This describes how to install and configure the OpenStack Load-balancer service(Octavia) on top of the Minimal deployment for Stein for Ubuntu. This is based on the octavia devstack plugin.
Note: I contributed Octavia installation guide to the community based on this article. Please visit Install and configure for Ubuntu!
Prerequites
Before you install and configure the service, you must create a database, service credentials, and API endpoints.
Create the database
mysql> CREATE DATABASE octavia;
mysql> CREATE USER ‘octavia’@’localhost’ IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON octavia.* TO ‘octavia’@’localhost’;
mysql> GRANT ALL PRIVILEGES ON octavia.* TO 'octavia'@'%' IDENTIFIED BY 'password';
mysql>flush PRIVILEGES;
Create the octavia user
$ source admin-openrc.sh
$ openstack user create --domain default --password-prompt octavia
$ openstack role add --project service --user octavia admin
Create the service entry and endpoints
$ source admin-openrc.sh
$ openstack service create --name octavia --description "OpenStack Octavia" load-balancer
$ openstack endpoint create --region RegionOne octavia public http://<controller>:9876
$ openstack endpoint create --region RegionOne octavia internal http://<controller>:9876
$ openstack endpoint create --region RegionOne octavia admin http://<controller>:9876
Octavia deploys amphora based on a virtual machine disk image. you must create the disk image, upload the image to Glance and configure a Nova flavor to use for amphora.
Create the amphora image
$ git clone https://github.com/openstack/octavia.git
$ sudo apt update
$ sudo apt install tox qemu-utils git kpartx debootstrap
$ cd octavia/diskimage-create
$ tox -e build
Upload the amphora image
Create octavia-openrc.sh file.
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=service
export OS_USERNAME=octavia
export OS_PASSWORD=<password>
export OS_AUTH_URL=http://<controller>:5000
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export OS_VOLUME_API_VERSION=3
$ source octavia-openrc.sh
$ openstack image create --disk-format qcow2 --container-format bare --public --tag amphora --file amphora-x64-haproxy.qcow2 amphora-x64-haproxy
Create a flavor for the amphora image
$ source octavia-openrc.sh
$ openstack flavor create --id 200 --vcpus 2 --ram 1024 --disk 10 "amphora" --public
Install and configure components
Install packages
$ sudo apt install octavia-api octavia-health-manager octavia-housekeeping octavia-worker python3-octavia python3-octaviaclient
If ocatavia-common package asks you to configure, choose No.
Create the certificates
$ sudo mkdir /etc/octavia/certs
$ sudo /home/ubuntu/octavia/bin/create_certificates.sh /etc/octavia/certs /home/ubuntu/octavia/etc/certificates/openssl.cnf
Create security groups
$ source octavia-openrc.sh
$ openstack security group create lb-mgmt-sec-grp
$ openstack security group rule create --protocol icmp lb-mgmt-sec-grp
$ openstack security group rule create --protocol tcp --dst-port 22 lb-mgmt-sec-grp
$ openstack security group rule create --protocol tcp --dst-port 9443 lb-mgmt-sec-grp
$ openstack security group create lb-health-mgr-sec-grp
$ openstack security group rule create --protocol udp --dst-port 5555 lb-health-mgr-sec-grp
Create a key pair for logining to the amphora instance
$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
Create a network
OCTAVIA_MGMT_SUBNET=172.16.0.0/12
OCTAVIA_MGMT_SUBNET_START=172.16.0.100
OCTAVIA_MGMT_SUBNET_END=172.16.31.254
OCTAVIA_MGMT_PORT_IP=172.16.0.2
openstack network create lb-mgmt-net
openstack subnet create --subnet-range $OCTAVIA_MGMT_SUBNET --allocation-pool start=$OCTAVIA_MGMT_SUBNET_START,end=$OCTAVIA_MGMT_SUBNET_END --network lb-mgmt-net lb-mgmt-subnet
SUBNET_ID=$(openstack subnet show lb-mgmt-subnet -f value -c id)
PORT_FIXED_IP="--fixed-ip subnet=$SUBNET_ID,ip-address=$OCTAVIA_MGMT_PORT_IP"
MGMT_PORT_ID=$(openstack port create --security-group lb-health-mgr-sec-grp --device-owner Octavia:health-mgr --host=$(hostname) -c id -f value --network lb-mgmt-net $PORT_FIXED_IP octavia-health-manager-listen-port)
MGMT_PORT_MAC=$(openstack port show -c mac_address -f value $MGMT_PORT_ID)
MGMT_PORT_IP=$(openstack port show -f value -c fixed_ips $MGMT_PORT_ID | awk '{FS=",| "; gsub(",",""); gsub("'\''",""); for(i = 1; i <= NF; ++i) {if ($i ~ /^ip_address/) {n=index($i, "="); if (substr($i, n+1) ~ "\\.") print substr($i, n+1)}}}')
sudo ip link add o-hm0 type veth peer name o-bhm0
NETID=$(openstack network show lb-mgmt-net -c id -f value)
BRNAME=brq$(echo $NETID|cut -c 1-11)
sudo brctl addif $BRNAME o-bhm0
sudo ip link set o-bhm0 up
sudo ip link set dev o-hm0 address $MGMT_PORT_MAC
sudo iptables -I INPUT -i o-hm0 -p udp --dport 5555 -j ACCEPT
sudo dhclient -v o-hm0
Edit the /etc/octavia/octavia.conf file
[DEFAULT] transport_url=rabbit://openstack:<password>@<controller> [api_settings] bind_host = 0.0.0.0 bind_port = 9876 [database] connection = mysql+pymysql://octavia:<password>@<controller>/octavia [health_manager] event_streamer_driver = noop_event_streamer heartbeat_key = insecure controller_ip_port_list = 127.0.0.1:5555 bind_ip = 127.0.0.1 bind_port = 5555 [keystone_authtoken] www_authenticate_uri = http://</controller><controller>:5000 auth_url = http://</controller><controller>:5000 username = octavia password = <password> project_name = service project_domain_name = Default user_domain_name = Default auth_type = password [certificates] ca_certificate = /etc/octavia/certs/ca_01.pem ca_private_key = /etc/octavia/certs/private/cakey.pem ca_private_key_passphrase = foobar [anchor] [networking] [haproxy_amphora] bind_host = 0.0.0.0 bind_port = 9443 client_cert = /etc/octavia/certs/client.pem server_ca = /etc/octavia/certs/ca_01.pem base_path = /var/lib/octavia base_cert_dir = /var/lib/octavia/certs connection_max_retries = 1500 connection_retry_interval = 1 rest_request_conn_timeout = 10 rest_request_read_timeout = 120 [controller_worker] amp_image_tag = amphora amp_ssh_key_name = mykey amp_secgroup_list = <lb -mgmt-sec-grp_id> amp_boot_network_list = </lb><lb -mgmt-net_id> amp_flavor_id = 200 network_driver = allowed_address_pairs_driver compute_driver = compute_nova_driver amphora_driver = amphora_haproxy_rest_driver loadbalancer_topology = SINGLE [task_flow] [oslo_messaging] rpc_thread_pool_size = 2 topic = octavia_prov event_stream_transport_url = rabbit://openstack:<password>@<controller> [house_keeping] [amphora_agent] [keepalived_vrrp] [service_auth] auth_url = http://</controller><controller>:5000 username = octavia password = <password> project_name = service project_domain_name = Default user_domain_name = Default auth_type = password
Initialize the database
$ sudo octavia-db-manage upgrade head
Finalize installation
Restart the services:
$ sudo sytemctl restart octavia-api octavia-health-manager octavia-housekeeping octavia-worker
Test deployment
Add load-balancer_member role to non admin user for creating lb etc.
You need to add load-balancer_member role if non admin user wants to use loadbalancer service.
$ openstack role create load-balancer_member
$ openstack role add --user <user_id> --project <project_id> <load-balancer_member_id>
Deploy a basic HTTP load balancer using a floating IP
This is based on Deploy a basic HTTP load balancer using a floating IP
Prerequisites
$ source demo-openrc.sh
$ openstack security group create web
$ openstack security group rule create --protocol tcp --dst-port 80 web
$ openstack server create --flavor small --image bionic --nic net-id=<demo-net_id> --security-group default --security-group web --key-name mykey backend1
$ openstack server create --flavor small --image bionic --nic net-id=<demo-net_id> --security-group default --security-group web --key-name mykey backend2
$ openstack floating ip create provider
$ openstack server add floating ip backend1 <floating ip>
$ openstack floating ip create provider
$ openstack server add floating ip backend2 <floating ip>
Login both backend1 and backend2 and install apache2.
These floating ips are just for installing apache2, not used for load balancing.
Deploy a load balancer
$ openstack loadbalancer create --name lb1 --vip-subnet-id <demo-net_name>
$ openstack loadbalancer show lb1
$ openstack loadbalancer listener create --name listener1 --protocol HTTP --protocol-port 80 lb1
$ openstack loadbalancer pool create --name pool1 --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP
$ openstack loadbalancer healthmonitor create --delay 5 --max-retries 4 --timeout 10 --type HTTP --url-path / pool1
$ openstack loadbalancer member create --subnet-id selfservice --address <backend1> --protocol-port 80 pool1
$ openstack loadbalancer member create --subnet-id selfservice --address <backend2> --protocol-port 80 pool1
$ openstack floating ip create provider
$ openstack floating ip set --port <load_balancer_vip_port_id> <floating_ip_id>
# load_balancer_vip_port_id is vip_port_id in the output of loadbalancer show lb1
$ curl http://<floating ip>