Thx Dag, that answers my questions :) Thx again
On 11 May 2018 at 00:52, Dag Sonstebo <dag.sonst...@shapeblue.com> wrote: > Hi Andrija, > > This is actually using a Netscaler VPX which has the health check function > built in and allows for a simple IP range specification. > > Looking at the HAproxy docs it doesn’t give the impression it can do the > same so I suspect you may have to just hand crank the config line by line – > never tried this though so can’t vouch for it: > https://www.haproxy.com/documentation/aloha/7-0/ > traffic-management/lb-layer7/health-checks/ > > There’s obviously other options out there as well – pfSense springs to > mind: https://www.howtoforge.com/how-to-use-pfsense-to-load- > balance-your-web-servers > > > Regards, > Dag Sonstebo > Cloud Architect > ShapeBlue > > On 10/05/2018, 23:21, "Andrija Panic" <andrija.pa...@gmail.com> wrote: > > Hi Dag, > > sorry for being a noob - but if you have 1000 (even 200 only) Public > IPs, > do you have some special option (on your special LB) to add > :backend/proxy > target in a form of a CIDR range, or you need, like in HaProxy to make > 1000 > lines with 1000 possible server backedns... ? > > Sorry for boring details, just trying to understand how you do it (pre > 4.11 > obviously) when you have a ton of public IPs... > > Thx > > > dag.sonst...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > > On 11 May 2018 at 00:10, Dag Sonstebo <dag.sonst...@shapeblue.com> wrote: > > > Hi Andrija, > > > > We use your second option – “create a LB (single public IP and thus > single > > DNS A entry), BUT do loadbalancing on top of 1000 backend public > IPs”. > > This depends on which load balancer you use and what functions this > has > > available – but in our case, we simple set up the full public range > as > > possible load balancer targets, with health checks that simply > determine > > which IP addresses actually host a CPVM. > > > > Regards, > > Dag Sonstebo > > Cloud Architect > > ShapeBlue > > > > On 10/05/2018, 22:48, "Andrija Panic" <andrija.pa...@gmail.com> > wrote: > > > > Hi Rohit, > > > > thx a lot for sharing that - here, if I understand correctly, you > > relly on > > the static IP (range) for the systemVM (4.11) - right - and then > use > > LB on > > top of that... > > > > But any viable solution for pre-4.11 releases, where CPVM can > get any > > of > > the public IPs - LB is possible but even worse than DNS wildcard > > (because > > infinite backends / proxy targets) since we have bunch of > possible > > public > > IP that systemVM can get... > > > > Thx again > > Andrija > > > > > > dag.sonst...@shapeblue.com > > www.shapeblue.com > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > > @shapeblue > > > > > > > > On 9 May 2018 at 18:45, Rohit Yadav <rohit.ya...@shapeblue.com> > wrote: > > > > > Hi Andrija, > > > > > > > > > I'm running a small CI/homelab where I've solved the console > proxy > > access > > > using `consoleproxy.url.domain` global setting to fill in a > > non-wildcard > > > domain like lab.yadav.cloud. > > > > > > > > > Next, on the server I use apache2 which can be thought as some > LB, > > as it > > > proxies the request on: /aa > > > > > > > > > ProxyPass /ajax http://<console proxy ip:port>/ajax > > > ProxyPassReverse /ajax http://<console<http://% > 3Cconsole/> > > proxy > > > ip:port>/ajax > > > > > > ProxyPass /ajaximg http://<console<http://%3Cconsole/> > proxy > > > ip:port>/ajaximg > > > ProxyPassReverse /ajaximg http://<console<http://% > > 3Cconsole/> > > > proxy ip:port>/ajaximg > > > > > > ProxyPass /resource http://<console<http://% > 3Cconsole/> > > proxy > > > ip:port>/resource > > > ProxyPassReverse /resource http://<console<http://% > > 3Cconsole/> > > > proxy ip:port>/resource > > > > > > For any guest VM, I get to access the console proxy via the > same > > domain as > > > the mgmt server which proxies to the CPVM IP. In 4.11 there is > also > > a new > > > option to dedicate a public IP (range) to systemvms in a way > could be > > > useful to fix public IP - dns mapping. > > > > > > > > > For this to work, on 4.11 I made this change: > > > > > > https://github.com/apache/cloudstack/commit/ > > 392f62dae0f59b3b00437d61ab8cee > > > 0ebfb9e60a > > > > > > > > > - Rohit > > > > > > <https://cloudstack.apache.org> > > > > > > > > > > > > ________________________________ > > > From: Andrija Panic <andrija.pa...@gmail.com> > > > Sent: Sunday, May 6, 2018 4:10:24 AM > > > To: users > > > Subject: Anyone using LB to solve Console Proxy DNS.. > > > > > > Hi, > > > > > > instead of using DNS A records in form x-y-w-z.domain.com --> > > x.y.w.zz, > > > there is another way as stated in CWIKI to fix an IP/A record > in DNS > > that > > > will point to single public IP of the LB, and this LB should do > > > loadbalancing across all public IPs that could be potentially > > assigned to > > > CPVM... or something like that.. > > > > > > Anyone using it, and care to share LB setup - specifically I > would > > like to > > > know if I understand the requirement above ^^^ - to do LB on > top of > > many > > > public IPS.. > > > > > > Example: > > > I have more than 1000 public IPs and CPVM can in theory get > ANY of > > these > > > 1000 IPs, so here solution is to either: > > > > > > - create 1000 DNS A records in from x-y-w-z.domain.com and > access > > CPVM by > > > some of those 1000 A records.. > > > - create a LB (single public IP and thus single DNS A entry), > BUT do > > > loadbalancing on top of 1000 backend public IPs... > > > > > > Not sure which solution is worse to be honest, but I currently > use > > the > > > first one :) on a dedicated domain for Console Proxy... > although > > when CPVM > > > is destroyed, the same public IP is usually recycled, so it > mostly > > keeps > > > the same always... > > > > > > Thx for any opinions. > > > > > > -- > > > > > > Andrija Panić > > > > > > rohit.ya...@shapeblue.com > > > www.shapeblue.com > > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > > > @shapeblue > > > > > > > > > > > > > > > > > > -- > > > > Andrija Panić > > > > > > > > > -- > > Andrija Panić > > > -- Andrija Panić
