Proxmox Clusters
Proxmox clustering plan for both sites: cluster names, node membership, the IP and /etc/hosts prerequisites, dedicated Corosync on VLAN 25, and the phased build order.
Two independent Proxmox clusters — sa-pve at Site A and sb-pve at Site B — form the compute foundation of this homelab. This page covers cluster membership, the prerequisites that must be met before forming each cluster, the Corosync heartbeat network, and the steps to bring both clusters up.
Cluster Overview
One Proxmox cluster per site. The clusters are completely independent and must never share nodes or run Corosync across the WireGuard tunnel or WAN link.
One cluster per site — no cross-WAN clustering
One Proxmox cluster per site: sa-pve at Site A, sb-pve at Site B. Never stretch a Proxmox cluster across WAN or WireGuard. Corosync requires LAN-like latency; a cross-site cluster risks split-brain and quorum instability.
| Site | Cluster | Nodes | Create First On |
|---|---|---|---|
| Site A | sa-pve | sa-edge-01, sa-cmp-01, sa-cmp-02, sa-stor-01 | sa-stor-01 |
| Site B | sb-pve | sb-edge-01, sb-cmp-01, sb-cmp-02, sb-cmp-03, sb-cmp-04, sb-cmp-05 | sb-cmp-01 |
Prerequisites Before Clustering
Clustering must not begin until every node in the site meets all conditions below. Clustering with bootstrap or mismatched IPs requires destructive remediation.
Cluster only after every node has its final IP and correct /etc/hosts
Only create or join a cluster after every node in the site has its final 10.x.20.x Proxmox Management (VLAN 20) address and /etc/hosts lists all cluster peers by name and final IP. Never cluster from a bootstrap 192.168.x.x address.
Never join nodes across sites
sa-pve nodes and sb-pve nodes must never be joined to each other. Never run Corosync over WireGuard or WAN.
Node IP Reference
| Node | Site | Proxmox Mgmt IP (VLAN 20) | Bootstrap IP |
|---|---|---|---|
sa-stor-01 | Site A | 10.10.20.20 | 192.168.1.20 |
sa-edge-01 | Site A | 10.10.20.10 | 192.168.1.10 |
sa-cmp-01 | Site A | 10.10.20.11 | 192.168.1.11 |
sa-cmp-02 | Site A | 10.10.20.12 | 192.168.1.12 |
sb-cmp-01 | Site B | 10.20.20.20 | 192.168.16.20 |
sb-edge-01 | Site B | 10.20.20.10 | 192.168.16.10 |
sb-cmp-02 | Site B | 10.20.20.21 | 192.168.16.21 |
sb-cmp-03 | Site B | 10.20.20.30 | 192.168.16.30 |
sb-cmp-04 | Site B | 10.20.20.31 | 192.168.16.31 |
sb-cmp-05 | Site B | 10.20.20.32 | 192.168.16.32 |
Bootstrap 192.168.1.0/24 is the live Site A UniFi LAN. Confirm bootstrap IP assignments do not collide with the UniFi DHCP pool or existing reservations before assigning them.
Corosync Network (VLAN 25)
Corosync heartbeat traffic runs on dedicated VLAN 25 (Corosync heartbeat) interfaces, one per site. VLAN 25 carries no default gateway and uses standard 1500-byte MTU.
| VLAN | Name | Site A subnet | Site B subnet | Gateway |
|---|---|---|---|---|
| 25 | Corosync heartbeat | 10.10.25.0/24 | 10.20.25.0/24 | no GW |
Corosync stays on VLAN 25 — no WAN, no WireGuard, no jumbo frames
Run Corosync only on the local VLAN 25 interface. Never route Corosync over WireGuard or WAN. Never enable jumbo frames (MTU 9000) on VLAN 25; standard 1500 MTU only.
sa-stor-01 Corosync wiring
sa-stor-01 (5049A-T / X11SPA-T) has one onboard 1GbE (Intel i210, the red RJ45) used for Proxmox management. Its onboard 10G port (Aquantia AQC107) is deliberately avoided for critical traffic due to atlantic driver instability under Linux/Proxmox. Corosync on sa-stor-01 stays tagged on the XL710 add-in card port 1 alongside VLAN 30 rather than on a dedicated link.
E200 Cluster Membership
Both sa-edge-01 and sb-edge-01 (Supermicro SYS-E200-8D) join their local cluster. The OPNsense VM on each E200 must remain pinned and must not be HA-migrated.
OPNsense VM stays pinned to its local E200 — no HA migration
sa-fw-01 stays on sa-edge-01; sb-fw-01 stays on sb-edge-01. Never enable automatic HA migration for these VMs. Migrating the firewall VM disrupts all cluster network traffic that routes through it.
Suitable E200 workloads
In addition to OPNsense, the E200 can host lightweight VMs: DNS helper, UniFi controller, WireGuard helper, small reverse proxy, monitoring agent. Avoid heavy databases, Ceph OSDs, or anything that competes with OPNsense for CPU or memory.
Build Order
The steps below correspond to Phase 6 of the full Build Phases sequence. Phases 1–5 (hardware prep, Proxmox install on bootstrap IPs, OPNsense/VLAN configuration, switch configuration, and IP migration to final 10.x.20.x addresses) must be complete before starting here.
Phase 6A — Site A (sa-pve)
- Confirm all four
sa-pvenodes are reachable on their final VLAN 20 addresses and that/etc/hostslists all peers. - Create the cluster on
sa-stor-01using cluster namesa-pve. - Join
sa-edge-01to the cluster. - Join
sa-cmp-01to the cluster. - Join
sa-cmp-02to the cluster. - Verify quorum — all four nodes must be online with quorum before proceeding.
Phase 6B — Site B (sb-pve)
- Confirm all six
sb-pvenodes are reachable on their final VLAN 20 addresses and that/etc/hostslists all peers. - Create the cluster on
sb-cmp-01using cluster namesb-pve. - Join
sb-edge-01to the cluster. - Join
sb-cmp-02to the cluster. - Join
sb-cmp-03,sb-cmp-04,sb-cmp-05to the cluster. - Verify quorum — all six nodes must be online with quorum before proceeding.
Confirm quorum before storage bring-up
Cluster quorum must be stable at each site before provisioning ZFS on Site A or Ceph on Site B. Storage bring-up is Phase 9; quorum verification is the gate between Phase 6 and later phases.
Related Pages
- Architecture Overview — site roles and topology
- Site A ZFS — ZFS mirror vdevs on
sa-stor-01 - Site B Ceph — Ceph across all Site B nodes
- Proxmox Backup Server — Proxmox Backup Server and cross-site replication
- Build Phases — full ordered build sequence
- IP Tables — per-host Proxmox Management IPs