Configure and connect fence device through proxy server?

Question

I'm setting up a cluster with Pacemaker and Corosync (from Clusterlabs). It works fine but i need to configure the fencing.

Servers run on a VMWare ESXi infrastructure.
I have a frontend server (with an public IP address) configured with Nginx as a reverse proxy. And 2 backend nodes on a private network.
The 2 nodes are connected to the internet via a proxy server (Squid) to access the web.

I tried a connection with fence_vmware_soap but it doesn't work through the proxy server (by setting http_proxy variables). I don't know how to configure fencing ? Maybe with an other agent ?

Thanks for your help.

score 0 · Answer 1 · answered Sep 17 '22 at 13:47

I didn't find answer about proxy.

Just redirect traffic by using the proxy server as gateway. Solution used here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-configuring_nat_using_nftables#sec-Configuring_source_NAT_using_nftables

nft add table MY_RULE
nft -- add chain MY_RULE prerouting { type nat hook prerouting priority -100 \; }
nft add chain MY_RULE postrouting { type nat hook postrouting priority 100 \; }

nft add rule MY_RULE postrouting oifname "ens192" snat to ip_public_server_proxy

echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/95-IPv4-forwarding.conf
sysctl -p /etc/sysctl.d/95-IPv4-forwarding.conf

Configure and connect fence device through proxy server?

1 Answers1