OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Anyone using LB to solve Console Proxy DNS..


Thx Dag, that answers my questions :)

Thx again

On 11 May 2018 at 00:52, Dag Sonstebo <Dag.Sonstebo@xxxxxxxxxxxxx> wrote:

> Hi Andrija,
>
> This is actually using a Netscaler VPX which has the health check function
> built in and allows for a simple IP range specification.
>
> Looking at the HAproxy docs it doesn’t give the impression it can do the
> same so I suspect you may have to just hand crank the config line by line –
> never tried this though so can’t vouch for it:
> https://www.haproxy.com/documentation/aloha/7-0/
> traffic-management/lb-layer7/health-checks/
>
> There’s obviously other options out there as well – pfSense springs to
> mind: https://www.howtoforge.com/how-to-use-pfsense-to-load-
> balance-your-web-servers
>
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
> On 10/05/2018, 23:21, "Andrija Panic" <andrija.panic@xxxxxxxxx> wrote:
>
>     Hi Dag,
>
>     sorry for being a noob - but if you have 1000 (even 200 only) Public
> IPs,
>     do you have some special option (on your special LB)  to add
> :backend/proxy
>     target in a form of a CIDR range, or you need, like in HaProxy to make
> 1000
>     lines with 1000 possible server backedns... ?
>
>     Sorry for boring details, just trying to understand how you do it (pre
> 4.11
>     obviously) when you have a ton of public IPs...
>
>     Thx
>
>
> Dag.Sonstebo@xxxxxxxxxxxxx
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
> On 11 May 2018 at 00:10, Dag Sonstebo <Dag.Sonstebo@xxxxxxxxxxxxx> wrote:
>
>     > Hi Andrija,
>     >
>     > We use your second option – “create a LB (single public IP and thus
> single
>     > DNS A entry), BUT do loadbalancing on top of 1000 backend public
> IPs”.
>     > This depends on which load balancer you use and what functions this
> has
>     > available – but in our case, we simple set up the full public range
> as
>     > possible load balancer targets, with health checks that simply
> determine
>     > which IP addresses actually host a CPVM.
>     >
>     > Regards,
>     > Dag Sonstebo
>     > Cloud Architect
>     > ShapeBlue
>     >
>     > On 10/05/2018, 22:48, "Andrija Panic" <andrija.panic@xxxxxxxxx>
> wrote:
>     >
>     >     Hi Rohit,
>     >
>     >     thx a lot for sharing that - here, if I understand correctly, you
>     > relly on
>     >     the static IP (range) for the systemVM (4.11) - right - and then
> use
>     > LB on
>     >     top of that...
>     >
>     >     But any viable solution for pre-4.11 releases, where CPVM can
> get any
>     > of
>     >     the public IPs - LB is possible but even worse than DNS wildcard
>     > (because
>     >     infinite backends / proxy targets) since we have bunch of
> possible
>     > public
>     >     IP that systemVM can get...
>     >
>     >     Thx again
>     >     Andrija
>     >
>     >
>     > Dag.Sonstebo@xxxxxxxxxxxxx
>     > www.shapeblue.com
>     > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
>     > @shapeblue
>     >
>     >
>     >
>     > On 9 May 2018 at 18:45, Rohit Yadav <rohit.yadav@xxxxxxxxxxxxx>
> wrote:
>     >
>     >     > Hi Andrija,
>     >     >
>     >     >
>     >     > I'm running a small CI/homelab where I've solved the console
> proxy
>     > access
>     >     > using `consoleproxy.url.domain` global setting to fill in a
>     > non-wildcard
>     >     > domain like lab.yadav.cloud.
>     >     >
>     >     >
>     >     > Next, on the server I use apache2 which can be thought as some
> LB,
>     > as it
>     >     > proxies the request on: /aa
>     >     >
>     >     >
>     >     >         ProxyPass /ajax http://<console proxy ip:port>/ajax
>     >     >         ProxyPassReverse /ajax http://<console<http://%
> 3Cconsole/>
>     > proxy
>     >     > ip:port>/ajax
>     >     >
>     >     >         ProxyPass /ajaximg http://<console<http://%3Cconsole/>
> proxy
>     >     > ip:port>/ajaximg
>     >     >         ProxyPassReverse /ajaximg http://<console<http://%
>     > 3Cconsole/>
>     >     > proxy ip:port>/ajaximg
>     >     >
>     >     >         ProxyPass /resource http://<console<http://%
> 3Cconsole/>
>     > proxy
>     >     > ip:port>/resource
>     >     >         ProxyPassReverse /resource http://<console<http://%
>     > 3Cconsole/>
>     >     > proxy ip:port>/resource
>     >     >
>     >     > For any guest VM, I get to access the console proxy via the
> same
>     > domain as
>     >     > the mgmt server which proxies to the CPVM IP. In 4.11 there is
> also
>     > a new
>     >     > option to dedicate a public IP (range) to systemvms in a way
> could be
>     >     > useful to fix public IP - dns mapping.
>     >     >
>     >     >
>     >     > For this to work, on 4.11 I made this change:
>     >     >
>     >     > https://github.com/apache/cloudstack/commit/
>     > 392f62dae0f59b3b00437d61ab8cee
>     >     > 0ebfb9e60a
>     >     >
>     >     >
>     >     > - Rohit
>     >     >
>     >     > <https://cloudstack.apache.org>
>     >     >
>     >     >
>     >     >
>     >     > ________________________________
>     >     > From: Andrija Panic <andrija.panic@xxxxxxxxx>
>     >     > Sent: Sunday, May 6, 2018 4:10:24 AM
>     >     > To: users
>     >     > Subject: Anyone using LB to solve Console Proxy DNS..
>     >     >
>     >     > Hi,
>     >     >
>     >     > instead of using DNS A records in form x-y-w-z.domain.com -->
>     > x.y.w.zz,
>     >     > there is another way as stated in CWIKI to fix an IP/A record
> in DNS
>     > that
>     >     > will point to single public IP of the LB, and this LB should do
>     >     > loadbalancing across all public IPs that could be potentially
>     > assigned to
>     >     > CPVM... or something like that..
>     >     >
>     >     > Anyone using it, and care to share LB setup - specifically I
> would
>     > like to
>     >     > know if I understand the requirement above ^^^  - to do LB on
> top of
>     > many
>     >     > public IPS..
>     >     >
>     >     > Example:
>     >     > I have more than 1000 public IPs and CPVM can in theory get
> ANY of
>     > these
>     >     > 1000 IPs, so here solution is to either:
>     >     >
>     >     > - create 1000 DNS A records in from x-y-w-z.domain.com and
> access
>     > CPVM by
>     >     > some of those 1000 A records..
>     >     > - create a LB (single public IP and thus single DNS A entry),
> BUT do
>     >     > loadbalancing on top of 1000 backend public IPs...
>     >     >
>     >     > Not sure which solution is worse to be honest, but I currently
> use
>     > the
>     >     > first one :) on a dedicated domain for Console Proxy...
> although
>     > when CPVM
>     >     > is destroyed, the same public IP is usually recycled, so it
> mostly
>     > keeps
>     >     > the same always...
>     >     >
>     >     > Thx for any opinions.
>     >     >
>     >     > --
>     >     >
>     >     > Andrija Panić
>     >     >
>     >     > rohit.yadav@xxxxxxxxxxxxx
>     >     > www.shapeblue.com
>     >     > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
>     >     > @shapeblue
>     >     >
>     >     >
>     >     >
>     >     >
>     >
>     >
>     >     --
>     >
>     >     Andrija Panić
>     >
>     >
>     >
>
>
>     --
>
>     Andrija Panić
>
>
>


-- 

Andrija Panić