From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gaio@sv.lnf.it>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 340E7603BC
 for <pve-user@lists.proxmox.com>; Wed, 14 Oct 2020 15:21:40 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 23F18A742
 for <pve-user@lists.proxmox.com>; Wed, 14 Oct 2020 15:21:40 +0200 (CEST)
Received: from smtp1.ngi.it (smtp1.ngi.it [IPv6:2001:4c91::112])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 5D5A4A736
 for <pve-user@lists.proxmox.com>; Wed, 14 Oct 2020 15:21:38 +0200 (CEST)
Received: from tank.sv.lnf.it (unknown [88.147.114.200])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by smtp1.ngi.it (Postfix) with ESMTPS id EAA7C61320
 for <pve-user@lists.proxmox.com>; Wed, 14 Oct 2020 15:21:25 +0200 (CEST)
Authentication-Results: smtp1.ngi.it; dkim=pass (1024-bit key;
 unprotected) header.d=sv.lnf.it header.i=@sv.lnf.it header.b="ZDy41MM0"; 
 dkim-atps=neutral
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sv.lnf.it; 
 s=2017;
 h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:
 Subject:To:From:Date:Sender:Reply-To:Cc:Content-ID:Content-Description:
 Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
 In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=vVcGWTzPicm+3xO0vG4h8yLIcd4V7Sq3YiGnOfwHuBg=; b=ZDy41MM00qj/qOEKgcQyQlw9nU
 qihdSyemr11mFf65DOTDI/DCWSaCtMBq5d5bsEciubPb307CLSuSSIau91zGhvgjg5XAwvDcUO0WW
 xRMkFsIJQWIWAcDbz4REoQi95wAgMTgx6tekbrTAkkyRlcBuz62Iza0VbFzpfSg1aDrk=;
Received: from [10.5.1.3] (helo=vdmsv1.ad.fvg.lnf.it)
 by tank.sv.lnf.it with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.89) (envelope-from <gaio@sv.lnf.it>) id 1kSgib-000BaG-B5
 for pve-user@lists.proxmox.com; Wed, 14 Oct 2020 15:21:25 +0200
Received: from [10.5.1.44] (helo=hermione.sv.lnf.it)
 by vdmsv1.ad.fvg.lnf.it with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.89) (envelope-from <gaio@sv.lnf.it>) id 1kSgia-0003LG-Em
 for pve-user@lists.proxmox.com; Wed, 14 Oct 2020 15:21:24 +0200
Received: by hermione.sv.lnf.it (Postfix, from userid 1000)
 id 4C67DA0013B; Wed, 14 Oct 2020 15:21:24 +0200 (CEST)
Date: Wed, 14 Oct 2020 15:21:24 +0200
From: Marco Gaiarin <gaio@sv.lnf.it>
To: pve-user@lists.proxmox.com
Message-ID: <20201014132124.GH30379@sv.lnf.it>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
'Organization: Associazione La Nostra Famiglia - Polo FVG'
'From: Marco Gaiarin <marco.gaiarin@lanostrafamiglia.it>'
User-Agent: Mutt/1.9.4 (2018-02-28)
X-SPAM-LEVEL: Spam detection results:  0
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
 domain JMQ_SPF_NEUTRAL           0.5 SPF set to ?all
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 T_SPF_PERMERROR          0.01 SPF: test of record failed (permerror)
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [lanostrafamiglia.it, lnf.it]
Subject: [PVE-User] 'HA' on a single node...
X-BeenThere: pve-user@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE user list <pve-user.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-user>, 
 <mailto:pve-user-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-user/>
List-Post: <mailto:pve-user@lists.proxmox.com>
List-Help: <mailto:pve-user-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user>, 
 <mailto:pve-user-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 14 Oct 2020 13:21:40 -0000


OK, subject is a bit an oxymoron, but...


I need to setup a PVE standalone server, where one of the VMs is a
firewall, that permit the connection to the Internet, and so also the
management of the PVE instance.

If 'something' (in the mostly vague sense of) goes wrong, and the
firewall VM does not start, i'm cutted out.

I think i've two chices:

a) move the firewall part, at least the more critical one, to the
 phisical node, PVE. This is simple and effective, but clearly not a
'clean' solution.

b) use a VM as firewall, but built around it some sort of 'HA', eg some
 scripts or something like that will do all the effort possible to keep
the 'firewall' VM running.

Because the firewall VM will be a rather simple one, could be also
something like: throw away current vm and restore the more recent
backup.


Someone have just done something like that? Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)