[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Anyone using LB to solve Console Proxy DNS..

Hi Andrija,

We use your second option – “create a LB (single public IP and thus single DNS A entry), BUT do loadbalancing on top of 1000 backend public IPs”.
This depends on which load balancer you use and what functions this has available – but in our case, we simple set up the full public range as possible load balancer targets, with health checks that simply determine which IP addresses actually host a CPVM.

Dag Sonstebo
Cloud Architect

On 10/05/2018, 22:48, "Andrija Panic" <andrija.panic@xxxxxxxxx> wrote:

    Hi Rohit,
    thx a lot for sharing that - here, if I understand correctly, you relly on
    the static IP (range) for the systemVM (4.11) - right - and then use LB on
    top of that...
    But any viable solution for pre-4.11 releases, where CPVM can get any of
    the public IPs - LB is possible but even worse than DNS wildcard (because
    infinite backends / proxy targets) since we have bunch of possible public
    IP that systemVM can get...
    Thx again
53 Chandos Place, Covent Garden, London  WC2N 4HSUK

On 9 May 2018 at 18:45, Rohit Yadav <rohit.yadav@xxxxxxxxxxxxx> wrote:
    > Hi Andrija,
    > I'm running a small CI/homelab where I've solved the console proxy access
    > using `consoleproxy.url.domain` global setting to fill in a non-wildcard
    > domain like lab.yadav.cloud.
    > Next, on the server I use apache2 which can be thought as some LB, as it
    > proxies the request on: /aa
    >         ProxyPass /ajax http://<console proxy ip:port>/ajax
    >         ProxyPassReverse /ajax http://<console<http://%3Cconsole/> proxy
    > ip:port>/ajax
    >         ProxyPass /ajaximg http://<console<http://%3Cconsole/> proxy
    > ip:port>/ajaximg
    >         ProxyPassReverse /ajaximg http://<console<http://%3Cconsole/>
    > proxy ip:port>/ajaximg
    >         ProxyPass /resource http://<console<http://%3Cconsole/> proxy
    > ip:port>/resource
    >         ProxyPassReverse /resource http://<console<http://%3Cconsole/>
    > proxy ip:port>/resource
    > For any guest VM, I get to access the console proxy via the same domain as
    > the mgmt server which proxies to the CPVM IP. In 4.11 there is also a new
    > option to dedicate a public IP (range) to systemvms in a way could be
    > useful to fix public IP - dns mapping.
    > For this to work, on 4.11 I made this change:
    > https://github.com/apache/cloudstack/commit/392f62dae0f59b3b00437d61ab8cee
    > 0ebfb9e60a
    > - Rohit
    > <https://cloudstack.apache.org>
    > ________________________________
    > From: Andrija Panic <andrija.panic@xxxxxxxxx>
    > Sent: Sunday, May 6, 2018 4:10:24 AM
    > To: users
    > Subject: Anyone using LB to solve Console Proxy DNS..
    > Hi,
    > instead of using DNS A records in form x-y-w-z.domain.com --> x.y.w.zz,
    > there is another way as stated in CWIKI to fix an IP/A record in DNS that
    > will point to single public IP of the LB, and this LB should do
    > loadbalancing across all public IPs that could be potentially assigned to
    > CPVM... or something like that..
    > Anyone using it, and care to share LB setup - specifically I would like to
    > know if I understand the requirement above ^^^  - to do LB on top of many
    > public IPS..
    > Example:
    > I have more than 1000 public IPs and CPVM can in theory get ANY of these
    > 1000 IPs, so here solution is to either:
    > - create 1000 DNS A records in from x-y-w-z.domain.com and access CPVM by
    > some of those 1000 A records..
    > - create a LB (single public IP and thus single DNS A entry), BUT do
    > loadbalancing on top of 1000 backend public IPs...
    > Not sure which solution is worse to be honest, but I currently use the
    > first one :) on a dedicated domain for Console Proxy... although when CPVM
    > is destroyed, the same public IP is usually recycled, so it mostly keeps
    > the same always...
    > Thx for any opinions.
    > --
    > Andrija Panić
    > rohit.yadav@xxxxxxxxxxxxx
    > www.shapeblue.com
    > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
    > @shapeblue
    Andrija Panić