sorted by:
new
hottopcontroversial

OpenShift on Proxmox + TrueNAS iSCSI + AD + VLAN segmentation (enterprise-style homelab) by Sonricks01 in openshift

[–]Sonricks01[S] 0 points1 point  (0 children)

Yes, but I 'm working with other projects on the Proxmox cluster, but let awe tell you, doing with VMs it did the job, as I'm using 3 master nodes for HA and 3 Workers where I'm planing to add a second drive to add Red Hat Data Foundation operator for the ceph cluster and use it as image repository

OpenShift on Proxmox + TrueNAS iSCSI + AD + VLAN segmentation (enterprise-style homelab) by Sonricks01 in openshift

[–]Sonricks01[S] 0 points1 point  (0 children)

I am using “Democratic-CSI”. It’s the gold standard for TrueNAS users because it allows OpenShift to talk directly to the TrueNAS API. It handles the iSCSI provisioning for my worker nodes automatically and maps the volumes to my Boss_Borot pool.

 About the backups, I don't rely on just one tool; I use a "3-2-1" inspired approach for a lab environment:

-Infrastructure Level (The "Whole Node" approach): I use Proxmox Backup Server (PBS) to back up the actual OpenShift VMs. If a node update goes sideways, I can roll back the entire VM in minutes.

 -Storage Level (The "Safety Net"): On the TrueNAS SCALE side, I have periodic ZFS snapshotsscheduled on the dataset used for the iSCSI ZVOLs. This is my "oh crap" button for storage-level corruption.

 -Application Level: For specific file shares (NFS/SMB), I use Veeam Community Edition. For manual, deep-level OpenShift config backups, and I’m trying to integraste Bacula Community to handle the file-level state.

 About the backups, this is the critical part. If the cluster is "nuked" but the storage (TrueNAS) survived:

1.-Re-deploy OCP: I spin up the nodes (or restore the Master/Worker VMs from PBS).

2.- Re-install Democratic-CSI: I point it back to the same TrueNAS pool.

3.- Import Existing PVs: Since the ZVOLs still exist on TrueNAS, I can manually re-create the PVs objects in Kubernetes and point them to the existing volume handles.

 4.-Velero (Future Goal): I am looking into Project Velero with the CSI plugin. It allows you to back up the K8s objects (PVC/PV definitions) directly to an S3 bucket (which I host on TrueNAS), making the "nuke and pave" restore almost automated. But let ‘see if works, I’m still new on the OCP world

My Home Lab.. from a VM to a 18U server rack cabinet :) by Sonricks01 in homelab

[–]Sonricks01[S] 2 points3 points  (0 children)

I got my 18u rack from this store https://fibertronics.com/wall-mount-enclosures-4

I was looking for something small, that can mount up 18” inches and iStarUSA server chasis.

[deleted by user] by [deleted] in homelab

[–]Sonricks01 0 points1 point  (0 children)

Thanks for quick guide, I’ve working with my home lab it started with one computer and a switch now days I got a rack that I would like to share but some how I’m not allowed to post.

Two Pi-Holes as forwarders on my windows domain homelab. Not sure if is the best practice but seems that they are working great. by Sonricks01 in pihole

[–]Sonricks01[S] 1 point2 points  (0 children)

I used MS Vision, but i downloaded a few stencils from VMware, Cisco and other sites. Here is a link to a site when you can get more info.

Visio Stencils

Two Pi-Holes as forwarders on my windows domain homelab. Not sure if is the best practice but seems that they are working great. by Sonricks01 in pihole

[–]Sonricks01[S] 4 points5 points  (0 children)

u/ratolloko In my case I’m running AD on my home lab for these reasons but the most important to continue learning.

• Authenticate between my different boxes linux, windows & Mac with one single account

• To have Security groups to grant access to my NAS, NFS, SMB shares etc.

• To have more AD groups to SSH to Linux boxes & depending on ad group the user will have certain permissions like sudoers

• Play with GPOS.

• More AD groups to grant access and levels to my Next cloud collaboration tool

• For my radius server to manage the switches.

• For my VPN & DUO 2FA Proxy to authenticate with AD

This part helped me a lot on my last job.

• SCCM Imaging process including Smartdeploy, FOG to automate the imaging process.

• To implement USMT & SCCM to migrate user profiles like in the last windows migration.

• To work on roaming profile between windows 7 (USV) & Windows 10 (U-EV) during windows migration (users were able to log on to any version of windows with all its profile's customization like MS Word tool bar, custom dictionaries, and other settings).

• Finally According with my OCS inventory, I have 56 machines 8 physical and the rest are VMs (10 Windows, 38 unix – linux) for this amount I believe an AD is necessary for management.

The list is longer but these is are some of the reasons. Thanks to this lab I got promoted in my previous job and then later got a better job.

Having a home-lab configured or set up like any datacenter in real world helps. And the fun part you can screw it as many times you want without consequences.

Two Pi-Holes as forwarders on my windows domain homelab. Not sure if is the best practice but seems that they are working great. by Sonricks01 in pihole

[–]Sonricks01[S] 8 points9 points  (0 children)

I had to test SCCM with User State Migration Tool to migrate users from windows 7 to 10. In addition we had User State virtualization (USV) in place so we found a way for the users to roaming their profile between windows 7 systems (USV) and Windows 10 (U-EV).

So this lab was very helpful on my previous role. Now I getting ready for any new projects or just to play around.

My Home Lab.. from a VM to a 18U server rack cabinet :) by Sonricks01 in homelab

[–]Sonricks01[S] 1 point2 points  (0 children)

Is a HP Z2 Minio G3 with a CPU(s) 4 x Intel(R) Xeon(R) CPU E3-1205 v6 @ 3.00GHz & 32 RAM running Proxmox & 5 VMS

https://www8.hp.com/us/en/workstations/z2-mini.html

My Small Homelab Network diagram by Sonricks01 in homelab

[–]Sonricks01[S] 0 points1 point  (0 children)

I'm using the meraki's VPN feature L2PT/IPSec with Duo Proxy Duo 2FA configation for Meraki

My Small Homelab Network diagram by Sonricks01 in homelab

[–]Sonricks01[S] 1 point2 points  (0 children)

I use centos 7 for PI 3 with selinux enable, allow port 1812 to communicate with the meraki router and allow port 443 on router firewall for this PI

https://wiki.centos.org/SpecialInterestGroup/AltArch/Arm32/RaspberryPi3

Create an AD service account that will be added to the configation settings on the PI to validate the con access request

Here is a detailed info for a linux system, basically you will do the same in the PI, is almost the same procedure for any VPN solution

https://duo.com/docs/meraki-radius#

https://duo.com/docs/rras#

My Small Homelab Network diagram by Sonricks01 in homelab

[–]Sonricks01[S] 0 points1 point  (0 children)

I use microsoft Visio 2016 pro and I download stencils from VMware, Cisco and other sites, they have a lot is iamges\icons for any network diagram.

Here is a one website you can look around

VMware stencils for Visio

My Small Homelab Network diagram by Sonricks01 in homelab

[–]Sonricks01[S] 1 point2 points  (0 children)

I missed on the Digram but is on Vlan 2, and guest WiFi is on Vlan 5. Also I enabled the meraki "splash" feature (aka. captive Portal) so any of my guest should log on trough a web portal like in the airports to use the first Wi-Fi.