[PVE-User] Shared IP (Was: Setup a cluster proxmox behind just one public ip address) (Alessandro Briosi)

[Jean-mathieu CHANTREIN]

Hello.

First, thanks for all your reply! It's very helpful.


>>> Maybe an other solution - what about a shared IP bound to one of the
>>> servers.
>>> Using HA mechanisms it could be bound to another host is the current one
>>> fails.
>>> This would avoid a single point of failure.
>> Yes, I think it would work to have a firewall VM with the public IP,
>> configured as HA; then nodes have private IPs.
>>
>> Administration would be by VPN as Alain said. If the node running the
>> firewall crashes, HA would restart it on another node. VMs gateway
>> would be the firewall.
>>
>> You need shared storage for this of course.

Ok. I think I use this way. I want to use a converged ceph storage, so it will be good...

> 
> I'm not sure how exactly your topology is but I'd look into
> keepalived/vrrp for a virtual IP (never tryed with more than 2 servers
> but it should work).
> 
> I'm not a fun of a HA firewall VM, as if for some reason the VM does not
> start, or is locked or anything you would have no way to access the
> proxmox servers.

Yes. It's a good point. Maybe I will try to create another "just in case" gateway (on front on internet with another public ip or via another network) in case of HA failure.

> 
> I'd also try using something like tinc/openvpn to make the proxmox nodes
> connect as clients to one vpn server which I'm in control of just in
> case (but you are supposed to have one).
> 
> Obviously also configuring a firewall on the nodes is raccomanded if
> they are public.
> 
> I suppose you have a gateway which does NAT and you have no direct
> control for this so you'd like to point the public address to one
> internal (?)

Yes!

Many thanks.

Best regards.

Jean-Mathieu