/NMaaS

The NMaaS (Network Monitoring as a Service) is an open-source platform which enables to deploy and manage containerized applications on a pool of physical machines. The NMaaS is more precisely a collection of open-source components (Kubernetes, Docker, Grafana, Prometheus, Rancher) which is deployed and installed automatically by Ansible.

Primary LanguageShellApache License 2.0Apache-2.0

NMaaS - Network Monitoring as a Service

NMaaS is an open source Infrastructure-as-Code based on containers to get an overview of your network status among your servers.

This Ansible deployment includes :

Prerequisites

  • Linux

    Lastly used with the Ubuntu 20.04 LTS (Groovy Gorilla) version on all machines.

  • Python

    Both the 2.7 and 3.x versions are included in this run.

  • Ansible

    Lastly used with the 2.9.6 version.

How to start

  • On the nodes
sudo apt update	
sudo apt install openssh-client
sudo apt install python python3-pip 	# If needed
  • On the installer

Phase 1 — Set up the environment

# Exchange SSH keys
sudo apt install openssh-server		
ssh-keygen
ssh-copy-id {user}@{node}	# On every node of your infrastructure

# Initialize needed submodules and clone with correct commit (blue folders with an arrow on GitHub)
git submodule init
git submodule update

# OR (advanced users)
# (Optional) Checkout your Kubespray and Kube-Prometheus prefered version if needed
git clone https://github.com/kubernetes-sigs/kubespray.git
git clone https://github.com/coreos/kube-prometheus.git



# Install the required modules
sudo pip install -r requirements.txt

Phase 2 — List your machines

# Populate your pool of machines in inventory/hosts.yml with their IP adresses (the given example uses 1 master and 2 workers)

# Secure your credentials with Ansible-Vault for each node (the given example checks for a machine called node1)
# Create an individual folder
sudo mkdir -p inventory/host_vars/node1/

# Write a inventory/host_vars/node1/vars file for undisclosed sensitive data, following this template :
ansible_user: "{{ vault_ansible_user_node1 }}"
ansible_port: "{{ vault_ansible_port_node1 }}"
ansible_become_password: "{{ vault_ansible_become_password_node1 }}"

# Create a inventory/host_vars/node1/vault file where sensitive data is encrypted
ansible-vault create inventory/host_vars/node1/vault

# Save your crendentials, following this template : 
#~~
vault_ansible_user_node1: ssh_user
vault_ansible_become_password_node1: sudo_password
vault_ansible_port_node1: port_number
"~~

# Concatenate every created vars file into one
ansible-vault view inventory/host_vars/node*/vault > inventory/host_vars/vault && ansible-vault encrypt inventory/host_vars/vault

Phase 3 — Check and run the code

# Test the SSH connection and credential authentification from Ansible
ansible all -i inventory/hosts.yml -m ping --ask-vault-pass

# Launch it !
ansible-playbook -i inventory/hosts.yml --become --become-user=root init.yml --ask-vault-pass  -e@inventory/host_vars/vault -vvv

# Check if everything runs smoothly
sudo ./inventory/artifacts/kubectl.sh --kubeconfig inventory/artifacts/admin.conf get all --all-namespaces

For further cluster management, use the kubectl command (kubectl.sh) with the cluster configuration file (admin.conf) in the inventory/artifacts folder, as mentionned in the previous command.

Reset the NMaaS

# If you want to reset the NMaaS state and remove all nodes :
ansible-playbook -i inventory/hosts.yml --become --become-user=root reset.yml --ask-vault-pass  -e@inventory/host_vars/vault -vvv

Downloaded content

As stated earlier, this project is based on previous open-source works, which are pre-included in this repository. As such, we will be referring to :

Or clone from GitHub:

git clone https://github.com/Orange-OpenSource/NMaaS.git

Contribute

This project needs you ! To contribute, please contact Andrés Delgado (andres.delgado@orange.com) to discuss your implementation. Any idea is welcome !

You can help in 2 ways :

  • Improving the platform itself

    Whether it deals with the virtualization system, the automation mechanism or even the monitoring process, there is always room for improvement !

  • Populating with applications

    The platform is nothing if not for the applications it deploys. As such, an "app store" in a local registry is considered to be an optimal way to promote them. It would require an app containerization template, in addition to the app themselves to be supplied.

License

NMaaS is under the Apache 2.0 license. See the LICENSE file for details. Copyright (c) 2021 Orange

Authors