Add swarm.md — live fleet reference for G9 cluster (Phase 1 deployed)
This commit is contained in:
112
swarm.md
Normal file
112
swarm.md
Normal file
@@ -0,0 +1,112 @@
|
|||||||
|
# Iron Legion Docker Swarm — Fleet Reference
|
||||||
|
|
||||||
|
## Cluster Topology
|
||||||
|
|
||||||
|
| Node | Hostname | Role | Tailscale | LAN IP |
|
||||||
|
|------|----------|------|-----------|--------|
|
||||||
|
| MK7 | `mark-vii.ai.home` | **Manager (Leader)** | `100.66.70.51` | `192.168.7.7` |
|
||||||
|
| MK33 | `mk-33` | Worker | — | `192.168.0.190` |
|
||||||
|
| MK34 | `mk-34` | Worker | — | `192.168.0.123` |
|
||||||
|
| MK39 | `mk-39` | Worker | — | `192.168.0.106` |
|
||||||
|
| MK42 | `mk-42` | Worker | — | `192.168.0.196` |
|
||||||
|
|
||||||
|
**Worker join token:**
|
||||||
|
```
|
||||||
|
SWMTKN-1-01759qgxz7d4x0bl32shlyjed540fgqjhggx0nyrw04d3zt017-blujv5tley9ukl8ke60dvz0ec
|
||||||
|
```
|
||||||
|
|
||||||
|
## Service Catalog
|
||||||
|
|
||||||
|
All services deployed on MK7 manager via `docker stack deploy`.
|
||||||
|
|
||||||
|
| Stack | Service | Mode | Replicas | Published Ports | Traefik Host |
|
||||||
|
|-------|---------|------|----------|-----------------|--------------|
|
||||||
|
| `traefik` | Traefik v3 | global | 1/1 | `80`, `8080` (dashboard) | — |
|
||||||
|
| `node-exporter` | Node Exporter | **global** | 5/5 | — | — |
|
||||||
|
| `beszel` | Beszel Hub | replicated | 1/1 | — | `beszel.ai.home` |
|
||||||
|
| `homepage` | Homepage Dashboard | replicated | 1/1 | — | `home.ai.home` |
|
||||||
|
| `dozzle` | Dozzle Logs | replicated | 1/1 | — | `dozzle.ai.home` |
|
||||||
|
| `portainer` | Portainer CE | replicated | 1/1 | `9000` | `portainer.ai.home` |
|
||||||
|
| `prometheus` | Prometheus | replicated | 1/1 | `9090` | `prom.ai.home` |
|
||||||
|
| `technitium` | Technitium DNS | replicated | 1/1 | `53/tcp`, `53/udp`, `5380` | `dns.ai.home` |
|
||||||
|
| `adguard` | AdGuard Home | replicated | 1/1 | `3000`, `30053` | `adguard.ai.home` |
|
||||||
|
| ~~authelia~~ | ~~Authelia~~ | ~~deferred~~ | — | — | ~~`auth.ai.home`~~ |
|
||||||
|
|
||||||
|
> **Note:** Authelia deferred until local TLS is available (requires `https://auth.ai.home`).
|
||||||
|
|
||||||
|
## Network Architecture
|
||||||
|
|
||||||
|
| Network | Driver | Scope | Attachable | Note |
|
||||||
|
|---------|--------|-------|------------|------|
|
||||||
|
| `traefik-public` | overlay | swarm | ✅ | Attachable overlay for all web-facing services |
|
||||||
|
| `ingress` | overlay | swarm | — | Built-in swarm ingress |
|
||||||
|
| `node-exporter_default` | overlay | swarm | — | Created by node-exporter stack deploy |
|
||||||
|
|
||||||
|
## Directory Structure (MK7)
|
||||||
|
|
||||||
|
```
|
||||||
|
/opt/iron-legion/docker-swarm/
|
||||||
|
├── deploy.sh # Master deployment script
|
||||||
|
├── traefik/compose.yml
|
||||||
|
├── node-exporter/compose.yml
|
||||||
|
├── technitium/compose.yml
|
||||||
|
├── technitium/prometheus.yml # Prometheus scrape targets
|
||||||
|
├── adguard/compose.yml
|
||||||
|
├── prometheus/compose.yml
|
||||||
|
├── beszel/compose.yml
|
||||||
|
├── portainer/compose.yml
|
||||||
|
├── dozzle/compose.yml
|
||||||
|
├── homepage/compose.yml
|
||||||
|
├── homepage/config/settings.yaml
|
||||||
|
└── authelia/
|
||||||
|
├── compose.yml # Deferred — needs TLS
|
||||||
|
├── config/
|
||||||
|
│ ├── configuration.yml
|
||||||
|
│ └── users_database.yml
|
||||||
|
```
|
||||||
|
|
||||||
|
Synced to all workers (`/opt/iron-legion/docker-swarm`) for failover redundancy. Workers do not execute `docker stack deploy` — only MK7 manager orchestrates services.
|
||||||
|
|
||||||
|
## Deploy / Re-Deploy
|
||||||
|
|
||||||
|
On MK7:
|
||||||
|
```bash
|
||||||
|
cd /opt/iron-legion/docker-swarm
|
||||||
|
./deploy.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
Or single stack:
|
||||||
|
```bash
|
||||||
|
cd /opt/iron-legion/docker-swarm
|
||||||
|
docker stack deploy -c traefik/compose.yml traefik
|
||||||
|
```
|
||||||
|
|
||||||
|
## Worker Join (if node rebuilt)
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# On worker node
|
||||||
|
docker swarm join --token SWMTKN-1-01759qgxz7d4x0bl32shlyjed540fgqjhggx0nyrw04d3zt017-blujv5tley9ukl8ke60dvz0ec 192.168.7.7:2377
|
||||||
|
```
|
||||||
|
|
||||||
|
Ensure worker has `/opt/iron-legion/docker-swarm/` synced for config parity.
|
||||||
|
|
||||||
|
## Known Issues / Decisions
|
||||||
|
|
||||||
|
| Item | Status | Detail |
|
||||||
|
|------|--------|--------|
|
||||||
|
| `systemd-resolved` | **Disabled** on MK7 | Port 53 freed for Technitium |
|
||||||
|
| Standalone Portainer | **Removed** | Data backed up to `/tmp/portainer-data-backup-20260526-000125.tar.gz` on MK7 |
|
||||||
|
| Authelia | **Deferred** | Requires TLS (https://auth.ai.home) |
|
||||||
|
| Beszel Agents | **Pending** | Global agent stack to be added across all workers |
|
||||||
|
| DNS resolution | **Pending** | `*.ai.home` requires Technitium configured as LAN resolver |
|
||||||
|
|
||||||
|
## External Services (NOT in Swarm)
|
||||||
|
|
||||||
|
| Service | Node | URL | Note |
|
||||||
|
|---------|------|-----|------|
|
||||||
|
| Nextcloud AIO | Neo (`100.99.123.16`) | `https://nextcloud.ai.home` | Production, unmanaged |
|
||||||
|
| Vaultwarden | Neo (`100.99.123.16`) | `https://vault.ai.home` | Production, unmanaged |
|
||||||
|
|
||||||
|
---
|
||||||
|
*Last updated: 2026-05-26*
|
||||||
|
*Gitea repo: `Iron-Legion/documentation` — push this file there*
|
||||||
Reference in New Issue
Block a user