Labels

Sunday, August 28, 2022

There seems to be an issue with the Gateway input keeping the DNS server up

Now that I have the Tempest Weather Station online, albeit without pushing the data to an official source, it seems strange that I am constantly losing DNS resolving.  The retirement community network uses 1.1.1.1 and 1.0.0.1 as the DNS servers.  I seem to lose connection to the DNS servers after about a day and a half.  This could be due to several things like pushing too much information out over the resident vlan or not having sufficient TLS connection credentials.  I am not sure at this point.

The first item, pushing too much information out, might be the likely culprit since the network setup might think that this is a spamming engine.  I will likely have to call IT to find out.  This would involve some sort of QoS with the UDP output from the Tempest Hub.

The second item, not having sufficient TLS connection credentials, is quite possible since the 1.1.1.1 and 1.0.0.1 both require a DNSSec connection (I think).  I will have to investigate further.

Update: I have noticed that the TCL TV occasionally reconnects, so it appears that I have an issue with WiFi in general. I am now connecting the Tempest Weather Station to the apartment WiFi system without going through my rack.  I will rely on extracting information from it across the internet using API calls now.

Posted by at
Labels: , , , , ,

Sunday, August 21, 2022

Updating RPiCICD with Docker Containers for the CI-CD pipeline

I have started the update to RPiCICD with:

  • Added a 2TB USB 3.0 drive; added it to fstab to make sure it comes back up each time there is a restart
  • Added a number of docker-compose containers from https://github.com/vimagick/dockerfiles
    • ansible
    • confluence
    • drone
    • gitea - this is going to be my git repository
    • jenkins
    • mariadb - provides MySQL on the 2TB drive
    • mosquitto - there as part of the overall sequencing
    • nextcloud
    • nexus3
    • nfs - provides nfs access to the 2TB drive
    • nginx
    • owncast
    • prometheus
    • rsyslog
    • samba - provides smb access to the 2TB drive
    • telegraf
    • wiki
    • wireguard
    • wireguard-ui
    • wordpress
    • zookeeper
    • zoonavigator

Other items to complete the transform include:

  • Setting up the file share portion with SMB and NFS
    • I appear to have NFS connected to ../data on the 2TB drive
    • The NFS connection appears to be tcp6 only; need to investigate
  • Setting up the MySQL server (mariadb)
  • Setting up the nextcloud service
  • Setting up Jenkins scripts for the WWD project


Posted by at
Labels: , , , ,

Project #29 - Development of a CI-CD Pipeline on RPiCICD

In order to support some of the other projects that I am working on, I need to develop a Continuous Integration (CI) Continuous Deployment (CD) pipline.  To this end, I am pulling in a number of different docker containers that can be used for this purpose.  I want to make this as simple as possible but no simpler.

Posted by at
Labels: , ,

Experiments Show PowerLine Adapters Often Don’t Work Like You Think They Should

The IT department here in the Retirement Community keeps making changes to make things good.  So it occurred to me that maybe things might have changed in my back bedroom for the good.  So I set out to find out what kind of speeds that I was getting between my input setup and my back bedroom where my HomeLab rack resides.  So I set up some speed tests using iperf on opposite sides of the input flow.  Much to my surprise, I found out that I was only getting around 38 Mbps throughput.  I had thought I was getting closer to 1 Gbps, given the type of AV2 units that I was using.  I tried different things like getting the managed switches out of the way, but still was achieving only the 38 Mbps that I had first measured.  I also tried using Speedtest.net and found that this was the max speed that I could get.

I downloaded the TP-Link app so that I could tell what the system was saying that it was getting between units.  It was displaying around 100 Mbps speed between the units, so I started looking into what kind of speeds I could expect with different wall outlets.  I brought in a different unit and added it to the mix and started moving it about the apartment to see what I could find out.  When it was plugged into a circuit that was near one of the two AV2000 units, it would register a speed of 1300-1400 Mbps, but would still measure the 100 Mbps to the other AV2000 unit.  As I was swapping them around, I could see patterns that identified a good vs bad line.  The low bandwidth is probably due to the age of the wiring in this apartment and having to go through an old breaker box.  Nothing I can do about that right now.

I am still trying to find the “sweet” spot to have equipment in the living room, but so far have not found it.

Update: so I have discovered that there are three circuit breakers that the signal is probably passing through.  One for the living room, one for the small bedroom, and one for the large bedroom.  They also appear to be on opposite sides of the mains, so much for finding a "sweet" spot to use.  I am stuck with what I have then.

Posted by at
Labels: , ,

Friday, August 19, 2022

Project #28 - Development of a WireGuard-Hub and Breakout-Box

I would like to have a way of contacting my HomeLab without incurring a port on the internet, which in my case I have no control over.  The idea is to put a WireGuard-Hub (using a Raspberry Pi) into a friend's network, with a port open to the outside, subject to dynamic dns.  The dynamic dns would always point to the WireGuard-Hub's location.  The WireGuard-Hub would be on it's own private vlan or be the DMZ host in the friend's network.  The WireGuard-Hub would be the clearing house for WireGuard connections privately outside of anyone's network and connections would come to the WireGuard-Hub either through laptops/cellphones/tablet WireGuard encrypted connections or through a Breakout-Box in someone's network.  The Breakout-Box would push a WireGuard connection to the WireGuard-Hub through the dynamic dns location and at the same time would be the connection to whatever network it was connected to.  The idea is to have a cheap and quick connection between many networks and devices that is peer to peer and doesn't require an elaborate setup.

Posted by at
Labels: , , , , ,

Tuesday, August 16, 2022

The New Input Architecture to my HomeLab

 I think I may have solved my problem with the WiFi system here at the Retirement Community.  As I said before, this is a WiFi only environment; I can run Ethernet but not through the walls and not connected to the WiFi equipment and I have no control over the WiFi system.  The WiFi equipment has two main SSIDs, SSID1 and SSID2 in the following diagram.

The Incoming WiFi Architecture

The Incoming WiFi Architecture

Notice that there are a number of additional elements to the architecture.  The main input to the MainRouter in my HomeLab is through the WiFi Bridge, a Gl-iNet SLATE router.  That in turn goes into a managed switch, RemoteSwitch, which has a trunk line to my MainSwitch through Two TP-Link AV2000s.  The MainSwitch in turn poses the flow as the [WAN] vlan to the WAN port of my MainRouter.  Having the trunk line between two managed switches gives me great flexibility in how I arrange items in my HomeLab.  In fact I can put part of my [SRV] vlan in the living room where the main input equipment goes.  The MainSwitch also connects to other equipment in my HomeLab as necessary.  Normally I have almost a 30 dBm signal drop between the WiFi Access Point in the living room and my large back bedroom.  This input architecture resolves that.

I have an RPiGateway which is being primed to host input ports into my HomeLab from the outside.  As it turns out I can access RPiGateway from anywhere on the Retirement community campus; I just can't access it from the outside (and I don't need to, I'm not working now).  

Over on the right of the diagram is a problem that was solved through the use of a simple switch.  I have a Sleep-Number bed and it requires a WPA/WPA2 shared key encryption setup on 2.6GHz.  It is also a bit fussy on the level of the signal that it connects to.  So in that respect I have a DIR-505L which is connected to the SSID1 and retransmits a WPA/WPA2 shared key setup to the Sleep-Number bed since WPA/WPA2 is not available from the main WiFi setup.

I have a Tempest Weather station on my balcony which has a hub that was not able to receive the WPA/WPA2 shared key setup from the small bedroom, so it is now connected to a NEWIOTSSID coming from my Unifi AP AC Pro access point.  I also have a SRVSSID broadcast from that access point that I can connect to with my personal laptop in order to perform admin functions on my HomeLab while on my balcony.

I am also using the NEWIOTSSID to connect to a series of Tasmota switches mounted in my HomeLab Rack for the purpose of controlling power to several devices, since I may only have need of a couple at a time.


Posted by at
Labels: , , , , ,

Monday, August 1, 2022

Looking at newer ways of accessing HomeLab

I was looking at a Breakout-Box implementation at https://github.com/DCKcode/breakout-box this weekend and it seems that I would like to put together such an item, including a WireGuard hub; both on RPis.  If I could figure out how to implement a Lets Encrypt cert on the Hub using a dynamic dns service IP, then this could be a way of connecting the family to self hosted services.  

In addition there is an automated Lets Encrypt cert gatherer made for my case at https://github.com/adferrand/dnsrobocert .  Perhaps for the WireGuard Hub I might make use of https://github.com/ngoduykhanh/wireguard-ui .

Posted by at
Labels: , , , ,
Subscribe to: Posts (Atom)