From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pve-user-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
by lore.proxmox.com (Postfix) with ESMTPS id 0543C1FF164
for <inbox@lore.proxmox.com>; Fri, 14 Mar 2025 20:42:56 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 516EFA537;
Fri, 14 Mar 2025 20:42:41 +0100 (CET)
Date: Fri, 14 Mar 2025 20:36:06 +0100
In-Reply-To: <da469486-9663-47e9-9d36-83e4013aa583@anycast.cl>
To: Proxmox VE user list <pve-user@lists.proxmox.com>
References: <CAEaLa5H4nZbR-O4uN=4vqbQyJqshgSytYD_DVOMnhqBRvxy1Sw@mail.gmail.com>
<743e060c-b095-4155-9fa7-1d086520a21a@anycast.cl>
<CAEaLa5FGttrRCTSU-0up2v=XUBfpr7vORFr7O0q9jqVhfpvbZQ@mail.gmail.com>
<da469486-9663-47e9-9d36-83e4013aa583@anycast.cl>
MIME-Version: 1.0
Message-ID: <mailman.50.1741981360.416.pve-user@lists.proxmox.com>
List-Id: Proxmox VE user list <pve-user.lists.proxmox.com>
List-Post: <mailto:pve-user@lists.proxmox.com>
From: Stefan Radman via pve-user <pve-user@lists.proxmox.com>
Precedence: list
Cc: Stefan Radman <stefan.radman@me.com>
X-Mailman-Version: 2.1.29
X-BeenThere: pve-user@lists.proxmox.com
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user>,
<mailto:pve-user-request@lists.proxmox.com?subject=subscribe>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-user>,
<mailto:pve-user-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-user/>
Reply-To: Proxmox VE user list <pve-user@lists.proxmox.com>
List-Help: <mailto:pve-user-request@lists.proxmox.com?subject=help>
Subject: Re: [PVE-User] API redundancy
Content-Type: multipart/mixed; boundary="===============0772344032328519019=="
Errors-To: pve-user-bounces@lists.proxmox.com
Sender: "pve-user" <pve-user-bounces@lists.proxmox.com>
--===============0772344032328519019==
Content-Type: message/rfc822
Content-Disposition: inline
Return-Path: <stefan.radman@me.com>
X-Original-To: pve-user@lists.proxmox.com
Delivered-To: pve-user@lists.proxmox.com
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id 02F85C8F57
for <pve-user@lists.proxmox.com>; Fri, 14 Mar 2025 20:42:40 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id D76D5A46D
for <pve-user@lists.proxmox.com>; Fri, 14 Mar 2025 20:42:39 +0100 (CET)
Received: from mr85p00im-ztdg06021201.me.com (mr85p00im-ztdg06021201.me.com [17.58.23.189])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS
for <pve-user@lists.proxmox.com>; Fri, 14 Mar 2025 20:42:37 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=me.com; s=1a1hai;
bh=x+Ia1HFUz+ESTX5OJD0bQcqIxg7BjTPj+dnInVR+9aE=;
h=From:Message-Id:Content-Type:Mime-Version:Date:Subject:To:x-icloud-hme;
b=c80UXmV6If7dDdvSYWOF040XtcXr6LBZiXuDt4BMPI7fA2IWsinrEwo7rZSig44Rz
kIee8NLpzLQRZgbPTZ6Y5y8hj8f1FOoyMrYdC3VJ8cNhXTS5+puc0kpW45ICcXL753
ugn81I+QdsuzIANkIAmNsBMoXW7J555fMdsnX8w9nDI4uW5SlkwX4Tmi3uD+rBOUIe
5Qe8BDMg/ofny4XCVzIKrIWX2xzr2lCAR5lHoqhC55hC4wQtkumI7Rs+zsfUmgX1f0
5PAQKltCyWaw1swcUPjJ307YBE9NdTyjXh4qiY5QQs0nRwizs/nt4T/khyeRKx5sPL
2k0asZ6ms2Jkg==
Received: from smtpclient.apple (mr38p00im-dlb-asmtp-mailmevip.me.com [17.57.152.18])
by mr85p00im-ztdg06021201.me.com (Postfix) with ESMTPSA id 3A2EA3200C6;
Fri, 14 Mar 2025 19:36:21 +0000 (UTC)
From: Stefan Radman <stefan.radman@me.com>
Message-Id: <C680BA8B-9899-42AC-96BD-1D206BEC8021@me.com>
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Date: Fri, 14 Mar 2025 20:36:06 +0100
Subject: Re: [PVE-User] API redundancy
In-Reply-To: <da469486-9663-47e9-9d36-83e4013aa583@anycast.cl>
To: Proxmox VE user list <pve-user@lists.proxmox.com>
References: <CAEaLa5H4nZbR-O4uN=4vqbQyJqshgSytYD_DVOMnhqBRvxy1Sw@mail.gmail.com>
<743e060c-b095-4155-9fa7-1d086520a21a@anycast.cl>
<CAEaLa5FGttrRCTSU-0up2v=XUBfpr7vORFr7O0q9jqVhfpvbZQ@mail.gmail.com>
<da469486-9663-47e9-9d36-83e4013aa583@anycast.cl>
X-Mailer: Apple Mail (2.3731.700.6)
X-Proofpoint-GUID: C4LJdGlQraXL4lou9r563t09xgyu3-fQ
X-Proofpoint-ORIG-GUID: C4LJdGlQraXL4lou9r563t09xgyu3-fQ
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.272,Aquarius:18.0.1093,Hydra:6.0.680,FMLib:17.12.68.34
definitions=2025-03-14_07,2025-03-14_01,2024-11-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 mlxlogscore=999 bulkscore=0
mlxscore=0 suspectscore=0 clxscore=1015 malwarescore=0 phishscore=0
adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
engine=8.19.0-2308100000 definitions=main-2503140153
X-Apple-Remote-Links: v=1;h=KCk=;charset=UTF-8
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.082 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
DMARC_PASS -0.1 DMARC pass policy
FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider
HTML_MESSAGE 0.001 HTML included in message
POISEN_SPAM_PILL_4 0.1 random spam to be learned in bayes
RCVD_IN_DNSWL_LOW -0.7 Sender listed at https://www.dnswl.org/, low trust
RCVD_IN_MSPIKE_H2 0.001 Average reputation (+2)
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com]
Content-Type: text/plain;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
Hi Cyrus
Here is the simple keepalived configuration we're using.
It serves us very well for redundancy of the web GUI.
All you need is =E2=80=9Capt install keepalived=E2=80=9D on every =
cluster node and the configuration in /etc/keepalived/keepalived.conf.
Just mind the different priorities - gory details in the =
keepalived.conf(1) man page.
The browser title page will show you which node you are actually =
connected to.
Stefan
root@pve01:~# host pve && echo && for node in pve01 pve02 pve03; do host =
$node && ssh $node cat /etc/keepalived/keepalived.conf && echo; done
pve.example.com has address 10.10.10.10
pve01.example.com has address 10.10.10.1
vrrp_instance pve {
interface vmbr1
virtual_router_id 10
priority 255
virtual_ipaddress {
10.10.10.10/24
}
}
pve02.example.com has address 10.10.10.2
vrrp_instance pve {
interface vmbr1
virtual_router_id 10
priority 254
virtual_ipaddress {
10.10.10.10/24
}
}
pve03.example.com has address 10.10.10.3
vrrp_instance pve {
interface vmbr1
virtual_router_id 10
priority 253
virtual_ipaddress {
10.10.10.10/24
}
}
> On Mar 14, 2025, at 19:35, Roberto Alvarado <ralvarado@anycast.cl> =
wrote:
>=20
> No, in proxmox this kind of sceneraio isnt resolved, other way =
(without a reverse proxy) can be done with keepalived (vrrp), and use a =
"floating IP"
>=20
> Saludos
> Roberto
>=20
> On 14-03-25 15:19, Cyrus wrote:
>> Hello!,
>>=20
>> Yes, I can do it outside with a reverse proxy.
>>=20
>> The message I'm rescuing: there's no transparent HA included out of =
the box
>> to cover that scenario
>>=20
>> Regards.
>>=20
>> On Fri, Mar 14, 2025, 14:59 Roberto Alvarado <ralvarado@anycast.cl> =
wrote:
>>=20
>>> You can do this with nginx or haproxy, using each pve server as =
backend.
>>>=20
>>>=20
>>> Saludos
>>> Roberto
>>>=20
>>> On 14-03-25 13:59, Cyrus wrote:
>>>> Hello!,
>>>>=20
>>>> Understanding there's not cluster IP (failover), how do you provide
>>>> redundancy for API consumers when one node is not accesible?
>>>>=20
>>>> (User configured with API endpoint https://pve01:8006, pve01 going =
down,
>>>> pve02 accesible)
>>>>=20
>>>> Regards.
>>>> _______________________________________________
>>>> pve-user mailing list
>>>> pve-user@lists.proxmox.com
>>>> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>>=20
>>> _______________________________________________
>>> pve-user mailing list
>>> pve-user@lists.proxmox.com
>>> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>=20
>>>=20
>> _______________________________________________
>> pve-user mailing list
>> pve-user@lists.proxmox.com
>> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>=20
>=20
> _______________________________________________
> pve-user mailing list
> pve-user@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>=20
--===============0772344032328519019==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
--===============0772344032328519019==--