Hi Proxmox-Community,
I've finally decided to upgrade from a single node to a cluster (both run on Hetzner servers).
The goal would be that the public IPs of the second node do not have any Proxmox ports open (e.g. 8006) and all communication uses the private link.
So I've created a vSwitch on Hetzner to connect them with private IPs.
Corosync and the cluster are using those IPs:
In the /etc/hosts file of each node, I have added a line with the private IP of the other node, so a "ping node" uses this private vSwitch network as well.
But for some reason, the Web UI calls to the main node https://mainnode.com:8006/api2/json/nodes/node02/status seems still to use the public IPs of node02 in the background.
This might also be true as the /etc/pve/.members still shows the public IPs for the nodes. For the node of the file itself it's fine but I would like to use the internal network for the cross-node communication then I could block all public ports on the node.
Is this possible at all, or do I miss something?
Cheers,
Andy
I've finally decided to upgrade from a single node to a cluster (both run on Hetzner servers).
The goal would be that the public IPs of the second node do not have any Proxmox ports open (e.g. 8006) and all communication uses the private link.
So I've created a vSwitch on Hetzner to connect them with private IPs.
Corosync and the cluster are using those IPs:
Code:
Cluster information
-------------------
Name: cluster
Config Version: 2
Transport: knet
Secure auth: on
Quorum information
------------------
Date: Wed Oct 11 11:50:07 2023
Quorum provider: corosync_votequorum
Nodes: 2
Node ID: 0x00000001
Ring ID: 1.20
Quorate: Yes
Votequorum information
----------------------
Expected votes: 2
Highest expected: 2
Total votes: 2
Quorum: 2
Flags: Quorate
Membership information
----------------------
Nodeid Votes Name
0x00000001 1 172.16.1.1 (local)
0x00000002 1 172.16.1.2
Code:
nodelist {
node {
name: virtual
nodeid: 1
quorum_votes: 1
ring0_addr: 172.16.1.1
}
node {
name: virtual02
nodeid: 2
quorum_votes: 1
ring0_addr: 172.16.1.2
}
}In the /etc/hosts file of each node, I have added a line with the private IP of the other node, so a "ping node" uses this private vSwitch network as well.
But for some reason, the Web UI calls to the main node https://mainnode.com:8006/api2/json/nodes/node02/status seems still to use the public IPs of node02 in the background.
This might also be true as the /etc/pve/.members still shows the public IPs for the nodes. For the node of the file itself it's fine but I would like to use the internal network for the cross-node communication then I could block all public ports on the node.
Is this possible at all, or do I miss something?
Cheers,
Andy
Last edited: