need a slightly different vhost config. Here is an example with Apache 2.4 and CORS enabled. If you do not know what CORS, then do not use it. Its disabled by default. You will need CORS for Webguis like Grafana.
class { 'graphite':
gr_apache_24 => true,
gr_web_cors_allow_from_all => true,
secret_key => 'CHANGE_IT!'
}
If additional LDAP parameters are needed for your Graphite installation, you can specify them using the gr_ldap_options
parameter. For example, this is useful if you're using SSL and need to configure LDAP to use your SSL cert and key files.
This Puppet configuration...
class { 'graphite':
gr_ldap_options => {
'ldap.OPT_X_TLS_REQUIRE_CERT' => 'ldap.OPT_X_TLS_ALLOW',
'ldap.OPT_X_TLS_CACERTDIR' => '"/etc/ssl/ca"',
'ldap.OPT_X_TLS_CERTFILE' => '"/etc/ssl/mycert.crt"',
'ldap.OPT_X_TLS_KEYFILE' => '"/etc/ssl/mykey.pem"',
},
}
... adds these lines to the local_settings.py configuration file for Graphite web.
import ldap
ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, "/etc/ssl/ca")
ldap.set_option(ldap.OPT_X_TLS_CERTFILE, "/etc/ssl/mycert.crt")
ldap.set_option(ldap.OPT_X_TLS_KEYFILE, "/etc/ssl/mykey.pem")
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
See http://www.python-ldap.org/ for more details about these options.
You could create more than one instance for cache, relay or aggregator using the gr_cache_instances
,
gr_relay_instances
and gr_aggregator_instances
parameters. These paremeters must be hashes, and the keys are the name of the instances (cache:b, cache:c, relay:b, relay:c, etc.). Every hash must have an array of parameters which will be written as is in the config file. The defaults settings for the additional instances will be the
ones set for the principal instance.
class {'graphite':
gr_line_receiver_port => 2003,
gr_pickle_receiver_port => 2004,
gr_cache_query_port => 7002,
gr_cache_instances => {
'cache:b' => {
'LINE_RECEIVER_PORT' => 2103,
'PICKLE_RECEIVER_PORT' => 2104,
'CACHE_QUERY_PORT' => 7102,
},
'cache:c' => {
'LINE_RECEIVER_PORT' => 2203,
'PICKLE_RECEIVER_PORT' => 2204,
'CACHE_QUERY_PORT' => 7202,
}
}
}
So in this case you would have 3 cache instances, the first one is cache
(you can refer to it as cache:a
too), cache:b
and cache:c
. cache:a will listen on ports 2003, 2004 and 7002 for line, pickle and query respectively. But, cache:b will do it on ports 2103, 2104, and 7102, and cache:c on 2203, 2204 and 7202. All other parameters from cache:a will be inherited by cache:b and c.
Taged metrics are available in Graphite/Carbon 1.1.1 and later. To use tags Carbon has to add tags to a TagDB (see https://graphite.readthedocs.io/en/latest/tags.html) for details. To enable this feature in Carbon set the parameter gr_tags_enable
to true
. This will configure Carbon to pass tags to Graphite-web listening on 127.0.0.1
and port gr_web_server_port
. Redis and HTTP(S) Tag DBs are not yet supported.
To use tags at least version 1.1.1 of Graphite-Web/Carbopn/Whisper as well as compatible versions of Django, Django Tagging and Twisted have to be installed.
class { 'graphite':
gr_tags_enable => true,
#
# Needed to install / upgrade to Graphite 1.1
#
gr_graphite_ver => '1.1.7',
gr_carbon_ver => '1.1.7',
gr_whisper_ver => '1.1.7',
gr_django_ver => '1.11',
gr_django_tagging_ver => '0.4.6',
gr_twisted_ver => '20.3.0',
gr_django_init_command => 'PYTHONPATH=/opt/graphite/webapp /usr/local/bin/django-admin.py migrate --setting=graphite.settings --fake-initial',
gr_django_init_provider => 'shell',
}
If you need to install via something other than pip, an internal apt repo with fpm converted packages for instance, you can set gr_pip_install
to false.
If you're doing this you'll most likely have to override the default package names and versions as well.
class { '::graphite':
gr_pip_install => false,
gr_django_tagging_pkg => 'python-django-tagging',
gr_django_tagging_ver => 'present',
gr_twisted_pkg => 'python-twisted',
gr_twisted_ver => 'present',
gr_txamqp_pkg => 'python-txamqp',
gr_txamqp_ver => 'present',
gr_graphite_pkg => 'python-graphite-web',
gr_graphite_ver => 'present',
gr_carbon_pkg => 'python-carbon',
gr_carbon_ver => 'present',
gr_whisper_pkg => 'python-whisper',
gr_whisper_ver => 'present',
}
Additionally, the Django package is normally installed from a system package, but can be changed to install from pip instead.
class { '::graphite':
gr_django_pkg => 'django',
gr_django_ver => '1.5',
gr_django_provider => 'pip',
}
If gr_pip_install is set to true, both python-pip and Python development packages will need to be installed. If you want to manage those packages separately, set gr_manage_python_packages to false.
class { '::graphite': gr_pip_install => true, gr_manage_python_packages => false, }
You can also chose to install the pip packages from a source other than PyPI, such as a file on disk or an HTTP server. If you do this you will also have to set the package versions to 'present'
to avoid errors from Puppet:
class { '::graphite':
gr_django_tagging_ver => 'present',
gr_django_tagging_source => 'http://example.com/django-tagging-0.3.1.tar.gz',
gr_twisted_ver => 'present',
gr_twisted_source => 'http://example.com/Twisted-11.1.0.tar.bz2',
gr_txamqp_ver => 'present',
gr_txamqp_source => 'http://example.com/txAMQP-0.4.tar.gz',
gr_graphite_ver => 'present',
gr_graphite_source => 'http://example.com/graphite-web-0.9.15.tar.gz',
gr_carbon_ver => 'present',
gr_carbon_source => 'http://example.com/carbon-0.9.15.tar.gz',
gr_whisper_ver => 'present',
gr_whisper_source => 'http://example.com/whisper-0.9.15.tar.gz',
}
You can also specify an alternate source for all packages (and their dependencies) by passing options to pip install
using gr_pip_install_options
:
class { '::graphite':
gr_pip_install_options => [
'--no-index',
'--find-links', 'https://example.com/pip_packages/',
],
}
For more details on how these options work, see the documentation for pip install
.
This is the primary class. And the only one which should be used.
Parameters within graphite
:
Default is empty. The group of the user (see gr_user) who runs graphite.
Default is empty. The user who runs graphite. If this is empty carbon runs as the user that invokes it.
Default is true. Enable carbon cache.
Default is 'inf'. Limits the size of the cache to avoid swapping or becoming CPU bound. Use the value "inf" (infinity) for an unlimited cache size.
Default is 500. Limits the number of whisper update_many() calls per second, which effectively means the number of write requests sent to the disk.
Default is 'undef' (no limit change on shutdown). Change the limits of gr_max_updates_per_second in case of an stop/shutdown event to speed up/slow down the shutdown process.
Default is 50. Softly limits the number of whisper files that get created each minute.
The prefix to be applied to internal performance metrics. Defaults to 'carbon'.
Default is 60. Set the interval between sending internal performance metrics; affects all carbon daemons.
Default is undef. Set the maximum number of file descriptors for carbon-relay process.
Default is '0.0.0.0' (string). Interface the line receiver listens.
Default is 2003. Port of line receiver.
Default is 'False' (string). Set this to True to enable the UDP listener.
Default is '0.0.0.0' (string). Its clear, isnt it?
Default is 2003. Self explaining.
Default is '0.0.0.0' (string). Pickle is a special receiver who handle tuples of data.
Default is 2004. Self explaining
Default is 'True' (string). Logs successful connections
Default is 'False' (string). Set this to 'True' to revert to the old-fashioned insecure unpickler.
Default is 'False' (string). Set this to 'True' to enable whitelists and blacklists.
List of patterns to be included in whitelist.conf. Default is [ '.*' ].
List of patterns to be included in blacklist.conf. Default is [ ].
Default is '0.0.0.0'. Interface to send cache queries to.
Default is 7002. Self explaining.
Default is 'GMT' (string). Timezone for graphite to be used.
Default is '/opt/graphite'. Set base install location of Graphite. This forms the base location for installs, predominantly appropriate for pip installations. When not installing using pip a typical location for this may be '/opt/carbon'.
Boolean, default to false . Useful if the base install location of Graphite is managed by other Puppet resource (like a mountpoint for example)
Default is '${gr_base_dir}/storage'. Set location of base storage files. When not installing using pip a typical location for this may be '/opt/carbon'. This dir is also used as pid dir on RedHat.
Default is '${gr_storage_dir}/whisper'. Set location of whisper files.
Default is '${gr_storage_dir}/rrd'. Set location of rrd data files.
Default is '${gr_storage_dir}/rrd'. Set location of whitelist configuration files.
Default is '${gr_base_dir}/conf'. Set location of Carbon's configuration files. Most relevant when not using pip for installation. A typical location for this may be '/etc/carbon'.
Default is '${gr_storage_dir}/log/carbon-cache'. Set location of carbon cache log files.
Default is 'True'. Enable daily log rotation.
Default is '${gr_storage_dir}/log'. Set location of graphite web log files.
Default is '${gr_base_dir}/conf'. Set location of graphite web configuration.
Default is '${gr_base_dir}/webapp'. Set location of graphite web's webapp files.
Default is '/var/lib/graphite-web'. Set location of graphite web's storage, used for graphite.db file.
Default is '${gr_graphiteweb_webapp_dir}/graphite'. Set location of libraries directory for graphite web.
Default is
[
{
name => 'carbon',
pattern => '^carbon\.',
retentions => '1m:90d'
},
{
name => 'default',
pattern => '.*',
retentions => '1s:30m,1m:1d,5m:2y'
}
]
The storage schemas, which describes how long matching graphs are to be stored in detail.
Default is the Hashmap:
{
'00_min' => { pattern => '\.min$', factor => '0.1', method => 'min' },
'01_max' => { pattern => '\.max$', factor => '0.1', method => 'max' },
'02_sum' => { pattern => '\.count$', factor => '0.1', method => 'sum' },
'99_default_avg' => { pattern => '.*', factor => '0.5', method => 'average'}
}
The storage aggregation rules.
Default is 'apache'. The web server to configure. Valid values are 'apache', 'nginx', 'wsgionly' or 'none'.
Apache is configured with mod_wsgi, nginx is configured with gunicorn. 'wsgionly' configures only gunicorn.
The value 'none' means that you will manage the webserver yourself.
Default is 80. The HTTP port which the web server will use. Only used for $gr_web_server => 'apache' or 'nginx'.
Default is 443. The HTTPS port which the web server will use. Only used for $gr_web_server => 'apache'.
Default is $::fqdn
(string). Virtualhostname of Graphite webgui.
Default is false (boolean). Include CORS Headers for all hosts (*) in web server config. This is needed for tools like Grafana.
If true, alter web server config to enable SSL. Default is false (boolean). Only used for apache at the moment.
Path to SSL cert file. Default is undef.
Path to SSL key file. Default is undef.
Path to SSL dir containing keys and certs. Default is undef.
Group name to chgrp the files that will served by webserver. Only necessary for gr_web_server => 'wsgionly' or 'none'.
Username to chown the files that will served by webserver. Only necessary for gr_web_server => 'wsgionly' or 'none'.
Template to use for Apache vhost config. Default is 'graphite/etc/apache2/sites-available/graphite.conf.erb'.
Default is '' (String). Prefix of the Apache config file. Useful if you want to change the order of the virtual hosts to be loaded. For example: '000-'
Boolean to enable configuration parts for Apache 2.4 instead of 2.2 Default is false/true (autodected. see params.pp)
Optional setting to disable proxying of requests. When set, will supply a value to 'NoProxy'.
{
gr_apache_noproxy => "0.0.0.0/0"
}
Will insert:
NoProxy 0.0.0.0/0
In the /etc/apache2/conf.d/graphite.conf file.
Default is false (boolean). Django settings style.
Default is 'django.db.backends.sqlite3' (string). Can be set to
- django.db.backends.postgresql <- Removed in Django 1.4
- django.db.backends.postgresql_psycopg2
- django.db.backends.mysql
- django.db.backends.sqlite3
- django.db.backends.oracle
Default is '/opt/graphite/storage/graphite.db' (string). Name of database to be used by django.
Default is '' (string). Name of database user.
Default is '' (string). Password of database user.
Default is '' (string). Hostname/IP of database server.
Default is '' (string). Port of database.
Default is false. Enable carbon relay.
Default is '0.0.0.0' (string)
Default is 2013 (integer)
Default is 'False'. Enables the UDP listener for carbon-relay.
Default is '0.0.0.0' (string)
Default is 2013 (integer)
Default is '0.0.0.0' (string)
Default is 2014 (integer)
Default is 'True' (string). Logs successful connections
Default is 'rules'
Default is 1 (integer). Add redundancy by replicating every datapoint to more than one machine.
Default is 'True' (string). Add to guarantee replicas across distributed hosts.
Default is [ '127.0.0.1:2004' ] (array). Array of backend carbons for relay.
Default is 10000 (integer)
Default is 'True' (string).
Relay rule set. Default is
{
all => { pattern => '.*',
destinations => [ '127.0.0.1:2004' ] },
'default' => { 'default' => true,
destinations => [ '127.0.0.1:2004:a' ] },
}
Default is false (boolean) Enable the carbon aggregator daemon.
Default is '0.0.0.0' (string). Address for line interface to listen on.
Default is 2023. TCP port for line interface to listen on.
Default is 'False' (string). Set this to True to enable the UDP listener.
Default is '0.0.0.0' (string). Its clear, isnt it?
Default is 2023. Self explaining.
Default is '0.0.0.0' (string). IP address for pickle interface.
Default is 2024. Pickle port.
Default is 'True' (string). Logs successful connections
Default is 'True' (string). Forward all metrics to the destination(s) defined in gr_aggregator_destinations
.
Default is [ '127.0.0.1:2004' ] (array). Array of backend carbons.
Default is 10000. Maximum queue size.
Default is 'True' (string). Enable flow control Can be True or False.
Default is 5. Maximum number intervals to keep around.
Default is
{
'carbon-class-mem' => 'carbon.all.<class>.memUsage (60) = sum carbon.<class>.*.memUsage',
'carbon-all-mem' => 'carbon.all.memUsage (60) = sum carbon.*.*.memUsage',
}
Hashmap of carbon aggregation rules.
Default is undef (array). List of memcache hosts to use. eg ['127.0.0.1:11211','10.10.10.1:11211']
Default is 'UNSAFE_DEFAULT' (string). CHANGE IT! Secret used as salt for things like hashes, cookies, sessions etc. Has to be the same on all nodes of a graphite cluster.
Default is undef (array). Array of webbapp hosts. eg.: ['10.0.2.2:80', '10.0.2.3:80']
Default is undef (array). Array of carbonlink hosts. eg.: ['10.0.2.2:80', '10.0.2.3:80']
Default is undef (string). Defines consistent-hashing type for 0.9.16+, e.g.: 'carbon_ch'
Default is 6. Timeout to fetch series data.
Default is 2.5 . Timeout for metric find requests.
Default is 10. Time before retrying a failed remote webapp.
Default is 300. Time to cache remote metric find results.
Default is 'True'. During a rebalance of a consistent hash cluster, after a partition event on a replication > 1 cluster or in other cases we might receive multiple TimeSeries data for a metric key. Merge them together rather than choosing the "most complete" one (pre-0.9.14 behaviour).
Default is undef (string). The user and salted SHA-1 (SSHA) password for Nginx authentication. If set, Nginx will be configured to use HTTP Basic authentication with the given user & password. e.g.: 'testuser:$jsfak3.c3Fd0i1k2kel/3sdf3'
Default is 10. Value to use for nginx's proxy_read_timeout setting
Default is true (boolean). Used to determine if the module should install ca-certificate on Debian machines during the initial installation.
Default is false (boolean). Turn ldap authentication on/off.
Default is '' (string). Set ldap uri.
Default is '' (string). Set the ldap search base.
Default is '' (string).Set ldap base user.
Default is '' (string). Set ldap password.
Default is '(username=%s)' (string). Set ldap user query.
Hash of additional LDAP options to be enabled. For example, { 'ldap.OPT_X_TLS_REQUIRE_CERT' => 'ldap.OPT_X_TLS_ALLOW' }
. Default is { }
.
Default is 'False' (string). Allow use of REMOTE_USER env variable within Django/Graphite.
Default is undef. Allows the use of a custom HTTP header, instead of the REMOTE_USER env variable (mainly for nginx use) to tell Graphite a user is authenticated. Useful when using an external auth handler with X-Accel-Redirect etc.
Example value - HTTP_X_REMOTE_USER
The specific use case for this is OpenID right now, but could be expanded to anything.
One example is something like http://antoineroygobeil.com/blog/2014/2/6/nginx-ruby-auth/
combined with the option gr_web_server
= 'wsgionly' and http://forge.puppetlabs.com/jfryman/nginx
with some custom vhosts.
The sample external auth app is available from here
Default is 30. value to pass to gunicorns --timeout arg.
Default is 'unix:/var/run/graphite.sock'. value to pass to gunicorns --bind arg.
Default is 2. value to pass to gunicorn's --worker arg.
Default is empty array. Allow multiple additional cache instances. (beside the default one) Example value:
{
'cache:b' => {
'LINE_RECEIVER_PORT' => 2103,
'PICKLE_RECEIVER_PORT' => 2104,
'CACHE_QUERY_PORT' => 7102,
},
'cache:c' => {
'LINE_RECEIVER_PORT' => 2203,
'PICKLE_RECEIVER_PORT' => 2204,
'CACHE_QUERY_PORT' => 7202,
}
}
Default is empty array. Allow multiple additional relay instances. (beside the default one)
Example: see gr_cache_instances
Default is empty array. Allow multiple additional aggregator instances. (beside the default one)
Example: see gr_cache_instances
Default is 'False'. Set autoflush for whisper
Default is false. Set lock writes for whisper
Default is false. Set fallocate_create for whisper
Default is 'False' (string). Logs timings for remote calls to carbon-cache
Default is 'True' (String). Logs time required for the queue sorts
Default is 'False' (string). Triggers the creation of rendering.log which logs timings for calls to the The Render URL API
Default is 'False' (string). Trigges the creation of metricaccess.log which logs access to Whisper and RRD data files
Default is 'django-tagging' (string) The name of the django-tagging package that should be installed
Default is '0.3.1' (string) The version of the django-tagging package that should be installed
Default is undef
(string). The source of the django-tagging package that should be installed.
Default is 'Twisted' (string) The name of the twisted package that should be installed
Default is '11.1.0' (string) The version of the twisted package that should be installed
Default is undef
(string). The source of the twisted package that should be installed.
Default is 'txAMQP' (string) The name of the txamqp package that should be installed
Default is '0.4' (string) The version of the txamqp package that should be installed
Default is undef
(string). The source of the txamqp package that should be installed.
Default is 'graphite-web' (string) The name of the graphite package that should be installed
Default is '0.9.12' (string) The version of the graphite package that should be installed
Default is undef
(string). The source of the graphite package that should be installed.
Default is 'carbon' (string) The name of the carbon package that should be installed
Default is '0.9.12' (string) The version of the carbon package that should be installed
Default is undef
(string). The source of the carbon package that should be installed.
Default is 'whisper' (string) The name of the whisper package that should be installed
Default is '0.9.12' (string) The version of the whisper package that should be installed
Default is undef
(string). The source of the whisper package that should be installed.
Default is a platform-specific name of the django package that should be installed (string).
Default is 'installed' (string) The version of the django package that should be installed.
Default is undef
(string). The source of the django package that should be installed.
Default is undef
(string) The provider of the django package that should be installed.
Default is undef
(array). An array of options to pass to pip install
when installing graphite.
For example, to install packages from a repository other than PyPI, you could pass --index-url
like this:
class { 'graphite':
gr_pip_install_options => ['--index-url', 'https://custom-packge-server/simple/'],
}
For details on available options, see the documentation for pip install
.
Default is true (Bool). Should packages be installed via pip
Default is 'python' (string). Can be set to a fully-qualify path or an alternative binary name.
Default is false (Bool). Should the caching of the webapp be disabled. This helps with some display issues in grafana.
stdlib by puppetlabs
On Redhat distributions you need the EPEL or RPMforge repository, because Graphite needs packages, which are not part of the default repos.
This module is tested on CentOS 6.5 and Debian 7 (Wheezy) and should also run on
- RHEL/CentOS/Scientific 6+
- Debian 6+
- Ubunutu 10.04 and newer
Most settings of Graphite can be set by parameters. So their can be special configurations for you. In this case you should edit
the file templates/opt/graphite/webapp/graphite/local_settings.py.erb
.
- There is currently an open ticket with Puppet about broken pip support in CentOS 6/7. The
workaround for this bug is to create a symlink from
/usr/bin/pip-python
(which doesn't exist) to/usr/bin/pip
(which does). - CentOS 7's default
nginx.conf
includes aserver
section listening on port 80. Thus, it is not possible to set up graphite without modifying the package-provided configuration file. You will have to either manually remove theserver
section, or provide agr_web_server_port
other than port 80. - nginx/gunicorn requires a
systemctl restart gunicorn
after installing on Ubuntu 15.10 - SELinux must be disabled
- Installing on Ubuntu 16.04 Xenial requires Puppet 4.1+ (see commit 71251c9)
Echocat modules are open projects. So if you want to make this module even better, you can contribute to this module on Github.
Make sure to read the repository's DEVELOP.md
file first.