Configuring the Monasca Log API

The Monasca Log API runs on top of a gunicorn server. For a minimal configuration, a few settings have to be tuned in the following files:

• docker-compose.yml
• monasca-log-api/Dockerfile
• monasca-log-api/log-api-config.ini.j2
• monasca-log-api/log-api-config.conf.j2

Compose file

In docker-compose.yml, look up the service named 'monasca-log-api'. Here you might want to edit the port (setting is traefik.port) the service listens to (default is 8090: change this value carefully, updating it also in the server:main section of log-api-config.ini.j2 and in the output section of logstash.conf on the Monasca Log Agent). Also, the restart policy of the service is set to on-failure to guarantee the service stays up. You might want to edit this value or even remove this setting.

Dockerfile & Enviroment Variables

There should be no need to change default settings, as the Docker image (martel/monasca-log-api) provides good defaults.

However, settings can be overridden by changing values of environment variables in the compose file (see the environment section of services in docker-compose.yml and docker-compose-keystone.yml).

Other configuration files

In log-api-config.ini, the main settings are the host IP address and port the gunicorn server should listen to, as well as the number of working processes (workers) for handling requests, the maximum number of simultaneous clients (worker-connections), and the maximum number of pending connections (backlog). Please refer to the settings section in gunicorn's documentation.

In log-api-config.conf, the relevant settings are: the region (in the service section), that will be added to the logs as metadata; in the log_publisher section, the Kafka topics to which the logs are published and the address of the Kafka broker (kafka_url).

Authenticating to Keystone

In log-api-config.conf, the keystone_authtoken section allows to set the address of the Keystone and the credentials for authentication. It might also be necessary to set the roles (default_roles, agent_roles) in the roles_middleware section.

Authentication can be done to either the local (development/test) or the central Keystone (recommended). Here follow the environment settings to be inserted in the Dockerfile for authenticating to the local Keystone:

ENV KEYSTONE_IDENTITY_URI=http://keystone:35357 \
    KEYSTONE_AUTH_URI=http://keystone:5000 \
    KEYSTONE_ADMIN_USER=admin \
    KEYSTONE_ADMIN_PASSWORD=secretadmin \
    KEYSTONE_ADMIN_TENANT=admin

For local authentication, please consult the account information in keystone/preload.yml. For authentication to the central Keystone, please contact the FIWARE Lab administrators.