Merge Proxmox nodes into a cluster using OpenVPN
Using the Proxmox virtualization environment, namely OpenVZ containers, to create a virtual hosting service will not be news for anyone. The server leased at the Hetzner site has successfully coped with its responsibilities for quite a long time.
But as time went on, the amount of data increased, clients multiplied, LA grew ... A new server was rented, Proxmox was installed and configured, the administrator rushesto configure the cluster to migrate the loaded containers to the new server. In google found deposits of instructions, and on the wiki Proxmox project itself has the necessary information.
Servers are in different subnets. Proxmox uses corosync to synchronize the settings of cluster nodes. When adding a node to the cluster - error:
Admin in a panic
')
Configure synchronization of Proxmox nodes located in any data center and having an external IP address. Organize a "cluster" in the understanding of Proxmox.
So, what we have is:
We find out that synchronization does not work due to the fact that multicast requests, although sent, are cut by the equipment. Nodes just do not see each other. Also try to use the IP addresses of the available network interfaces for synchronization. Those. or external IP, or IP subnet for VM.
We will make multicast requests sent by corosync to go inside the same network for all nodes of the cluster. We will raise our private subnet with OpenVPN and routing.
First you need to roll back all the changes made by an unsuccessful attempt to add a node to the cluster. It is assumed that nothing has been configured on "node2" yet, and there was no VM.
For some unification of settings, we will coordinate the following parameters for networks within our future cluster:
I will not go into much of the OpenVPN configuration, since articles written a lot. Including on Habré . I will describe only the main features and settings:
These settings should already be enough for the cluster to work. Add a node to the cluster according to the instructions from the wiki:
Alas, not everything is as good as we would like.
habrahabr.ru/post/233971 - Installation and configuration guide for OpenVPN
pve.proxmox.com/wiki/Proxmox_VE_2.0_Cluster
pve.proxmox.com/wiki/Multicast_notes
www.nedproductions.biz/wiki/configuring-a-proxmox-ve-2.x-cluster-running-over-an-openvpn-intranet
But as time went on, the amount of data increased, clients multiplied, LA grew ... A new server was rented, Proxmox was installed and configured, the administrator rushes
Servers are in different subnets. Proxmox uses corosync to synchronize the settings of cluster nodes. When adding a node to the cluster - error:
Waiting for quorum ... Timed-out waiting for cluster [FAILED]
Admin in a panic
')
Task:
Configure synchronization of Proxmox nodes located in any data center and having an external IP address. Organize a "cluster" in the understanding of Proxmox.
Given:
So, what we have is:
- Proxmox 3.3, the “free” repository,
- Server node number 1:
- dns: node1.example.com
- name: node1
- external ip: 144.76.ab
- Server node 2:
- dns: node2.example.com
- name: node2
- external ip: 144.76.cd
- Cluster:
- name: cluster
- All hosting containers are running on internal subnets of nodes. Cheap, angry, no comment.
We find out that synchronization does not work due to the fact that multicast requests, although sent, are cut by the equipment. Nodes just do not see each other. Also try to use the IP addresses of the available network interfaces for synchronization. Those. or external IP, or IP subnet for VM.
Decision:
We will make multicast requests sent by corosync to go inside the same network for all nodes of the cluster. We will raise our private subnet with OpenVPN and routing.
0. Cleansing
First you need to roll back all the changes made by an unsuccessful attempt to add a node to the cluster. It is assumed that nothing has been configured on "node2" yet, and there was no VM.
- on node1:
pvecm nodes service pve-cluster restart pvecm expected 1 pvecm delnode node2 pvecm cman restart - on node2:
service pve-cluster stop service cman stop rm /etc/cluster/cluster.conf rm -rf /var/lib/pve-cluster rm -rf /var/lib/corosync service pve-cluster start service cman start
1. Network settings within the cluster
For some unification of settings, we will coordinate the following parameters for networks within our future cluster:
- OpenVPN subnet: will be 10.0.0.0/24.
- The node on which the OpenVPN server will work we will call “master”.
- The subnet for containers on the nodes will be: 10. [1-254] .0.0 / 16, where the second octet is the node number.
- Suppose we have VMs with system services, for example, database servers.
I assume in advance that the name-server is configured on the “master”, with a zone, for example, “.hosting.lan”.
This will facilitate the transfer of VMs between nodes. Just change the internal IP after the transfer. - Configure the network interfaces on the Proxmox nodes accordingly. We fix, if necessary, the settings on the VM.
2. Set up the “master” node
2.1 OpenVPN
I will not go into much of the OpenVPN configuration, since articles written a lot. Including on Habré . I will describe only the main features and settings:
- Install:
apt-get install openvpn - Create a file with the settings /etc/openvpn/node1.conf and allow it to run in / etc / default / openvpn
- In the settings file you need to enter the following parameters:
# tap dev tap proto udp # UDP sndbuf 393216 rcvbuf 393216 # server 10.0.0.0 255.255.255.0 # - # corosync vmbr0 route 224.0.0.0 240.0.0.0 10.1.0.1 # VPN route 10.2.0.0 255.255.255.0 10.0.0.2 route 10.3.0.0 255.255.255.0 10.0.0.3 # ... # - client-config-dir clients client-to-client - In the / etc / openvpn / clients directory we create files for the settings of the client nodes:
/etc/openvpn/clients/node2: # 1 — push "route 10.1.0.0 255.255.0.0" # , , 3 — # push "route 10.3.0.0 255.255.0.0" # multicast — VPN master- push "route 224.0.0.0 240.0.0.0" push "dhcp-option DNS 10.0.0.1" push "dhcp-option DOMAIN hosting.lan" push "sndbuf 393216" push "rcvbuf 393216" # tap- — IP + NetMask ifconfig-push 10.0.0.2 255.255.0.0 - Run vpn:
service openvpn restart - Go to the node “node2”, also install openvpn, set the file “master” in / etc / default / openvpn.
You will also need to install the resolvconf package. Unlike the master. Otherwise, magic with domains for the internal network may not work. I also had to copy the original to tail file inside the /etc/resolvconf/resolv.conf.d/ directory. Otherwise, name servers from hetzher were lost.
Depending on the server settings, we create a settings file for the client, which should include the following parameters:/etc/openvpn/master.conf: client dev tap proto udp remote < IP master> - Run vpn:
service openvpn restart
2.2 Host and service settings for the cluster
- At each node, you need to edit the / etc / hosts file and bring it to the following form:
# IPv4 127.0.0.1 localhost.localdomain localhost # external address and domain host
#
# IPv6
:: 1 ip6-localhost ip6-loopback
fe00 :: 0 ip6-localnet
ff00 :: 0 ip6-mcastprefix
ff02 :: 1 ip6-allnodes
ff02 :: 2 ip6-allrouters
ff02 :: 3 ip6-allhosts
xxxx: xxx: xxx: xxxx :: 2 ipv6.node1.example.com ipv6.node1
#
# VPN
10.0.0.1 node1 master cluster
10.0.0.2 node2
# and so for each new node ...
Specifying separately the IP addresses from the VPN subnet for nodes, we force their use, because Proxmox services use short domain names. - On the "master" edit the file /etc/pve/cluster.conf, add the line multicast:
<cman keyfile="/var/lib/pve-cluster/corosync.authkey"> <multicast addr="224.0.2.1"/> </cman>
If the file cannot be saved, then try to restart the service:cd /etc service pve-cluster restart
and try again to edit.
After editing:cd /etc service pve-cluster restart service cman restart - Check the status of "master":
pvecm status
As a result, the following should be seen:... Node ID: 1 Multicast addresses: 224.0.2.1
Node addresses: 10.0.0.1
3. Add a node to the cluster
These settings should already be enough for the cluster to work. Add a node to the cluster according to the instructions from the wiki:
- Go to the node "node2"
- Enter:
pvecm add master
We answer questions, we wait. We see that the quorum is reached.pvecm status... Node ID: 2 Multicast addresses: 224.0.2.1
Node addresses: 10.0.0.2
Result
Positive
- Proxmox sees nodes in a cluster. In theory, you can organize a cluster of nodes located anywhere. It is necessary for the master node to have an “external, white” IP address.
- Settings are synchronized.
- VMs migrate between nodes.
- The speed between the nodes and the “master” can exceed 400Mbit, if you enable compression in OpenVPN. Depends on the data and settings of the external network, of course.
Negative
Alas, not everything is as good as we would like.
- Sometimes the quorum is broken, the settings cease to remain. Restarting cluster services helps - pve-cluster, cman. It is not clear yet, these are problems of corosync or openvpn. In these moments it is very fun to migrate VM.
- The cluster is not exactly a cluster, is it? What happens if the master node goes down? Here we also assign the strictly prescribed IP addresses of the nodes in the VPN, hosts settings.
- Virtual machine traffic between node2 and node3 will go through the master via VPN. Such a scheme will be convenient only for the case when master master VMs and master VMs on additional nodes.
Links
habrahabr.ru/post/233971 - Installation and configuration guide for OpenVPN
pve.proxmox.com/wiki/Proxmox_VE_2.0_Cluster
pve.proxmox.com/wiki/Multicast_notes
www.nedproductions.biz/wiki/configuring-a-proxmox-ve-2.x-cluster-running-over-an-openvpn-intranet
Source: https://habr.com/ru/post/251541/
All Articles