You are here

OpenStack Keystone Monitoring

Requires Opsview Cloud or Opsview Monitor 6.4

This Host Template is part of the Openstack Monitoring Opspack

check_circle
Opsview Supported

Host Template: Cloud - OpenStack - Keystone

Monitor the status of OpenStack services listed by Keystone.

This Host Template includes the following Service Checks:

Service Check Name Description Default Thresholds (Warning, Critical) UOM
OpenStack - Keystone - Endpoints Status The status of OpenStack services listed by the Keystone API endpoints_not_ok=,0 N/A

Usage Instructions

Step 1: Add this Host Template

Add the Cloud - OpenStack - Keystone Host Template to your Opsview Monitor host. If the resource you're monitoring has no hostname or public IP, then open the Advanced settings pane and change Host Check Command to Always assumed to be UP.

For more information, refer to Opsview Knowledge Center - Adding Host Templates to Hosts.

Step 2: Add and configure variables required for this Host Template

The Service Checks in this Host Template use the following variables, and they will be added to your Opsview Monitor instance when you import the Opspack:

OPENSTACK_SERVICE_ENDPOINT

The Value is not used and therefore can be set to anything.

Parameter Position in Variable Name Description
--openstack-service-protocol Arg1 OpenStack Service Protocol The protocol (HTTP/HTTPS) that the OpenStack service is registered on.
--openstack-service-address Arg2 OpenStack Service Address The IP or hostname that the OpenStack service is registered on.
--openstack-service-port Arg3 OpenStack Service Port The port that the OpenStack service is registered on.

OPENSTACK_CREDENTIALS

The Value is not used and therefore can be set to anything.

Parameter Position in Variable Name Description
--username Arg1 OpenStack Username The username of your OpenStack monitoring credentials.
--password Arg2 OpenStack Password The password of your OpenStack monitoring credentials.
--domain Arg3 OpenStack Domain The OpenStack domain you wish to monitor.

OPENSTACK_SERVICE_INTERFACE

The is a multi-service check variable. A new service check will be created for each variable added. This way you can have multiple service checks for each different interface on your OpenStack system.

Parameter Position in Variable Name Description
--openstack-service-interface Value OpenStack Service Interface The interface you wish to monitor, which can be one of three types: admin, internal, or public. Please note, only interfaces that are reachable by Opsview Monitor will work.

OPENSTACK_SERVICE_BLACKLIST

The Value is not used and therefore can be set to anything. Pass in your list of ports to ignore as the first argument.

Parameter Position in Variable Name Description
--service-blacklist Arg1 OpenStack Service Blacklist A comma-separated list of services. Use this to ignore specific services when checking Keystone registered endpoints. You can find the service names in the Keystone service check output.

For more information, refer to Opsview Knowledge Center - Adding Variables to Hosts.

For mode-specific help, run the plugin with the -h -m <mode> flags. This will list the required and optional Variable Arguments for that mode. The appropriate mode for each Service Check is listed here:

Service Check Name Mode
OpenStack - Keystone - Endpoints Status OpenStack.Keystone.Services

SSL Certificates

Additionally, if ssl verification is required, you can use the following variable to pass in your SSL certificates for use when connecting to the service provider to gather metrics:

OPENSTACK_CERTIFICATES

The Value is not used and therefore can be set to anything. Override the arguments with your certificates.

Parameter Position in Variable Name Description
--ca-path Arg1 CA Certificate Path Path to the CA Certificate. Optional, only required if server verification is needed.
--client-cert Arg2 Client Certificate Path Path to the Client Certificate. Optional, only required if client verification is needed.
--client-key Arg3 Client Key Path Path to the Client Key. Optional, only required if client verification is needed.

Step 3: Apply changes and the system will now be monitored

OpenStack Keystone Output

Troubleshooting Permissions

The Opsview 'read' user requires access to the following Keystone endpoints with 'system' scope set to 'all':

  • /services
  • /endpoints

For more information regarding OpenStack Keystone policies, refer to Keystone configuration policy