xhrpb.com

blog

There are usually a couple of images on this website, but stuff's broken and it'll be fixed in December. Stay tuned!

Datacenter diaries: 13U and a Raspberry Pi

Dear diary,

Except that I actually have an internet connection in my rack now, I don't really have much to say, but I'll say what has happened since yesterday.

So yesterday I went to the datacenter in the evening to reconfigure the router I had there with a new IP, mount the router properly in the rack (as I forgot the rack mounting kit the day before), put up a switch (Ubiquiti EdgeSwitch24 Lite) and two Raspberry Pi computers (just to test things).

The actual servers going into the cabinet won't be there for another week or something.

Anyway, yesterday, I couldn't get in. My access card and pin code didn't work. So I went back home, with all the stuff. No worries, it only takes me 30 minutes to get there and I wasn't in any rush. I was wondering if maybe I didn't have 24/7 access like I thought.

The pin got reset today, and I hade no issues coming in this afternoon, and yes, I have 24/7 access. So today I did all the things I had planned for yesterday. I have the one router via one (of two) fiber connections in the cabinet (another router will be installed later for redundancy), one switch hooked up to the router, and then one Pi connected directly to one of the ports of the router and the other Pi connected to a port on the switch.

So, now I'm sitting at home, and I can access all the stuff remotely just as expected, except for the Pi connected directly to the router - probably a misconfigured IP address on the Pi or something. I didn't bother testing it when I was there because I still had some network configuration to do, and I was sure at least one of them would work.

I wanted to install WireGuard (awesome software, I love it) on the EdgeRouter 6P as a temporary VPN solution (see below), but ended up installing it on one of the Raspberry Pi's using this instruction on github.com/adrianmihalko/raspberrypiwireguard, and it's working great. The router forwards connections to the Pi and then I'm on the inside.

WireGuard and Ubiquiti

I believe some hardware and software should be treated with a bit more caution than other. While Debian unstable currently ships Wireguard (and it'll soon be in the kernel itself!), this is not the case with Ubiquiti.

Installing it on Ubiquiti means manually updating it, and the updates provided by Lochnair here have unfortunately been lagging behind, which is a bit unfortunate with software that deals with something so security oriented. Not that I have any issues with this person for not maintaining it anymore -- it's their right -- I very much appreciate the work put in. Thank you. Uploading stuff like that and helping the community by sharing solutions should not be seen as a lifelong promise to keep it updated, as some people tend to assume it is...

Manually updating it (on the case of the EdgeRouter) is also not a good idea from a maintainability perspective. Those things tend to be forgotten. I just want to set things to automatically update on a regular basis and then forget about it, and focus on monitoring the services and server health instead. And of course monitoring that the system doesn't have uninstalled updates.

So, with this installed on the Raspberry Pi for the time being, I feel very content. The Pi automatically updates with Debian's unattended-upgrades, and I'm not running unofficial software on something as important as a router on the edge. Less software, fewer bugs, better stability.

I guess that's it for today. Happy smiley face.