[PVE-User] Shared IP (Was: Setup a cluster proxmox behind just one public ip address) (Alessandro Briosi)
jean-mathieu.chantrein at univ-angers.fr
Wed Aug 30 18:10:11 CEST 2017
First, thanks for all your reply! It's very helpful.
>>> Maybe an other solution - what about a shared IP bound to one of the
>>> Using HA mechanisms it could be bound to another host is the current one
>>> This would avoid a single point of failure.
>> Yes, I think it would work to have a firewall VM with the public IP,
>> configured as HA; then nodes have private IPs.
>> Administration would be by VPN as Alain said. If the node running the
>> firewall crashes, HA would restart it on another node. VMs gateway
>> would be the firewall.
>> You need shared storage for this of course.
Ok. I think I use this way. I want to use a converged ceph storage, so it will be good...
> I'm not sure how exactly your topology is but I'd look into
> keepalived/vrrp for a virtual IP (never tryed with more than 2 servers
> but it should work).
> I'm not a fun of a HA firewall VM, as if for some reason the VM does not
> start, or is locked or anything you would have no way to access the
> proxmox servers.
Yes. It's a good point. Maybe I will try to create another "just in case" gateway (on front on internet with another public ip or via another network) in case of HA failure.
> I'd also try using something like tinc/openvpn to make the proxmox nodes
> connect as clients to one vpn server which I'm in control of just in
> case (but you are supposed to have one).
> Obviously also configuring a firewall on the nodes is raccomanded if
> they are public.
> I suppose you have a gateway which does NAT and you have no direct
> control for this so you'd like to point the public address to one
> internal (?)
More information about the pve-user