PVE Cluster Service IP

gurubert

gurubert

Famous Member
Mar 12, 2015
1,050
249
133
Berlin, Germany
www.heinlein-consulting.de
I would like to ask for a new feature:

Service IP for a PVE cluster.

I.e. the Proxmox cluster manager should be able to configure an IP address that is always active on one of the nodes (maybe the cluster leader).

This would make it easier for automated tools to talk to the API. In case of a node failure this service IP would be switched to the next running node and the API would be highly available.

Currently one would have to setup keepalived or similar tools on each node.
 
gurubert said:
I.e. the Proxmox cluster manager should be able to configure an IP address that is always active on one of the nodes (maybe the cluster leader).
Click to expand...
Proxmox VE is a multi-master system, so there's not a real leader per se.
Albeit the cluster communication elects one, but that's rather an implementation detail and not really available for the outside.

The HA CRM could be thought as master, but it's only for HA related stuff. But actually, there was some talks years ago about adding IP addresses as HA resource type, but we decided against that due to the availability of HAProxy and other projects, which covers the use case already and can be setup externally or as HA tracked CT/VM and there was not really any user requests (at least none that were not already happy with HAProxy).
 
OK, I helped myself with a small VM that runs HA-Proxy and is made high available through the Proxmox cluster.

This is the essential part of the haproxy configuration:

Code: 
frontend localhost
    bind *:443
    mode tcp
    option tcplog
    default_backend proxmox

backend proxmox
    mode tcp
    balance source
    server node1 192.0.2.5:8006 check
    server node2 192.0.2.6:8006 check
    server node3 192.0.2.7:8006 check
    server node4 192.0.2.8:8006 check

This is a passthrough SSL configuration, i.e. the certificates served by the Proxmox nodes have to match this server's hostname. We use a wildcard certificate for that but it could also be achieved by added subjectAlternativeNames.
 
  • Like
Reactions: jcaino and t.lamprecht
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back