ClusterControl across multiple datacenters
There seems to be some discrepancies between what Several Nines says it can do versus what it actually can do. But perhaps I am looking at this wrong.
Problem: I have multiple datacenters that I am looking at running Galera Clusters. According to this article it is possible:
In my readings on the subject, I have found places where Several Nines shows an image layout of the configuration, in generally, you have Wan -> Firewall -> Cluster Control -> Firewall ->Galera Cluster Nodes. Yes, NODES (more then one).
However, I do not see how this is possible to have 1 Firewall and a Galera Cluster given that ClusterControl requires that all SSH connections use the same port, as well as all database connections. How can you have 1 firewall and multiple nodes without using seperate port numbers for the services?
Where it was mentioned all nodes need same SSH port and DB port:
https://support.severalnines.com/hc/en-us/community/posts/360043453932-Adding-two-nodes-with-different-SSH-ports-
The only options I see are:
Large pool of public IP addresses at each datacenter, with each node have its own firewall, the public IPs pointing to each firewall
I am not fully up on VPN, but another options would be to VPN all the datacenters, but you would still need a firewall for each node, versus setting the cluster behind 1 firewall.
Am I missing something?
-
Took a bit of fiddling but I managed to learn how to setup a Multi Site N2N VPN that allowed me to do what I was looking for. For anyone interested in Multi Site N2N VPN, I found that I could not get it to work with IPFire (probably a lack of understanding of the config files and what "Global Settings" means). PFSense however, worked flawlessly and they even have a nice tutorial on how to setup SSL/TLS versus just using the publickey method.
https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html
Please sign in to leave a comment.
Comments
2 comments