Sunday, May 21, 2017

Project Alphaberry - Part 5 - Checkpoint

So here we are, 4 months into Project Alphaberry. At this point, it is time to look back, reflect, and figure out what the next steps are. I have a running system, its pretty cool, and I learned a lot of things along the way, but now, we need to rebuild.

Yes, that’s right, rebuild. I turned everything off the other day, getting ready to reformat all the drives, reinstall the Alpha OS, and start from scratch. Why you ask, well, sometimes simple is good, however, I didn’t go all simple, I did it really complex, and not only that, I had a fatal flaw that was developing. I mixed my “lab” environment in with my “home” environment. This started to have a bleeding effect where I wanted to try something new, but it didn’t feel “safe enough” to try out, I would lose things, things I cared about, things I needed to save would be lost, and my feelings would get hurt. OK, maybe not all those things, but I needed to rebuild this thing outside my home infrastructure, as that is already pretty solid, and what I want.

The core problem, I needed a separate network, but when building everything, I didn’t realize how important that this would be, until I remembered that I wanted the Alphaberry project to be portable. Disconnect the one network cable and one power cable, pick up the “case” and plug it in somewhere else. This started becoming impossible when I used my home router DHCP for statically assigning the Pi IP addresses, then the issue of dual purposing the DNS, and then finally, using the core infrastructure of my home network with the Intel NUC’s. Also, I don’t need HA at home for most things, but I was building it to survive and keep 100% uptime, that’t almost impossible at my house, I have power brownouts, I have kids who like to unplug things, but I have backups, and can restore things when I need to, so having that HA setup, which for most of my software, required three nodes, I started getting confused on what needed to go where.

The secondary problem, hitting a rabbit hole. Well, if I want to run Elasticsearch, I want to do it in a container, and I also want Kibana, but the Elastic containers are like… overly secure and take forever to spin up, so I want to optimize the containers, but… I need a container registry, because I don’t want to put all my trash containers on the internet, but… I remember something about secure registries, I think I need SSL certs, does that mean I need an SSL cert provider at home? Crap, how am I going to publish these containers, I could probably do it from my desktop, but I use my laptop too, oh, GitLab has some cool … that an entire CI pipeline, I should play with that, that is pretty awesome, but I need to do it for real, instead of on my sandbox, so I need a registry to…. Wait, what was I doing….

Yes, that was my last mindset, I got stuck in this super nasty loop rabbit hole, I got so concerned about doing it the right way, I forgot the entire point of this project, which was to build out some cool and awesome and play around with technologies in a cluster.


I bought a Netgate SG-1000 Microfirewall (pfSense), the thing is tiny and only has two network ports, I will plug one into my home network switch (WAN), and one into the Alphaberry network switch (LAN). This is the first start to the fully segregated environment.

Once that is complete, the Alpha will be formatted to a simpler OS (I am looking at probably Ubuntu core or CoreOS). This will serve as a Docker swarm master and non-ARM Container hosting. CentOS is awesome, and I know it fairly well from using it extensively at work, however, its way overkill for what I need at home. Finally, it will also be the server that gets hit with the traffic from the external HTTP ports (80/443).

Next, the Pi builds, I will re-flash everything with Raspian Jessie Lite + Docker CE only. This will drastically simplify these boxes. Of coarse, there will be some basic setup on them (SSH, NTP, etc…), but the idea is to keep them simple to setup, so I don’t need to run Ansible on them, just flash and go. I have a separate Pi that I will use to build the images, meaning I will keep it up to date manually, then occasionally burn the image from that, and spend a bit of time re-flashing the cluster nodes (would be nice to automate, but staying away from rabbit holes).

As mentioned, I will be using Docker Swarm for all of the container management, and Portainer to view and control it. For monitoring, I will still use ELK with Beats, but will put the metric beats inside containers, and most likely run the “all in one” ELK container on the Alpha.

The Alpha will contain a simple GIT server, meaning, over SSH. It will also have Ansible installed. This will allow me to run some common tasks across the servers (cleanup, restarts, etc…). I won’t be doing any significant system administration here, since “technically” I only need to configure two nodes, the Alpha, and the seeder Pi. However, hostnames might get set, because that would just be annoying to have everything named the same.

DHCP and DNS will be handled by the pfSense software, since the hardware is so damn small, it can be part of the cluster, which means that all of the settings will move with it. I will however configure my internal DNS to the search domain, which will not overlap with my home DNS ( vs. alphaberry).

I will run my own custom Docker Registry, but this will be as simple as I can make it, and run out of a container. If I do in fact require an SSL cert, I will use a self-signed one internally.

Lastly, I will run Traefik as the ingest for all HTTP access to the cluster, this should require minimal configuration, which can be done through the docker file for the custom container that runs it.

In conclusion, I learned Ansible, Raspian, a lot more about CentOS, Nomad, more about Consul, Metricbeats, DNS, DHCP, networking, and a whole bunch more system administration. The next phase of this project is building out some simple network diagrams, and then standing something up to actually be able to use without getting lost in the details because I over engineered for learning.


Anbarasan14 said...

I read your blog recently and it's nice. Keep sharing more.
IELTS Coaching in Chennai Anna Nagar
IELTS Coaching Centre in Anna Nagar
IELTS Coaching in Anna Nagar
IELTS Coaching in Adyar
IELTS Coaching in Chennai Adyar
IELTS Coaching in Porur
Spoken English Class in Chennai
Spoken English in Chennai

sultana said...

I would definitely thank the admin of this blog for sharing this information with us. Waiting for more updates from this blog admin.
AWS Training in Chennai
AWS Course in Chennai
Data Science Training in Chennai
Blue Prism Training Chennai
Digital Marketing Course in Chennai
AWS Training in Anna Nagar
AWS Training in T Nagar

Anonymous said...

Thanks for such a great article here. I was searching for something like this for quite a long time and at last, I’ve found it on your blog. It was definitely interesting for me to read about their market situation nowadays.angularjs best training center in chennai | angularjs training in velachery | angular 4 training in chennai | angularjs training in chennai

DedicatedHosting4u said...

Just seen your Article, it amazed me and surpised me with god thoughts that eveyone will benefit from it. It is really a very informative post for all those budding entreprenuers planning to take advantage of post for business expansions. You always share such a wonderful articlewhich helps us to gain knowledge .Thanks for sharing such a wonderful article, It will be deinitely helpful and fruitful article.

jose said...

Really nice post. Thank you for sharing amazing information.
Java Training in Credo Systemz/Java Training in Chennai Credo Systemz/Java Training in Chennai/Java Training in Chennai with Placements/Java Training in Velachery/Java Training in OMR/Java Training Institute in Chennai/Java Training Center in Chennai/Java Training in Chennai fees/Best Java Training in Chennai/Best Java Training in Chennai with Placements/Best Java Training Institute in Chennai/Best Java Training Institute near me/Best Java Training in Velachery/Best Java Training in OMR/Best Java Training in India/Best Online Java Training in India/Best Java Training with Placement in Chennai

jamuna said...

I really liked and I got some innovative ideas for improving my thoughts from well defined content.
IELTS Coaching in Chennai
french courses in chennai
pearson vue
ielts coaching classes in chennai
spoken english course in chennai
Blockchain Training in Chennai
Ionic Training in Chennai 
spanish courses in chennai
content writing course in chennai
IELTS Coaching in Porur
IELTS Coaching in Adyar

meldaresearch said...

The ultimate goal of descriptive essay help services is to provide Descriptive Essay Writing Services and descriptive essay services since descriptive essay writing help seekers lack time to complete their custom descriptive essay writing services.

tejaswini said...

I looked at some very important and to maintain the length of the strength you are looking for on your website360DigiTMG data science malaysia

360digitmgdelhi said...

I see some amazingly important and kept up to length of your strength searching for in your on the site
artificial intelligence course in delhi

360DigiTMG said...

This is a great post I saw thanks to sharing. I really want to hope that you will continue to share great posts in the future.
HRDF training

Bhavana said...

Viably, the article is actually the best point on this library related issue. I fit in with your choices and will enthusiastically foresee your next updates.
PMP Certification

dataanalyticscourse said...

I think I have never watched such online diaries ever that has absolute things with all nuances which I need. So thoughtfully update this ever for us.
360DigiTMG data analytics training malaysia

360DigiTMGMY said...

The blog and information is incredible and useful also
hrdf claimable

360DigiTMG_Gurgaon said...

This post is very simple to read and appreciate without leaving any details out. Great work!
data science course in gurgaon

training institute said...

Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work!
data science training

360DigiTMGAurangabad said...

Very Useful article
data science courses in aurangabad

Edison hope said...

I just wanted to thank you very much once again. Thank you for all your work on this website. You can easily apply to the Turkey evisa express application system takes just 5 minutes to apply and within 30 minutes e Visa Turkey Travel sends to your email.

Tom said...

Fantastic post.. Thank you for this work. The applicant applying for Kenya visa now can easily pay for kenya e visa fees online through online e visa application. That ultimately saves time and provide the secure process.

Deniel Alex said...

Thanks for sharing this information, Keep it up.... South Africa tourist visa, The Government of South Africa has confirmed that South Africa's new e-Visa system will be implemented for 15 countries by March 2022.

traininginstitute said...

Great tips and very easy to understand. This will definitely be very useful for me when I get a chance to start my blog.
cyber security course in malaysia

Allen smith said...

Thanks for your great article which is both informative and innovative: with the latest updates. It was highly invaluable. Travelers can apply India tourist visa for US citizens directly for e-visas online. Therefore, the Indian government has developed an easy-to-use online Indian visa application form that makes it easy to apply for a visa.

Albert said...

Good morning everybody.. Your article is more useful for all the people. Thank you sir.. Many people ask What is Indian visa fee for United States of America? You can read all the info about Indian visa fee on our India eVisa page.

Isabella Ava said...

Thanks for the great post. Planning a holiday in India, but without a visa you can never enter India. So first of all apply for an India Visa. Learn about how to apply for Indian e tourist visa on our website.