CentOS 7
Sponsored Link

OpenStack Rocky : Neutron LBaaS V2
2018/10/24
 
Configure Neutron LBaaS (Load-Balancer-as-a-Service) V2.
This example is based on the environment like follows.
Before settings, Configure basic settings of Control Node, Network Node, Compute Node, and also this example is based on the Neutron VXLAN Network like here.
------------+---------------------------+---------------------------+------------
            |                           |                           |
        eth0|10.0.0.30              eth0|10.0.0.50              eth0|10.0.0.51
+-----------+-----------+   +-----------+-----------+   +-----------+-----------+
|    [ Control Node ]   |   |    [ Network Node ]   |   |    [ Compute Node ]   |
|                       |   |                       |   |                       |
|  MariaDB    RabbitMQ  |   |      Open vSwitch     |   |        Libvirt        |
|  Memcached  httpd     |   |        L2 Agent       |   |     Nova Compute      |
|  Keystone   Glance    |   |        L3 Agent       |   |      Open vSwitch     |
|  Nova API             |   |     Metadata Agent    |   |        L2 Agent       |
|  Neutron Server       |   |      LBaaSV2 Agent    |   |      LBaaSV2 Agent    |
|  Metadata Agent       |   |                       |   |                       |
+-----------------------+   +-----------+-----------+   +-----------------------+
                                    eth1|(UP with no IP)

[1] On Control Node, Change settings like follows.
# install from Rocky, EPEL

[root@dlp ~(keystone)]#
yum --enablerepo=centos-openstack-rocky,epel -y install openstack-neutron-lbaas net-tools
[root@dlp ~(keystone)]#
vi /etc/neutron/neutron.conf
# add to [service_plugins]

service_plugins = router
,lbaasv2
[root@dlp ~(keystone)]#
vi /etc/neutron/neutron_lbaas.conf
# line 207: add

[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default

[root@dlp ~(keystone)]#
vi /etc/neutron/lbaas_agent.ini
# add into [DEFAULT] section

[DEFAULT]
interface_driver = openvswitch
[root@dlp ~(keystone)]#
su -s /bin/bash neutron -c "neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"

[root@dlp ~(keystone)]#
systemctl restart neutron-server

[2] On Network Node and Compute Node, Change settings like follows.
# install from Rocky, EPEL

[root@network ~]#
yum --enablerepo=centos-openstack-rocky,epel -y install openstack-neutron-lbaas haproxy net-tools
[root@network ~]#
vi /etc/neutron/neutron.conf
# add to [service_plugins]

service_plugins = router
,lbaasv2
[root@network ~]#
vi /etc/neutron/neutron_lbaas.conf
# line 207: add

[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default

[root@network ~]#
vi /etc/neutron/lbaas_agent.ini
# add into [DEFAULT] section

[DEFAULT]
interface_driver = openvswitch
[root@network ~]#
systemctl start neutron-lbaasv2-agent

[root@network ~]#
systemctl enable neutron-lbaasv2-agent

[3] On Control Node, confirm Neutron Services, then it's OK if Loadbalancerv2 agent are UP state.
[root@dlp ~(keystone)]#
openstack network agent list

+--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type           | Host              | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+
| 3aee1189-5705-48fe-b7e5-f4a61c755b10 | DHCP agent           | network.srv.world | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 43869987-1159-4f7f-97d4-67998a467ca6 | Open vSwitch agent   | network.srv.world | None              | :-)   | UP    | neutron-openvswitch-agent |
| 4db9d701-0e84-4159-bc71-12bace01f65e | Metadata agent       | network.srv.world | None              | :-)   | UP    | neutron-metadata-agent    |
| 4fbc154c-6891-46f2-8018-5ce2cc62125e | Loadbalancerv2 agent | node01.srv.world  | None              | :-)   | UP    | neutron-lbaasv2-agent     |
| 5175a41e-fd11-4a9c-abab-b6d49a517151 | Open vSwitch agent   | node01.srv.world  | None              | :-)   | UP    | neutron-openvswitch-agent |
| 5494eac3-6005-4c7b-bb95-0de13f6c9064 | L3 agent             | network.srv.world | nova              | :-)   | UP    | neutron-l3-agent          |
| c0d4e216-2989-4017-9ebf-c6ad013a681e | Loadbalancerv2 agent | network.srv.world | None              | :-)   | UP    | neutron-lbaasv2-agent     |
| f37cca94-400e-46e2-90d7-28afd46c3059 | Metadata agent       | dlp.srv.world     | None              | :-)   | UP    | neutron-metadata-agent    |
+--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+
[4] Login with any Openstack user and Create Virtual Load-Balancer.
# make sure current network environment

[cent@dlp ~(keystone)]$
openstack network list

+--------------------------------------+---------+--------------------------------------+
| ID                                   | Name    | Subnets                              |
+--------------------------------------+---------+--------------------------------------+
| 6e5d586b-b305-4615-ab0c-dacd67cbb2dd | int_net | 559892d3-dcc7-4e9d-824c-099c600820c5 |
| befac86b-0fe3-4da3-9324-2a0593a72d93 | ext_net | d758038d-1298-477d-85a5-24903dfab31e |
+--------------------------------------+---------+--------------------------------------+
[cent@dlp ~(keystone)]$
openstack subnet list

+--------------------------------------+---------+--------------------------------------+------------------+
| ID                                   | Name    | Network                              | Subnet           |
+--------------------------------------+---------+--------------------------------------+------------------+
| 559892d3-dcc7-4e9d-824c-099c600820c5 | subnet1 | 6e5d586b-b305-4615-ab0c-dacd67cbb2dd | 192.168.100.0/24 |
+--------------------------------------+---------+--------------------------------------+------------------+

# create a LB [lb01] in [subnet1]

[cent@dlp ~(keystone)]$
neutron lbaas-loadbalancer-create --name lb01 subnet1

+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| admin_state_up      | True                                 |
| description         |                                      |
| id                  | dbb860cf-0004-469f-877e-2721ff31cedf |
| listeners           |                                      |
| name                | lb01                                 |
| operating_status    | OFFLINE                              |
| pools               |                                      |
| provider            | haproxy                              |
| provisioning_status | PENDING_CREATE                       |
| tenant_id           | 3c9dc9d8d71149a7b835e1f5813d2eb8     |
| vip_address         | 192.168.100.9                        |
| vip_port_id         | 3562f827-5077-421e-a317-69ddded616ff |
| vip_subnet_id       | 559892d3-dcc7-4e9d-824c-099c600820c5 |
+---------------------+--------------------------------------+

# create a security group for [lb01] and allow ports you'd like to set load-balancing (example is 80 port)

[cent@dlp ~(keystone)]$
openstack security group create lbaasv2

[cent@dlp ~(keystone)]$
openstack security group rule create --protocol icmp --ingress lbaasv2

[cent@dlp ~(keystone)]$
openstack security group rule create --protocol tcp --dst-port 80:80 lbaasv2
# apply security group [lbaasv2] to [lb01]'s [vip_port_id]

[cent@dlp ~(keystone)]$
openstack port set --security-group lbaasv2 3562f827-5077-421e-a317-69ddded616ff
# create a listener for a port you'd like to set load-balancing (example is 80 port)

[cent@dlp ~(keystone)]$
neutron lbaas-listener-create --name lb01-http --loadbalancer lb01 --protocol HTTP --protocol-port 80

+---------------------------+------------------------------------------------+
| Field                     | Value                                          |
+---------------------------+------------------------------------------------+
| admin_state_up            | True                                           |
| connection_limit          | -1                                             |
| default_pool_id           |                                                |
| default_tls_container_ref |                                                |
| description               |                                                |
| id                        | 7f9e4345-5b40-4b2f-869f-77ed890e79f0           |
| loadbalancers             | {"id": "dbb860cf-0004-469f-877e-2721ff31cedf"} |
| name                      | lb01-http                                      |
| protocol                  | HTTP                                           |
| protocol_port             | 80                                             |
| sni_container_refs        |                                                |
| tenant_id                 | 3c9dc9d8d71149a7b835e1f5813d2eb8               |
+---------------------------+------------------------------------------------+

# create a pool [lb01-http-pool] with ROUND_ROBIN Algorithm for the listener created above

[cent@dlp ~(keystone)]$
neutron lbaas-pool-create --name lb01-http-pool --lb-algorithm ROUND_ROBIN --listener lb01-http --protocol HTTP

+---------------------+------------------------------------------------+
| Field               | Value                                          |
+---------------------+------------------------------------------------+
| admin_state_up      | True                                           |
| description         |                                                |
| healthmonitor_id    |                                                |
| id                  | d9a0d57a-b073-42fb-90fd-73014b2d8773           |
| lb_algorithm        | ROUND_ROBIN                                    |
| listeners           | {"id": "7f9e4345-5b40-4b2f-869f-77ed890e79f0"} |
| loadbalancers       | {"id": "dbb860cf-0004-469f-877e-2721ff31cedf"} |
| members             |                                                |
| name                | lb01-http-pool                                 |
| protocol            | HTTP                                           |
| session_persistence |                                                |
| tenant_id           | 3c9dc9d8d71149a7b835e1f5813d2eb8               |
+---------------------+------------------------------------------------+
[5] To add members to the pool of listener, it's OK all.
# instances which httpd are running

[cent@dlp ~(keystone)]$
openstack server list

+--------------------------------------+-------------+--------+------------------------+---------+----------+
| ID                                   | Name        | Status | Networks               | Image   | Flavor   |
+--------------------------------------+-------------+--------+------------------------+---------+----------+
| bf084a32-e911-431b-b118-180ca8c8e447 | WebServer01 | ACTIVE | int_net=192.168.100.5  | CentOS7 | m1.small |
| 3c377393-cb7e-49d3-ba18-015d0a0030b2 | WebServer02 | ACTIVE | int_net=192.168.100.16 | CentOS7 | m1.small |
+--------------------------------------+-------------+--------+------------------------+---------+----------+

# add to the pool as a member

[cent@dlp ~(keystone)]$
neutron lbaas-member-create --name lb01-member-01 --subnet subnet1 --address 192.168.100.5 --protocol-port 80 lb01-http-pool

+----------------+--------------------------------------+
| Field          | Value                                |
+----------------+--------------------------------------+
| address        | 192.168.100.5                        |
| admin_state_up | True                                 |
| id             | 75352987-1976-432b-8c64-5ffd9dc8db1a |
| name           | lb01-member-01                       |
| protocol_port  | 80                                   |
| subnet_id      | 559892d3-dcc7-4e9d-824c-099c600820c5 |
| tenant_id      | 3c9dc9d8d71149a7b835e1f5813d2eb8     |
| weight         | 1                                    |
+----------------+--------------------------------------+
[cent@dlp ~(keystone)]$
neutron lbaas-member-create --name lb01-member-02 --subnet subnet1 --address 192.168.100.16 --protocol-port 80 lb01-http-pool

+----------------+--------------------------------------+
| Field          | Value                                |
+----------------+--------------------------------------+
| address        | 192.168.100.16                       |
| admin_state_up | True                                 |
| id             | dce7301f-8429-4a97-9898-0ee74d42c447 |
| name           | lb01-member-02                       |
| protocol_port  | 80                                   |
| subnet_id      | 559892d3-dcc7-4e9d-824c-099c600820c5 |
| tenant_id      | 3c9dc9d8d71149a7b835e1f5813d2eb8     |
| weight         | 1                                    |
+----------------+--------------------------------------+

[cent@dlp ~(keystone)]$
neutron lbaas-member-list lb01-http-pool

+--------------------------------------+----------------+----------------+---------------+--------+--------------------------------------+----------------+
| id                                   | name           | address        | protocol_port | weight | subnet_id                            | admin_state_up |
+--------------------------------------+----------------+----------------+---------------+--------+--------------------------------------+----------------+
| dce7301f-8429-4a97-9898-0ee74d42c447 | lb01-member-02 | 192.168.100.16 |            80 |      1 | 559892d3-dcc7-4e9d-824c-099c600820c5 | True           |
| 75352987-1976-432b-8c64-5ffd9dc8db1a | lb01-member-01 | 192.168.100.5  |            80 |      1 | 559892d3-dcc7-4e9d-824c-099c600820c5 | True           |
+--------------------------------------+----------------+----------------+---------------+--------+--------------------------------------+----------------+
[6] Verify possible access or not. The example is on the Network Node that can access to Neutron private network namespace, and verify to access to the VIP of LB.
[root@network ~]#
ip netns

qrouter-d0e1e195-792c-47dd-addc-68e386ec73b5 (id: 1)
qdhcp-6e5d586b-b305-4615-ab0c-dacd67cbb2dd (id: 0)
# load-balanced by ROUND_ROBIN

[root@network ~]#
ip netns exec qrouter-d0e1e195-792c-47dd-addc-68e386ec73b5 curl 192.168.100.9

Web_Server_01
[root@network ~]#
ip netns exec qrouter-d0e1e195-792c-47dd-addc-68e386ec73b5 curl 192.168.100.9

Web_Server_02
[root@network ~]#
ip netns exec qrouter-d0e1e195-792c-47dd-addc-68e386ec73b5 curl 192.168.100.9

Web_Server_01
[7] To assosiate floating IP with VIP-Port of LB, it's possible to access from public network.
[cent@dlp ~(keystone)]$
openstack floating ip list

+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID                                   | Floating IP Address | Fixed IP Address | Port | Floating Network                     | Project                          |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| 8bcd1d6a-1c18-42fe-8525-03daa868dc44 | 10.0.0.207          | None             | None | befac86b-0fe3-4da3-9324-2a0593a72d93 | 3c9dc9d8d71149a7b835e1f5813d2eb8 |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
[cent@dlp ~(keystone)]$
neutron lbaas-loadbalancer-show lb01

+---------------------+------------------------------------------------+
| Field               | Value                                          |
+---------------------+------------------------------------------------+
| admin_state_up      | True                                           |
| description         |                                                |
| id                  | dbb860cf-0004-469f-877e-2721ff31cedf           |
| listeners           | {"id": "7f9e4345-5b40-4b2f-869f-77ed890e79f0"} |
| name                | lb01                                           |
| operating_status    | ONLINE                                         |
| pools               | {"id": "d9a0d57a-b073-42fb-90fd-73014b2d8773"} |
| provider            | haproxy                                        |
| provisioning_status | ACTIVE                                         |
| tenant_id           | 3c9dc9d8d71149a7b835e1f5813d2eb8               |
| vip_address         | 192.168.100.9                                  |
| vip_port_id         | 3562f827-5077-421e-a317-69ddded616ff           |
| vip_subnet_id       | 559892d3-dcc7-4e9d-824c-099c600820c5           |
+---------------------+------------------------------------------------+

[cent@dlp ~(keystone)]$
openstack floating ip set --port 3562f827-5077-421e-a317-69ddded616ff 10.0.0.207
[cent@dlp ~(keystone)]$
curl 10.0.0.207

Web_Server_01
[cent@dlp ~(keystone)]$
curl 10.0.0.207

Web_Server_02
Matched Content
 
Tweet