| zigo | On which port is aetos supposed to bind ? | 07:57 |
|---|---|---|
| zigo | This doesn't seem documented anywhere. | 07:57 |
| mrunge_ | I think that is configurable | 08:55 |
| mrunge_ | jwysogla: do you happen to know out of your head? I see aetos being added to the ci tests https://opendev.org/openstack/telemetry-tempest-plugin/commit/f8a8197b1e1764aecfcd02ae31053b7b96538a6a | 09:02 |
| zigo | mrunge_: Yeah, but what's the standard ?!? | 09:08 |
| mrunge_ | zigo: Jaromir should know, I have seen 9090, 9092, etc. I also think that it is now being added to the keystone catalog | 09:09 |
| zigo | I thought 9090 was the standard Prometheus port. | 09:09 |
| mrunge_ | the idea is/was to block prometheus 9090 to the external world and to only allow connections via aetos | 09:10 |
| zigo | Well, there's no reason to expose prometheus to the outside anyways ! :) | 09:11 |
| mrunge_ | If you want/need to access metrics, there is? openstack apis are publicly accessible | 09:12 |
| zigo | Right, but shouldn't all go through aetos ? | 09:15 |
| mrunge_ | indeed (for metrics) | 09:16 |
| zigo | So prometheus wouldn't be exposed anyways ... :P | 09:16 |
| zigo | Anyways, thanks. And thanks also for Aetos, we'll soon test it. | 09:18 |
| mrunge_ | I'll try to get you an answer, and let me know how it works | 09:18 |
| mrunge_ | There are still some changes necessary in the other services accessing metrics. aodh should work out of the box, and I have also seen a patch to add observabilityclient/aetos support to watcher | 09:19 |
| zigo | So, it's not a drop-in replacement for Gnocchi? | 09:21 |
| mrunge_ | it is meant to be a drop-in replacement. But prometheus support in other projects has been added in the past, before observabilityclient existed, or projects implemented the access themselves | 09:23 |
| mrunge_ | e.g cloudkitty can use prometheus as metric store, but creates the queries on their own, https://github.com/openstack/cloudkitty/blob/master/cloudkitty/collector/prometheus.py | 09:24 |
| jwysogla | Aetos doesn't really have a default port. It's expected to be run as a wsgi application, you should be able to set the port when configuring that. For example check the uwsgi.ini here: https://docs.openstack.org/aetos/latest/contributor/install/manual.html. You can customize the port in your config and everything should work as long as you register the endpoint in keystone like this: | 09:51 |
| jwysogla | https://docs.openstack.org/aetos/latest/install/install-ubuntu.html (this example just uses port 80). | 09:51 |
| jwysogla | Aetos doesn't have much in common with Gnocchi. It's a openstack rbac layer for Prometheus. As of now, you can access Prometheus metrics through Aetos from CLI using the observabilityclient, from watcher and from Aodh (but even though Aodh for now is able to access metrics through Aetos, it bypasses the rbac checks, so with Aodh, everyone can set an alarm on all metrics). | 09:54 |
| jwysogla | As Matthias wrote. CloudKitty is able to use Prometheus, but for now, it isn't able to access Prometheus metrics through Aetos (I plan to take a look at that hopefully soon). | 09:55 |
| opendevreview | Merged openstack/aetos master: Support client cert/key for TLS connection with Prometheus https://review.opendev.org/c/openstack/aetos/+/956983 | 10:18 |
| opendevreview | Merged openstack/aetos master: Rename wsgi script https://review.opendev.org/c/openstack/aetos/+/957430 | 10:18 |
| opendevreview | Merged openstack/aetos master: Add configuration for project label name https://review.opendev.org/c/openstack/aetos/+/957224 | 10:57 |
| zigo | mrunge_: When I start aetos, it says: | 15:10 |
| zigo | no python application found, check your startup logs for errors | 15:10 |
| zigo | How am I supposed to do it? I tried both wsgi-script = and module =, none worked ... | 15:11 |
| zigo | (I'm using uwsgi...) | 15:11 |
| zigo | Looks like that part works now. | 15:12 |
| zigo | Though I'm getting: | 15:12 |
| zigo | Unable to validate token: Unable to establish connection to https://127.0.0.1:35357 | 15:12 |
| zigo | (in my logs) | 15:12 |
| zigo | That's *NOT* what I configured ... :/ | 15:13 |
| jwysogla | That's logs from Aetos? | 15:24 |
| zigo | I get: | 16:09 |
| zigo | Unable to validate token: Unable to establish connection to https://127.0.0.1:35357: HTTPSConnectionPool(host='127.0.0.1', port=35357): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fd831650d70>: Failed to establish a new connection: [Errno 111] Connection refused')): keystoneauth1.exceptions.connection.ConnectFailure: Unable to establish connection to https://127.0.0.1: | 16:09 |
| zigo | 35357: HTTPSConnectionPool(host='127.0.0.1', port=35357): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fd831650d70>: Failed to establish a new connection: [Errno 111] Connection refused')) | 16:09 |
| zigo | I'm not sure what config thing it's trying to read... | 16:09 |
| zigo | If you point at the code, I can find out ! :) | 16:09 |
| jwysogla | zigo: I get a quite similar error message when I misconfigure the keystone_authtoken.auth_url value in my aetos.conf. Can't that be the cause? | 17:45 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!