Ubuntu 18.04
Sponsored Link

OpenStack Rocky : Neutron LBaaS V2
2018/10/24
 
Configure Neutron LBaaS (Load-Balancer-as-a-Service) V2.
This example is based on the environment like follows.
Before settings, Configure basic settings of Control Node, Network Node, Compute Node, and also this example is based on the Neutron VXLAN Network like here.
------------+---------------------------+---------------------------+------------
            |                           |                           |
        eth0|10.0.0.30              eth0|10.0.0.50              eth0|10.0.0.51
+-----------+-----------+   +-----------+-----------+   +-----------+-----------+
|    [ Control Node ]   |   |    [ Network Node ]   |   |    [ Compute Node ]   |
|                       |   |                       |   |                       |
|  MariaDB    RabbitMQ  |   |        L2 Agent       |   |        Libvirt        |
|  Memcached  httpd     |   |        L3 Agent       |   |     Nova Compute      |
|  Keystone   Glance    |   |     Metadata Agent    |   |        L2 Agent       |
|  Nova API             |   |      LBaaSV2 Agent    |   |      LBaaSV2 Agent    |
|  Neutron Server       |   |                       |   |                       |
|  Metadata Agent       |   |                       |   |                       |
+-----------------------+   +-----------+-----------+   +-----------------------+
                                    eth1|(UP with no IP)

[1] On Control Node, Change settings like follows.
root@dlp ~(keystone)#
apt -y install neutron-lbaasv2-agent
root@dlp ~(keystone)#
vi /etc/neutron/neutron.conf
# add to [service_plugins]

service_plugins = router
,lbaasv2
root@dlp ~(keystone)#
vi /etc/neutron/neutron_lbaas.conf
# line 207: add

[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default

root@dlp ~(keystone)#
vi /etc/neutron/lbaas_agent.ini
# add into [DEFAULT] section

[DEFAULT]
interface_driver = linuxbridge
root@dlp ~(keystone)#
su -s /bin/bash neutron -c "neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"

root@dlp ~(keystone)#
systemctl restart neutron-server

[2] On Network Node and Compute Node, Change settings like follows.
root@network:~#
apt -y install neutron-lbaasv2-agent haproxy
root@network:~#
vi /etc/neutron/neutron.conf
# add to [service_plugins]

service_plugins = router
,lbaasv2
root@network:~#
vi /etc/neutron/neutron_lbaas.conf
# line 207: add

[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default

root@network:~#
vi /etc/neutron/lbaas_agent.ini
# add into [DEFAULT] section

[DEFAULT]
interface_driver = linuxbridge
root@network:~#
systemctl restart neutron-lbaasv2-agent

root@network:~#
systemctl enable neutron-lbaasv2-agent

[3] On Control Node, confirm Neutron Services, then it's OK if Loadbalancerv2 agent are UP state.
root@dlp ~(keystone)#
openstack network agent list

+--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type           | Host              | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+
| 105bc6aa-d96d-4ed8-bcd6-28e0aac6f0cd | L3 agent             | network.srv.world | nova              | :-)   | UP    | neutron-l3-agent          |
| 540183df-baf2-41f9-b748-7343650d3ae0 | Linux bridge agent   | network.srv.world | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 5735c611-0108-4ad0-8bdd-3bf6d75990e8 | Metadata agent       | network.srv.world | None              | :-)   | UP    | neutron-metadata-agent    |
| b14749d8-7147-4875-8e39-dc5d41b439eb | Loadbalancerv2 agent | node01.srv.world  | None              | :-)   | UP    | neutron-lbaasv2-agent     |
| ba9a4b65-b173-4787-ba43-91dfd20f88f9 | Loadbalancerv2 agent | network.srv.world | None              | :-)   | UP    | neutron-lbaasv2-agent     |
| c405f371-3686-4438-8408-e16b1093cb90 | Linux bridge agent   | node01.srv.world  | None              | :-)   | UP    | neutron-linuxbridge-agent |
| efe4c01e-e6b4-46a9-8d23-0679df2f5a1f | DHCP agent           | network.srv.world | nova              | :-)   | UP    | neutron-dhcp-agent        |
| f4f59e59-4347-4f49-84cb-385e9efe080d | Metadata agent       | dlp.srv.world     | None              | :-)   | UP    | neutron-metadata-agent    |
+--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+
[4] Login with any Openstack user and Create Virtual Load-Balancer.
# make sure current network environment

ubuntu@dlp ~(keystone)$
openstack network list

+--------------------------------------+---------+--------------------------------------+
| ID                                   | Name    | Subnets                              |
+--------------------------------------+---------+--------------------------------------+
| 12592b6b-2a62-491c-892c-1d2a99580be1 | int_net | 76c99f19-03aa-4272-826f-969a7204e30e |
| bb5d5b4a-a8fa-4060-ba35-994db4051d7a | ext_net | 9dcbd472-a4c9-4665-a230-c9ddd21fddcb |
+--------------------------------------+---------+--------------------------------------+
ubuntu@dlp ~(keystone)$
openstack subnet list

+--------------------------------------+---------+--------------------------------------+------------------+
| ID                                   | Name    | Network                              | Subnet           |
+--------------------------------------+---------+--------------------------------------+------------------+
| 76c99f19-03aa-4272-826f-969a7204e30e | subnet1 | 12592b6b-2a62-491c-892c-1d2a99580be1 | 192.168.100.0/24 |
+--------------------------------------+---------+--------------------------------------+------------------+

# create a LB [lb01] in [subnet1]

ubuntu@dlp ~(keystone)$
neutron lbaas-loadbalancer-create --name lb01 subnet1

+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| admin_state_up      | True                                 |
| description         |                                      |
| id                  | 87c32d96-5950-467b-9091-1ddff8960ef0 |
| listeners           |                                      |
| name                | lb01                                 |
| operating_status    | OFFLINE                              |
| pools               |                                      |
| provider            | haproxy                              |
| provisioning_status | PENDING_CREATE                       |
| tenant_id           | 5f54b0ad76274f06b13f29458cc1c036     |
| vip_address         | 192.168.100.7                        |
| vip_port_id         | 7d2199c6-5e5c-45c1-b9b8-7b748adaaeac |
| vip_subnet_id       | 76c99f19-03aa-4272-826f-969a7204e30e |
+---------------------+--------------------------------------+

# create a security group for [lb01] and allow ports you'd like to set load-balancing (example is 80 port)

ubuntu@dlp ~(keystone)$
openstack security group create lbaasv2

ubuntu@dlp ~(keystone)$
openstack security group rule create --protocol icmp --ingress lbaasv2

ubuntu@dlp ~(keystone)$
openstack security group rule create --protocol tcp --dst-port 80:80 lbaasv2
# apply security group [lbaasv2] to [lb01]'s [vip_port_id]

ubuntu@dlp ~(keystone)$
openstack port set --security-group lbaasv2 7d2199c6-5e5c-45c1-b9b8-7b748adaaeac
# create a listener for a port you'd like to set load-balancing (example is 80 port)

ubuntu@dlp ~(keystone)$
neutron lbaas-listener-create --name lb01-http --loadbalancer lb01 --protocol HTTP --protocol-port 80

+---------------------------+------------------------------------------------+
| Field                     | Value                                          |
+---------------------------+------------------------------------------------+
| admin_state_up            | True                                           |
| connection_limit          | -1                                             |
| default_pool_id           |                                                |
| default_tls_container_ref |                                                |
| description               |                                                |
| id                        | c1b21ee5-fb98-4cb5-97b7-729fb1701bf7           |
| loadbalancers             | {"id": "87c32d96-5950-467b-9091-1ddff8960ef0"} |
| name                      | lb01-http                                      |
| protocol                  | HTTP                                           |
| protocol_port             | 80                                             |
| sni_container_refs        |                                                |
| tenant_id                 | 5f54b0ad76274f06b13f29458cc1c036               |
+---------------------------+------------------------------------------------+

# create a pool [lb01-http-pool] with ROUND_ROBIN Algorithm for the listener created above

ubuntu@dlp ~(keystone)$
neutron lbaas-pool-create --name lb01-http-pool --lb-algorithm ROUND_ROBIN --listener lb01-http --protocol HTTP

+---------------------+------------------------------------------------+
| Field               | Value                                          |
+---------------------+------------------------------------------------+
| admin_state_up      | True                                           |
| description         |                                                |
| healthmonitor_id    |                                                |
| id                  | d6c59b11-cc16-4c50-876d-b9e36f3f5758           |
| lb_algorithm        | ROUND_ROBIN                                    |
| listeners           | {"id": "c1b21ee5-fb98-4cb5-97b7-729fb1701bf7"} |
| loadbalancers       | {"id": "87c32d96-5950-467b-9091-1ddff8960ef0"} |
| members             |                                                |
| name                | lb01-http-pool                                 |
| protocol            | HTTP                                           |
| session_persistence |                                                |
| tenant_id           | 5f54b0ad76274f06b13f29458cc1c036               |
+---------------------+------------------------------------------------+

[5] To add members to the pool of listener, it's OK all.
# instances which httpd are running

ubuntu@dlp ~(keystone)$
openstack server list

+--------------------------------------+-------------+--------+------------------------+------------+----------+
| ID                                   | Name        | Status | Networks               | Image      | Flavor   |
+--------------------------------------+-------------+--------+------------------------+------------+----------+
| cb026d51-ac2d-45f7-86de-2ac6ae09b4e5 | WebServer02 | ACTIVE | int_net=192.168.100.8  | Ubuntu1804 | m1.small |
| fa3219cb-d6d1-45dd-976d-51c99e94e8cd | WebServer01 | ACTIVE | int_net=192.168.100.25 | Ubuntu1804 | m1.small |
+--------------------------------------+-------------+--------+------------------------+------------+----------+

# add to the pool as a member

ubuntu@dlp ~(keystone)$
neutron lbaas-member-create --name lb01-member-01 --subnet subnet1 --address 192.168.100.25 --protocol-port 80 lb01-http-pool

+----------------+--------------------------------------+
| Field          | Value                                |
+----------------+--------------------------------------+
| address        | 192.168.100.25                       |
| admin_state_up | True                                 |
| id             | cf3e3f1c-95df-4c48-a83a-34a76d591f25 |
| name           | lb01-member-01                       |
| protocol_port  | 80                                   |
| subnet_id      | 76c99f19-03aa-4272-826f-969a7204e30e |
| tenant_id      | 5f54b0ad76274f06b13f29458cc1c036     |
| weight         | 1                                    |
+----------------+--------------------------------------+
ubuntu@dlp ~(keystone)$
neutron lbaas-member-create --name lb01-member-02 --subnet subnet1 --address 192.168.100.8 --protocol-port 80 lb01-http-pool

+----------------+--------------------------------------+
| Field          | Value                                |
+----------------+--------------------------------------+
| address        | 192.168.100.8                        |
| admin_state_up | True                                 |
| id             | 8b03c5ad-07df-4456-aca9-7f04e0b6d49e |
| name           | lb01-member-02                       |
| protocol_port  | 80                                   |
| subnet_id      | 76c99f19-03aa-4272-826f-969a7204e30e |
| tenant_id      | 5f54b0ad76274f06b13f29458cc1c036     |
| weight         | 1                                    |
+----------------+--------------------------------------+

ubuntu@dlp ~(keystone)$
neutron lbaas-member-list lb01-http-pool

+--------------------------------------+----------------+----------------+---------------+--------+--------------------------------------+----------------+
| id                                   | name           | address        | protocol_port | weight | subnet_id                            | admin_state_up |
+--------------------------------------+----------------+----------------+---------------+--------+--------------------------------------+----------------+
| cf3e3f1c-95df-4c48-a83a-34a76d591f25 | lb01-member-01 | 192.168.100.25 |            80 |      1 | 76c99f19-03aa-4272-826f-969a7204e30e | True           |
| 8b03c5ad-07df-4456-aca9-7f04e0b6d49e | lb01-member-02 | 192.168.100.8  |            80 |      1 | 76c99f19-03aa-4272-826f-969a7204e30e | True           |
+--------------------------------------+----------------+----------------+---------------+--------+--------------------------------------+----------------+
[6] Verify possible access or not. The example is on the Network Node that can access to Neutron private network namespace, and verify to access to the VIP of LB.
root@network:~#
ip netns

qrouter-8554cc7f-a92d-4b43-b961-f710c3485f50 (id: 1)
qdhcp-12592b6b-2a62-491c-892c-1d2a99580be1 (id: 0)
# load-balanced by ROUND_ROBIN

root@network:~#
ip netns exec qrouter-8554cc7f-a92d-4b43-b961-f710c3485f50 curl 192.168.100.7

Web_Server_01
root@network:~#
ip netns exec qrouter-8554cc7f-a92d-4b43-b961-f710c3485f50 curl 192.168.100.7

Web_Server_02
root@network:~#
ip netns exec qrouter-8554cc7f-a92d-4b43-b961-f710c3485f50 curl 192.168.100.7

Web_Server_01
[7] To assosiate floating IP with VIP-Port of LB, it's possible to access from public network.
ubuntu@dlp ~(keystone)$
openstack floating ip list

+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID                                   | Floating IP Address | Fixed IP Address | Port | Floating Network                     | Project                          |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| 970b0e51-5f34-48db-bee3-324e810b8be9 | 10.0.0.207          | None             | None | bb5d5b4a-a8fa-4060-ba35-994db4051d7a | 5f54b0ad76274f06b13f29458cc1c036 |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
ubuntu@dlp ~(keystone)$
neutron lbaas-loadbalancer-show lb01

+---------------------+------------------------------------------------+
| Field               | Value                                          |
+---------------------+------------------------------------------------+
| admin_state_up      | True                                           |
| description         |                                                |
| id                  | 87c32d96-5950-467b-9091-1ddff8960ef0           |
| listeners           | {"id": "c1b21ee5-fb98-4cb5-97b7-729fb1701bf7"} |
| name                | lb01                                           |
| operating_status    | ONLINE                                         |
| pools               | {"id": "d6c59b11-cc16-4c50-876d-b9e36f3f5758"} |
| provider            | haproxy                                        |
| provisioning_status | ACTIVE                                         |
| tenant_id           | 5f54b0ad76274f06b13f29458cc1c036               |
| vip_address         | 192.168.100.7                                  |
| vip_port_id         | 7d2199c6-5e5c-45c1-b9b8-7b748adaaeac           |
| vip_subnet_id       | 76c99f19-03aa-4272-826f-969a7204e30e           |
+---------------------+------------------------------------------------+

ubuntu@dlp ~(keystone)$
openstack floating ip set --port 7d2199c6-5e5c-45c1-b9b8-7b748adaaeac 10.0.0.207
ubuntu@dlp ~(keystone)$
curl 10.0.0.207

Web_Server_01
ubuntu@dlp ~(keystone)$
curl 10.0.0.207

Web_Server_02
Matched Content
 
Tweet