From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pve-user-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 0543C1FF164 for <inbox@lore.proxmox.com>; Fri, 14 Mar 2025 20:42:56 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 516EFA537; Fri, 14 Mar 2025 20:42:41 +0100 (CET) Date: Fri, 14 Mar 2025 20:36:06 +0100 In-Reply-To: <da469486-9663-47e9-9d36-83e4013aa583@anycast.cl> To: Proxmox VE user list <pve-user@lists.proxmox.com> References: <CAEaLa5H4nZbR-O4uN=4vqbQyJqshgSytYD_DVOMnhqBRvxy1Sw@mail.gmail.com> <743e060c-b095-4155-9fa7-1d086520a21a@anycast.cl> <CAEaLa5FGttrRCTSU-0up2v=XUBfpr7vORFr7O0q9jqVhfpvbZQ@mail.gmail.com> <da469486-9663-47e9-9d36-83e4013aa583@anycast.cl> MIME-Version: 1.0 Message-ID: <mailman.50.1741981360.416.pve-user@lists.proxmox.com> List-Id: Proxmox VE user list <pve-user.lists.proxmox.com> List-Post: <mailto:pve-user@lists.proxmox.com> From: Stefan Radman via pve-user <pve-user@lists.proxmox.com> Precedence: list Cc: Stefan Radman <stefan.radman@me.com> X-Mailman-Version: 2.1.29 X-BeenThere: pve-user@lists.proxmox.com List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user>, <mailto:pve-user-request@lists.proxmox.com?subject=subscribe> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-user>, <mailto:pve-user-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pve-user/> Reply-To: Proxmox VE user list <pve-user@lists.proxmox.com> List-Help: <mailto:pve-user-request@lists.proxmox.com?subject=help> Subject: Re: [PVE-User] API redundancy Content-Type: multipart/mixed; boundary="===============0772344032328519019==" Errors-To: pve-user-bounces@lists.proxmox.com Sender: "pve-user" <pve-user-bounces@lists.proxmox.com> --===============0772344032328519019== Content-Type: message/rfc822 Content-Disposition: inline Return-Path: <stefan.radman@me.com> X-Original-To: pve-user@lists.proxmox.com Delivered-To: pve-user@lists.proxmox.com Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 02F85C8F57 for <pve-user@lists.proxmox.com>; Fri, 14 Mar 2025 20:42:40 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id D76D5A46D for <pve-user@lists.proxmox.com>; Fri, 14 Mar 2025 20:42:39 +0100 (CET) Received: from mr85p00im-ztdg06021201.me.com (mr85p00im-ztdg06021201.me.com [17.58.23.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for <pve-user@lists.proxmox.com>; Fri, 14 Mar 2025 20:42:37 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=me.com; s=1a1hai; bh=x+Ia1HFUz+ESTX5OJD0bQcqIxg7BjTPj+dnInVR+9aE=; h=From:Message-Id:Content-Type:Mime-Version:Date:Subject:To:x-icloud-hme; b=c80UXmV6If7dDdvSYWOF040XtcXr6LBZiXuDt4BMPI7fA2IWsinrEwo7rZSig44Rz kIee8NLpzLQRZgbPTZ6Y5y8hj8f1FOoyMrYdC3VJ8cNhXTS5+puc0kpW45ICcXL753 ugn81I+QdsuzIANkIAmNsBMoXW7J555fMdsnX8w9nDI4uW5SlkwX4Tmi3uD+rBOUIe 5Qe8BDMg/ofny4XCVzIKrIWX2xzr2lCAR5lHoqhC55hC4wQtkumI7Rs+zsfUmgX1f0 5PAQKltCyWaw1swcUPjJ307YBE9NdTyjXh4qiY5QQs0nRwizs/nt4T/khyeRKx5sPL 2k0asZ6ms2Jkg== Received: from smtpclient.apple (mr38p00im-dlb-asmtp-mailmevip.me.com [17.57.152.18]) by mr85p00im-ztdg06021201.me.com (Postfix) with ESMTPSA id 3A2EA3200C6; Fri, 14 Mar 2025 19:36:21 +0000 (UTC) From: Stefan Radman <stefan.radman@me.com> Message-Id: <C680BA8B-9899-42AC-96BD-1D206BEC8021@me.com> Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\)) Date: Fri, 14 Mar 2025 20:36:06 +0100 Subject: Re: [PVE-User] API redundancy In-Reply-To: <da469486-9663-47e9-9d36-83e4013aa583@anycast.cl> To: Proxmox VE user list <pve-user@lists.proxmox.com> References: <CAEaLa5H4nZbR-O4uN=4vqbQyJqshgSytYD_DVOMnhqBRvxy1Sw@mail.gmail.com> <743e060c-b095-4155-9fa7-1d086520a21a@anycast.cl> <CAEaLa5FGttrRCTSU-0up2v=XUBfpr7vORFr7O0q9jqVhfpvbZQ@mail.gmail.com> <da469486-9663-47e9-9d36-83e4013aa583@anycast.cl> X-Mailer: Apple Mail (2.3731.700.6) X-Proofpoint-GUID: C4LJdGlQraXL4lou9r563t09xgyu3-fQ X-Proofpoint-ORIG-GUID: C4LJdGlQraXL4lou9r563t09xgyu3-fQ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1093,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-03-14_07,2025-03-14_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 mlxlogscore=999 bulkscore=0 mlxscore=0 suspectscore=0 clxscore=1015 malwarescore=0 phishscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2308100000 definitions=main-2503140153 X-Apple-Remote-Links: v=1;h=KCk=;charset=UTF-8 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.082 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_PASS -0.1 DMARC pass policy FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider HTML_MESSAGE 0.001 HTML included in message POISEN_SPAM_PILL_4 0.1 random spam to be learned in bayes RCVD_IN_DNSWL_LOW -0.7 Sender listed at https://www.dnswl.org/, low trust RCVD_IN_MSPIKE_H2 0.001 Average reputation (+2) RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Hi Cyrus Here is the simple keepalived configuration we're using. It serves us very well for redundancy of the web GUI. All you need is =E2=80=9Capt install keepalived=E2=80=9D on every = cluster node and the configuration in /etc/keepalived/keepalived.conf. Just mind the different priorities - gory details in the = keepalived.conf(1) man page. The browser title page will show you which node you are actually = connected to. Stefan root@pve01:~# host pve && echo && for node in pve01 pve02 pve03; do host = $node && ssh $node cat /etc/keepalived/keepalived.conf && echo; done pve.example.com has address 10.10.10.10 pve01.example.com has address 10.10.10.1 vrrp_instance pve { interface vmbr1 virtual_router_id 10 priority 255 virtual_ipaddress { 10.10.10.10/24 } } pve02.example.com has address 10.10.10.2 vrrp_instance pve { interface vmbr1 virtual_router_id 10 priority 254 virtual_ipaddress { 10.10.10.10/24 } } pve03.example.com has address 10.10.10.3 vrrp_instance pve { interface vmbr1 virtual_router_id 10 priority 253 virtual_ipaddress { 10.10.10.10/24 } } > On Mar 14, 2025, at 19:35, Roberto Alvarado <ralvarado@anycast.cl> = wrote: >=20 > No, in proxmox this kind of sceneraio isnt resolved, other way = (without a reverse proxy) can be done with keepalived (vrrp), and use a = "floating IP" >=20 > Saludos > Roberto >=20 > On 14-03-25 15:19, Cyrus wrote: >> Hello!, >>=20 >> Yes, I can do it outside with a reverse proxy. >>=20 >> The message I'm rescuing: there's no transparent HA included out of = the box >> to cover that scenario >>=20 >> Regards. >>=20 >> On Fri, Mar 14, 2025, 14:59 Roberto Alvarado <ralvarado@anycast.cl> = wrote: >>=20 >>> You can do this with nginx or haproxy, using each pve server as = backend. >>>=20 >>>=20 >>> Saludos >>> Roberto >>>=20 >>> On 14-03-25 13:59, Cyrus wrote: >>>> Hello!, >>>>=20 >>>> Understanding there's not cluster IP (failover), how do you provide >>>> redundancy for API consumers when one node is not accesible? >>>>=20 >>>> (User configured with API endpoint https://pve01:8006, pve01 going = down, >>>> pve02 accesible) >>>>=20 >>>> Regards. >>>> _______________________________________________ >>>> pve-user mailing list >>>> pve-user@lists.proxmox.com >>>> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user >>>>=20 >>> _______________________________________________ >>> pve-user mailing list >>> pve-user@lists.proxmox.com >>> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user >>>=20 >>>=20 >> _______________________________________________ >> pve-user mailing list >> pve-user@lists.proxmox.com >> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user >>=20 >=20 > _______________________________________________ > pve-user mailing list > pve-user@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user >=20 --===============0772344032328519019== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user --===============0772344032328519019==--