PVE Cluster Service IP

gurubert

Active Member
Mar 12, 2015
52
7
28
Berlin, Germany
I would like to ask for a new feature:

Service IP for a PVE cluster.

I.e. the Proxmox cluster manager should be able to configure an IP address that is always active on one of the nodes (maybe the cluster leader).

This would make it easier for automated tools to talk to the API. In case of a node failure this service IP would be switched to the next running node and the API would be highly available.

Currently one would have to setup keepalived or similar tools on each node.
 

t.lamprecht

Proxmox Staff Member
Staff member
Jul 28, 2015
4,542
1,202
164
South Tyrol/Italy
shop.proxmox.com
I.e. the Proxmox cluster manager should be able to configure an IP address that is always active on one of the nodes (maybe the cluster leader).
Proxmox VE is a multi-master system, so there's not a real leader per se.
Albeit the cluster communication elects one, but that's rather an implementation detail and not really available for the outside.

The HA CRM could be thought as master, but it's only for HA related stuff. But actually, there was some talks years ago about adding IP addresses as HA resource type, but we decided against that due to the availability of HAProxy and other projects, which covers the use case already and can be setup externally or as HA tracked CT/VM and there was not really any user requests (at least none that were not already happy with HAProxy).
 

gurubert

Active Member
Mar 12, 2015
52
7
28
Berlin, Germany
I also thought about the IP address being just another resource along with VMs and CTs. That would be nice to have.
 
Last edited:

gurubert

Active Member
Mar 12, 2015
52
7
28
Berlin, Germany
OK, I helped myself with a small VM that runs HA-Proxy and is made high available through the Proxmox cluster.

This is the essential part of the haproxy configuration:

Code:
frontend localhost
    bind *:443
    mode tcp
    option tcplog
    default_backend proxmox

backend proxmox
    mode tcp
    balance source
    server node1 192.0.2.5:8006 check
    server node2 192.0.2.6:8006 check
    server node3 192.0.2.7:8006 check
    server node4 192.0.2.8:8006 check

This is a passthrough SSL configuration, i.e. the certificates served by the Proxmox nodes have to match this server's hostname. We use a wildcard certificate for that but it could also be achieved by added subjectAlternativeNames.
 
  • Like
Reactions: t.lamprecht

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!