Friday, August 31, 2018

exhaustion in the internet echo chamber

The "echo chamber" is essentially the experience one receives from various service providers where the results they produce are biased toward more of the same. For example if you have pro DNC searches then you'll see more pro DNC and con GOP results. The mission of the echo chamber is to engage the viewer and keep them connected. But then there are times when I'm exhausted.



Exhaustion comes in several levels. Using the politics as an ongoing example; at some point youtube thought that I wanted to watch more The West Wing and The Newsroom.  My recommendations disproportionately included clips from the TV shows rather than real news. So I wonder what happened in the world of data collection that suggested to them that I wanted to watch those shows? There must have been some tipping point by other like minded people but weird at the same time.
One thing about The West Wing and The Newsroom is that there were so many nuggets of similarity to our current president's operation and cabal.
The second thing I wander about is that all of that media is copyright. So how is it that someone named bob can capture, clip, publish, and then take a royalty from google as if they produced the work?

As for the exhaustion; my question is how do I reset? I do not want to be fed news clips anymore. Nor GOP, not DEM, not TWW, etc... No amount of clicking on pimple popping, hiking gear reviews, or Broadway musicals seems to be having an effect on my echo chamber experience.

Tuesday, August 28, 2018

stakes not steaks

This represents almost all of the stakes I've purchased or was included in whatever gear I've purchased and probably represents over $400 in material.


While I'm not a fan of the high cost of ZPacks' gear they have a reasonable price for their carbon fiber stakes. I previously owned 6 and I recently purchased another 12. I think one broke when I was using it for a heavy duty project; I'm not sure it was supposed to handle being struck by a 3 pound mallet.


One thing I learned recently is that when deploying a stake is should be flush with the ground at some angle (possibly 45deg) from the object being tied down. Deep because is moves the inflection point and gives a stronger hold. Therefore, as to not lose a stake it should have some tag so it can be retrieved and many do.

Flush to the ground but not apply to the long stakes but then you're trading pack volume and weight so you do not have bury the stake.
As a side note, I left a nail stake just slightly above ground in my backyard and I managed to step on it with a bare foot and even thought it was the head it still managed to puncture my foot.
Materials like Titanium are not advantageous other than possible weight... That nail I stepped on is now bent and I have another Toaks 'v' shaped that is also bent.


Typically I wear barefoot style shoes or when I'm practicing in the backyard I wear my crocks. Since the ground is about 2-3 inches of St Augustine grass/weed on top of a thin layer of debris and then many feet of thick coral that means a couple of things. [1] once the stake is in the ground moving it may not be an option so learn your knots. [2] if you cannot jiggle the stake into the ground you're gonna need a hammer of some kind. A stick etc will work if they are around, however, if not and you have you have to step on it to set the stake deeper you're going to want something with a bigger head. All of the stakes with small surface area punish my feet.

I'm sure there is a lot of good advice out there and I wish I had sought council of someone in the know. Most of these stakes are OK and some are crap and some you should be prepared to break or lose. My top two are:

  • Easton Mountain Products Single Nano Ultra-Light Aluminum Tent Stake
  • ZPacks carbon fiber
Lastly, there are specialty stakes. Pictured above there is a MSR Cyclone. It's long, Y shaped with a twist; and designed to work well in sand. My problems with it are [a] getting it into the sand with it's small head and [b] getting it out. The one time I could have used this stake I could have picked a better placement for the tent.



Saturday, August 25, 2018

best bugnet usecase

This is the single best use-case for the SeaToSummit nano insect shield bugnet.


The mosquitoes in the Florida Everglades are HUGE and a plenty. I remember being attacked while I was trying to get a sip of water... but I could not imagine trying to have an entire meal. In n upcoming post I'll try to put together a kit that makes sense. Something like:

  • optional pole or tree
  • nano poncho
  • nano net tent
  • polycryo groundsheet
  • carbon fiber stakes
  • dynema cordage
  • ... and pads pillows and liners galore

Which one of these - the high cost of UL camping gear

I have been drawn to tarp and mesh tent camping as an obsession when I realized that proper tents have inherent risks and depending on the weather and bugs; tarp-less or net-less are great options. 

The case against proper tents...
  • they weight more than the alternative
  • they are subject to more failure
  • they trap a lot of huidity
Look at tents this way.... rainfly is to tarp, tent body is to net tent, tent poles are to trekking poles, ground sheet is to groundsheet. The tent is one integrated system that typically demands that you have all the parts all the time (there are exceptions). By contrast the tarps and net tents can use a tree.

Anyway,  so these net tents caught my attention. One is from MSR and the other from Paria.
msr
paria


The MSR is lighter by 6oz but costs twice as much. Since I'm one of those hikers that does not always want to carry a groundsheet the Paria is a better choice as you naturally carry a few extra ounces for extra protection. 

And so the case for Paria is actually better than ZPacks, Big Agnes, SixMoon, Sea to Summit and MSR ... it's weight, durability, and cost are a good compromise. My only recommendations.... [a] remove the stakes and save me a few bucks. That's one place where a titanium or carbon fiber stake could save some weight. [b] while using trekking poles seems all the rage these days I prefer to carry tent poles or use trees, however, if Paria had a lighter/smaller pole I'd prefer them to my DIY poles.

Tuesday, August 21, 2018

10x10 square tarp

This is a huge tarp. It's probably perfect for the exotic pitch but it's a lot of extra gear to carry.


This is a 10x10' tarp with linelocs on all guy out points. The cordage is too thin for these linlocs as soon as I put tome tension on the rope they escaped. Also, a 10x10 might be too big for this configuration or possibly the ridgeline is too long or has just a little too much give.



I was able to get some torque on the lineloc but a trucker's hitch would have been easier.



Like yesterday's video this tarp was bouncing up and down.

cowboy camp with a tarp

Cowboy camping is essentially sleeping under the stars. Usually a sleeping bag or blanket and some ground cover and/or pad. It's also usually when the temp and humidity are favorable;  read NO RAIN.


This person is in the wild and so there are no trees or supportive structures for the birds... unlike my backward. Keep in mind that birds tend to poop just before takeoff...


This tarp is 10 feet from the roof.


And this is what I saw this morning. If I had been cowboy camping this morning I'd likely have poop on me. There were 3 drops on this side and 2 on the other. Where the poop plopped there was some discoloring of the tarp.


Monday, August 20, 2018

all about the trees

The rains started along with the gusts. This tarp is tied to the house on one side which could be interpreted as a tree and a tent pole with stake on the other. In this configuration I could make the guy outs too tight or the stakes would pop. As a result the tarp was flapping like crazy. Granted the rain was falling straight down so I would likely be dry. But you never know.


This is some serious bluster. The tent pole to the left comes off the ground.



The guy outs are simply not tight enough. A proper ridgeline between trees would be a good start.



The big drops in the foreground are from the gutters and the roof. The tarp was redirecting a lot of water.

The tarp is just not tight enough to the ground.

black or blue

After the wind and rain tortured my bivy yesterday I deployed my least favorite tarp from Sea To Summit. In my mind it it too expensive although it's discounted to $99 on amazon. It's 5 point shape  intended for hammock camping but passable for ground sleeping since it it so large. I do like the workmanship and the materials.

not pictured there is plenty of room for my camping chair.

This setup is not tree to tree, but tree to ground stake. If I put too much tension on the ridgeline the stake will pull out and so I keep checking it to see what the wind, as little as there is, does not cause the tarp to break free.


Both tarps were wet in the morning but by 9am the black tarp was dry albeit scorching hot. And by 10am the blue was dry and warm, not hot. 

PS: the large escapist tarp is 10x10' and costs $192. And by comparison the Yama 8.5x8.5' costs $150. So you're essentially spending an extra $40 for what seems like prime but might be just free shipping. The difference might simply be that the yama is made to order and the sts is in inventory.

Sunday, August 19, 2018

Pillows in the rain

I was away from the house for a few hours when the skies opened up and my shelter is soaked.


While my backyard, normally, has little draft/breeze when the rain arrives all bets are off. I've seen rain blow in both directions in the same storm. I will say, however,

  • the shockcord was probably not tensioned properly
  • the foot-end was not staked
  • And for that matter I was not present and I had not weighted my bedding with my pack
So it's all on me.  That was 2-3 hours ago.  I've taken apart my bivy, mattress and two pillows hoping they will dry but not too confident based on the overall humidity.

As for the pillows. They suck! Both of them. The synthetic pillow absorbed water and leaks water every time I squeeze.  The air pillow has a soft coating that has simply absorbed some water and is also not dry yet.

I think the primary pillow needs to be an air pillow with no coating at all. Then use a scarf, neck gator, micro towel or schmogg(sp). The microfiber coated pillow is a close second. 


One thing I need to keep in mind is that if I'm in the shelter and the weather turns foul then everything is getting wet and I would need to find a way to embrace the rain or lower the tarp. The tarp pictured above is only 9' and that leaves barely 1 1/2' at the head and foot ends.


net tents where is the breaking point

Cost is still the same function it always was... materials + labor + marketing + profit = cost. Craftsmanship/warranty is a function of labor and materials. But there is something to be said for field repair by slapping some tape on it and placing an order with Amazon to replace it.
Let me emphasize that all gear is subject to damage in the field and part one is always being able to repair it such that you are not at risk. So now can you get a replacement in reasonable time so you can continue etc?
It bears repeating that flat or square tarps are easily replaced at any homes store; it might weigh a bit more. Therefore an amazon purchase would be reasonable. I recently ordered a flat tarp from Yama and they quoted me 9-12 weeks delivery. The only thing special about this tarp is it's guy outs and frankly that only makes me dependent on them.

So here are some bugnets that I like.


The bearpaw minimalist was my first net tent. It weighs about 9oz and has a 4in tub. The side zipper can make it a challenge to get in/out but I still need some practice. Also if the tarp is tight to the sides it's a real challenge.


I really like borah products, however, even the wide is kinda small. I'm not sure this is really a bivy or a net tent. If your skin is pressed to the side of this bivy and bugs/mosquitoes are present you are going to be food. I'm on contact with the support team to see if they will make a wider version.

The paria is available on amazon. The delivery time is said to be 2 days with prime. Watching the review video impressed me but that is what it is supposed to do.

Current wait times:

  • BearPaw - I think they are about 1 week to 10 days.
  • Borah - 5 weeks
  • Paria - 2 days
The weight:
  • BearPaw - 9oz
  • Borah - 6oz
  • Paria - 13oz
The cost:
  • BearPaw - $115 depending on customs
  • Borah - $72-$79 depending on material; many customer adjustments are free.
  • Paria - $59 but this is as-is.
Made in the USA

  • BearPaw - yes, as far as I know and everything is built to order
  • Borah - yes, as far as I know and everything is built to order
  • Paria - I have no idea. The company is HQd in Colorado.

Saturday, August 18, 2018

too hot and humid

Last night I thought I would try my setup. I was in the bivy(net tent) for 30 minutes before I had to give up. It was simply too hot and not having my gear with me meant I could not really get comfortable.



The configuration was in my backyard which is not very big but has hedges which limit any sort of breeze. I do not know what the DPI is, however, keep in mind that net tents do restrict airflow. The bivy is considered a wide bivy, however, its still kinda small and depending on my position I was touching one side or the other so I was going to get pit had there been bugs.

But there was a lot to learn:
  • Black tarps dry quickly even in the early morning, however, it get's hot... very hot
  • this is a 6' wide tarp so at 3' high I get good rain coverage... the rain in FL does not exclusively rain down... there is plenty of sideways rain.
  • If I had put the tarp at 4' then I might have received a better breeze but then I would have been a little more exposed.
  • wet from the rain or wet from sweat... which one? Wet gear?

Friday, August 17, 2018

the amazon hiking challenge

The walmart challenge or the $500 challenge is a challenge to outfit once's self for a hike without going over weight, volume or budget. And so I offer the amazon challenge... accomplish the same thing with a single amazon wishlist - one click purchase.

I was traveling for work and I decided to go for a last minute hike. Wouldn't it be great to click on a wishlist and have the gear arrive the next day and then hit the trail? I wonder about those hikers with exotic and expensive gear with manufacturing lead times. (and ordering things on amazon that are from a warehouse in china with a 2 week delivery window) But I also worry about the cost and weight of the gear. Not to mention that the TSA would prefer that you not pack lighters or fero rods.

And so the challenge begins.... updates to follow. mylist

the case for amazon grocery and wholefoods

QUESTION: does Uber Eat, Grubhub or other food and meal delivery or even eating out most meals make economic sense for the family even if single? And of course there is the nutrition and overall food quality to consider.

Consider this: Look in your fridge, freezer, cupboard and pantry. Then look in the 2nd fridge and the 2nd freezer... and yes the 3rd freezer.

How much of that food is actually eaten?
How much of that food expires?
How much remains unopened?
How much get's freezer burned?
What is the optimum size of the fridge/appliance and do you have it filled to the right capacity for efficiency?
You've seen "as seen on tv" ads for the forman cooker, the air fryer and so on... what about the appliances we have that do that function? And the cost of operating those appliances?

When I was a bachelor I did not mind going to the grocery every day or two. It was something to do. If I lived in a big city like NY one stumbles into a grocery about every city block or so. And when I lived in Sweden I walked past the grocery every day on my way to the train.

Imagine sitting at your desk at the end of the day, browsing to your favorite meal delivery, finishing your commute, and the doorbell rings signalling your meal has arrived. Now consider, making a shopping list, commute to the grocery, finding a parking spot, stopping to get more gas, driving home, possibly carrying the groceries up 3 flights of stairs, an then cooking and eating for the next 45 to 90 minutes.

Time is money. Whether you're at work and getting paid or at home and saving money by not wasting it.

Tuesday, August 14, 2018

5x9 Black Tarp

With a little rain today I noticed that my brown (stasha) permitted some rain to wet my bugnet. It was a quick shower and everything dried quick enough. So I replaced the 8' stasha with a 9' bearpaw.


I placed the black on top of the brown and exchanged the guy lines until the brown would slip out and the black was taught. The black tarp might cast a slightly better shadow, however, my hope is that it dries faster.

The guy out points were different on the stasha than this one.


I have a pole on the corner with no grommet so I used the compression knot of the corner lineloc to hold the extra pole.


The ridgeline has a Yama grommet. This configuration meant that the ridgeline was going to be closer to the ground by 1 to 2 inches. It's a neat little grommet but I'm not sure how strong/durable it is. The yellow line includes a prusik to add tension to the pole. There are a few more options here which I have yet to explore.

Not pictured here is the bivy. The black tarp has a couple of inside loops which prevent the net tent cordage from drawing water into the bivy. It's like preventing a drip-line. Also there is no shockcord here so the stakes need to be secure. Lastly I have to keep reminding myself that I only need 1 tree with reasonably close branches. The tree becomes essentially the 4th wall.

Sunday, August 12, 2018

tarp camping setup

I'm still a fan of Evan Shaeffer and his tarp configurations. While owners of ultralight tents an most tarp setups rely on hiking poles or tent poles Evan goes it aux natural. Here's an experiment that I consider a FAIL.

The tarp is a Snugpak 9x5 Stasha. I reporte my dissatisfaction with this tarp many months ago because the long ends had no loops, however, the corners have reasonable grommets.


This is a variation of an A-Frame. Even though the ridgeline is taught the downward force of the corners is causing the ridge to sag.


At one end of the ridgeline I have a very strong 2GO Systems shock cord. Give that rain is usually accompanied by winds the shock cord should keep the tarp in place. I can remove the shock cord by clipping the line lock directly to the carabiner.


I attached the tarp with a prusik knot through a compression tab.


Originally both ends used a prusik but that did not really work so I replaced it with the tentpole.


Each of the corners had a looser shock cord, lineloc and a grommet.

I figured out a few things here... [1] the ridgeline cordage is crap [2] unless I'm in the desert any and all poles are not necessary.

Friday, August 10, 2018

hate to call it a gear review

Mattresses and pillows oh my...


I recently purchased a pack liner and so I wanted to open up my pack and clean things up a bit before my next hike; and it's also s much a mental exercise than anything else. I was also surprised because I found extra pillows in here.

From left to right...

  • giant ziplock easily replaced with a waterproof compression sack or pack liner. Ziplocks are cheap and replaced at any grocery. Pack liners too.
  • Borah net bivy with ridge zipper; it will be placed in the liner/bag without a stuff sack
  • 6x9 black tarp in a blue stuff sack. I will certainly leave the sack behind because I need quick deploy and I do not mind if the pack is wet.
  • Sleeping bag liner. This one is for winter and frankly never worked. I was just meant to add a little comfort (more below)
  • polycryo groundsheet. Not really necessary because I consider the bivy generally disposable, however, condensation from the ground means it can collect sand or other bits and if the bivy is to be packed in the liner it should be dry.
  • small black synthetic pilow and medium brown inflatable from Snugpak. This was a surprise because I remember making the purchase just not putting it in my pack. The combination gave me some comfort and choices.
  • The mattress is a regular length Klymit ultra light. It's loft is not as high as the other but it's longer and just as comfortable. Different fill valve too. 

So I'm not a fan of the sleeping bag liner and I like the blanket ... the weight is close to the same but the volume is a bit different but it should work. The blanket is also better if it gets wet. Where the liner is a fail when when.


I plan to carry an umbrella in order to block the rain from the head end of the tarp, however, ponchos and rain jackets have many functions. The yellow poncho is light and can double as a tarp. The black poncho has sleeves and because it's black it can keep you warmer and it should dry faster. For the time-being I think warmer and dry faster are better.


Tuesday, August 7, 2018

vmware, docker-machine, docker swarm, traefik and gitlab

I've been experimenting with my configuration for a while and I have not achieved 100% coverage. Taking lessons learned in this space including configuration as code and lights out DEVOPS and idempotent deploy I'm moving to the next step. One funny thing to note is that I spent 45 minutes looking for my code and notes in every git wiki I had only to recall it was a post and not in the code. RATTS!

Part 1 - Hardware

The system I am running on is a 2017 Intel Skull NUC with 32GB ram and 1TB disk. In 2018 Intel upgraded the hardware and I want to upgrade but for the moment this is what I have. Currently live I'm running a Google WiFi router but that will be replaced with a Ubiquity EdgeRouter-X. The Ubiquity has a unified command center and that makes me happy.

Part 2 - VMware

There is something to be said for running a container OS on bare metal but then there is even more for running VMware on bare metal. Except for some of the overhead one can still allocate 100% of the system resources to a single active VM and you can still have alternates and backups. Also, you can take snapshots and so on. Lastly, with the right license you can do a lot of automation with APIs and in fact docker-machine is a handy tool. And you can mount a VMware filesystem.

Part 3 - RancherOS

There are a number of operating systems that you can choose to operate. I really like CoreOS, however, now that it's been acquired by Red Hat I just do not know the status of the product. Also it's costs are still too high. One thing that CoreOS does, which I thought was a value, is the auto updates. Sure it's only down for 9 seconds and the company is very reliable, the problem is that your system might be in the middle of some critical task or maybe a database write and that quick update causes dataloss or perceived malfunction from the customer perspective. RancherOS is no more or less capable. Since the main OS is actually running in side it's own container almost everything can be updated with no downtime. It's also easy to deploy with scripts and VMware. My only issue is that it requires 4GB to boot and get any sort of meaningful work done.

Beside the docker swarm machines you are going to need a console machine. Since I like immutable and reproducible installations. The console is also going to be RancherOS. I also tend to use Alpine Linux in some cases and inside containers.

Still looking into Docker Moby, Fedora Atomic, Alpine Linux. But I'm staying away from anything that might be too configurable. The console machine is meant to aid in setup and recovery.

Part 4 - Docker

Installed by default. Might need to install docker-compose and docker-machine. RancherOS has some read-only partitions so you have to take care where you put stuff.

Part 5 - Docker/VMware volumes

I need to store or persist my services in my persistent storage. There are several challenges in this configuration. [1] cannot share RW volume with multiple containers on multiple swarm nodes. [2] cannot snapshot these volumes [3] there are essentially hosted volumes meaning that cannot be access on other hardware nodes.

It's undefined right now but it might be possible to put a network filesystem in front of the VMware storage but I'm not there yet.

In this config I'm planning to deploy a traefik server and a gitlab instance.

docker volume create --driver vsphere traefik
docker volume create --driver vsphere gitlab

Verify the volumes

docker volume ls

Part 6 - DNS and nameserver

This is a mixed bag here... register your domain, set your nameserver, get whatever DDNS credentials you need and then continue with the traefik setup.

Part 7 - default traefik config

Traefik configuration is pretty plain. The basics are here and here. Once you know what you're basic configuration is going to look like then mount an alpine container and create the files.

docker run --rm -it -v traefik:/traefik alpine /bin/sh

Head over to the traefik folder and create the 3 require files. Set the chmod correctly and then paste the file fragments.

cd /traefik
touch acme.json docker-compose.yml traefik.toml
chmod 0600 acme.json

And create the traefik network

docker network create --scope swarm --attachable --driver overlay traefik

Part 8 - Launch traefik

docker stack deploy -c docker-compose.yml traefik



a lot more to come....

Sunday, August 5, 2018

Frustrated by docker swarm

My complaint is as much a community issue as it is docker swarm. There are a few things that I like about docker and docker swarm and plenty to hate.

PRO
  • Dockerfile is very much like a makefile creating the same instance each time
  • with enough nodes the swarm has some survivability
  • the docker networks can be encrypted for additional security
  • the docker networks can be segmented stitching the systems that are permitted to communicate
  • when combined with traefik there is some dynamic deploy that I like including let's encrypt and SSL
CON
  • in recent history it has been reported that there are some bad actors creating fake containers and there is no curated container services that are not stupid expensive. This is a common problem for open source.
  • deploying docker services and stacks can relocate them anywhere in the swarm, however, if you use persistent volumes they do not follow and so you need a distributed filesystem, NAS, or SAN. All of which have their own risks and costs.
  • repairing a damaged cluster means rebuilding it all. This is typical but seriously tricky to be consistent as well as keeping the docs up to date. For example I had to push my swarm source outside of my network so I could deploy it differently if there was a major failure in the lab.
Right now the network filesystem is a problem without a solution.

Wednesday, August 1, 2018

Traefik Docker Swarm Demo

In a previous post I demonstrated a proper installation of traefik with docker. Now I want to expand that demo with docker swarm. Docker Swarm has a similar ingress function to kubernetes and so that makes deployment and high availability easier. Kubernetes is a standard, however, docker swarm is very simple to operate. You are still on your own for the nitty gritty.

Bring the traefik container down:

# docker-compose down

I'm taking the previous example and expanding it to deploy a docker swarm and so the first thing to do is deploy single node swarm. In my case I deployed the VMs on digital ocean and did not deploy a private network and there is no point in setting up a non-encrypted virtual network in public space.)

$ export manager=myhost
$ docker-machine ssh ${manager} "docker swarm init \
    --listen-addr $(docker-machine ip ${manager}) \
    --advertise-addr $(docker-machine ip ${manager})"

WARNING WARNING -- while this example is simple and demonstrates a docker-machine version of the docker swarm command the listen-addr and advertise-addr parameters are seriously dangerous because in this use-case they are public and not private IP addresses.

I previously indicated that this installation was going to be on top of the plain version and that was essentially wrong. Plain docker and docker swarm may be compatible but there are differences. For example in the plain version I created a network:

# docker network create --driver=overlay web

When I tried to create a docker stack (swarm instance) I got an error that the network was a local and not a swam. So I had to delete the network and recreate it as the scope was different. Since the current running apps were running I had to stop them too.

# docker-compose down
# docker network rm web
# docker network create --driver=overlay web --attachable

UPDATE: I thought redeploying the network was a thing until I realized when the network is created after already in swarm mode then it's ok without the scope option.

UPDATE: However while debugging I determined that I needed the attachable parameter.

In the traefik.toml file I commented this line and added these two in the docker section:

[docker]
endpoint = "tcp://127.0.0.1:2376"       
swarmMode = true                         
#endpoint = "unix:///var/run/docker.sock"

Although I commented out the 'sock' volume I'm not sure whether or not it's in use so I probably will not remove that from the docker-compose.yml file. A few other changes were required so here is the file:

version: '3'

services:
  traefik:
    image: traefik
    command: --api --docker --docker.swarmMode
    ports:
      - 80:80
      - 443:443
      #- 8080:8080
    networks:
      - web
    environment:
      - DO_AUTH_TOKEN=MY TOKEN
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/traefik/traefik.toml:/traefik.toml
      - /opt/traefik/acme.json:/acme.json
    deploy:
      labels:
        - "traefik.docker.network=web"
        - "traefik.port=8080"
        - "traefik.basic.frontend.rule=Host:traefik.ooc.systems"

networks:
  web:
    external: true

Then start traefik as a stack:

docker stack deploy -c /opt/traefik/docker-compose.yml traefik

Here is the docker compose of one of my basic services ("hello"):

version: "3.4"

services:
  app:
    image: myregistry/transient/hello-web:latest
    networks:
      - web
      - default
    deploy:
      labels:
        - "traefik.docker.network=web"
        - "traefik.enable=true"
        - "traefik.basic.frontend.rule=Host:hello.ooc.systems"
        - "traefik.basic.port=80"
        - "traefik.basic.protocol=http"

networks:
  web:
    external: true

I had to make some changes...

  • change the version
  • remove the expose
  • remove the container name
  • remove restart always
My hello container is in my private registry so I needed to login first then start the stack:

docker stack deploy \
     --with-registry-auth \
     -c /root/hello/docker-compose.yml hello


CONCLUSION

So there was a lot of learning going on here and here are the key takeaways. There are few differences between the raw docker and docker swarm. The configs are pretty simple. A reasonably deployed swarm give you some options for scaling some services even though not demonstrated here. Adding a stack does not require taking down the system. And you get the benefir of let's encrypt without interruptions except for rate limits. And the goodness continues.

My traefik demo

I've been using haproxy as my reverse proxy for a while and it's hard not to like. The challenge for any production system is deploying new services and sometimes updates. One definite weakness is updating https certs. Keep in mind if you believe in configuration as code then haproxy and an all in one deploy might not be a bad thing but that could be applied to various dimensions in the "system".

For the purpose of discussion haproxy and traefik perform a similar function but where haproxy is static, traefik services register. Traefik has two killer features. [1] registration of dynamic services [2] dynamic wildcard support at let's encrypt.

PREREQUISITES

  • docker, docker-compose
  • docker-machine could be useful if you want to do remote deploys (post for another day)
  • dns + nameserver
  • traefik supported DNS service (I'm using digitalocean in this example)
  • at least one demo service


LAUNCH TRAEFIK

This was cobbled together from a number of sources...

$ mkdir -p /opt/traefik
$ cd /opt/traefik
$ touch acme.json docker-compose.yml traefik.toml
$ chmod 0600 acme.json

The acme file starts empty because traefik will fill it in with certs etc. The other two have some simple config. But first things first... create a docker network for the services to communicate with traefik.

$ docker network create web

The docker-compose.yml looks like this and is a standard compose file. The only interesting bits are the DO_AUTH_TOKEN which is configured at digital ocean and is used to update the DNS for let's encrypt. And the labels which are used by traefik and similar to passing environment variables into a container but more special purpose.

version: '3'

services:
  traefik:
    image: traefik
    command: --api --docker
    restart: always
    ports:
      - 80:80
      - 443:443
    networks:
      - web
    environment:
      - DO_AUTH_TOKEN=<token here>
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/traefik/traefik.toml:/traefik.toml
      - /opt/traefik/acme.json:/acme.json
    labels:
      - "traefik.basic.frontend.rule=Host:traefik.ooc.systems"
    container_name: traefik

networks:
  web:
    external: true

The traefik.toml file can be used to stitch traefik and it's functions together as well as some basics for the user services. I have implemented the basic authentication feature in my traefic.toml but in reality the services are supposed to implement their own. Certainly if I were implementing a single signon solution integration right here would make sense along with some RBAC built into the apps/services. At the bottom of the file are the let's encrypt configuration items. That includes wildcard. (let's encrypt has some rate limits to beware)

debug = false

logLevel = "ERROR"
defaultEntryPoints = ["https","http"]

# openssl passwd -apr1 myPassword
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
    [entryPoints.https.auth.basic]
      users = ["admin:passwd hash goes here"]
    [entryPoints.http.auth.basic]
      users = ["admin:passwd hash goes here"]
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "ooc.systems"
watch = true
exposedByDefault = false

[acme]
email = "my email addr here"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[[acme.domains]]        
  main = "*.ooc.systems"
  sans = ["ooc.systems"]
[acme.httpChallenge]
entryPoint = "http"
[acme.dnsChallenge]
  provider = "digitalocean"
  delayBeforeCheck = 0


Now that everything is configured... time to launch.

$ docker-compose up -d

At this point traefik is running; and it's time to launch a service.

$ mkdir -p $HOME/who
$ cd $HOME/who
$ touch docker-compose.yml

And here is the docker-compose.yml file.

version: "3"

services:
  app:
    image: emilevauge/whoami
    restart: always
    networks:
      - web
      - default
    expose:
      - "80"
    labels:
      - "traefik.docker.network=web"
      - "traefik.enable=true"
      - "traefik.basic.frontend.rule=Host:who.ooc.systems"
      - "traefik.basic.port=80"
      - "traefik.basic.protocol=http"

networks:
  web:
    external: true

Launching the service is as simple as

$ docker-compose up -d

NOTE this is not a docker swarm. That config is different and for another day but based on this config.

another bad day for open source

One of the hallmarks of a good open source project is just how complicated it is to install, configure and maintain. Happily gitlab and the ...