diff options
| author | Paul Buetow <paul@buetow.org> | 2026-04-08 15:35:18 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-04-08 15:35:18 +0300 |
| commit | 6c80e29f6247e13cac9f50a71c8eaa5bd06e126a (patch) | |
| tree | 095e6a9e68cff81dca12f9756c94e4601e64e7b7 /frontends | |
| parent | 5dd1f29c78166c6c3e066d84fb3083a81046e399 (diff) | |
h0: document PI phase 3.2 role split
Diffstat (limited to 'frontends')
| -rw-r--r-- | frontends/AGENTS.md | 14 | ||||
| -rw-r--r-- | frontends/etc/gogios.json.tpl | 19 |
2 files changed, 33 insertions, 0 deletions
diff --git a/frontends/AGENTS.md b/frontends/AGENTS.md index e788c91..b62b2a3 100644 --- a/frontends/AGENTS.md +++ b/frontends/AGENTS.md @@ -238,6 +238,20 @@ Without the skip, gogios generates checks for non-existent: Result: 12 false CRITICAL alerts (3 checks × 4 hostnames) +### Raspberry Pi Service Split + +The PI phase 3 cluster now has a fixed role split: + +- `pi0.lan.buetow.org` and `pi1.lan.buetow.org` serve static HTTP content on port 80 with `lighttpd` +- `pi2.lan.buetow.org` and `pi3.lan.buetow.org` run Pi-hole DNS on port 53 and the admin UI on port 80 + +Monitoring should match that split: + +- HTTP checks should hit `http://pi0.lan.buetow.org` and `http://pi1.lan.buetow.org` +- Pi-hole checks should verify DNS resolution against `pi2` and `pi3` and confirm the admin UI on port 80 +- `lighttpd` is intentionally used on the Pi HTTP nodes because the hardware is low-RAM and the workload is static content only +- Firewall changes on the Pis are conditional: check `firewall-cmd --state` first and skip `firewall-cmd` rules entirely if `firewalld` is not running + ## Configuration Testing Before deploying: diff --git a/frontends/etc/gogios.json.tpl b/frontends/etc/gogios.json.tpl index bfe4c10..1f68a94 100644 --- a/frontends/etc/gogios.json.tpl +++ b/frontends/etc/gogios.json.tpl @@ -80,6 +80,25 @@ "DependsOn": ["Check Ping4 <%= $host %>.buetow.org", "Check Ping6 <%= $host %>.buetow.org"] }, <% } -%> + <% for my $host (qw(pi0 pi1)) { -%> + "Check HTTP <%= $host %>.lan.buetow.org": { + "Plugin": "<%= $plugin_dir %>/check_http", + "RandomSpread": 10, + "Args": ["<%= $host %>.lan.buetow.org", "-4"] + }, + <% } -%> + <% for my $host (qw(pi2 pi3)) { -%> + "Check HTTP Admin <%= $host %>.lan.buetow.org": { + "Plugin": "<%= $plugin_dir %>/check_http", + "RandomSpread": 10, + "Args": ["<%= $host %>.lan.buetow.org", "-4", "-u", "/admin/"] + }, + "Check DNS <%= $host %>.lan.buetow.org": { + "Plugin": "<%= $plugin_dir %>/check_dig", + "RandomSpread": 10, + "Args": ["-H", "<%= $host %>.lan.buetow.org", "-l", "google.com", "-4"] + }, + <% } -%> <% for my $host (@$acme_hosts) { # Skip server hostnames - they have dedicated checks above without www/standby variants next if $host eq 'blowfish.buetow.org' or $host eq 'fishfinger.buetow.org'; |