We have recently installed Open OnDemand 3.0 on a new HPC cluster we are installing. We have installed the framework on two nodes that serve as an HA active-passive failover behind a Netscaler network load balancer, and we are orchestrating the failover itself from within Bright Cluster Manager. The failover seems to work without issue, but I am interested in using the Maintenance Mode feature so that the admin team can have continued access to OOD whenever we are doing maintenance. The problem we are having, though, is that even though we have enabled X-Forwarded-For on the load balancer and configured Apache to accommodate it, traffic coming to OOD still appears to be coming from the load balancer IP address, and thus enabling Maintenance Mode locks everyone out, despite having client IP addresses in the maintenance_ip_allowlist. Has anyone else done anything similar to this and been able to make it work, and if so, how is it done?
so that it should be logging client IP addresses instead of the load balancer’s address. That only partially works, though - if I’m accessing OOD from our campus network, my client IP address is logged, but when connected via VPN, I still see the load balancer’s IP being logged. I’m not sure what the reason is, since VPN connectivity should mean that I am effectively on the campus network. Seems like really odd behavior to me.