SyntropyStack — ANSIBLE— Monitoring solution with Grafana, Prometheus, Node_exporter and Nginx — Part 2

In this tutorial, we will be creating a monitoring network with node_exporter, Prometheus, Grafana and Nginx (with Let’s Encrypt SSL certificates). To deploy our network, we will be using the Syntropy Stack, Docker and Ansible.

I would put you at the end of this article, a detailed link allowing you to mount this architecture.

Start Syntropy Agent with Docker

sudo docker run --network="host" --restart=on-failure:10 --cap-add=NET_ADMIN --cap-add=SYS_MODULE \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
--device /dev/net/tun:/dev/net/tun --name=syntropynet-agent \
-e SYNTROPY_API_KEY=CHANGE ME \
-e SYNTROPY_TAGS=CHANGE ME \
-e SYNTROPY_PROVIDER=CHANGE ME \
-e SYNTROPY_AGENT_NAME=CHANGE ME \
-e SYNTROPY_NETWORK_API='docker' \
-d syntropynet/agent:stable

The VM of different vendors register on the SyntropyStack interface thanks to the agent launched by Docker on Ansible.

Certificat SSL LetsEncrypt

For my access to be secure, it was necessary to create a LetsEncrypt SSL certificate and pair it with a domain name. In this example, I use DuckDNS.

Duck DNS (www.duckdns.org)

The creation of several sub-networks

Launch services on each dedicated VM. Be careful by launching them on a different subnet

sudo docker network create --subnet 172.20.0.0/24 syntropynet
sudo docker network create --subnet 172.21.0.0/24 syntropynet
sudo docker network create --subnet 172.22.0.0/24 syntropynet

Here are some explanations for each service:

To distinguish VM and Services, it is necessary to mount them on different IP address plans. Ports were not to be exposed to the Internet, except for 443.

Build 3x VM

  • VM1: Nginx + Grafana
  • VM2: Prometheus
  • VM3: Node-Exporter

Here are some explanations for each service:

  • Nginx: is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. The software was created by Igor Sysoev and first publicly released in 2004.
  • Grafana: free software licensed Apache 2.0 that allows data visualization. It allows dashboards and graphs to be made from multiple sources including time databases such as Graphite, InfluxDB and OpenTSDB
  • Prometheus: free computer monitoring software and alert generator. It records real-time metrics in a time series database based on the input point content exposed using the HTTP protocol.
  • Node_exporter: will expose all metrics from enabled collectors by default. This is the recommended way to collect metrics to avoid errors when comparing metrics of different families. For advanced use the node_exporter can be passed an optional list of collectors to filter metrics.

To distinguish VM and Services, it is necessary to mount them on different IP address plans. Ports were not to be exposed to the Internet, except for 443.

ANSIBLE

Ansible is a free software platform for setting up and managing computers. It combines multi-node software deployment, ad-hoc task execution, and configuration management. It manages the various nodes through SSH and does not require the installation of any additional software on them. The modules communicate via the standard JSON notation output and can be written in any programming language. The system uses YAML to express reusable descriptions of systems, called playbook.

Installation

Copy the entire roles directory to your controller server

Install the Syntropy Ansible Galaxy Collection.

ansible-galaxy collection install git@github.com:SyntropyNet/syntropy-ansible-collection.git

Navigate to your local ansible directory:

cd /root/.ansible/collections/ansible_collections/syntropynet/syntropy

Install the Python dependencies.

pip3 install -U -r requirements.txt

Authentication

Generate an API Token by logging in using the CLI:

syntropyctl login {syntropy stack user name} { syntropy stack password}

Provision your Virtual Machines

Info:

  • For Python >= 2.7 [servers:vars] ansible_python_interpreter=/usr/bin/python3
  • For Python <= 2.7 [servers:vars] ansible_python_interpreter=/usr/bin/python
[nginx]
yourfirstpubip ansible_python_interpreter=/usr/bin/python3
[prometheus]
yoursecondpubip ansible_python_interpreter=/usr/bin/python3
[node-exporter]
localhost ansible_python_interpreter=/usr/bin/python3

Test Connection: ansible -m ping all

Output result:

localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}
*.*.*.* | SUCCESS => {
"changed": false,
"ping": "pong"
}
*.*.*.* | SUCCESS => {
"changed": false,
"ping": "pong"
}

Deploy Agent / Services / Network with Ansible Playbook

The power of Ansible is that everything is done from a single server. All this does automatically.

Grafana

Now that all services are communicating together, we have the option to get to the Grafana interface by typing the address of our domain name.

In order for Grafana to reassemble the metrics that Promotheus receives from Node_Exporter, it is necessary to identify the Docker DataSource IP of the Prometheus server. By installing a template, here is the result:

In conclusion, this exercise allowed us to highlight that with different VM connected via an encrypted tunnel, it is possible to build an architecture as if you were in a local network safely;-)

Thanks to Ansible, you make your life easier because everything is controlled from a single server.

Video tutorial

GitHub Tutorial

syntropy-devops-integrations/grafana-prometheus-node_exporter-ansible at main · SyntropyNet/syntropy-devops-integrations (github.com)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Laurent ✤

Laurent ✤

Ambassadeur Français chez Syntropy (NOIA Network)