Maintenance Mode when accessing Open OnDemand through a network load balancer


We have recently installed Open OnDemand 3.0 on a new HPC cluster we are installing. We have installed the framework on two nodes that serve as an HA active-passive failover behind a Netscaler network load balancer, and we are orchestrating the failover itself from within Bright Cluster Manager. The failover seems to work without issue, but I am interested in using the Maintenance Mode feature so that the admin team can have continued access to OOD whenever we are doing maintenance. The problem we are having, though, is that even though we have enabled X-Forwarded-For on the load balancer and configured Apache to accommodate it, traffic coming to OOD still appears to be coming from the load balancer IP address, and thus enabling Maintenance Mode locks everyone out, despite having client IP addresses in the maintenance_ip_allowlist. Has anyone else done anything similar to this and been able to make it work, and if so, how is it done?

Thank you,


Sounds like turning this module on may help? I’m not familiar with it, but it seems to be what you’d want.

I already enabled mod_remoteip as well as mod_headers. And I modified the LogFormat directive in apache2.conf from:

LogFormat “%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"” combined


LogFormat “%a %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"” combined

so that it should be logging client IP addresses instead of the load balancer’s address. That only partially works, though - if I’m accessing OOD from our campus network, my client IP address is logged, but when connected via VPN, I still see the load balancer’s IP being logged. I’m not sure what the reason is, since VPN connectivity should mean that I am effectively on the campus network. Seems like really odd behavior to me.



This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.