diff --git a/.github/workflows/chatops.yaml b/.github/workflows/chatops.yaml index 2610cca5..988e44b6 100644 --- a/.github/workflows/chatops.yaml +++ b/.github/workflows/chatops.yaml @@ -1,4 +1,4 @@ -name: ChatOps checks +name: Linting on: push: diff --git a/chatops_deployment/INSTALL.md b/chatops_deployment/INSTALL.md deleted file mode 100644 index e69de29b..00000000 diff --git a/chatops_deployment/README.md b/chatops_deployment/README.md index dc2e0094..14b29117 100644 --- a/chatops_deployment/README.md +++ b/chatops_deployment/README.md @@ -1,4 +1,29 @@ # ChatOps Deployment -This project outlines the deployment of the Cloud ChatOps application found [here](https://github.com/stfc/cloud-docker-images/tree/master/cloud-chatops). -The goal is to create an easily deployable and highly available infrastructure to run the Docker image on. +![Linting](https://github.com/stfc/SCD-OpenStack-Utils/actions/workflows/chatops.yaml/badge.svg) + +## Contents + +- [About](#about) + +### About + +This project outlines the deployment of the Cloud ChatOps application +found [here](https://github.com/stfc/cloud-docker-images/tree/master/cloud-chatops). The goal is to create an easily +deployable and highly available infrastructure to run the Docker container on. We achieve this by using Terraform and +Ansible to provision and configure a virtual machine the services will run on. + +This includes: + +- Load balanced application traffic +- Infrastructure-wide service logging to a central location +- Service monitoring with visual dashboards and alerting notifications +- Multi-environment deployment (e.g. dev, staging, prod) + +To get started with the deployment, see [INSTALL.md](docs/INSTALL.md). + +For information about what services are deployed, see [SERVICES.md](docs/SERVICES.md) + +To understand what the Terraform modules do, see [TERRAFORM.md](docs/TERRAFORM.md) + +To know what and where variables are stored, see [VARIABLES.md](docks/VARIABLES.md) diff --git a/chatops_deployment/ansible/roles/haproxy/tasks/certbot.yml b/chatops_deployment/ansible/roles/haproxy/tasks/certbot.yml index d968e1e9..ccc77bff 100644 --- a/chatops_deployment/ansible/roles/haproxy/tasks/certbot.yml +++ b/chatops_deployment/ansible/roles/haproxy/tasks/certbot.yml @@ -35,7 +35,7 @@ become: true ansible.builtin.stat: path: /etc/haproxy/{{ domain }}.crt - register: certificate_file + register: haproxy_certificate_file - name: Generate the certificate for the first time become: true @@ -43,18 +43,18 @@ certbot certonly --standalone --non-interactive --agree-tos --expand --domains \ {{ domain }},chatops.{{ domain }},prometheus.{{ domain }},grafana.{{ domain }},alertmanager.{{ domain }},kibana.{{ domain }} \ -m cloud-support@stfc.ac.uk - register: generate_cert - changed_when: generate_cert.rc == 0 - when: not certificate_file.stat.exists + register: haproxy_generate_cert + changed_when: haproxy_generate_cert.rc == 0 + when: not haproxy_certificate_file.stat.exists - name: Copy certificate for the first time become: true ansible.builtin.command: | cat /etc/letsencrypt/live/{{ domain }}/privkey.pem \ /etc/letsencrypt/live/{{ domain }}/fullchain.pem > /etc/haproxy/{{ domain }}.crt - register: copy_cert - changed_when: copy_cert.rc == 0 - when: not certificate_file.stat.exists + register: haproxy_copy_cert + changed_when: haproxy_copy_cert.rc != 0 + when: not haproxy_certificate_file.stat.exists - name: Create a cron job for the renewal of certificates become: true @@ -99,4 +99,4 @@ ansible.builtin.systemd_service: state: restarted name: haproxy.service - when: copy_cert.rc == 0 + when: haproxy_copy_cert.rc == 0 diff --git a/chatops_deployment/ansible/roles/haproxy/tasks/haproxy.yml b/chatops_deployment/ansible/roles/haproxy/tasks/haproxy.yml index 543d3b30..06e730de 100644 --- a/chatops_deployment/ansible/roles/haproxy/tasks/haproxy.yml +++ b/chatops_deployment/ansible/roles/haproxy/tasks/haproxy.yml @@ -19,11 +19,11 @@ become: true ansible.builtin.stat: path: /etc/haproxy/{{ domain }}.crt - register: certificate_file + register: haproxy_certificate_file - name: Make sure haproxy.service is running become: true ansible.builtin.systemd_service: state: restarted name: haproxy.service - when: certificate_file.stat.exists + when: haproxy_certificate_file.stat.exists diff --git a/chatops_deployment/ansible/roles/ssh_known_hosts/tasks/main.yml b/chatops_deployment/ansible/roles/ssh_known_hosts/tasks/main.yml index 441232b2..391580d4 100644 --- a/chatops_deployment/ansible/roles/ssh_known_hosts/tasks/main.yml +++ b/chatops_deployment/ansible/roles/ssh_known_hosts/tasks/main.yml @@ -18,24 +18,24 @@ send "{{ bastion_key_passphrase }}\r" expect eof EOF - register: _ - changed_when: _.rc == 0 + register: ssh_known_hosts_ + changed_when: ssh_known_hosts_.rc != 0 - name: Remove FIP known hosts ansible.builtin.command: 'ssh-keygen -R "{{ terraform_floating_ip }}"' - register: _ - changed_when: _.rc == 0 + register: ssh_known_hosts_ + changed_when: ssh_known_hosts_.rc != 0 - name: Remove private VM known host entries ansible.builtin.command: "ssh-keygen -R {{ item }}" loop: "{{ groups['private'] }}" - register: _ - changed_when: _.rc == 0 + register: ssh_known_hosts_ + changed_when: ssh_known_hosts_.rc != 0 - name: Add FIP fingerprint to known hosts ansible.builtin.command: 'ssh-keyscan "{{ terraform_floating_ip }}" >> ~/.ssh/known_hosts' - register: _ - changed_when: _.rc == 0 + register: ssh_known_hosts_ + changed_when: ssh_known_hosts_.rc != 0 - name: Get private VM fingerprints and retrieve to local host delegate_to: "{{ terraform_floating_ip }}" @@ -43,25 +43,25 @@ - name: Add private VM fingerprints to known hosts on LB ansible.builtin.command: 'ssh-keyscan "{{ item }}" >> ~/.ssh/known_hosts' loop: "{{ groups['private'] }}" - register: _ - changed_when: _.rc == 0 + register: ssh_known_hosts_ + changed_when: ssh_known_hosts_.rc != 0 - name: Retrieve known hosts from LB ansible.builtin.fetch: src: "~/.ssh/known_hosts" dest: "private_known_hosts.tmp" flat: true - register: _ - changed_when: _.rc == 0 + register: ssh_known_hosts_ + changed_when: ssh_known_hosts_.rc != 0 - name: Append fetched known hosts to localhost ansible.builtin.command: "cat private_known_hosts.tmp >> ~/.ssh/known_hosts" - register: _ - changed_when: _.rc == 0 + register: ssh_known_hosts_ + changed_when: ssh_known_hosts_.rc != 0 - name: Remove private_known_hosts.tmp ansible.builtin.file: path: "private_known_hosts.tmp" state: absent - register: _ - changed_when: _.rc == 0 + register: ssh_known_hosts_ + changed_when: ssh_known_hosts_.rc != 0 diff --git a/chatops_deployment/ansible/roles/terraform/tasks/deploy.yml b/chatops_deployment/ansible/roles/terraform/tasks/deploy.yml index d3db928f..376b1235 100644 --- a/chatops_deployment/ansible/roles/terraform/tasks/deploy.yml +++ b/chatops_deployment/ansible/roles/terraform/tasks/deploy.yml @@ -4,12 +4,12 @@ - name: Check clouds.yaml ansible.builtin.stat: path: "~/.config/openstack/clouds.yaml" - register: clouds_yaml_state + register: terraform_clouds_yaml_state - name: Fail if clouds.yaml does not exist ansible.builtin.fail: msg: "Could not find a clouds.yaml in ~/.config/openstack/clouds.yaml" - when: not clouds_yaml_state.stat.exists + when: not terraform_clouds_yaml_state.stat.exists - name: Check public and private keys block: @@ -17,16 +17,16 @@ - name: Check Bastion public key is valid # noqa: no-changed-when ansible.builtin.command: "ssh-keygen -l -f '../terraform/bastion-key.pub'" ignore_errors: true - register: public_key_state + register: terraform_public_key_state # We can ignore this warning as this command doesn't change anything when it runs. - name: Check Bastion private key is valid # noqa: no-changed-when ansible.builtin.command: "ssh-keygen -l -f '../ansible/bastion-key'" ignore_errors: true - register: private_key_state + register: terraform_private_key_state - name: Generate an SSH key pair and copy to directories - when: public_key_state.rc != 0 or private_key_state.rc != 0 + when: terraform_public_key_state.rc != 0 or terraform_private_key_state.rc != 0 block: - name: Generate key community.crypto.openssh_keypair: diff --git a/chatops_deployment/docs/INSTALL.md b/chatops_deployment/docs/INSTALL.md new file mode 100644 index 00000000..bbb75405 --- /dev/null +++ b/chatops_deployment/docs/INSTALL.md @@ -0,0 +1,181 @@ +# Deployment + +## Contents: + +- [Quick Start](#quick-start) + +## Quick Start: + +- If you are deploying from scratch, start at [Setting up localhost](#setting-up-localhost) +- If you already have the repository cloned, the vault password saved and the projects clouds.yaml then start + at [Deploy infrastructure](#deploy-infrastructure). +- If you only need to make changes to an existing deployment then start + at [Configure infrastructure](#configure-infrastructure) +- To destroy all infrastructure, see [Destroy infrastructure](#destroy-infrastructure) + +## OpenStack Project Requirements: + +The project `Cloud-MicroServices` is already setup with all the required requisites. The variables in this repository +reference that project. If you are using a different project for a deployment not used by the Cloud Team you will +require the following: + +- A floating IP (e.g. 130.246.X.Y) +- DNS records: + - ` CNAME host-130-246-X-Y.nubes.stfc.ac.uk` + - **AND** + - ``` + # EITHER + *. CNAME host-130-246-X-Y.nubes.stfc.ac.uk + # OR + kibana.. CNAME host-130-246-X-Y.nubes.stfc.ac.uk. + grafana.. CNAME host-130-246-X-Y.nubes.stfc.ac.uk. + prometheus.. CNAME host-130-246-X-Y.nubes.stfc.ac.uk. + alertmanager.. CNAME host-130-246-X-Y.nubes.stfc.ac.uk. + chatops.. CNAME host-130-246-X-Y.nubes.stfc.ac.uk. + ``` +- Ports 80 and 443 open inbound from the internet +- OpenStack Volume for the VM ~10GB + +### Deploying the Infrastructure: + +You can run the deployment from any machine (including your local laptop). +However, we suggest you make a dedicated "seed VM" in OpenStack as the +deployment will create files such as SSL certificates and SSH keys which you +will need to keep for further maintenance. + +Machine requirements: + +- Python3 +- Snap (to install Terraform) +- Pip or equivalent (to install Ansible) + +#### Setting up localhost: + +1. Install Ansible and collections + ```shell + # Install venv and Ansible + apt install python3-venv ansible + + # Create a virtual environment + python3 -m venv venv + source venv/bin/activate + + # Install collections using Ansible Galaxy + ansible-galaxy install -r requirements.yml + + # Install dependencies + pip install -r requirements.yml + ``` + +2. Create a vault password file to avoid repeated inputs + ```shell + # Either + + echo "chatops_vault_password" >> ~/.chatops_vault_pass + + # or + + vim ~/.chatops_vault_pass # and enter the vault password as plain text + ``` + +3. Change permissions and attributes to protect the file + ```shell + chmod 400 ~/.chatops_vault_pass + chattr +i ~/.chatops_vault_pass + ``` + +4. Copy the projects clouds.yaml to the `~/.config/openstack/clouds.yaml` + ```shell + cp /clouds.yaml ~/.config/openstack/clouds.yaml + ``` + +#### Deploy infrastructure: + +You can deploy both development and production environments on the same machine but not at the same time. + +1. Clone this repository + ```shell + git clone https://github.com/stfc/SCD-OpenStack-Utils + ``` + +2. Change into the `ansible` directory + ```shell + cd SCD-OpenStack-Utils/chatops_deployment/ansible + ``` + +3. Deploy infrastructure. Using -i to specify which inventory to use, dev or prod + ```shell + ansible-playbook deploy.yml --vault-password-file=~/.chatops_vault_pass -i + ``` + +#### Configure infrastructure + +1. Configure the VMs. This step will take ~15 minutes + ```shell + ansible-playbook configure.yml --vault-password-file=~./chatops_vault_pass -i + ``` + +#### Destroy infrastructure + +To destroy the infrastructure and all locally generated files run the destroy playbook. + +1. Destroy the infrastructure and locally generated files + ```shell + ansible-playbook destroy.yml --vault-password-file=~./chatops_vault_pass -i + ``` + +## Debugging: + +### Terraform + +To debug the Terraform deployment, it is best to use the Terraform directly rather than through Ansible. +When you run the deploy.yml playbook, a `terraform.tfvars` file is created which allows you to run the Terraform modules +separate to Ansible. + +1. Ensure you have run deploy.yml at least once to generate the variables file `terraform.tfvars` + +2. Change to the terraform directory + ```shell + # Assuming you are in the ansible directory + cd ../terraform + ``` + +3. Check and change Terraform workspace. Terraform separates environments into workspaces. Make sure you are using the + correct workspace before making changes. + ```shell + # List all workspaces. You should see at most "default, dev, prod" + terraform workspace list + + # Select the workspace you want to affect + terraform workspace select + ``` + +4. Now you can make changes to the deployment. It is advisable you only use the Terraform commands directly if there is + something very wrong. The Ansible playbooks should be the first choice. + ```shell + # For example, plan and apply changes + terraform plan -out plan + terraform apply plan + + # Refresh the state to check API connections + terraform refresh + + # Validate the config + terraform validate + ``` + +### Ansible + +Each role in the Ansible playbook is tagged in its play. This enables you to run only parts of the playbooks. This is +important as it takes ~15 minutes to run the entire playbook. So, when you only want to make changes to certain parts +of the deployment you can use `--tags ` to run only that part of the play. + +For example, if you change the Prometheus config file template you can just run the playbook with the **prometheus** tag +. +```shell +ansible-playbook configure.yml --vault-password-file=~./chatops_vault_pass -i dev --tags prometheus +``` + +It is not recommended to use tags when making changes to the production deployment. As changes are promoted to +production the entire playbook should be run. This avoids any changes being missed out and ensures the entire deployment +is running the latest configuration. diff --git a/chatops_deployment/docs/SERVICES.md b/chatops_deployment/docs/SERVICES.md new file mode 100644 index 00000000..88da2ceb --- /dev/null +++ b/chatops_deployment/docs/SERVICES.md @@ -0,0 +1,109 @@ +# Services + +## Contents +- [What services are deployed?](#what-services-are-deployed) +- [How are services accessed?](#how-are-the-services-accessed) +- [What does each service do?](#what-does-each-service-do) +- [How do services communicate?](#how-do-services-communicate) + +## What services are deployed? + +![ChatOps Services](chatops_services.svg "Diagram of ChatOps Services") + +## How are the services accessed? + +We are using sub-domains and a wildcard DNS record to access all services from +one address. The root URL is `(dev-)cloud-chatops.nubes.rl.ac.uk` and a +sub-domain is prepended depending on what you are trying to access. Assuming +you are accessing the production services, the below URLs will take you to the +available services: + +- (Grafana) https://grafana.cloud-chatops.nubes.rl.ac.uk +- (Elastic Stack Kibana) https://kibana.cloud-chatops.nubes.rl.ac.uk +- (Prometheus) https://prometheus.cloud-chatops.nubes.rl.ac.uk +- (Alertmanager) https://alertmanager.cloud-chatops.nubes.rl.ac.uk +- (HAProxy stats) https://cloud-chatops.nubes.rl.ac.uk/stats +- (ChatOps Application) https://cloud-chatops.nubes.rl.ac.uk +- (ChatOps Specific URL) https://chatops.cloud-chatops.nubes.rl.ac.uk + +Grafana is the only service implementing IRIS IAM login and other services use basic authentication. + +## What does each service do? + +### HAProxy + +- Load balances traffic for the ChatOps application +- Uses layer 7 routing to navigate a user between services using sub-domains +- Acts as TLS termination between the internet and the private network + +### ChatOps Application + +- The Docker image being supported by this project which provides notifications +to Slack about open pull requests +- Multiple instances running for high availability + +### Grafana + +- Hosts visual dashboards that display the services' status from a Prometheus +datasource +- View HAProxy stats such as the frequency of requests + +### Prometheus + +- Collects metrics from endpoints provided by Systemd-Exporter and cAdvisor +- Sends alerts to Alertmanager based on configured rules +- Provides a datasource to Grafana + +### Alertmanager + +- Manages alerts sent by Prometheus by forwarding them to Slack or a Mail server +- Groups duplicate alerts into single messages to prevent spam + +### Elasticsearch + +- Acts as a centralised log store for all services +- Provides a search engine to query for logs + +### Kibana + +- Provides a user interface to query Elasticsearch + +### Logstash + +- Receives logs from Filebeat and sends them to Elasticsearch +- Uses pipelines to filter and mutate messages before storing them in Elasticsearch + +### Filebeat + +- Reads log files of services and exports their contents to Logstash +- Uses regular expression patterns to concatenate multiline logs into single messages +- Runs on all nodes + +### Systemd Exporter + +- Provides a metrics endpoint for Prometheus with data about the systemd services on a node +- Runs on all nodes +- Used for Prometheus to alert when systemd services such as Grafana or Logstash go down + +### cAdvisor + +- Provides more useful container metrics than the Docker socket metrics endpoint +- Runs on only the ChatOps nodes +- Used for Prometheus to alert when the ChatOps containers go down + +## How do services communicate? + +All services communicate on the localhost using HTTPS. +Self-signed certificates are generated on the local Ansible host and copied to each service. +HAProxy uses a Let's Encrypt +certificate for external traffic which is then terminated and re-encrypted with the service's self-signed certificate +before being sent out to the destination service. Individual services will also sign their own traffic with each other's +certificates. + +See the below diagram for an example of external to internal communication: + +![ChatOps External SSL](chatops_external_ssl.svg) + +See the below diagram for an example of inter-service communication: + +![ChatOps Internal SSL](chatops_internal_ssl.svg) \ No newline at end of file diff --git a/chatops_deployment/docs/TERRAFORM.md b/chatops_deployment/docs/TERRAFORM.md new file mode 100644 index 00000000..e11006cd --- /dev/null +++ b/chatops_deployment/docs/TERRAFORM.md @@ -0,0 +1,84 @@ +# Terraform + +## Contents: +- [What is created in OpenStack?](#what-is-created-in-openstack) +- [Terraform Modules](#terraform-modules) + +## What is created in OpenStack? + +All resources for this deployment can be automatically created and destroyed with the Ansible playbooks. +The only exception to this is the floating IPs and Volumes. + +We don't automate the creation and deletion of FIPs because ports need to be opened and closed +by Digital Infrastructure (DI). DNS records are associated with specific FIPs which require a ticket to DI to change. + +We don't automate the creation and deletion of Volumes because they are used as a persistent data storage. +If we delete the volume we lose all the metrics and log data. There is currently no backup process in place. + +See below a diagram of the OpenStack infrastructure: + +![Terraform Infrastructure](chatops_terraform.svg) + +## Terraform Modules + +The Terraform configuration is made of 3 modules: the root module, compute and networking. + +### [Root](../terraform) + +#### [main.tf](../terraform/main.tf) + +- OpenStack provider is declared, including what version to use and which clouds to get credentials from. +- Network module is loaded with input variables from `terraform.tfvars`. +- Compute module is loaded with input variables from `terraform.tfvars`. + +#### [outputs.tf](../terraform/outputs.tf) + +- Declares what variables to "export" into the Terraform state files. + This is where the VM IP addresses are gathered for the hosts file. + We also extract the attached Volume paths for Prometheus and Elasticsearch + +#### [variables.tf](../terraform/variables.tf) + +- Declares what variables are required for the configuration to run correctly. + +#### [terraform.tfvars](../terraform/terraform.tfvars) + +> ***Note:*** This file won't exist unless the configuration has been deployed with Ansible + +- Contains the variable values needed in `variables.tf`. These are generated from the Ansible variables + +### [Compute](../terraform/modules/compute) + +#### [main.tf](../terraform/modules/compute/main.tf) + +> ***NOTE:*** The volumes and floating IP must already be present in the project. They are not created. + +- OpenStack provider is declared, including what version to use and which clouds to get credentials from. +- SSH public key is imported into the OpenStack project. +- Stack VM is created. +- Volume is attached to Stack VM. +- Floating IP is associated to the Stack VM network port. + +#### [outputs.tf](../terraform/modules/compute/outputs.tf) + +- Exports the Volume attachment paths. E.g. `/dev/vdb`. + +#### [variables.tf](../terraform/modules/compute/variables.tf) + +- Makes all Terraform networking resources available to this module. + +### [Networking](../terraform/modules/networking) + +#### [main.tf](../terraform/modules/networking/main.tf) + +- OpenStack provider is declared, including what version to use and which clouds to get credentials from. +- Private network, subnet and router are created. +- Security group containing rules for each service is created. + +#### [outputs.tf](../terraform/modules/networking/outputs.tf) + +- Outputs the networking resources to be available in the compute module. + +#### [variables.tf](../terraform/modules/networking/variables.tf) + +- Makes the input variables available to this module. \ No newline at end of file diff --git a/chatops_deployment/docs/VARIABLES.md b/chatops_deployment/docs/VARIABLES.md new file mode 100644 index 00000000..8d9e5181 --- /dev/null +++ b/chatops_deployment/docs/VARIABLES.md @@ -0,0 +1,20 @@ +# Variables + +## Environments + +The inventory and variables are separated by 2 environments folders. `dev` and `prod`. This allows us to change values +for specific deployments such as, changing the version of the ChatOps application used from `9.0.0 -> 10.0.0` on the **dev** +deployment before using the changes on production. We can also use a different ChatOps configuration targeting different +workspaces for testing and users. + +The variable keys should always remain identical in **dev** and **prod**. However, the values may change. + +## Inventory + +The inventory is made from the static **hosts.yml**. The contents of this file should not be changed unless you are +using a different DNS record. + +#### hosts.yml + +Creates a single group called **stack** with one host which is the stack VM. It also sets the local SSH key to use for +running Ansible commands. diff --git a/chatops_deployment/docs/chatops_external_ssl.svg b/chatops_deployment/docs/chatops_external_ssl.svg new file mode 100755 index 00000000..d66c89cd --- /dev/null +++ b/chatops_deployment/docs/chatops_external_ssl.svg @@ -0,0 +1,4 @@ + + + +
Client
























Client...
HAPROXY























HAPROXY...
User makes connection then trusts certificate
User makes conne...
Provides Let's Encrypt certificate
Provides Let's Encry...
Unencrypted request data
Unencrypted requ...
Request is decrypted with session key
Request is decr...
Request is encrypted
 with session key
Request is encry...
User generates a session key, encrypts it and sends it to HAProxy
User generates a...
Request goes through access crontrol list and finds destination backend
Request goes thr...
Service























Service...
Request is encrypted with session key
Request is encr...
Request is decrypted with session key
Request is decr...
Request is processed
Request is proc...
Receives session key and decrypts it with LE private key
Receives session key...
Makes connection to service and trusts the self-signed certificate because we give it a copy of the certificate to compare with
Makes connection t...
Provides self-signed certificate
Provides self-s...
Receives session key and decrypts it with service private key
Receives sessi...
HAProxy generates a session key, encrypts it and sends it to the service
HAProxy generate...Text is not SVG - cannot display \ No newline at end of file diff --git a/chatops_deployment/docs/chatops_internal_ssl.svg b/chatops_deployment/docs/chatops_internal_ssl.svg new file mode 100755 index 00000000..78216809 --- /dev/null +++ b/chatops_deployment/docs/chatops_internal_ssl.svg @@ -0,0 +1,4 @@ + + + +
Private Network



























Private Network...
Grafana


























Grafana...
Prometheus


























Prometheus...
Unencrypted request to access Prometheus datasource
Unencrypted request...
Encrypts data with session key
Encrypts data with s...
Encrypted request is sent to Prometheus across 192.168.X.Y network
Encrypted request is...
Receives encrypted request
Receives encrypted r...
Makes connection and checks certificate against its own copy
Makes connection and...
Provides service certificate
Provides service cer...
Generates session key and encrypt with service certificate
Generates session ke...
Receives session key and decrypts it. Acknowledges receipt
Receives session key...
Decrypts request with session key
Decrypts request wit...
Actions request by providing data
Actions request by p...Text is not SVG - cannot display \ No newline at end of file diff --git a/chatops_deployment/docs/chatops_layer_7.svg b/chatops_deployment/docs/chatops_layer_7.svg new file mode 100755 index 00000000..b0bf1a54 --- /dev/null +++ b/chatops_deployment/docs/chatops_layer_7.svg @@ -0,0 +1,4 @@ + + + +
HAProxy
Round-Robin
HAProxy...
ChatOps Application
ChatOps Application
ChatOps Application
ChatOps Application
ChatOps Application
ChatOps Application
130.246.X.Y
cloud-chatops.nubes.rl.ac.uk
130.246.X.Y...
Internet
Internet
HEALTH CHECKS
HEALTH CHECKS
BACKUP
BACKUP
HEALTHY
HEALTHY
HEALTHY
HEALTHYText is not SVG - cannot display \ No newline at end of file diff --git a/chatops_deployment/docs/chatops_monitoring.svg b/chatops_deployment/docs/chatops_monitoring.svg new file mode 100755 index 00000000..4c79d5a7 --- /dev/null +++ b/chatops_deployment/docs/chatops_monitoring.svg @@ -0,0 +1,4 @@ + + + +

Grafana
Displays data such as service availability

Grafana...
Prometheus
Collects metrics and provides data to other services
Prometheus...
Alertmanager
Forwards alerts sent by Prometheus to Slack and Mail servers
Alertmanager...
Systemd-exporter
Systemd-exporter
cAdvisor
cAdvisor
Exposes metrics about services
Exposes metrics about servicesText is not SVG - cannot display \ No newline at end of file diff --git a/chatops_deployment/docs/chatops_services.svg b/chatops_deployment/docs/chatops_services.svg new file mode 100755 index 00000000..2173f772 --- /dev/null +++ b/chatops_deployment/docs/chatops_services.svg @@ -0,0 +1,4 @@ + + + +
Prometheus
Metric Scraping
Prometheus...
Alertmanager
Alerting Notifications
Alertmanager...
HAProxy
Load balancing
Layer 7 Routing
HAProxy...
ChatOps Application
ChatOps Application
Elasticsearch
Log Store
Search Engine
Elasticsearch...
Logstash
Ingests Logs
Logstash...

Grafana
Monitoring Dashboards

Grafana...

Kibana
Elasticsearch Viewing

Kibana...
Filebeat
Filebeat
Systemd-exporter
Systemd-exporter
Filebeat
Filebeat
Systemd-exporter
Systemd-exporter
Filebeat
Filebeat
Systemd-exporter
Systemd-exporter
Filebeat
Filebeat
Systemd-exporter
Systemd-exporter
Filebeat
Filebeat
Systemd-exporter
Systemd-exporter
Filebeat
Filebeat
Systemd-exporter
Systemd-exporter
Filebeat
Filebeat
Systemd-exporter
Systemd-exporter
Filebeat
Filebeat
cAdvisor
cAdvisorText is not SVG - cannot display \ No newline at end of file diff --git a/chatops_deployment/docs/chatops_terraform.svg b/chatops_deployment/docs/chatops_terraform.svg new file mode 100755 index 00000000..54bcdaa5 --- /dev/null +++ b/chatops_deployment/docs/chatops_terraform.svg @@ -0,0 +1,4 @@ + + + +
Private Network
192.168.100.X


















Private Network...
HAProxy
HAProxy
FIP
FIP
Internet
0.0.0.0/0
Internet...
Prometheus / Alertmanager
Prometheus / Alertma...
Grafana
Grafana
Elasticsearch
Logstash
Kibana
Elasticsearch...
ChatOps
ChatOps
Security Group
Security Group
Security Group
Security Group
Security Group
Security Group
Security Group
Security Group
Security Group
Security Group
Cinder Volume
Cinder Vol...
Cinder Volume
Cinder Vol...
Internal Network
172.16.X.Y
Internal Network...Text is not SVG - cannot display \ No newline at end of file diff --git a/chatops_deployment/docs/chatops_traffic.svg b/chatops_deployment/docs/chatops_traffic.svg new file mode 100755 index 00000000..f5363e46 --- /dev/null +++ b/chatops_deployment/docs/chatops_traffic.svg @@ -0,0 +1,4 @@ + + + +
HAProxy
ACL checks "service"
HAProxy...
ChatOps
ChatOps

Grafana

Grafana...
Kibana
Kibana
service.cloud-chatops....
service.cloud-chatops....
Request
service.cloud-chatops.nubes.rl.ac.uk
Request...
e.g. "chatops"
e.g. "chatops"
e.g. "grafana"
e.g. "grafana"
e.g. "grafana"
e.g. "grafana"Text is not SVG - cannot display \ No newline at end of file