2. Set-up of Master Node¶
This is the Raspberry pi which will control and manage the set of worker nodes.
2.1. Install and configure operating system¶
- See: https://raspi-recipes.readthedocs.io/en/latest/initialSetup.html
- Install python (in case not already installed), along with the fabric package that will be needed later.
sudo apt install python3-pip
sudo pip3 install fabric
- Install other tools that we’ll need
2.2. Configure internet access for cluster¶
The Master Node will be the sole device on the cluster that connects to the internet. When worker nodes require internet access they will connect via the Master Node (if/when allowed). The set-up here is based on what was learned when configuring another Raspberry Pi to provide service as a secondary access point .
(1) Install linux command line utility dnsmasq and then stop the service before making configuration changes
sudo apt-get install dnsmasq
sudo systemctl stop dnsmasq
ref: https://en.wikipedia.org/wiki/Dnsmasq
(2) Edit the DHCP client daemon configuration file
sudo nano /etc/dhcpcd.conf
…adding the following lines at the bottom in order to assign a static IP address to the master node:
interface eth0
static ip_address=192.168.5.1/24
Save, exit, and then restart the service:
sudo service dhcpcd restart
(3) Control assignment of IP addresses to the worker nodes:
sudo nano /etc/dnsmasq.conf
After making sure that every line is commented out (usually the case, but there might be two at the bottom) add the following lines:
interface=eth0 # internet service to the nodes via ethernet
dhcp-range=192.168.5.2,192.168.5.64,255.255.255.0,24h # range of IP addresses
save, exit and then restart the service:
sudo systemctl start dnsmasq
(4) Enable IP forwarding:
sudo nano /etc/sysctl.conf
uncomment/enable this line:
(5) Now, iptables needs to be configured for ip packet filter rules
This is needed in order to allow all worker nodes to use the IP address of the master node when connecting to the internet. This is known as masquerading and the firewall keeps track of the incoming and outgoing connections (ie how to directly traffic to/from the relevant node) using Network Address Translation (NAT). Essentially by keeping track of ports and MAC addresses.
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
and then save the rules so they are not lost upon reboot:
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
Then edit this file so that rules are installed upon boot:
sudo nano /etc/rc.local
and add the following line just above the “exit 0”:
iptables-restore < /etc/iptables.ipv4.nat
Now reboot the master node. To list the rules in iptables:
sudo iptables -t nat -L
To view connected devices:
arp -n
2.2.1. Overview¶
The following diagram illustrates how masquerading and network address translation will work once all nodes are set-up:
The way it works is as follows:
- When the worker nodes 1-5 come on line they will request an IP address from the DHCP server running on the master node. This will either be a new one, or the previously assigned one if available. At this point the IP address for each node is mapped to its corresponding MAC address.
- If node 2 seeks to connect to the internet (eg via a ping request sent via TCP on port 22) then that will travel to the master node. The master node using the DNS Masquerading will mask node2’s IP address with it’s own which will then travel to the router before itself betting masked with the router’s public IP address.
At each step of the way mappings and tables are maintained so that when a response is received from the internet it knows how to find its way back to node2 which sits in an isolated part of the network.
Node 2 can communicate outside of the cluster but nothing outside the isolated network can communicate in.
This can be seen in action using tcpdump
sudo tcpdump -i eth0 -en
2.2.2. Manage Internet Gateway¶
Much of the time access to the internet wont be required and hence the internet gateway can be disabled and then re-enabled whenever needed.
First locate the gateway while logged into the master node
sudo /sbin/route -n
The gateway will have a destination of 0.0.0.0 (or default if -n tail not used. To disable 192.168.1.1 gateway:
sudo /sbin/route del default gw 192.168.1.1
…and to add it back:
sudo /sbin/route add default gw 192.168.1.1
A handy script found here enables this to be automated:
GW="$(sudo /sbin/route -n | awk '$1=="0.0.0.0" {print $2; exit}')" sudo /sbin/route del default gw "$GW" echo "$GW" >~/my_tmp_file
the gateway is saved in a temp file enabling it to be re-enabled via a script
sudo /sbin/route add default gw "$(cat ~/my_tmp_file)"
—
The master node is now ready. It might make sense to back-up.