This project aims to set up a Network Operations Center (so called NOC) providing an external monitoring for our School. In short, it will set up Prometheus, Prometheus Pushgateway, Prometheus Blackbox exporter, Prometheus Alertmanager, Prometheus Node Exporter and Grafana on a server, using docker containers and deployed with Ansible. On top of that, Traefik reverse proxy / load balancer handle the HTTP requests.
We assume that the NOC will be deployed on a Ubuntu server, on which you can access with your SSH key with the root rights.
The installation is self-managed by the nocsible script, which will download
the Ansible suitcase if needed.
This will ensure that every member of the team will be using the same versions
of the tools such as python, pip module, ansible modules, ruby, etc.
The secrets in this project are stored on a static yaml file on the team's
keybase (/keybase/team/epfl_idevfsd/idevfsd-NOC/ansible_noc_secrets.yml). An
Ansible file lookup will get them, meaning that access to this file is mandatory
and that it has to be mounted.
In our case, the deployment in done on a virtual machine hosted on a OpenStack setup by SWITCHEngines. Thus, some of the explanations might be related to that, more particularly the access rules which depends on OpenStack Neutron Security Groups.
Each bricks of the project is meant to be self-contained. It should be possible to deploy each brick individually, using Ansible tags.
$ git clone git@github.com:epfl-si/external-noc.git
$ cd external-noc
$ ./nocsible --check
./nocsible
./nocsible --prod