1. Nomad spread scheduler

    I'm maintaining a nomad cluster already a few years now at home, based on some thin clients and a few raspberry pi's.

    The workload is growing from uses cases of the plane-spotting services towards a pi-hole setup, vaultwarden, homeassistant and many more use cases.

    One of the issues I encountered was based on the default scheduling algorithm. Raspberry pi's are not known as the most efficient solution to run a huge workload. Default nomad will schedule new containers on one compute node until the resource limits of that node are consumed and only then will start consuming another node. This …


  2. Traefik SSL grading

    Recently I discovered that many of the services I deployed upon my nomad cluster didn't had the SSL A grading I expected them to have. Somehow I asumed the traefik letsencrypt implementation got the A rating by default.

    After running the testssl.sh container it turns out they don't;

    $ docker run --rm -ti drwetter/testssl.sh domain.org
     Rating specs (not complete)  SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
     Specification documentation  https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
     Protocol Support (weighted)  95 (28)
     Key Exchange     (weighted)  100 (30)
     Cipher Strength  (weighted)  90 (36)
     Final Score …

  3. Traefik nomad route53 setup

    I have this nomad cluster running on some spare devices for a while now. Serving my plane spotting setup, dns setup, mqtt bridge and some other services I experiment with throughout the years. Until today I've always relied on the ip addresses to point my browser and other services towards the different services. For my DNS setup I even had to pin the jobs towards specific hardware using meta data.

    But I've always wanted to implement a proxy in between so I could rely on DNS names instead. This would also increase the flexibility of my DNS setup since for …


  4. Nomad ARM cluster

    as I already mentioned a few times before I have some hands on experiences with nomad. A couple of weeks ago I wrote about a local development setup based on nomad.

    Since quite some time I do have a thinclient which is running some docker containers through a docker-compose file I use for personal stuff at home. But this thinclient is suffering from all the containers I'm trying to spin up. While over thinking this issue I did realize I have quite some raspberry pi's laying around and figured I could maybe set up a cluster for those containers.

    Since …


  5. Nomad local development

    Been using nomad for a few years now at the customer I got the question couple of weeks ago from some colleagues if nomad could be used to replace docker-compose.

    The reason behind the question is mainly to not vendor lock yourself for local development with the whole docker eco system.

    Since I like a certain level of challenge and I do believe it's a valid use case I gave it a try.

    This resulted in a nomad-local-development repository. The 2 major hurdles to take where to use one file like docker-compose.yml and dns resolving between the containers.

    The …


  6. Prometheus export/import

    bumping into the case where once deployed a full stack application we don't have any direct connection due to no uplink for security reasons.

    So we (you too @Tom) looked into a way to export the prometheus data into a tar.gz which could be transferred and imported into an instance on our local machine.

    After the initial blog post where we created a tar.gz file from the prometheus storage.tsdb.path on the filesystem @roidelapluie pointed me out about the snapshot feature.

    So we did a bit of research and came up with this new procedure.

    First of …


  7. Prometheus consul service discovery

    as published a few months ago I worked out a dockerized a jenkins farm where both master as slaves are docker containers working together with services like nexus and such. Next to that setup I've dockerized my home setup where services like pi-hole, home-assistant and others are running as docker containers on a thin client I promoted to my home lab.

    To have an overview about all those containers and the resources they are consuming I pulled in the git repo of Brian Christner which spins up a whole prometheus stack with some exporters and a grafana instance to visualize …


  8. dockerized DNS over HTTPS using pi-hole through cloudflared proxy-dns

    a few months ago I configured a thin client as my home server to replace the previous raspberry pi setup.

    During that migration I moved over all native services within docker containers. One of those services being a pi-hole setup to block ad serving domains on dns level and to have a dns cache within our LAN to gain a bit of speed.

    It has been running ever since without any issue and worked pretty well.

    When cloudflare announced their fast and privacy based DNS resolver I got a bit intrigued by their DNS over HTTPS feature. Especially since our …


  9. Test ansible playbooks with docker

    recently I started working at a new project where the infra is maintained by ansible. When been asked to write some functionality in a playbook I missed my vagrant puppet setup where I could easily test my puppet code on my local machine.

    Due to my previous project I felt like maybe I could use docker for this purpose on the ansible part. So I looked a bit around and stumbled on the docker-ansible github repository of William Yeh. He already did a great job by creating a docker container with ansible preinstalled for a lot of linux distributions.

    I …


  10. Jenkins docker-pipeline

    in a previous blog post I talked about setting up a dockerized jenkins master/slave setup and setting up a private docker registry using nexus.

    The next thing on the roadmap was to use this jenkins setup to actually build new docker images for specific software. Before going to the different teams and talking how they now build their software and how this could be done using this new containerized setup I setted up a new jenkins job.

    This jenkins job will build a generic jenkins slave docker container which will be used by the jenkins master to build some …


Page 1 / 2