Configuring the Monasca Log API
The Monasca Log API runs on top of a gunicorn server. For a minimal configuration, a few settings have to be tuned in the following files:
- docker-compose.yml
- monasca-log-api/Dockerfile
- monasca-log-api/log-api-config.ini.j2
- monasca-log-api/log-api-config.conf.j2
Compose file
In docker-compose.yml, look up the service named 'monasca-log-api'. Here you might want to edit the port
(setting is traefik.port
) the service listens to (default is 8090
: change this value carefully, updating it also in the server:main
section of log-api-config.ini.j2 and in the output
section of logstash.conf on the Monasca Log Agent). Also, the restart
policy of the service is set to on-failure
to guarantee the service stays up. You might want to edit this value or even remove this setting.
Dockerfile & Enviroment Variables
There should be no need to change default settings, as the Docker image (martel/monasca-log-api) provides good defaults.
However, settings can be overridden by changing values of environment variables in the compose file (see the environment
section of services in docker-compose.yml and docker-compose-keystone.yml).
Other configuration files
In log-api-config.ini, the main settings are the host
IP address and port
the gunicorn server should listen to, as well as the number of working processes (workers
) for handling requests, the maximum number of simultaneous clients (worker-connections
), and the maximum number of pending connections (backlog
). Please refer to the settings section in gunicorn's documentation.
In log-api-config.conf, the relevant settings are: the region
(in the service
section), that will be added to the logs as metadata; in the log_publisher
section, the Kafka topics
to which the logs are published and the address of the Kafka broker (kafka_url
).
Authenticating to Keystone
In log-api-config.conf, the keystone_authtoken
section allows to set the address of the Keystone and the credentials for authentication. It might also be necessary to set the roles (default_roles
, agent_roles
) in the roles_middleware
section.
Authentication can be done to either the local (development/test) or the central Keystone (recommended). Here follow the environment settings to be inserted in the Dockerfile for authenticating to the local Keystone:
ENV KEYSTONE_IDENTITY_URI=http://keystone:35357 \
KEYSTONE_AUTH_URI=http://keystone:5000 \
KEYSTONE_ADMIN_USER=admin \
KEYSTONE_ADMIN_PASSWORD=secretadmin \
KEYSTONE_ADMIN_TENANT=admin
For local authentication, please consult the account information in keystone/preload.yml. For authentication to the central Keystone, please contact the FIWARE Lab administrators.