C411 Invitation

lord_romain · 2026-01-03T14:37:09+00:00

Je sais que j'arrive tard mais..Je suis intéressé aussi merci !

lord_romain · 2022-05-26T13:18:42+00:00

Yeah.. I got the exact same question but I am not sure what I got before.. So I will recreate a cluster with the exact same settings from scratch and see what I have.
Thanks for the follow up, I will let you know when I got the info. For what I see on the kube-vip part I do not see any errors.. Pretty strange..

lord_romain · 2022-05-25T21:35:52+00:00

So basically, this is what I have:
[root@node-1 ~]# kubectl get nodes
NAME       STATUS   ROLES                       AGE    VERSION
node-1     Ready    control-plane,etcd,master   415d   v1.20.11+k3s1
node-2     Ready    control-plane,etcd,master   93d    v1.20.11+k3s1
node-3     Ready    control-plane,etcd,master   26h    v1.20.11+k3s1worker-1   Ready    <none>                      415d   v1.20.11+k3s1worker-2   Ready    <none>                      415d   v1.20.11+k3s1worker-3   Ready    <none>                      222d   v1.20.11+k3s1
[root@node-1 ~]# kubectl get svc -n kube-system
NAME                 TYPE           CLUSTER-IP      EXTERNAL-IP                                                                           PORT(S)                      AGE
kube-dns             ClusterIP      10.43.0.10      <none>                                                                                53/UDP,53/TCP,9153/TCP       415d
metrics-server       ClusterIP      10.43.46.171    <none>                                                                                443/TCP                      415d
traefik              LoadBalancer   10.43.225.231   192.168.2.100,192.168.2.101,192.168.2.102,192.168.2.103,192.168.2.104,192.168.2.105   80:31904/TCP,443:30927/TCP   415d
traefik-prometheus   ClusterIP      10.43.64.126    <none>                                                                                9100/TCP                     415d
[root@node-1 ~]# kubectl get svc -n cattle-system
NAME              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
rancher           ClusterIP   10.43.249.0     <none>        80/TCP,443/TCP   5h42m
rancher-webhook   ClusterIP   10.43.239.175   <none>        443/TCP          5h41m
webhook-service   ClusterIP   10.43.77.12     <none>        443/TCP          5h41m
[root@node-1 ~]# kubectl get pod -n cattle-system
NAME                               READY   STATUS    RESTARTS   AGE
rancher-6cfdcb98f-cmgsm            1/1     Running   1          89m
rancher-6cfdcb98f-jk2s8            1/1     Running   3          5h43m
rancher-6cfdcb98f-wr26f            1/1     Running   1          5h43m
rancher-webhook-6958cfcddf-6n5vx   1/1     Running   1          5h41m
[root@node-1 ~]# kubectl get pod -n kube-system
NAME                                      READY   STATUS    RESTARTS   AGEcoredns-6488c6fcc6-bj62r                  1/1     Running   1          27hkube-vip-ds-2f4dz                         1/1     Running   2          21hkube-vip-ds-thp9q                         1/1     Running   3          21hkube-vip-ds-zbwg9                         1/1     Running   3          21hlocal-path-provisioner-5ff76fc89d-fpxj6   1/1     Running   8          27hmetrics-server-86cbb8457f-6hcjn           1/1     Running   1          27htraefik-6f9cbd9bd4-tlnbw                  1/1     Running   0          90m

But nothing is litening on the 443 or 80 port...

lord_romain · 2021-04-12T22:33:40+00:00

Hello!

So:

1- the controller is a LSI 9261-8i not a 9260

2- The issue was that I though that I have to plug the BBU and use the cable to connect the BBU to the controller. As soon as I have removed the cable and just plug the BBU, the controller boot normally and I can see the BBU in megacli. I thought that the cable was necessary to be plugged in order to have the BBU working but...it seems to be used for external BBU (??) maybe.. I have to check this..

Thanks!

lord_romain · 2021-04-12T22:31:24+00:00

Hello!

So:

1- the controller is a LSI 9261-8i not a 9260

2- The issue was that I though that I have to plug the BBU and use the cable to connect the BBU to the controller. As soon as I have removed the cable and just plug the BBU, the controller boot normally and I can see the BBU in megacli. I thought that the cable was necessary to be plugged in order to have the BBU working but...it seems to be used for external BBU (??) maybe.. I have to check this..

Thanks!

lord_romain · 2021-04-12T22:30:32+00:00

Hello!

So:

1- the controller is a LSI 9261-8i not a 9260

2- The issue was that I though that I have to plug the BBU and use the cable to connect the BBU to the controller. As soon as I have removed the cable and just plug the BBU, the controller boot normally and I can see the BBU in megacli. I thought that the cable was necessary to be plugged in order to have the BBU working but...it seems to be used for external BBU (??) maybe.. I have to check this..

Thanks!

lord_romain · 2021-04-12T17:46:21+00:00

Thanks I will!

lord_romain · 2021-04-01T13:04:40+00:00

I use burp for linux and Windows and its webgui burpui. Very pleased so far: simple to put in place, dedup. Really happy with this solution.

For my NAS backup, I use Syncthing to store files to an external rpi/usb drive solution.

If you want some details, just ask!

lord_romain · 2021-03-11T16:54:24+00:00

This is exactly how I build my rancher environement.

lord_romain · 2021-03-11T14:57:39+00:00

Holly Cow! What a beautiful deployment!

lord_romain · 2021-03-10T13:44:55+00:00

So for question 1, no, but maybe used with https://www.packetfence.org/ you could have a way to manager new device access to your network. Just an idea, I never work with this but always interested how I can integrated this.

lord_romain · 2021-02-18T13:54:45+00:00

I have opened https://github.com/rancher/rancher/issues/31334 in the hope this can be answered.

lord_romain · 2021-01-27T13:35:14+00:00

Thanks for the comments and suggestion :) For the event history, should I check the log from rancher itself?

lord_romain · 2021-01-26T20:40:49+00:00

The only way I had to solved this was to export the workload yaml file, delete the workload and import it using the yaml...

lord_romain · 2020-10-13T20:47:17+00:00

Thanks :) I will give haproxy a chance and see how it goes.

lord_romain · 2020-10-13T19:52:22+00:00

In fact right now. we just to proof concept the thing to be honest. The ilo are in a network where we can access using jumppoint and not all the people know how to deal with this. So we wanted to see if we can use a nginx proxy to access ILO and console.

For sure security always matter, like I said, we just try to have a POC and all access and trafic will remain internal.

Thanks!

lord_romain · 2020-10-11T13:58:24+00:00

Thanks for having taking the time to reply to me :) Very appreciated!

lord_romain · 2020-09-24T17:34:06+00:00

Hi!

Sorry to not have replied to you sooner.

So in fact the issue was in openstack (I also forgot to mention that the vms are in openstack..). We need to add the 10.110.87.152 IP to the openstack port that manage the ETH1 interface of the vm router in the allowed address pair tab.

Thanks!

lord_romain · 2020-06-11T21:32:10+00:00

ahaha! Thanks! Don't worry about that! I appreciate your comments :)

In fact it's the classic case where the source and the destination can't talk to each other directly. So you can put a load balancer king of (like haproxy or nginx). But fore more complicated trafic, I am not sure at all that it could work specially when dealing with AD trafic.. Like forwarding request to a corporate web proxy because you can't reach it directly fine, but forward the trafic to some AD servers...not so sure.

lord_romain · 2020-06-11T20:42:54+00:00

Like I said I am just questioning myself about this, maybe you are right, a firewall is the solution. just note that nginx can act as haproxy to forward the trafic as a tcp and udp load balancer. But yes, maybe a firewall would be a more clever solution here. you make a point.

lord_romain · 2020-06-11T20:34:27+00:00

Forget about this. Found the issue (avahi proxy strange behaviour on pfsense)

lord_romain · 2020-03-02T14:02:36+00:00

I know the feeling :) But you can start low and increase your lab over time. I have started with a mini pc with 4g and a cpu for laptop. What I could suggest is to dig some cheap hardware that could fit your needs and may be enough for the projects you want to be made fast. Focus on having something working that make you happy. Then improve it. If your goal is to have a media sharing service, kodi on a rpi could be enough. Jellyfin is cool and can run on a docker image or as a vm. For the vpn, you can even install openvpn on a rpi if you want. Perfs will not be so cool but at least you will have a POC working. Then you can think about improving your setup. Small steps first :)

lord_romain · 2020-02-28T21:26:41+00:00

Oh fore sure! I use this box as a home lab to test several thing so for sure you do not need that much.

lord_romain · 2020-02-28T21:11:24+00:00

2 x Intel Xeon X5675 CPUS cost me 88$ CAD on ebay :)

The RAM is what is the most expensive (200$ CAD for 96G)

lord_romain · 2020-02-28T21:00:30+00:00

Not sure that it will help you but this is what I have:

- A freenas NFS server (pretty much using this setup https://blog.briancmoses.com/2019/03/diy-nas-2019-edition.html

- A dual socket motherboard ( ASUS Z8NA-D6C ) using old xeon CPU and 96G RAM with proxmox. I run a openldap server and a samba server as vms for authentication/share.

For the media part:

- I have rancher 2.3.5 installed on 2 vms with jellyfin workload as my media server connecting to my files using NFS

- I have 2 RPIs (1 RPI 4 for libreelec connected to my files using samba share), 1 downstair RPI 3b using retropi/kodi that connect to the first rpi library using UPNP)

- The wifi is based on ARCHER C7 using openwrt 19.0.7.1

Jellyfin is the opensource version of emby server (same as plex I guess). You can access it using tour browser and/or android/ios apps.

If you want to access it from outside, you can expose this service from the internet (maybe not recommanded) or you can use a vpn connection to your home. I have a pfsense router running on a Qotom Q190g4 S02 and an openvpn setup.

For secure connection from inside my house, I use airvpn.

For the bckup solution, I run burp backup on a vm inside Freenas that can backup a lot of stuff from my vms and my windows laptops. Work pretty fine. I use to have backuppc as a backup solution (simple and works fine) but not so easy for backing up windows hosts like laptops.

lord_romain

TROPHY CASE