[PVE-User] Shared IP (Was: Setup a cluster proxmox behind just one public ip address)

[Alessandro Briosi]

Il 30/08/2017 08:32, Eneko Lacunza ha scritto:
> Hi,
>
> El 29/08/17 a las 19:41, Petric Frank escribió:
>>
>>> Is it possible to configure a proxmox cluster behind a single public IP
>>> address ? If possible, how do I configure my nodes at the time of
>>> installation ? I don't see this configuration in the documentation.
>>>
>>> If not possible, should I have the same number of public ip address
>>> than the
>>> number of node of my cluster ?
>>>
>>> For information, I want to use a dedicated network for corosync.
>> Maybe an other solution - what about a shared IP bound to one of the
>> servers.
>> Using HA mechanisms it could be bound to another host is the current one
>> fails.
>> This would avoid a single point of failure.
> Yes, I think it would work to have a firewall VM with the public IP,
> configured as HA; then nodes have private IPs.
>
> Administration would be by VPN as Alain said. If the node running the
> firewall crashes, HA would restart it on another node. VMs gateway
> would be the firewall.
>
> You need shared storage for this of course.

I'm not sure how exactly your topology is but I'd look into
keepalived/vrrp for a virtual IP (never tryed with more than 2 servers
but it should work).

I'm not a fun of a HA firewall VM, as if for some reason the VM does not
start, or is locked or anything you would have no way to access the
proxmox servers.

I'd also try using something like tinc/openvpn to make the proxmox nodes
connect as clients to one vpn server which I'm in control of just in
case (but you are supposed to have one).

Obviously also configuring a firewall on the nodes is raccomanded if
they are public.

I suppose you have a gateway which does NAT and you have no direct
control for this so you'd like to point the public address to one
internal (?)

Alessandro