aws cli on node

F

Faris Raouf

Well-Known Member
Proxmox Subscriber
Mar 19, 2018
147
28
58
I intend to install aws cli (apt-get install python-pip & pip install awscli) on my nodes in order to sync backups to S3.

It works fine on my test nodes but I'm concerned that the large number of python dependencies that get installed with python-pip might somehow cause unexpected problems with Proxmox itself at some point in the future.

Can I kindly ask if others have already done this with no issues? It would help me feel a little better.

As a new Proxmox user, and normally an adherent to keeping nodes clean of anything that isn't absolutely necessary, I would really appreciate knowing at least one other person has done it with no unexpected consequences.

I have considered using a Container to run it in rather than run it on the node itself, but exposing the dump directory to a Container, if it is even possible, doesn't appeal to me. Maybe I'm being too cautious?
 
Hi,

generall PVE do not use python and I'm really sure we will not do it in the future.
Ceph uses python and as ceph is a part of our environment no one can ensure you there will no problems in the future.
So yes I would also use a container to isolate this client
 
Thank you. That's exactly the kind of thing I needed to know.

I have successfully achieved my goal in a Container running on each Node.
The ability to create a bind mount to the dump directory and to set it read-only in the Container is perfect for my needs.

The only disadvantage is that I've had to "waste" a public IP on each Container.

I would imagine there must be a way to use a Private IP and NAT it through the Node's public IP, but this is out of my area of experience :-(
 
Unfortunately this is beyond my ability to implement SAFELY as I have no experience of it.

Would you be willing to assist?

My current configuration is as follows:

Code: 
auto lo

iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

auto eno3
iface eno3 inet static
        address  10.66.66.186
        netmask  255.255.255.0
#Crossover

iface eno4 inet manual

auto vmbr0
iface vmbr0 inet static
        address  a.b.c.186
        netmask  255.255.255.0
        gateway  a.b.c.190
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

Obviously a.b.c.168 is the Public IP of the Node. a.b.c.190 is the gateway IP.

I also have a crossover cable between the two nodes which is what the private IP 10.66.66.186 on eno3 is all about.

When I look at the NAT example given, I can see that maybe I should be adding a second bridge, vmbr1, possibly like this?:
Code: 
iface vmbr1 inet static
       address  10.10.10.1
       netmask  255.255.255.0
       bridge_ports none
       bridge_stp off
       bridge_fd 0

But because in my network config I do not have an IP definition for eno1, I am not clear how to modify the NAT configuration lines from the example:

Code: 
       post-up echo 1 > /proc/sys/net/ipv4/ip_forward
       post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
       post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE

Is it as simple as replacing eno1 with vmbr0 ?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom