CentOS 7
Sponsored Link

OpenStack Stein : Neutron LBaaS V22019/05/16

 
Configure Neutron LBaaS (Load-Balancer-as-a-Service) V2.
This example is based on the environment like follows.
Before it, Configure basic settings on Control Node, Network Node, Compute Node, and also this example is based on the Neutron VXLAN Network like here.
------------+---------------------------+---------------------------+------------
            |                           |                           |
        eth0|10.0.0.30              eth0|10.0.0.50              eth0|10.0.0.51
+-----------+-----------+   +-----------+-----------+   +-----------+-----------+
|    [ Control Node ]   |   |    [ Network Node ]   |   |    [ Compute Node ]   |
|                       |   |                       |   |                       |
|  MariaDB    RabbitMQ  |   |      Open vSwitch     |   |        Libvirt        |
|  Memcached  httpd     |   |        L2 Agent       |   |     Nova Compute      |
|  Keystone   Glance    |   |        L3 Agent       |   |      Open vSwitch     |
|  Nova API             |   |     Metadata Agent    |   |        L2 Agent       |
|  Neutron Server       |   |      LBaaSV2 Agent    |   |      LBaaSV2 Agent    |
|  Metadata Agent       |   |                       |   |                       |
+-----------------------+   +-----------+-----------+   +-----------------------+
                                    eth1|(UP with no IP)

[1] On Control Node, Change settings like follows.
# install from Stein, EPEL

[root@dlp ~(keystone)]#
yum --enablerepo=centos-openstack-stein,epel -y install openstack-neutron-lbaas net-tools
[root@dlp ~(keystone)]#
vi /etc/neutron/neutron.conf
# add to [service_plugins]

service_plugins = router
,lbaasv2
[root@dlp ~(keystone)]#
vi /etc/neutron/neutron_lbaas.conf
# add to the end

[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default

[root@dlp ~(keystone)]#
vi /etc/neutron/lbaas_agent.ini
# add into [DEFAULT] section

[DEFAULT]
interface_driver = openvswitch
[root@dlp ~(keystone)]#
su -s /bin/bash neutron -c "neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"

[root@dlp ~(keystone)]#
systemctl restart neutron-server

[2] On Network Node and Compute Node, Change settings like follows.
# install from Stein, EPEL

[root@network ~]#
yum --enablerepo=centos-openstack-stein,epel -y install openstack-neutron-lbaas haproxy net-tools
[root@network ~]#
vi /etc/neutron/neutron.conf
# add to [service_plugins]

service_plugins = router
,lbaasv2
[root@network ~]#
vi /etc/neutron/neutron_lbaas.conf
# add to the end

[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default

[root@network ~]#
vi /etc/neutron/lbaas_agent.ini
# add into [DEFAULT] section

[DEFAULT]
interface_driver = openvswitch
[root@network ~]#
systemctl start neutron-lbaasv2-agent

[root@network ~]#
systemctl enable neutron-lbaasv2-agent

[3] On Control Node, confirm Neutron Services, then it's OK if Loadbalancerv2 agent are UP state.
[root@dlp ~(keystone)]#
openstack network agent list

+--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type           | Host              | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+
| 4cc75664-9bc7-46a3-b77f-e402ff42e56f | Metadata agent       | dlp.srv.world     | None              | :-)   | UP    | neutron-metadata-agent    |
| 74b05ce6-1679-43a9-a86c-4c9325f3b143 | Open vSwitch agent   | network.srv.world | None              | :-)   | UP    | neutron-openvswitch-agent |
| 7e537586-b10b-458e-a415-e30e9f1c02d7 | L3 agent             | network.srv.world | nova              | :-)   | UP    | neutron-l3-agent          |
| 9f7b7ae8-5ba9-4f63-859b-4403f5c6212b | Loadbalancerv2 agent | node01.srv.world  | None              | :-)   | UP    | neutron-lbaasv2-agent     |
| c61769ff-22c1-4172-8aee-e1c4baa1751c | DHCP agent           | network.srv.world | nova              | :-)   | UP    | neutron-dhcp-agent        |
| ce33d0d4-a10b-48e7-8063-3fd51a8bc2d2 | Loadbalancerv2 agent | network.srv.world | None              | :-)   | UP    | neutron-lbaasv2-agent     |
| e3772e0b-7c78-4577-b89a-8918da2f8569 | Open vSwitch agent   | node01.srv.world  | None              | :-)   | UP    | neutron-openvswitch-agent |
| ff9bf3f8-9b2b-4737-9506-8012fb73e6a0 | Metadata agent       | network.srv.world | None              | :-)   | UP    | neutron-metadata-agent    |
+--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+

[4] Login with any Openstack user and Create Virtual Load-Balancer.
# make sure current network environment

[cent@dlp ~(keystone)]$
openstack network list

+--------------------------------------+---------+--------------------------------------+
| ID                                   | Name    | Subnets                              |
+--------------------------------------+---------+--------------------------------------+
| 85844309-e89a-49cb-8ec7-730a8e6d253c | ext_net | 7bcaa30a-261c-41bb-bcab-f88c711f98a8 |
| c9377689-558e-4f2a-9334-17a3b9fa1b87 | int_net | b4dda943-e57b-4455-88dd-c3308c2ac30c |
+--------------------------------------+---------+--------------------------------------+
[cent@dlp ~(keystone)]$
openstack subnet list

+--------------------------------------+---------+--------------------------------------+------------------+
| ID                                   | Name    | Network                              | Subnet           |
+--------------------------------------+---------+--------------------------------------+------------------+
| b4dda943-e57b-4455-88dd-c3308c2ac30c | subnet1 | c9377689-558e-4f2a-9334-17a3b9fa1b87 | 192.168.100.0/24 |
+--------------------------------------+---------+--------------------------------------+------------------+

# create a LB [lb01] in [subnet1]

[cent@dlp ~(keystone)]$
neutron lbaas-loadbalancer-create --name lb01 subnet1

+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| admin_state_up      | True                                 |
| description         |                                      |
| id                  | 0de4812e-47ee-4f34-b63c-85ece32246ee |
| listeners           |                                      |
| name                | lb01                                 |
| operating_status    | OFFLINE                              |
| pools               |                                      |
| provider            | haproxy                              |
| provisioning_status | PENDING_CREATE                       |
| tenant_id           | caab6ec580994e6481cd104b9d210f3f     |
| vip_address         | 192.168.100.65                       |
| vip_port_id         | cf6b5dd0-74d9-469f-bd3d-876e831729cb |
| vip_subnet_id       | b4dda943-e57b-4455-88dd-c3308c2ac30c |
+---------------------+--------------------------------------+

# create a security group for [lb01] and allow ports you'd like to set load-balancing (example is 80 port)

[cent@dlp ~(keystone)]$
openstack security group create lbaasv2

[cent@dlp ~(keystone)]$
openstack security group rule create --protocol icmp --ingress lbaasv2

[cent@dlp ~(keystone)]$
openstack security group rule create --protocol tcp --dst-port 80:80 lbaasv2
# apply security group [lbaasv2] to [lb01]'s [vip_port_id]

[cent@dlp ~(keystone)]$
openstack port set --security-group lbaasv2 cf6b5dd0-74d9-469f-bd3d-876e831729cb
# create a listener for a port you'd like to set load-balancing (example is 80 port)

[cent@dlp ~(keystone)]$
neutron lbaas-listener-create --name lb01-http --loadbalancer lb01 --protocol HTTP --protocol-port 80

+---------------------------+------------------------------------------------+
| Field                     | Value                                          |
+---------------------------+------------------------------------------------+
| admin_state_up            | True                                           |
| connection_limit          | -1                                             |
| default_pool_id           |                                                |
| default_tls_container_ref |                                                |
| description               |                                                |
| id                        | 6e577ad7-6aac-4769-898b-c60eb5f3f679           |
| loadbalancers             | {"id": "0de4812e-47ee-4f34-b63c-85ece32246ee"} |
| name                      | lb01-http                                      |
| protocol                  | HTTP                                           |
| protocol_port             | 80                                             |
| sni_container_refs        |                                                |
| tenant_id                 | caab6ec580994e6481cd104b9d210f3f               |
+---------------------------+------------------------------------------------+

# create a pool [lb01-http-pool] with ROUND_ROBIN Algorithm for the listener created above

[cent@dlp ~(keystone)]$
neutron lbaas-pool-create --name lb01-http-pool --lb-algorithm ROUND_ROBIN --listener lb01-http --protocol HTTP

+---------------------+------------------------------------------------+
| Field               | Value                                          |
+---------------------+------------------------------------------------+
| admin_state_up      | True                                           |
| description         |                                                |
| healthmonitor_id    |                                                |
| id                  | c8a2831d-3d8a-4d9f-a6fc-e29737417278           |
| lb_algorithm        | ROUND_ROBIN                                    |
| listeners           | {"id": "6e577ad7-6aac-4769-898b-c60eb5f3f679"} |
| loadbalancers       | {"id": "0de4812e-47ee-4f34-b63c-85ece32246ee"} |
| members             |                                                |
| name                | lb01-http-pool                                 |
| protocol            | HTTP                                           |
| session_persistence |                                                |
| tenant_id           | caab6ec580994e6481cd104b9d210f3f               |
+---------------------+------------------------------------------------+
[5] To add members to the pool of listener, it's OK all.
# instances which httpd are running

[cent@dlp ~(keystone)]$
openstack server list

+--------------------------------------+-------------+--------+-------------------------+---------+----------+
| ID                                   | Name        | Status | Networks                | Image   | Flavor   |
+--------------------------------------+-------------+--------+-------------------------+---------+----------+
| 6e03e81e-5de8-412a-ae30-8407acd20dfb | WebServer02 | ACTIVE | int_net=192.168.100.52  | CentOS7 | m1.small |
| fb4699a6-5eac-4295-850a-8818e575b6b8 | WebServer01 | ACTIVE | int_net=192.168.100.212 | CentOS7 | m1.small |
+--------------------------------------+-------------+--------+-------------------------+---------+----------+

# add to the pool as a member

[cent@dlp ~(keystone)]$
neutron lbaas-member-create --name lb01-member-01 --subnet subnet1 --address 192.168.100.52 --protocol-port 80 lb01-http-pool

+----------------+--------------------------------------+
| Field          | Value                                |
+----------------+--------------------------------------+
| address        | 192.168.100.52                       |
| admin_state_up | True                                 |
| id             | 605aa588-afa5-465b-b56c-2b7e0f678a55 |
| name           | lb01-member-01                       |
| protocol_port  | 80                                   |
| subnet_id      | b4dda943-e57b-4455-88dd-c3308c2ac30c |
| tenant_id      | caab6ec580994e6481cd104b9d210f3f     |
| weight         | 1                                    |
+----------------+--------------------------------------+
[cent@dlp ~(keystone)]$
neutron lbaas-member-create --name lb01-member-02 --subnet subnet1 --address 192.168.100.212 --protocol-port 80 lb01-http-pool

+----------------+--------------------------------------+
| Field          | Value                                |
+----------------+--------------------------------------+
| address        | 192.168.100.212                      |
| admin_state_up | True                                 |
| id             | 273fd727-c0a0-45c7-9387-b2c5825b817e |
| name           | lb01-member-02                       |
| protocol_port  | 80                                   |
| subnet_id      | b4dda943-e57b-4455-88dd-c3308c2ac30c |
| tenant_id      | caab6ec580994e6481cd104b9d210f3f     |
| weight         | 1                                    |
+----------------+--------------------------------------+

[cent@dlp ~(keystone)]$
neutron lbaas-member-list lb01-http-pool

+--------------------------------------+----------------+-----------------+---------------+--------+--------------------------------------+----------------+
| id                                   | name           | address         | protocol_port | weight | subnet_id                            | admin_state_up |
+--------------------------------------+----------------+-----------------+---------------+--------+--------------------------------------+----------------+
| 273fd727-c0a0-45c7-9387-b2c5825b817e | lb01-member-02 | 192.168.100.212 |            80 |      1 | b4dda943-e57b-4455-88dd-c3308c2ac30c | True           |
| 605aa588-afa5-465b-b56c-2b7e0f678a55 | lb01-member-01 | 192.168.100.52  |            80 |      1 | b4dda943-e57b-4455-88dd-c3308c2ac30c | True           |
+--------------------------------------+----------------+-----------------+---------------+--------+--------------------------------------+----------------+
[6] Verify possible access or not. The example is on the Network Node that can access to Neutron private network namespace, and verify to access to the VIP of LB.
[root@network ~]#
ip netns

qrouter-456ca41b-e509-4ac6-8575-a1732ded9968 (id: 1)
qdhcp-c9377689-558e-4f2a-9334-17a3b9fa1b87 (id: 0)
# load-balanced by ROUND_ROBIN

[root@network ~]#
ip netns exec qrouter-456ca41b-e509-4ac6-8575-a1732ded9968 curl 192.168.100.65

Web_Server_01
[root@network ~]#
ip netns exec qrouter-456ca41b-e509-4ac6-8575-a1732ded9968 curl 192.168.100.65

Web_Server_02
[root@network ~]#
ip netns exec qrouter-456ca41b-e509-4ac6-8575-a1732ded9968 curl 192.168.100.65

Web_Server_01
[7] To assosiate floating IP with VIP-Port of LB, it's possible to access from public network.
[cent@dlp ~(keystone)]$
openstack floating ip list

+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID                                   | Floating IP Address | Fixed IP Address | Port | Floating Network                     | Project                          |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| 390e25f5-e71e-44a2-a655-021f0e8d0e30 | 10.0.0.240          | None             | None | 85844309-e89a-49cb-8ec7-730a8e6d253c | caab6ec580994e6481cd104b9d210f3f |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
[cent@dlp ~(keystone)]$
neutron lbaas-loadbalancer-show lb01

+---------------------+------------------------------------------------+
| Field               | Value                                          |
+---------------------+------------------------------------------------+
| admin_state_up      | True                                           |
| description         |                                                |
| id                  | 0de4812e-47ee-4f34-b63c-85ece32246ee           |
| listeners           | {"id": "6e577ad7-6aac-4769-898b-c60eb5f3f679"} |
| name                | lb01                                           |
| operating_status    | ONLINE                                         |
| pools               | {"id": "c8a2831d-3d8a-4d9f-a6fc-e29737417278"} |
| provider            | haproxy                                        |
| provisioning_status | ACTIVE                                         |
| tenant_id           | caab6ec580994e6481cd104b9d210f3f               |
| vip_address         | 192.168.100.65                                 |
| vip_port_id         | cf6b5dd0-74d9-469f-bd3d-876e831729cb           |
| vip_subnet_id       | b4dda943-e57b-4455-88dd-c3308c2ac30c           |
+---------------------+------------------------------------------------+

[cent@dlp ~(keystone)]$
openstack floating ip set --port cf6b5dd0-74d9-469f-bd3d-876e831729cb 10.0.0.240
[cent@dlp ~(keystone)]$
curl 10.0.0.240

Web_Server_01
[cent@dlp ~(keystone)]$
curl 10.0.0.240

Web_Server_02
Matched Content