2. Set-up of Master Node

This is the Raspberry pi which will control and manage the set of worker nodes.

2.1. Install and configure operating system

  1. See: https://raspi-recipes.readthedocs.io/en/latest/initialSetup.html
  2. Install python (in case not already installed), along with the fabric package that will be needed later.
sudo apt install python3-pip

sudo pip3 install fabric
  1. Install other tools that we’ll need

2.2. Configure internet access for cluster

The Master Node will be the sole device on the cluster that connects to the internet. When worker nodes require internet access they will connect via the Master Node (if/when allowed). The set-up here is based on what was learned when configuring another Raspberry Pi to provide service as a secondary access point .

(1) Install linux command line utility dnsmasq and then stop the service before making configuration changes

sudo apt-get install dnsmasq

sudo systemctl stop dnsmasq

ref: https://en.wikipedia.org/wiki/Dnsmasq

(2) Edit the DHCP client daemon configuration file

sudo nano /etc/dhcpcd.conf

…adding the following lines at the bottom in order to assign a static IP address to the master node:

interface eth0
static ip_address=192.168.5.1/24

Save, exit, and then restart the service:

sudo service dhcpcd restart

(3) Control assignment of IP addresses to the worker nodes:

sudo nano /etc/dnsmasq.conf

After making sure that every line is commented out (usually the case, but there might be two at the bottom) add the following lines:

interface=eth0 # internet service to the nodes via ethernet
dhcp-range=192.168.5.2,192.168.5.64,255.255.255.0,24h # range of IP addresses

save, exit and then restart the service:

sudo systemctl start dnsmasq

(4) Enable IP forwarding:

sudo nano /etc/sysctl.conf

uncomment/enable this line:

(5) Now, iptables needs to be configured for ip packet filter rules

This is needed in order to allow all worker nodes to use the IP address of the master node when connecting to the internet. This is known as masquerading and the firewall keeps track of the incoming and outgoing connections (ie how to directly traffic to/from the relevant node) using Network Address Translation (NAT). Essentially by keeping track of ports and MAC addresses.

sudo iptables -t nat -A  POSTROUTING -o wlan0 -j MASQUERADE

and then save the rules so they are not lost upon reboot:

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

Then edit this file so that rules are installed upon boot:

sudo nano /etc/rc.local

and add the following line just above the “exit 0”:

iptables-restore < /etc/iptables.ipv4.nat

Now reboot the master node. To list the rules in iptables:

sudo iptables -t nat -L

To view connected devices:

arp -n

2.2.1. Overview

The following diagram illustrates how masquerading and network address translation will work once all nodes are set-up:

clusterInternetAccess

The way it works is as follows:

  1. When the worker nodes 1-5 come on line they will request an IP address from the DHCP server running on the master node. This will either be a new one, or the previously assigned one if available. At this point the IP address for each node is mapped to its corresponding MAC address.


  1. If node 2 seeks to connect to the internet (eg via a ping request sent via TCP on port 22) then that will travel to the master node. The master node using the DNS Masquerading will mask node2’s IP address with it’s own which will then travel to the router before itself betting masked with the router’s public IP address.

At each step of the way mappings and tables are maintained so that when a response is received from the internet it knows how to find its way back to node2 which sits in an isolated part of the network.

clusterInternetAccess

Node 2 can communicate outside of the cluster but nothing outside the isolated network can communicate in.

This can be seen in action using tcpdump

sudo tcpdump -i eth0 -en

2.2.2. Manage Internet Gateway

Much of the time access to the internet wont be required and hence the internet gateway can be disabled and then re-enabled whenever needed.

First locate the gateway while logged into the master node

sudo /sbin/route -n

The gateway will have a destination of 0.0.0.0 (or default if -n tail not used. To disable 192.168.1.1 gateway:

sudo /sbin/route del default gw 192.168.1.1

…and to add it back:

sudo /sbin/route add default gw 192.168.1.1

A handy script found here enables this to be automated:

GW="$(sudo /sbin/route -n | awk '$1=="0.0.0.0" {print $2; exit}')"
sudo /sbin/route del default gw "$GW"
echo "$GW" >~/my_tmp_file

the gateway is saved in a temp file enabling it to be re-enabled via a script

sudo /sbin/route add default gw "$(cat ~/my_tmp_file)"

The master node is now ready. It might make sense to back-up.