Poor Man’s Proxmox Cluster


Create an additional vmbr

# for Routing
auto vmbr1
iface vmbr1 inet static
bridge_ports dummy0
bridge_stp off
bridge_fd 0
ifdown vmbr1 && ifup vmbr1


apt-get install tinc -y
mkdir -p /etc/tinc/vpn/hosts
cat > /etc/tinc/vpn/tinc.conf <<EOF
Name = server1
AddressFamily = ipv4
Device = /dev/net/tun
Mode = switch
ConnectTo =
cat > /etc/tinc/vpn/hosts/server1 <<EOF
Address =
Port = 655
Compression = 0
tincd -n vpn -K4096
cat > /etc/tinc/vpn/tinc-up <<EOF
# Attach the 'vpn' interface to vmbr1
/sbin/ifconfig vpn up
/sbin/brctl addif vmbr1 vpn
# Set a multicast route over vmbr1
/sbin/route add -net netmask dev vmbr1
# To allow VMs on a private IP to access the Internet (via vmbr0):
/sbin/iptables -t nat -A POSTROUTING -o vmbr0 -j MASQUERADE
# To allow IP forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
# To limit the chance of Corosync Totem re-transmission issues:
echo 0 > /sys/devices/virtual/net/vmbr1/bridge/multicast_snooping
cat > /etc/tinc/vpn/tinc-down <<EOF
/sbin/route del -net netmask dev vmbr1
/sbin/brctl delif vmbr1 vpn
/sbin/ifconfig vpn down
echo 0 > /proc/sys/net/ipv4/ip_forward
chmod +x /etc/tinc/vpn/tinc-up
chmod +x /etc/tinc/vpn/tinc-down
echo "vpn" >> /etc/tinc/nets.boot
service tinc restart
ping -c3

Forcing the private IP address

cat > /etc/host.conf <<EOF
order hosts, bind
multi on

# Original:
# server1
# Ours: server1

Create the cluster

pvecm create <arbitrary-name>
~# pvecm status

Node name: server1
Node ID: 1

Node addresses:

Adding servers to the cluster

cat >> /etc/hosts <<EOF server2
cat >> /etc/hosts <<EOF server1
pvecm add server1
pvecm nodes

Containers and VMs

Final notes

iptables -A FORWARD -p tcp -i vmbr0 -d — dport 25 -m state — state NEW,ESTABLISHED,RELATED -j ACCEPTiptables -t nat -A PREROUTING -i vmbr0 -p tcp — dport 25 -j DNAT — to-destination



