Skip to content

External Network Operations Center for EPFL SI ISAS-FSD

Notifications You must be signed in to change notification settings

epfl-si/external-noc

Repository files navigation

ISAS-FSD external NOC

About

This project aims to set up a Network Operations Center (so called NOC) providing an external monitoring for our School. In short, it will set up Prometheus, Prometheus Pushgateway, Prometheus Blackbox exporter, Prometheus Alertmanager, Prometheus Node Exporter and Grafana on a server, using docker containers and deployed with Ansible. On top of that, Traefik reverse proxy / load balancer handle the HTTP requests.

Pre-requisites

We assume that the NOC will be deployed on a Ubuntu server, on which you can access with your SSH key with the root rights.

Installation

The installation is self-managed by the nocsible script, which will download the Ansible suitcase if needed. This will ensure that every member of the team will be using the same versions of the tools such as python, pip module, ansible modules, ruby, etc.

Keybase

The secrets in this project are stored on a static yaml file on the team's keybase (/keybase/team/epfl_idevfsd/idevfsd-NOC/ansible_noc_secrets.yml). An Ansible file lookup will get them, meaning that access to this file is mandatory and that it has to be mounted.

Deployment

In our case, the deployment in done on a virtual machine hosted on a OpenStack setup by SWITCHEngines. Thus, some of the explanations might be related to that, more particularly the access rules which depends on OpenStack Neutron Security Groups.

Project's bricks

Each bricks of the project is meant to be self-contained. It should be possible to deploy each brick individually, using Ansible tags.

Usage

Install

$ git clone git@github.com:epfl-si/external-noc.git
$ cd external-noc
$ ./nocsible --check

Test

./nocsible

Prod

./nocsible --prod

Links