Trying to secure the drbd-network of proxmox cluster

LINBIT SDS Integrations Proxmox VE
, ,
1

Hello everybody,

am trying to secure the drbd. i have used this guide:

security-best-practices-for-linstor-software-defined-storage-clusters

i stucked on the point Securing the LINSTOR Controller’s REST API

i can not get into the drbd_storage on proxmox since i configured the https API. I found the following in the logs:

:~# journalctl -u pvestatd -n 50 --no-pager

API Return-Code: 302. Message: Could not query all size infos for res groups, because:
                                         <html>
                                         <head><title>Document moved</title></head>
                                         <body><h1>Document moved</h1>
                                         This document has moved <a href="https://172.16.222.254:3371/v1/queries/resource-groups/query-all-size-info">here</a>.<p>
                                         </body>
                                         </html>

my storage.cfg file is looking like this:

drbd: drbd_storage
        content rootdir,images
        controller 172.16.222.254 #Virtual_IP
        resourcegroup pve-rg

By the way i did not deactive the http api. In this case the connections will be redirected to https.

my goal is to secure my DRBD-Network api, drbd-replication and the communication between the nodes over ssl

i am glad to hear your advice. :slight_smile:

Best Regards
Youzersef

2

I am also trying to figure this out as well. I have a vip and certs setup but I can’t figure out how to get proxmox to use the ssl connection

3

I was able to figure this out by adding the following cert info to storage.cfg

drbd: linstor
    resourcegroup pve-rg

    content rootdir,images

    controller 172.17.0.10

    apicrt /etc/linstor/ssl/linstor_controller_crt.pem

    apikey /etc/linstor/ssl/linstor_controller_prv.pem

    apica  /etc/linstor/ssl/ca_crt.pem
1 Like
4

i will test it today :smiley: thank you for sharing your solution