GasPi : un outil en Rust pour mesurer la consommation énergétique d'un hardware - Related to mesurer, guide, complete, pour, your

Configuring Your Home Cluster Network: A Complete Guide

Nowadays many of us will enjoy the cloud cluster rather than build a self managed cluster, as it’s less management, high availability, more secure, pay-as-you-go, and all the advantages you can think of the cloud computing. However, if you accidentally own several old computers, and don’t want to sell/transfer them and don’t know how to deal with them, a home-managed cluster will be a good choice. there is a lot of fun of a self managed cluster.

Let’s define our architecture here: 4 nodes: 1 master/worker, 3 worker.

eth0: connect with institute cable public interface , using DHCP internet download, upgrade individuals can access it: ssh/scp.

eth1: connect with worker ndoes private interface , using static IP communicate other code: ssh/scp data transfer parallel communicate.

# Configure public interface (assumes DHCP from institute network) cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF TYPE =Ethernet DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes # Request static IP from our institute's DHCP server if possible # This makes routing more reliable DHCP_CLIENT_ID=cluster-master EOF # Configure private cluster network cat > /etc/sysconfig/network-scripts/ifcfg-eth1 << EOF TYPE =Ethernet DEVICE=eth1 BOOTPROTO=static IPADDR [website] [website] ONBOOT=yes EOF # Apply new network configuration systemctl restart network Enter fullscreen mode Exit fullscreen mode.

# Enable IP forwarding persistently echo "[website] = 1" >> /etc/[website] # Enable connection tracking timeout optimization for HPC workloads echo "net.netfilter.nf_conntrack_tcp_timeout_established = 86400" >> /etc/[website] echo "net.netfilter.nf_conntrack_max = 131072" >> /etc/[website] # Apply sysctl changes sysctl -p # Set up NAT with higher connection limits iptables -t nat -A POSTROUTING -o eth0 -s [website] -j MASQUERADE Enter fullscreen mode Exit fullscreen mode.

the last command is crucial, as it will contribute to the return traffic. We will explain later.

# Clear existing rules iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Set default policies iptables -P INPUT DROP iptables -P FORWARD DROP # We'll explain this choice iptables -P OUTPUT ACCEPT # Allow loopback iptables -A INPUT -i lo -j ACCEPT # Allow established and related connections iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow SSH from institute network iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT # Allow all traffic from the cluster's private network iptables -A INPUT -i eth1 -s [website] -j ACCEPT # Allow forwarding from cluster to internet iptables -A FORWARD -i eth1 -s [website] -o eth0 -j ACCEPT # Allow HTTP/HTTPS for package downloads iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT # Set up local package caching repository later (optional) iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT # Save iptables rules iptables-save > /etc/sysconfig/iptables Enter fullscreen mode Exit fullscreen mode.

I set the default FORWARD policy to DROP for security reasons:

It prevents unauthorized traffic from traversing the master node.

It creates a default-deny stance, where only explicitly allowed traffic passes.

It prevents potential lateral movement if one node is compromised.

# Worker node 1 ([website] cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF TYPE =Ethernet DEVICE=eth0 BOOTPROTO=static IPADDR [website] [website] [website] [website] ONBOOT=yes EOF # here GATEWAY will auto generate the route rule in table # Worker node 2 ([website] # Change [website] on the second worker node # Worker node 3 ([website] # Change [website] on the third worker node # Restart network service on each worker node systemctl restart network Enter fullscreen mode Exit fullscreen mode.

As we use the master node eth1 ( [website] ) as the gateway for work nodes ( [website] ), above setting creates a default route on each worker node that sends all traffic not destined for the local network ([website] to the master node ([website].

$ route -n # see the result: (send all traffic ([website] to gateway [website] [website] [website] [website] UG 0 0 0 eth0 Enter fullscreen mode Exit fullscreen mode.

Using manual command can also achieve the same result.

route add -net [website] gw [website] Enter fullscreen mode Exit fullscreen mode.

This manually adds a default route to the current routing table. It has the same immediate effect as the configuration file setting, but it's temporary and will be lost after a reboot or network service restart.

The difference is primarily in persistence and when the configuration happens. Using the network configuration file is the standard way to set up permanent routes in CentOS/RHEL systems.

# Clear existing rules iptables -F iptables -X # Set default policies iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # Allow loopback iptables -A INPUT -i lo -j ACCEPT # Allow established connections iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow SSH from cluster nodes only iptables -A INPUT -p tcp --dport 22 -s [website] -j ACCEPT # HPC/MPI Communication - comprehensive approach # Allow all TCP/UDP between cluster nodes for parallel computing # this is optinal if you don't want do parallel computing iptables -A INPUT -s [website] -p tcp -j ACCEPT iptables -A INPUT -s [website] -p udp -j ACCEPT # Save iptables rules iptables-save > /etc/sysconfig/iptables systemctl enable iptables Enter fullscreen mode Exit fullscreen mode.

because the worker node will not have the access to internet, we keep them inside the private, therefore, for package installation, updating, we need to find a way to resolve these. we want to specify the packages in our yum repo.

# On master node # Install required packages yum install -y createrepo nginx # Create repository directory mkdir -p /var/www/html/centos-repo # Configure Nginx cat > /etc/nginx/[website] << EOF server { listen 80; server_name _; root /var/www/html; location / { autoindex on; } } EOF # Start and enable Nginx systemctl enable nginx systemctl start nginx # Download packages to repository yum install -y yum-utils repotrack -p /var/www/html/centos-repo # Repeat for packages we need # Create repository metadata createrepo /var/www/html/centos-repo # Configure worker nodes to use this repository cat > /etc/[website] << EOF [ cluster-local] name =Cluster Local Repository baseurl=[website] enabled=1 gpgcheck=0 EOF Enter fullscreen mode Exit fullscreen mode.

[website] Optional for package management.

worker node package enhancement self-managed packages.

we can also use scp to transfer package from master node.

# On master node, download and transfer RPM yum install -y yum-utils yumdownloader scp .rpm [website] # On worker node sudo rpm -ivh /tmp/.rpm Enter fullscreen mode Exit fullscreen mode.

[website] directly route worker node to internet.

If we don’t need high security, we can also open the private cluster to public internet. Which will configure the router table and we don’t discuss here.

# On master node, generate SSH key ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N "" # Copy the key to all nodes (including itself) for i in {[website]}; do ssh-copy-id -i ~/.ssh/[website] [website]$i done # Do the same on each worker node to allow any-to-any communication # (Run similar commands on each worker node) Enter fullscreen mode Exit fullscreen mode.

# Install tools yum install -y tcpdump nmap iftop # Set up automatic monitoring with fail2ban to prevent brute force attacks yum install -y fail2ban cat > /etc/fail2ban/[website] << EOF [sshd] enabled = true port = ssh filter = sshd logpath = /var/log/secure maxretry = 5 bantime = 3600 EOF # Start and enable fail2ban systemctl enable fail2ban systemctl start fail2ban # Add logging rules before the final DROP rules iptables -A INPUT -j LOG --log-prefix "IPTables-Input-Dropped: " --log-level 4 iptables -A FORWARD -j LOG --log-prefix "IPTables-Forward-Dropped: " --log-level 4 # Save iptables rules iptables-save > /etc/sysconfig/iptables Enter fullscreen mode Exit fullscreen mode.

Optional Parallel Computing Configuration.

# Install Torque on master node yum install -y torque-server torque-scheduler torque-client # Configure server nodes file cat > /var/torque/server_priv/nodes << EOF [website] np=128 [website] np=128 [website] np=128 [website] np=128 EOF # Start Torque server systemctl enable pbs_server systemctl start pbs_server # Install Torque on worker nodes for i in {[website]}; do ssh [website]$i "yum install -y torque-mom torque-client; systemctl enable pbs_mom; systemctl start pbs_mom" done Enter fullscreen mode Exit fullscreen mode.

Forward Chain Traffic Flow in Both Directions.

When we create the forward chain, iptables -A FORWARD -i eth1 -s [website] -o eth0 -j ACCEPT , this command let the traffic come into eth1 can be forward to eth0 , which means traffic from worker nodes to master nodes, and master nodes forward it to institute internet. Here comes the question, where is the backward flow?

iptables -A FORWARD -i eth1 -s [website] -o eth0 -j ACCEPT Enter fullscreen mode Exit fullscreen mode.

The rule above allows packets to travel from the worker nodes (coming in on eth1 ) to be forwarded out to the institute network (through eth0 ). This handles the first half of any connection, which is the outbound request.

For the return traffic, typically we will think what we need as:

iptables -A FORWARD -i eth0 -d [website] -o eth1 -j ACCEPT Enter fullscreen mode Exit fullscreen mode.

However, if we look closely at the original configuration, here is the command:

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT Enter fullscreen mode Exit fullscreen mode.

This rule is handling the return traffic, because:

When a worker node initiates a connection, the outbound packet creates an entry in the connection tracking table ( create a ESTABLISHED connection ) Any returning packets associated with that connection are marked as ESTABLISHED The rule above allows all ESTABLISHED connections through, regardless of interface.

This is more secure than explicitly allowing all traffic from eth0 to eth1 , because it only permits return traffic for connections that were initiated from inside our cluster.

If this state tracking rule wasn't present, we would absolutely need to the backward traffic rule. Without either approach, connections would work one-way only, which means worker nodes could send requests, but never receive response….

Let's trace a web request from a worker node:

Worker ([website] tries to access [website] Packet travels: Worker → Master's eth1 Master checks FORWARD chain, matches -i eth1 -s [website] -o eth0 rule Master performs NAT, changing source IP to its own public IP Packet leaves through eth0 to institute network Google responds to master's public IP Packet arrives at master's eth0 Master checks connection tracking table, sees this is a response Packet is marked as ESTABLISHED Master checks FORWARD chain, matches the ESTABLISHED rule Master performs reverse NAT, changing destination to worker's IP Packet leaves through eth1 to worker Worker receives response.

more details can check the post before here.

The first release of the year is packed with attributes to make your knowledge-sharing community superior.

As we step into 2025, we’re kicking things off......

Time To First Byte: Beyond Server Response Time.

Optimizing web performance means looking beyond surface-level......

Stationery Pad is a handy way to nix a step in your workflow if you regularly use document templates on your Mac. The long-standing F......

Basic Relational Database Schemas 📚 to amplify development

Whether you are using either non-relational or relational DBMS the fundamental would be the same. It contents key-value pair which has some default value before assignment. Please save it for future reference 😉.

Column Name Data Type Constraints Description post_id BIGINT UNSIGNED PRIMARY KEY , AUTO_INCREMENT Unique Post ID user_id BIGINT UNSIGNED FOREIGN KEY -> users(user_id) , NOT NULL Post Author ID title VARCHAR(255) NOT NULL Post Title content TEXT NOT NULL Post Content status ENUM('draft', 'published', 'archived') DEFAULT 'draft' Post Status created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP Timestamp of creation updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP Last update timestamp.

Column Name Data Type Constraints Description comment_id BIGINT UNSIGNED PRIMARY KEY , AUTO_INCREMENT Unique Comment ID post_id BIGINT UNSIGNED FOREIGN KEY -> posts(post_id) , NOT NULL Related Post ID user_id BIGINT UNSIGNED FOREIGN KEY -> users(user_id) , NULLABLE Comment Author ID comment TEXT NOT NULL Comment Content status TINYINT(1) DEFAULT 1 1 = Approved, 0 = Pending created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP Timestamp of creation.

Column Name Data Type Constraints Description category_id BIGINT UNSIGNED PRIMARY KEY , AUTO_INCREMENT Unique Category ID name VARCHAR(100) NOT NULL , UNIQUE Category Name slug VARCHAR(100) NOT NULL , UNIQUE URL Slug created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP Timestamp of creation.

Column Name Data Type Constraints Description menu_id BIGINT UNSIGNED PRIMARY KEY , AUTO_INCREMENT Unique Menu ID parent_id BIGINT UNSIGNED NULLABLE , FOREIGN KEY -> side_menu(menu_id) Reference to Parent Menu ID (for sub-menus) name VARCHAR(50) NOT NULL Menu Name icon TEXT NOT NULL SVG Icon Data permission_level TINYINT UNSIGNED NOT NULL Required Permission created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP Timestamp of creation.

If parent_id is NULL , it’s a main menu item.

is , it’s a item. If parent_id has a value, it’s a sub-menu under the referenced menu_id .

menu_id parent_id name icon permission_level 1 NULL Dashboard 🏠 1 2 NULL Settings ⚙️ 2 3 2 clients 👥 2 4 2 Roles 🔑 2.

Here, "individuals" and "Roles" are sub-menus under "Settings". 🚀.

The traditional way of building Docker images using the docker build command is simple and straightforward, but when working with complex applications......

Can a developer successfully work with an API without a standard API documentation? My answer is as good as yours. This means that API documentation i......

We're a place where coders share, stay up-to-date and grow their careers....

GasPi : un outil en Rust pour mesurer la consommation énergétique d'un hardware

Même s'il existe quelques commandes pour mesurer l'activité matérielle de la Raspberry Pi, rien ne vaut un outil dédié. C'est l'objectif de GasPi, un outil écrit en Rust pour estimer et analyser la consommation énergétique des matériels de type Raspberry Pi 5 pour comprendre son impact. "Les outils fournissent une surveillance en temps réel et calculent plusieurs mesures environnementales clés pour quantifier l’empreinte écologique de l’exécution de logiciels ou de charges de travail spécifiques." précise la page GitHub.

- monitoring de la consommation énergétique : en temps réel, il fournit une estimation, support Pi 5.

- calcul d'impact : consommation en Wh, émission de CO2, etc.

- métriques du système : utilisation CPU, utilisation de la mémoire, température CPU.

Certaines fonctionnalités sont spécifiques aux matériels supportés :

- Pi 5 : ajustement sur le SoC Arm, focus sur la température du CPU.

- MacBook Pro M2 (à venir) : considération de l'architecture, calibration pour supporter la configuration mémoire, etc.

L'outil s'appuie notamment sur la librarie sysinfo.

Nous attendons avec impatience de pouvoir tester l'outil.

A data culture is the collective behaviors and beliefs of people who value, practice, and encourage the use of data and AI to propel organizational tr......

The software development world is undergoing a seismic shift. AI is no longer a futuristic promise; it’s actively shaping developers’ workflows today.......

It’s been a while since I wrote about PHP Zmanim — the work I’ve done with it and the things I’ve learned while implementing it. But despite the delay......