add monitor service and configuration to cland by following operation: 1. install packages. 2. generate configuration file. 3.update firewall rules. 4. CL api mapping.

Signed-off-by: zhesmart <[email protected]>

modify some add steps to hyber, add service to fix  memory useage cannot get correct value.

Signed-off-by: zhesmart <[email protected]>

Author: zhesmart

deploy/build.sh

@@ -101,6 +101,9 @@ $hname ansible_host=$myip ansible_ssh_private_key_file=$cland_ssh_dir/cland.key
 
 [database]
 $hname ansible_host=$myip ansible_ssh_private_key_file=$cland_ssh_dir/cland.key
+
+[monitor]
+$hname ansible_host=$myip ansible_ssh_private_key_file=$cland_ssh_dir/cland.key
 EOF
 }
 

deploy/cloudland.yml

@@ -43,3 +43,10 @@
   become_user: root
   roles:
     - {role: wds, become: yes, tags: [wds]}
+
+# deploy monitor 
+- name: install monitor
+  hosts: monitor
+  become_user: root
+  roles:
+    - {role: monitor, become: yes, tags: [monitor]}

deploy/roles/cland/tasks/main.yml

@@ -92,6 +92,3 @@
     state: started
   tags: [fe_srv]
 
-- name: allow cloudland necessary ports
-  script: firewall.sh
-  tags: [firewall]

deploy/roles/hyper/files/firewall.sh

@@ -3,6 +3,11 @@
 iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
 iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
 
+# Open the Prometheus port (default 9100), allowing inbound TCP traffic to port 9100
+iptables -A INPUT -p tcp --dport 9100 -j ACCEPT
+# Open the Grafana port (default 9177), allowing inbound TCP traffic to port 9177
+iptables -A INPUT -p tcp --dport 9177 -j ACCEPT
+
 for chain in $(iptables -S | grep secgroup | awk '{print $2}'); do
     iptables -X $chain
 done

deploy/roles/hyper/files/guest_kvm_vm_memory_export.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+while true; do
+  echo '# HELP guest_kvm_vm_memory_usage_bytes Memory usage of KVM VMs in bytes'
+  echo '# TYPE guest_kvm_vm_memory_usage_bytes gauge'
+  for uuid in $(virsh list --uuid); do
+    mem_usage=$(virsh dommemstat "$uuid" | awk '/rss/ {print $2}')
+    if [[ ! -z "$mem_usage" ]]; then
+      echo "guest_kvm_vm_memory_usage_bytes{uuid=\"$uuid\"} $((mem_usage * 1024))"
+    fi
+  done > /var/lib/node_exporter/guest_kvm_vm_memory_usage.prom
+  sleep 15
+done

deploy/roles/hyper/tasks/main.yml

@@ -8,7 +8,7 @@
 
 - name: install packages for kvm
   apt:
-    name: ['qemu-system-x86', 'qemu-utils', 'bridge-utils', 'ipcalc', 'ipset', 'keepalived', 'iputils-arping', 'libvirt-daemon', 'libvirt-daemon-system', 'libvirt-daemon-system-systemd', 'libvirt-clients', 'dnsmasq', 'dnsmasq-utils', 'conntrack']
+    name: ['qemu-system-x86', 'qemu-utils', 'bridge-utils', 'ipcalc', 'ipset', 'keepalived', 'iputils-arping', 'libvirt-daemon', 'libvirt-daemon-system', 'libvirt-daemon-system-systemd', 'libvirt-clients', 'dnsmasq', 'dnsmasq-utils', 'conntrack', 'prometheus-libvirt-exporter', 'prometheus-node-exporter']
     state: present
   ignore_errors: yes
   tags: [be_pkg]
@@ -264,3 +264,98 @@
     value: '16777216'
     reload: yes
   tags: [sysctl]
+
+- name: Create directory for monitor scripts
+  file:
+    path: /opt/cloudland/scripts/monitor
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+  tags: [monitor]
+
+- name: Copy guest VM memory exporter script
+  copy:
+    src: files/guest_kvm_vm_memory_export.sh
+    dest: /opt/cloudland/scripts/monitor/guest_kvm_vm_memory_export.sh
+    mode: '0755'
+    owner: root
+    group: root
+  tags: [monitor]
+
+
+- name: Ensure systemd override directory exists
+  file:
+    path: /etc/systemd/system/prometheus-node-exporter.service.d
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+  tags: [monitor]
+
+
+- name: Create directory for node_exporter textfile
+  file:
+    path: /var/lib/node_exporter
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+  tags: [monitor]
+
+- name: Configure Node Exporter with textfile directory
+  become: true
+  copy:
+    dest: /etc/systemd/system/prometheus-node-exporter.service.d/override.conf
+    content: |
+      [Service]
+      ExecStart=
+      ExecStart=/usr/bin/prometheus-node-exporter --collector.textfile.directory=/var/lib/node_exporter
+    mode: '0644'
+    owner: root
+    group: root
+  tags: [monitor]
+
+- name: Create systemd service for guest VM memory export
+  copy:
+    dest: /etc/systemd/system/guest_kvm_vm_memory_usage.service
+    mode: '0644'
+    owner: root
+    group: root
+    content: |
+      [Unit]
+      Description=Guest VM Memory Exporter Service
+      After=network.target
+
+      [Service]
+      Type=simple
+      ExecStart=/opt/cloudland/scripts/monitor/guest_kvm_vm_memory_export.sh
+      Restart=always
+      User=root
+
+      [Install]
+      WantedBy=multi-user.target
+  tags: [monitor]
+
+- name: Reload systemd to recognize new service
+  systemd:
+    daemon_reload: yes
+  tags: [monitor]
+
+- name: Enable guest VM memory exporter service
+  systemd:
+    name: guest_kvm_vm_memory_usage
+    enabled: yes
+    state: started
+  tags: [monitor]
+
+
+- name: Reload and restart prometheus services
+  systemd:
+    name: "{{ item }}"
+    daemon_reload: yes
+    state: restarted
+  with_items:
+    - 'prometheus-libvirt-exporter'
+    - 'prometheus-node-exporter'
+  tags: [monitor]

deploy/roles/monitor/files/firewall.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# Open the Node Exporter port (default 9100), allowing inbound TCP traffic to port 9100
+iptables -A INPUT -p tcp --dport 9100 -j ACCEPT
+
+# Open the Libvirt Exporter port (default 9177), allowing inbound TCP traffic to port 9177
+iptables -A INPUT -p tcp --dport 9177 -j ACCEPT
+
+# Open the Prometheus port (default 9090), allowing inbound TCP traffic to port 9090
+iptables -A INPUT -p tcp --dport 9090 -j ACCEPT
+
+# Open the Grafana port (default 3000), allowing inbound TCP traffic to port 3000
+iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
+# Allow outbound Node Exporter traffic (port 9100)
+iptables -A OUTPUT -p tcp --dport 9100 -j ACCEPT
+
+# Allow outbound Libvirt Exporter traffic (port 9177)
+iptables -A OUTPUT -p tcp --dport 9177 -j ACCEPT
+
+# Allow outbound Prometheus traffic (port 9090)
+iptables -A OUTPUT -p tcp --dport 9090 -j ACCEPT
+
+# Allow outbound Grafana traffic (port 3000)
+iptables -A OUTPUT -p tcp --dport 3000 -j ACCEPT
+
+/sbin/iptables-save -c > /etc/iptables.rules
+