lab 2 ‐ Clustering Proxmox - PasRP-Theo/Admin-III GitHub Wiki

Group

  • Liam Gérard
  • Théo Mertens
  • Edward Gay
  • Barish Oczelik

Use of AI for formatting the wiki and translation.

Introduction and Scope

This manual details the architecture implemented as well as the administrative methods for:

  • A Proxmox cluster composed of two nodes
  • Network separation for administration, VM migrations, and SAN storage access
  • A pfSense firewall ensuring protection of the virtual machine network
  • A bastion host providing access from the management network

Network Architecture

Overview

The infrastructure is based on two Proxmox hypervisors (hyps4163 and hyps4162) organized in a cluster. Four distinct network segments have been configured:

  • StuMgm: dedicated management and administration network
  • StuMig: optimized channel for live migrations and inter-cluster traffic
  • StuSAN: storage backbone for virtual disk access
  • VMStuNet: virtual machine network, secured through pfSense

The pfSense firewall ensures segmentation and enforcement of security policies. Administrative access is performed via a bastion server located in the management network.

IP Addressing Plan

StuMgm Network (Management)

Device IP Address
hyps4161 172.31.80.16
hyps4162 172.31.80.116
hyps4163 172.31.80.216
jmps0001 172.31.80.116

StuMig Network (Migration)

Device IP Address
hyps4163 10.250.1.16
hyps4162 10.250.1.116

StuSAN Network (Storage)

Device IP Address
hyps4163 10.250.0.16
hyps4162 10.250.0.116
SAN 10.250.0.205

Role Definitions

  • hyps4163 & hyps4162: Proxmox VE nodes forming the cluster
  • fwns4163: pfSense firewall securing the VM network
  • jmps0001: Bastion server providing secure administrative access
  • zucchini & mango: Test virtual machines

Administration Procedures

Proxmox Cluster Configuration

  1. Go to Datacenter > Cluster > Create cluster
  2. Copy the generated configuration information
  3. Connect to the second hypervisor
  4. Join the cluster using the copied configuration details

Migration Network Configuration

  1. Navigate to Datacenter > Options > Migration Settings
  2. Type: Secure
  3. Network: 10.250.1.16/24
  4. Verify the vmbr1 IP addresses on each node

SAN Storage Integration

Adding the iSCSI Target

  1. Datacenter > Storage > Add > iSCSI
  2. Portal: 10.250.0.216
  3. Enable for both nodes

Configuring the LVM Volume

  1. Datacenter > Storage > Add > LVM
  2. Select the detected iSCSI volume group
  3. Name the pool: vmdata
  4. Allowed content: Disk image, Container

Validation Proxmox Cluster