The Management Node – Purpose, Configuration.

Unlike the rest of the Pi’s the management node doesn’t have to be the same. It’s purpose is to hold the monitoring data, and any other function that we could remove from the docker nodes so they can focus on docker things. I used Raspbian.. Which happens to be armhf which is being deprecated… I recommend Ubuntu core aarch64 for now but as time goes on things will change. As a general note Make sure you turn on services and set them to auto start after installation if it was not made clear in the install documentation(Where necessary). Setting it up:

  • Install ansible (I won’t go into ansible but this will be nice for quick easy management later)
  • Install nginx. Also an example of my working configuration as it sits now. Replace “example.com” and keepalived vips in the appropriate places. Obviously we’ll need to get docker going first before any of this works.

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
server { 
	 listen 80;
	 server_name http://example.com;
	 return 301 https://exampe.com$request_uri;
}

server {
	listen 443 ssl;
	ssl_certificate /etc/letsencrypt/live/{example.com}/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/{example.com}/privkey.pem;
   	server_name example.com;

        location / {
                proxy_pass http://landing-page/;
                # HTTP 1.1 support
                proxy_http_version 1.1;
       } 
	location /portainer/
			    {
			   proxy_set_header Connection "";
			   proxy_pass http://portainer/;
			   proxy_http_version 1.1;
			   
  }
  	location /portainer/ws/ {
      	                      proxy_set_header Upgrade $http_upgrade;
            		      proxy_set_header Connection "upgrade";
            		      proxy_http_version 1.1;
                              proxy_pass http://portainer/ws/;
  }
        location /portainer/api/websocket/ {
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_http_version 1.1;
                proxy_pass http://portainer/api/websocket/;
  }
	location /grafana/ {
         proxy_pass http://localhost:3000/;
	}
	
	location /buildme/ {
		proxy_pass http://buildme/;
		proxy_set_header X-Forwarded-Host $host;
		proxy_set_header X-forwarded-Proto $scheme;
	}
}

upstream landing-page {
			# landing-page
			server {KEEPALIVED VIP ADDRESS}:80;
}
upstream portainer {
			#portainer
			server {KEEPALIVED VIP ADDRESS}:9000;
}
upstream buildme {
		 #wordpress
		 server {KEEPALIVED VIP ADDRESS}:81;
}
}

general conf
 domain-needed
 bogus-priv
#Range of addresses for dhcp.
 dhcp-range=192.168.0.45,192.168.0.199,48h
#don't forget to set your gateway 
 dhcp-option=3,{GATEWAY IP} 

 Static
 dhcp-host={DEVICE MAC},{HOSTNAME},{STATIC IP}
  • Install Telegraf agent(If you want monitoring) The only part that needs modification at the moment is “outputs.influxdb” urls = [“http://127.0.0.1:8086”] just make sure this is set, It’s pointing to influxdb.
# Configuration for sending metrics to InfluxDB
[[outputs.influxdb]]
  ## The full HTTP or UDP URL for your InfluxDB instance.
  ##
  ## Multiple URLs can be specified for a single cluster, only ONE of the
  ## urls will be written to each interval.
  # urls = ["unix:///var/run/influxdb.sock"]
  # urls = ["udp://127.0.0.1:8089"]
   urls = ["http://127.0.0.1:8086"]
  • Open port forwarding / any firewall ports 443 and port 80 to the management node. This machine will handle all incoming requests via Nginx.
    • Here’s some documentation that may point to your specific hardware.
  • Create your self an account with sudoers. So we aren’t using root everywhere. If you don’t know how to do this a good guide is here.
  • Create SSH keys for sharing with docker nodes later (for use with ansible) A general guide can be found here.

CategoriesUncategorized

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *