Docker Macvlan and Debian

Posted on by
2

I won’t go into the what of macvlans as there are already plenty of articles which cover the topic, including this one directly from Docker. However you may soon find yourself in a situation where your container needs to access a service on the host but it can’t access it. In order to make this work, you need to assign an ip address from the macvlan on the host. This can be easily accomplished in a few commands:

ip link add macvlan0 link eth0 type macvlan  mode bridge
ip addr add 192.168.100.31/32 dev macvlan0
ip link set macvlan0 up
ip route add 192.168.100.24/29 dev macvlan0

However after a reboot you might be disappointed to find that this no longer works. Creating an interface is distribution dependent so this only applies to Debian. Create a new file named /etc/network/interfaces.d/macvlan0. 

sudo vi /etc/network/interfaces.d/macvlan0

Then add the following commands to the file:

auto macvlan0
iface macvlan0 inet manual
    pre-up ip link add macvlan0 link eth0 type macvlan mode bridge
    pre-up ip addr add 192.168.100.31/32 dev macvlan0
    up ip link set macvlan0 up
    post-up ip route add 192.168.100.24/29 dev macvlan0

Ubiquiti Edge Router Management Security

Posted on by
Reply

I have several of the Ubiquiti EdgeRouters and they have been absolutely fantastic. I’ve recently been on a kick to use certs for ssh auth as well as adding Let’s Encrypt SSL certificates to any web services I have, and the EdgeRouter is no exception.

SSH Certificate Authentication

Most of the EdgeRouter file system can be wiped during upgrades and other parts do not keep state even across power cycles. In order to use SSH certificate authentication you must use the supported command.

scp ~/.ssh/id_rsa.pub admin@router:~/.

ssh admin@router
configure
loadkey admin /home/admin/id_rsa.pub 
commit;save

Now when you SSH to the router you will use your key for authentication.

HTTPS SSL Certificate

As I mentioned I’ve been using Let’s Encrypt for all of my HTTPS services. However it is important to keep in mind that Let’s Encrypt certificates are only good for 90 days. I found a very helpful script to create and manage the certificate lifecycle. Check it out on GitHub. https://github.com/hungnguyenm/edgemax-acme

Synology NAS Migration

Posted on by
Reply

We have long had a Synology NAS used for videos, photos, and every day storage and backup needs. The old model was a DS213J which have had for 6 or 7 years. It’s a single core with 512MB of RAM and 2x 3TB disks. It has seen a lot of miles; literally as it bounced around in the Airstream for 4 years and 20,000 miles! Now we are also starting to run out of space.

The old NAS has been rock solid and I love the work Synology has put in over the years. It is a great device and solid OS. So now it is time to upgrade to something new and I wanted to stick with Synology.

Upgrade: We ended up purchasing a Synology DS920+ that just came out. I wanted to move to a little larger NAS that had some room to grow. The new NAS has an Intel Celeron J4125, and 4GB of RAM standard. The RAM can officially be upgraded to 8GB, but I have read online that others have had luck upgrading to 20GB! I havent made the leap there yet, but we will see.

The new Synology DS920+

After much debate on number of drives and size we decided to start off with 2x 8TB drives. This gives us a lot more room than we had while also leaving two empty slots for future growth. The NAS also has two slots for NVME for SSD caching, but I’ve not populated those yet. We will see how performance goes and might add those later.

Migration: I took a look and found Synology has a nice document talking about 3 different methods of migration. Unfortunately our old NAS is a base model and the only option Synology offered was HyperBackup. While I could have used this the downside is that you have to have double the space (which we have) and you have to perform both a backup to the new NAS and then restore to the new NAS. This seemed like a time killer and I was anxious to get the new NAS online.

I looked around to see what other folks were doing. It seemed like rsync was a pretty popular choice so I tried it. Performance was mediocre, probably limited by the CPU of the old NAS. The CPU would spike to 99% utilization and pretty much stay there while the data transfer hummed along around 20-30MB/s. Not bad but I wanted to see what else I could do. Also rysnc status was a bit of a mystery and I had to watch the disk utilization along with network traffic to try and estimate how long the transfer would take.

Since the old NAS appeared to be CPU bound handling the copies I decided I would try CIFS. For this test I mounted the old NAS CIFS share to the new NAS and initiated the copies from the new NAS. Wow what a difference! Now I’m seeing transfers of 60-70MB/s with spike of 90MB/s! An added bonus of CIFS over rsync is that it shows me the transfer progress and time remaining.

Docker: The new NAS has a decent amount of horsepower and I’d love to put it to work as life as a NAS here just isn’t terribly difficult. Enter Docker! Yes the NAS can run Docker and if I make good use of this I might be able to combine a few devices into this one. I’ll write up more about this as I get more time. For the time being checkout this excellent tutorial on running Pihole on the Synology.

Using SignalK and Node-RED to enable and disable switch ports on a Ubiquiti Edge Router

Posted on by
1

Previously I wrote about the challenges of internet access and how I display the active internet service. In this followup I’ll tell you how I added the ability to enable and disable the ports associated with the service. In this way I can force which service is used or prevent the expensive satellite internet from being used while we are moored.

In order for this to work you will need a few things. SignalK, Node-RED (installed along with SignalK), the signalk-n2k-virtual-switch plugin, and of course a Ubiquiti Edge Router.

I’m assuming that you already installed the Node-RED nodes node-red-node-snmp and node-red-contrib-bigssh.

I’m also assuming you have either already configured SNMP on your router or you understand how to do so. If you need assistance, please checkout the excellent article from Ubiquiti on Configuring SNMP using the Command Line.

  1. Download interface.sh script file from GitHub and save a copy to your router in /config/scripts/interface.sh.
  2. Login to SignalK and make sure you have the signalk-n2k-virtual-switch plugin installed and configured.
  3. Launch the Node-RED admin page from SignalK.
  4. You are now going to import the flow which checks the interface admin state as well as enable or disable the interface. Select the Import option. . 
  5. You will see the following dialog box open. 
  6. Copy the flow from GitHub and paste the code into the dialog box.
  7. Select new flow and click Import.
  8. You should now have a flow that looks like:undefined
  9. Now we need to set the ip address, username, and password for your router. Double-click on the “change interface state” node. Then click on the edit button that appears.
  10. Enter the IP Address, username, and password. Then click Add and then Done.
  11. Edit the “Interface Admin Status” node to set the Host and Community. Then click Done.undefined
  12. Click on  in the upper right hand screen.
  13. You should now be able to click on the button of the Inject node to execute the flow.

The interface state will update the following paths as outlined in the table below. This is just what I happen to use, but feel free to modify the switch bank and switch number as you see fit for your usage.

InterfaceSignalK Path
eth0electrical.switches.bank.101.16.state
eth1electrical.switches.bank.101.17.state
eth2electrical.switches.bank.101.18.state
Router Interface to SignalK Path Mapping

At this point the interface status will updated every minute. You can then choose to display the status on your favorite UI compatible with either SignalK or NMEA Switch Bank Status PGN 127501. The interface can also now be controlled via SignalK or NMEA Switch Bank Control PGN 127502 or Command PGN 126208 (like Maretron and some others do).

Here is an example of a page I created in Maretron N2KView.

Using SignalK and Node-RED to Check the Active Internet Service on Ubiquiti Edge Router

Posted on by
1

One of the bigger challenges I have found living on a boat is internet access. We are lucky to have cable internet access at the dock, but when we head out we need to switch cellular, and depending on how far out you go, you might need to switch to satellite internet.

The best device that I have found to handle and automatically switch internet service is the Ubiquiti Edge Router. The device is small, low cost, and power efficient. It runs on 12 volt which is a great benefit! At some point I’ll do my own post about configuring the router for multiple connections, but for now check out the excellent WAN load balancing article provided by Ubiquiti.

In order for this to work you will need a few things. SignalK, Node-RED (installed along with SignalK), the signalk-n2k-virtual-switch plugin, and of course a Ubiquiti Edge Router.

  1. Login to SignalK and make sure you have the signalk-n2k-virtual-switch plugin installed and configured.
  2. Launch the Node-RED admin page from SignalK.
  3. The first thing we need to do is install the SNMP nodes. To do this browse to Manage Palette.
  4. Click on Install and then type in “node-red-node-snmp”. Click on the install button.
  5. Click on Install.
  6. You should now see that the state of the node is “Installed”.
  7. Repeat steps 3-5 to install “node-red-contrib-bigssh”.
  8. You are now going to import the first flow which checks the load balance status and will show us which internet service is active. Select the Import option.
  9. You will see the following dialog box open.
  10. Copy the flow from GitHub and paste the code into the dialog box.
  11. Select new flow and click Import.
  12. You should now have a flow that looks like:
  13. Now we need to set the ip address, username, and password for your router. Double-click on the “show load-balance status” node. Then click on the edit button that appears.
  14. Enter the IP Address, username, and password. Then click Add and then Done.
  15. Click on in the upper right hand screen.
  16. You should now be able to click on the button of the Inject node to execute the flow. If everything is successful you should see “done with rc 0” underneath the show load-balance status node. You should also see a Value: X underneath each of the 3 switch ports.

The internet service state will update the following paths as outlined in the table below. This is just what I happen to use, but feel free to modify the switch bank and switch number as you see fit for your usage.

interfaceSignalK Path
eth0electrical.switches.bank.101.1.state
eth1electrical.switches.bank.101.2.state
eth2electrical.switches.bank.101.3.state
Router Interface to SignalK Path Mapping

At this point the internet service status will updated every minute. You can then choose to display the status on your favorite UI compatible with either SignalK or NMEA Switch Bank Status PGN 127501.

Here is an example of a page I created in Maretron N2KView.

In the future I will create another post describing how to enable or disable the ethernet ports.