Update tech_docs/its_the_new_style_design.md

2025-08-04 17:28:48 -05:00
parent ad2fd99c43
commit 3eb5a6dcb2
1 changed files with 167 additions and 0 deletions
--- a/tech_docs/its_the_new_style_design.md
+++ b/tech_docs/its_the_new_style_design.md
@@ -1,3 +1,170 @@
+Below is a **complete, end-to-end recipe** to spin up a **proper three-node Docker Swarm** on **Debian 12 minimal VMs** while honoring:
+
+- the **dual-stack IPv4/IPv6 numbering** you already locked in  
+- the **symmetrical naming schema**  
+- a **private, non-routed VLAN** for management / HA traffic  
+
+Copy-paste ready; zero drift.
+
+────────────────────────────────────────  
+1.  Lab topology (logical)
+
+| VM | Role | Public VLAN (DMZ) | Private VLAN (Mgmt/HA) | DNS name |
+|---|---|---|---|---|
+| vm-01 | Swarm manager + worker | 10.0.1.10/24 2001:db8:c0de:2000::10/64 | 192.168.255.10/24 | mgr-01.dmz.mycorp.net |
+| vm-02 | Swarm manager + worker | 10.0.1.11/24 2001:db8:c0de:2000::11/64 | 192.168.255.11/24 | mgr-02.dmz.mycorp.net |
+| vm-03 | Swarm manager + worker | 10.0.1.12/24 2001:db8:c0de:2000::12/64 | 192.168.255.12/24 | mgr-03.dmz.mycorp.net |
+
+Private VLAN **only** carries Swarm control plane (TCP 2377, 7946, 4789).  
+Public VLAN carries application traffic.
+
+────────────────────────────────────────  
+2.  Debian 12 minimal VM prep (repeat on every node)
+
+```bash
+# 1. base update
+sudo apt update && sudo apt -y upgrade
+sudo apt -y install vim curl
+
+# 2. add Docker repo & install
+curl -fsSL https://download.docker.com/linux/debian/gpg | \
+  sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
+  https://download.docker.com/linux/debian $(lsb_release -cs) stable" | \
+  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+sudo apt update
+sudo apt -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+sudo usermod -aG docker $USER && newgrp docker
+```
+
+
+────────────────────────────────────────  
+3.  VLAN interface on the **private** network
+
+Assume host physical NIC is `ens18`; create VLAN 255 for mgmt/HA.
+
+```bash
+# /etc/network/interfaces.d/mgmt
+auto ens18.255
+iface ens18.255 inet static
+    address 192.168.255.10/24   # change per node
+    gateway none                # non-routed
+```
+
+`systemctl restart networking` or reboot.
+
+────────────────────────────────────────  
+4.  Firewall (ufw example)
+
+```bash
+sudo ufw allow 22/tcp
+sudo ufw allow 2377/tcp        # swarm management
+sudo ufw allow 7946/tcp
+sudo ufw allow 7946/udp
+sudo ufw allow 4789/udp        # overlay vxlan
+sudo ufw enable
+```
+
+────────────────────────────────────────  
+5.  Initialize the swarm (on vm-01)
+
+```bash
+# use the **private** IP so traffic never leaves VLAN 255
+docker swarm init --advertise-addr 192.168.255.10 --listen-addr 192.168.255.10:2377
+```
+Copy the **join-token** that is printed.
+
+On vm-02 / vm-03 run:
+
+```bash
+docker swarm join --token SWMTKN-... 192.168.255.10:2377
+```
+
+Verify quorum:
+
+```bash
+docker node ls
+```
+
+────────────────────────────────────────  
+6.  Dual-stack overlay network
+
+```bash
+docker network create \
+  --driver overlay \
+  --attachable \
+  --subnet 10.0.255.16/28 \
+  --subnet 2001:db8:c0de:ffff:2000::/80 \
+  sym-net
+```
+
+────────────────────────────────────────  
+7.  DNS A/AAAA & reverse records (dnsmasq)
+
+Append to `/etc/dnsmasq-static-hosts`:
+
+```
+# Swarm managers
+10.0.1.10   mgr-01.dmz.mycorp.net
+2001:db8:c0de:2000::10   mgr-01.dmz.mycorp.net
+10.0.1.11   mgr-02.dmz.mycorp.net
+2001:db8:c0de:2000::11   mgr-02.dmz.mycorp.net
+10.0.1.12   mgr-03.dmz.mycorp.net
+2001:db8:c0de:2000::12   mgr-03.dmz.mycorp.net
+```
+
+Reload:
+
+```bash
+sudo systemctl reload dnsmasq
+```
+
+────────────────────────────────────────  
+8.  Deploy a test stack
+
+`/opt/stacks/hello.yml`
+
+```yaml
+version: "3.9"
+services:
+  web:
+    image: nginx:alpine
+    deploy:
+      replicas: 3
+    ports:
+      - "80:80"
+networks:
+  default:
+    external: true
+    name: sym-net
+```
+
+```bash
+docker stack deploy -c /opt/stacks/hello.yml hello
+```
+
+Access:
+
+```bash
+curl http://mgr-01.dmz.mycorp.net
+curl -6 http://mgr-01.dmz.mycorp.net
+```
+
+────────────────────────────────────────  
+9.  Daily ops cheat-sheet
+
+| Task | Command |
+|---|---|
+| List nodes | `docker node ls` |
+| Drain manager | `docker node update --availability drain mgr-01` |
+| Remove node | `docker node rm mgr-03` then re-join |
+| Show logs | `docker service logs hello_web` |
+
+You now have a **production-ready, three-manager Docker Swarm** on Debian 12, **isolated on a private mgmt VLAN**, yet fully dual-stack and symmetrical.
+
+---
+
 Complete, symmetry-first DNS name & function list  
 (ready to drop straight into **dnsmasq-static-hosts** or NetBox)