Bought a couple of Intel Atom servers

Got a couple of prebuilt fanless mini-PC servers, for $350 and another for $250 on Amazon.

The first has a dual core w/HT 1.8 GHz Intel Atom cpu, 2 GB (max) RAM, 32 GB SSD, and five ethernet interfaces. I installed the latest pfSense OS, and made it our Internet router/firewall, because I can’t trust my Apple’s Time Capsule anymore (it’s starting to fail, and they dropped support for SNMP monitoring). pfSense is really powerful, and pretty easy to setup. Traffic graphs are built in, and you can add so many extensions. Awesome tech.

I’ve installed the latest Ubuntu Server on the other unit (same Atom cpu, 2 GB RAM, 64 GB SSD, two ethernets) and setup LXC, to run things like BIND DNS server, Apache web server, MariaDB database server, and openLDAP authentication system, in separate containers. My goal is produce something like easy to use puppet recipes that others can borrow and use to easily build these kinds of services themselves.

I’m drooling over the latest Intel NUC servers. They’ve got one prebuilt on Amazon for under $1,000, with a 4 core (w/HT) Intel Core i7 CPU, 16 GB RAM (max), 2 TB 7200 rpm disk, 480 GB mSATA SSD, one ethernet. Or you can buy the separate parts, and assemble it yourself for about $100 less. I want to setup a Mesos cluster, maybe play with Apache Aurora or CoreOS.  I’d need at least 5 servers, but am not ready to drop $5,000 on a hobby.  I’ll never get to learn about and use Linux Containers at my current employer.  If I can do my POC on $300 Atoms, the whole cluster will only be $1,500. I can save up for that.

2015-09-08 I bought two more servers, quad core celeron, 4GB RAM, 64GB SSD, 5 gig ethernets, $399 each. A minimum POC OpenStack cloud only needs 3 servers, so I’m good to go.

Apache Mesos, Apache Aurora, and so on

Apache Mesos, Apache Aurora, Mesosphere, Marathon, the list of Linux container based enterprise software goes on and on.

Lots of people are interested in containers these days, and companies like Mesosphere have lept into the business of selling container based clouds to the enterprise who wants to run their own applications. Apache Aurora came about when Twitter made their own internal developed cloud software open source, and both use Apache Mesos to operate the cloud. Mesos runs containers, your own, or even Docker. I imagine they will support, or probably be part of the new open source container standard being hashed out right now.

You can have a private cloud, public cloud, or hybrid. New servers come online almost instantly, and things like auto-scaling and live migrations to distribute load are built in. This is fantastic technology.

LXC Linux Containers by example

LXC Linux Containers by example, by whistl, 2015-07-04 

  1.  # install ubuntu server 15.04
    1. # you can use physical hardware, like an Intel NUC
    2. # you can use a virtual machine, such as one of your Xen or VMware virtual servers
      1. # Give it 4+ GB RAM, 40+ GB disk to play with LXC
  2. # Select ubuntu guided disk partitioning with LVM, use all available disk.
  3. # but when it asks you how much space to use for guided partitioning,
  4. # enter “6G” (6 gigabytes, not the whole disk).
  5. # The host only needs a regular root and decent swap partitions.
  6. # You can add more swap partitions and vram later, if needed.
  7. # You’ll use the unallocated space later.
  8. # after your install is complete, reboot
  9. # login as your unprivileged user
  10. sudo -i
  11. apt-get clean all
  12. apt-get update
  13. apt-get upgrade
  14. apt-get install lxc openssh-server
  15. # configure bridge br0 so your containers can directly access the network
  16. cat >/etc/network/interfaces <<EOL
  17. auto lo
  18. iface lo inet loopback
  19. iface eth0 inet manual
  20. auto br0
  21. iface br0 inet static
  22.    address 192.168.3.13
  23.    netmask 255.255.255.0
  24.    network 192.168.3.0
  25.    gateway 192.168.3.1
  26.    dns-nameservers 192.168.3.1
  27.    dns-search hak5.org
  28.    bridge_ports eth0
  29. EOL
  30. # configure the default container config files:
  31. cd /etc/lxc
  32. cat >seccomp.conf <<EOL
  33. 2
  34. blacklist
  35. [all]
  36. kexec_load errno 1
  37. open_by_handle_at errno 1
  38. init_module errno 1
  39. finit_module errno 1
  40. delete_module errno 1
  41. EOL
  42. cp default.conf default.conf.orig
  43. cat >default.conf <<EOL
  44. lxc.network.type = veth
  45. lxc.network.flags = up
  46. lxc.network.link = br0
  47. lxc.network.hwaddr = 00:16:3e:xx:xx:xx
  48. # autostart at boot time
  49. lxc.start.auto = 1
  50. lxc.start.delay = 5
  51. lxc.pivotdir = lxc_putold
  52. lxc.cap.drop = sys_module mac_admin mac_override sys_time
  53. # deny all device access by default
  54. lxc.cgroup.devices.deny = a
  55. # allow mknod
  56. lxc.cgroup.devices.allow = c *:* m
  57. lxc.cgroup.devices.allow = b *:* m
  58. # /dev/null, /dev/zero
  59. lxc.cgroup.devices.allow = c 1:3 rwm
  60. lxc.cgroup.devices.allow = c 1:5 rwm
  61. # consoles
  62. lxc.cgroup.devices.allow = c 5:0 rwm
  63. lxc.cgroup.devices.allow = c 5:1 rwm
  64. # /dev/{,u}random
  65. lxc.cgroup.devices.allow = c 1:8 rwm
  66. lxc.cgroup.devices.allow = c 1:9 rwm
  67. # /dev/pts/*
  68. lxc.cgroup.devices.allow = c 5:2 rwm
  69. lxc.cgroup.devices.allow = c 136:* rwm
  70. # rtc
  71. lxc.cgroup.devices.allow = c 254:0 rm
  72. # fuse
  73. lxc.cgroup.devices.allow = c 10:229 rwm
  74. # tun
  75. lxc.cgroup.devices.allow = c 10:200 rwm
  76. # full
  77. lxc.cgroup.devices.allow = c 1:7 rwm
  78. # hpet
  79. lxc.cgroup.devices.allow = c 10:228 rwm
  80. # kvm
  81. lxc.cgroup.devices.allow = c 10:232 rwm
  82. # loop devices
  83. #lxc.cgroup.devices.allow = b 7:* rwm
  84. # blacklist some syscalls
  85. lxc.seccomp = /etc/lxc/seccomp.conf
  86. EOL
  87. # reboot
  88. shutdown -r now
  89. # login
  90. sudo -i
  91. # list your LVM config
  92. pvs
  93. vgs
  94. lvs
  95. # Note your volume group name, mine was host15-vg
  96. # configure your first container using the ubuntu template
  97. lxc-create -n ubuntu1 -t ubuntu -B lvm –vgname host15-vg
  98. # start your container
  99. lxc-start -n ubuntu1 -d -c /var/log/ubuntu1.log -C
  100. # launch a root shell inside your container
  101. lxc-attach -n ubuntu1
  102. # view from within container
  103. ps -ef
  104. df -h
  105. ip addr show
  106. apt-get install openssh-server
  107. passwd ubuntu
  108. ps -ef
  109. # return to the host os
  110. exit
  111. # compare to the view from the host os
  112. ps -ef
  113. df -h
  114. ip addr show
  115. brctl show
  116. # how about using a template for another OS? (requires yum tool)
  117. apt-get install yum
  118. lxc-create -n centos2 -t centos -B lvm –vgname host15-vg
  119. lxc-start -n centos2 -d -c /var/log/centos2.log -C
  120. lxc-attach -n centos2
  121. exit
  122. # how about a library of pre-built container OSs?
  123. lxc-create -n foo -t download — –list 2>&1 | less
  124. lxc-create -n centos3 -t download -B lvm –vgname host15-vg –fssize 4G — –dist centos –release 6 –arch x86_64
  125. lxc-start -n centos3 -d -c /var/log/centos3.log -C
  126. lxc-attach -n centos3
  127. exit
  128. # the container’s config file is /var/lib/lxc/container/config
  129. # when using the filesystem backing store, the containers file system
  130. # is entirely located under /var/lib/lxc/container/rootfs
  131. # when using LVM backing store, a separate logical volume is created
  132. # using the container name, and is only visible by the container.
  133. # The command ‘lxc-clone -s’ uses LVM copy-on-write snapshot features
  134. # to conserve disk space
  135. lxc-stop -n ubuntu1
  136. lxc-clone -s –fssize 4G -o ubuntu1 -n ubuntu2
  137. lxc-start -n ubuntu1 -d -C -c /var/log/ubuntu1.log
  138. lxc-start -n ubuntu2 -d -C -c /var/log/ubuntu2.log
  139. # this feature allows you to create a “base” container with all
  140. # your favorite utilities pre-installed, passwords and security
  141. # configured just right, then you can use lxc-clone to produce
  142. # the actual containers where you install and run apache,
  143. # mariadb, openldap, etc.

Our Male Cats

Kim and I were talking yesterday about how much she enjoyed my stories about the cats in years past.  How she felt she knew and would recognize each of my cats, even though she never met them.

I decided to document each of the boys here. Our house has three boy cats.  Squeak is the eldest at 5, Peanut about 2-1/2, and Jinx just 1 year old.

Squeak is a domestic short hair (DSH), very long legged, very long and tall cat. He’s white on the bottom, with a black “cape” and spots on his head and tail. His eyes are bright green. The vet claims he’s about 1-2 lbs overweight, at 16.5 lbs, but she admits he hides it well.  He’s a bit nervous around new people, but once you pet him, and he approves you, he’ll be a good friend. Squeak loves to climb up onto my chest right after we climb into bed at night. He’s sometimes move off to my right side, and curl up in the crook of my right arm. He’s a really great guy.

Squeak’s favorite place to spend time is looking at the outside world through any window in the house.  He loves the different views we’ve setup for them – living room, dining room, breakfast area, bedroom, bathroom, office, each has a window and spot where the cats can sit and watch outdoor life.

Peanut is an solid orange DSH, orange eyes, obviously overweight at 17 lbs, but he’s just a classic shape cat, I can’t complain. He’s very friendly with everyone. Peanut is the “coolest” cat on the planet. He’s SO chill, he’ll just lay still on the table when strangers come in, and start to pet him. Sometimes if you stop, or try to walk past him without petting him, he’ll reach out with a paw, and tap you, as if to say “Hey! Did you forget something?” Peanut never spends any time in our bed, ever. He can found sleeping downstairs most of the time, in the living room or breakfast area. He’s known to come upstairs and be everyone’s best friend when either of the cat food bowls has a visible bottom.

Jinx is the white and orange 1 year old domestic long hair cat, almost 15 lbs and growing still. We think he’s got Flame Point Siamese blood in him, because his back and face are changing colors, getting darker orange as he gets old. I believe that the fur getting darker like that is unique to the Siamese breed. He’s also a talker, and a water cat. He comes running whenever you turn on the faucet or shower. When the tub is full, he likes to walk around the edge, and yes, he’s fallen in before.

When Jinx was a kitten, he was almost pure white, with just the faintest hint of orange on his tail and face.  How his back is visibly darker, and his face has large orange spots. His eyes are a beautiful pale blue, and he’s a real lover and sweetheart. He was the first cat to cuddle with our lab/shepherd mix dog, and loves on everyone.

Jinx has a “poking” habit, when he wants to be petted, he’ll stand on his hind legs, and poke you in the side, hands, or butt. If you try to ignore him, he’ll even resort to using a little sharp claw action in his pokes, when can be annoying.

Well, those are our boys.