[PVE-User] Setup a cluster proxmox behind just one public ip address

Discussion:

Jean-mathieu CHANTREIN

2017-08-29 14:28:21 UTC

Hello.

Is it possible to configure a proxmox cluster behind a single public IP address ?
If possible, how do I configure my nodes at the time of installation ? I don't see this configuration in the documentation.

If not possible, should I have the same number of public ip address than the number of node of my cluster ?

For information, I want to use a dedicated network for corosync.

Best regards.

Jean-Mathieu

Philip Abernethy

2017-08-29 14:56:48 UTC

Permalink

Hi

It's possible, but can, at least partly, defeat the purpose of a
cluster. If only one node of, say, three is publicly reachable it
becomes a single point of failure. Once that 'main' node is offline the
others are unreachable, no matter if they're running or not, and so are
the virtual machines they host. This can be worked around by using a
floating IP. Your hoster should be able to help you with that.
With a floating IP you can point it to the node you're currently
installing. First point of order should probably be to copy ssh keys
around, so you can always reach every node from every other node.

Regards,
Philip

Hello.
Is it possible to configure a proxmox cluster behind a single public
IP address ?
If possible, how do I configure my nodes at the time of installation
? I don't see this configuration in the documentation.
If not possible, should I have the same number of public ip address
than the number of node of my cluster ?
For information, I want to use a dedicated network for corosync.
Best regards.
Jean-Mathieu
_______________________________________________
pve-user mailing list
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

Alain Péan

2017-08-29 15:05:10 UTC

Permalink

Post by Jean-mathieu CHANTREIN
Is it possible to configure a proxmox cluster behind a single public IP address ?
If possible, how do I configure my nodes at the time of installation ? I don't see this configuration in the documentation.
If not possible, should I have the same number of public ip address than the number of node of my cluster ?
For information, I want to use a dedicated network for corosync.

I would say it is not recommanded to set up a proxmox cluster directly
on public IP addresses (security risk if exposed on internet).
Just set up a bridge and configure one of your network interface so that
the gateway is your public IP address.

Through a VPN, you can manage your cluster from remote location.

It is your VMs that eventually could require public IP address if for
example you set up a web server accessible from Internet. In this case,
you can use your public IP for this VM (I hope you have another as
gateway at least...), and use different DNS aliases for virtual hosts.

Alain

--
Administrateur Système/Réseau
C2N (ex LPN) Centre de Nanosciences et Nanotechnologies (UMR 9001)
Site de Marcoussis, Data IV, route de Nozay - 91460 Marcoussis
Tel : 01-69-63-61-34

Petric Frank

2017-08-29 17:41:40 UTC

Permalink

Hello,

Post by Jean-mathieu CHANTREIN
Hello.
Is it possible to configure a proxmox cluster behind a single public IP
address ? If possible, how do I configure my nodes at the time of
installation ? I don't see this configuration in the documentation.
If not possible, should I have the same number of public ip address than the
number of node of my cluster ?
For information, I want to use a dedicated network for corosync.

Eneko Lacunza

2017-08-30 06:32:37 UTC

Permalink

Hi,

Post by Petric Frank

Post by Jean-mathieu CHANTREIN
Is it possible to configure a proxmox cluster behind a single public IP
address ? If possible, how do I configure my nodes at the time of
installation ? I don't see this configuration in the documentation.
If not possible, should I have the same number of public ip address than the
number of node of my cluster ?
For information, I want to use a dedicated network for corosync.

Yes, I think it would work to have a firewall VM with the public IP,
configured as HA; then nodes have private IPs.

Administration would be by VPN as Alain said. If the node running the
firewall crashes, HA would restart it on another node. VMs gateway would
be the firewall.

You need shared storage for this of course.

Cheers

--
Zuzendari Teknikoa / Director Técnico
Binovo IT Human Project, S.L.
Telf. 943493611
943324914
Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
www.binovo.es

Alessandro Briosi

2017-08-30 07:54:28 UTC

Permalink

Post by Eneko Lacunza
Hi,

Post by Petric Frank

Post by Jean-mathieu CHANTREIN
Is it possible to configure a proxmox cluster behind a single public IP
address ? If possible, how do I configure my nodes at the time of
installation ? I don't see this configuration in the documentation.
If not possible, should I have the same number of public ip address than the
number of node of my cluster ?
For information, I want to use a dedicated network for corosync.

Yes, I think it would work to have a firewall VM with the public IP,
configured as HA; then nodes have private IPs.
Administration would be by VPN as Alain said. If the node running the
firewall crashes, HA would restart it on another node. VMs gateway
would be the firewall.
You need shared storage for this of course.

I'm not sure how exactly your topology is but I'd look into
keepalived/vrrp for a virtual IP (never tryed with more than 2 servers
but it should work).

I'm not a fun of a HA firewall VM, as if for some reason the VM does not
start, or is locked or anything you would have no way to access the
proxmox servers.

I'd also try using something like tinc/openvpn to make the proxmox nodes
connect as clients to one vpn server which I'm in control of just in
case (but you are supposed to have one).

Obviously also configuring a firewall on the nodes is raccomanded if
they are public.

I suppose you have a gateway which does NAT and you have no direct
control for this so you'd like to point the public address to one
internal (?)

Alessandro

David Lawley

2017-08-30 18:35:52 UTC

Permalink

I have used a load balancer as a front end to my nodes, something like
Zen or what is now Zevenet YMMV

Post by Petric Frank
Hello,

Maybe an other solution - what about a shared IP bound to one of the servers.
Using HA mechanisms it could be bound to another host is the current one
fails.
This would avoid a single point of failure.
regards
Petric
_______________________________________________
pve-user mailing list
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

Alarig Le Lay

2017-08-30 18:43:51 UTC

Permalink

Post by Jean-mathieu CHANTREIN
Hello.
Is it possible to configure a proxmox cluster behind a single public IP address ?
If possible, how do I configure my nodes at the time of installation ?
I don't see this configuration in the documentation.
If not possible, should I have the same number of public ip address
than the number of node of my cluster ?
For information, I want to use a dedicated network for corosync.
Best regards.
Jean-Mathieu

Hi,

What about IPv6? 2200 provides it since many years now.

--
alarig