OpenStack Rocky : Neutron LBaaS V22018/10/24 |
Configure Neutron LBaaS (Load-Balancer-as-a-Service) V2.
This example is based on the environment like follows.
Before settings, Configure basic settings of Control Node, Network Node, Compute Node, and also this example is based on the Neutron VXLAN Network like here. ------------+---------------------------+---------------------------+------------ | | | eth0|10.0.0.30 eth0|10.0.0.50 eth0|10.0.0.51 +-----------+-----------+ +-----------+-----------+ +-----------+-----------+ | [ Control Node ] | | [ Network Node ] | | [ Compute Node ] | | | | | | | | MariaDB RabbitMQ | | L2 Agent | | Libvirt | | Memcached httpd | | L3 Agent | | Nova Compute | | Keystone Glance | | Metadata Agent | | L2 Agent | | Nova API | | LBaaSV2 Agent | | LBaaSV2 Agent | | Neutron Server | | | | | | Metadata Agent | | | | | +-----------------------+ +-----------+-----------+ +-----------------------+ eth1|(UP with no IP) |
[1] | On Control Node, Change settings like follows. |
root@dlp ~(keystone)#
apt -y install neutron-lbaasv2-agent
root@dlp ~(keystone)#
vi /etc/neutron/neutron.conf # add to [service_plugins] service_plugins = router ,lbaasv2
root@dlp ~(keystone)#
vi /etc/neutron/neutron_lbaas.conf # line 207: add
[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
root@dlp ~(keystone)#
vi /etc/neutron/lbaas_agent.ini # add into [DEFAULT] section [DEFAULT]
interface_driver = linuxbridge
su -s /bin/bash neutron -c "neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head" root@dlp ~(keystone)# systemctl restart neutron-server |
[2] | On Network Node and Compute Node, Change settings like follows. |
root@network:~#
apt -y install neutron-lbaasv2-agent haproxy
root@network:~#
vi /etc/neutron/neutron.conf # add to [service_plugins] service_plugins = router ,lbaasv2
root@network:~#
vi /etc/neutron/neutron_lbaas.conf # line 207: add
[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
root@network:~#
vi /etc/neutron/lbaas_agent.ini # add into [DEFAULT] section [DEFAULT]
interface_driver = linuxbridge
systemctl restart neutron-lbaasv2-agent root@network:~# systemctl enable neutron-lbaasv2-agent |
[3] | On Control Node, confirm Neutron Services, then it's OK if Loadbalancerv2 agent are UP state. |
root@dlp ~(keystone)# openstack network agent list +--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+ | 105bc6aa-d96d-4ed8-bcd6-28e0aac6f0cd | L3 agent | network.srv.world | nova | :-) | UP | neutron-l3-agent | | 540183df-baf2-41f9-b748-7343650d3ae0 | Linux bridge agent | network.srv.world | None | :-) | UP | neutron-linuxbridge-agent | | 5735c611-0108-4ad0-8bdd-3bf6d75990e8 | Metadata agent | network.srv.world | None | :-) | UP | neutron-metadata-agent | | b14749d8-7147-4875-8e39-dc5d41b439eb | Loadbalancerv2 agent | node01.srv.world | None | :-) | UP | neutron-lbaasv2-agent | | ba9a4b65-b173-4787-ba43-91dfd20f88f9 | Loadbalancerv2 agent | network.srv.world | None | :-) | UP | neutron-lbaasv2-agent | | c405f371-3686-4438-8408-e16b1093cb90 | Linux bridge agent | node01.srv.world | None | :-) | UP | neutron-linuxbridge-agent | | efe4c01e-e6b4-46a9-8d23-0679df2f5a1f | DHCP agent | network.srv.world | nova | :-) | UP | neutron-dhcp-agent | | f4f59e59-4347-4f49-84cb-385e9efe080d | Metadata agent | dlp.srv.world | None | :-) | UP | neutron-metadata-agent | +--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+ |
[4] | Login with any Openstack user and Create Virtual Load-Balancer. |
# make sure current network environment ubuntu@dlp ~(keystone)$ openstack network list +--------------------------------------+---------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+---------+--------------------------------------+ | 12592b6b-2a62-491c-892c-1d2a99580be1 | int_net | 76c99f19-03aa-4272-826f-969a7204e30e | | bb5d5b4a-a8fa-4060-ba35-994db4051d7a | ext_net | 9dcbd472-a4c9-4665-a230-c9ddd21fddcb | +--------------------------------------+---------+--------------------------------------+ubuntu@dlp ~(keystone)$ openstack subnet list +--------------------------------------+---------+--------------------------------------+------------------+ | ID | Name | Network | Subnet | +--------------------------------------+---------+--------------------------------------+------------------+ | 76c99f19-03aa-4272-826f-969a7204e30e | subnet1 | 12592b6b-2a62-491c-892c-1d2a99580be1 | 192.168.100.0/24 | +--------------------------------------+---------+--------------------------------------+------------------+ # create a LB [lb01] in [subnet1] ubuntu@dlp ~(keystone)$ neutron lbaas-loadbalancer-create --name lb01 subnet1 +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | admin_state_up | True | | description | | | id | 87c32d96-5950-467b-9091-1ddff8960ef0 | | listeners | | | name | lb01 | | operating_status | OFFLINE | | pools | | | provider | haproxy | | provisioning_status | PENDING_CREATE | | tenant_id | 5f54b0ad76274f06b13f29458cc1c036 | | vip_address | 192.168.100.7 | | vip_port_id | 7d2199c6-5e5c-45c1-b9b8-7b748adaaeac | | vip_subnet_id | 76c99f19-03aa-4272-826f-969a7204e30e | +---------------------+--------------------------------------+ # create a security group for [lb01] and allow ports you'd like to set load-balancing (example is 80 port) ubuntu@dlp ~(keystone)$ openstack security group create lbaasv2 ubuntu@dlp ~(keystone)$ openstack security group rule create --protocol icmp --ingress lbaasv2 ubuntu@dlp ~(keystone)$ openstack security group rule create --protocol tcp --dst-port 80:80 lbaasv2
# apply security group [lbaasv2] to [lb01]'s [vip_port_id] ubuntu@dlp ~(keystone)$ openstack port set --security-group lbaasv2 7d2199c6-5e5c-45c1-b9b8-7b748adaaeac
# create a listener for a port you'd like to set load-balancing (example is 80 port) ubuntu@dlp ~(keystone)$ neutron lbaas-listener-create --name lb01-http --loadbalancer lb01 --protocol HTTP --protocol-port 80 +---------------------------+------------------------------------------------+ | Field | Value | +---------------------------+------------------------------------------------+ | admin_state_up | True | | connection_limit | -1 | | default_pool_id | | | default_tls_container_ref | | | description | | | id | c1b21ee5-fb98-4cb5-97b7-729fb1701bf7 | | loadbalancers | {"id": "87c32d96-5950-467b-9091-1ddff8960ef0"} | | name | lb01-http | | protocol | HTTP | | protocol_port | 80 | | sni_container_refs | | | tenant_id | 5f54b0ad76274f06b13f29458cc1c036 | +---------------------------+------------------------------------------------+ # create a pool [lb01-http-pool] with ROUND_ROBIN Algorithm for the listener created above ubuntu@dlp ~(keystone)$ neutron lbaas-pool-create --name lb01-http-pool --lb-algorithm ROUND_ROBIN --listener lb01-http --protocol HTTP +---------------------+------------------------------------------------+ | Field | Value | +---------------------+------------------------------------------------+ | admin_state_up | True | | description | | | healthmonitor_id | | | id | d6c59b11-cc16-4c50-876d-b9e36f3f5758 | | lb_algorithm | ROUND_ROBIN | | listeners | {"id": "c1b21ee5-fb98-4cb5-97b7-729fb1701bf7"} | | loadbalancers | {"id": "87c32d96-5950-467b-9091-1ddff8960ef0"} | | members | | | name | lb01-http-pool | | protocol | HTTP | | session_persistence | | | tenant_id | 5f54b0ad76274f06b13f29458cc1c036 | +---------------------+------------------------------------------------+ |
[5] | To add members to the pool of listener, it's OK all. |
# instances which httpd are running ubuntu@dlp ~(keystone)$ openstack server list +--------------------------------------+-------------+--------+------------------------+------------+----------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+-------------+--------+------------------------+------------+----------+ | cb026d51-ac2d-45f7-86de-2ac6ae09b4e5 | WebServer02 | ACTIVE | int_net=192.168.100.8 | Ubuntu1804 | m1.small | | fa3219cb-d6d1-45dd-976d-51c99e94e8cd | WebServer01 | ACTIVE | int_net=192.168.100.25 | Ubuntu1804 | m1.small | +--------------------------------------+-------------+--------+------------------------+------------+----------+ # add to the pool as a member ubuntu@dlp ~(keystone)$ neutron lbaas-member-create --name lb01-member-01 --subnet subnet1 --address 192.168.100.25 --protocol-port 80 lb01-http-pool +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | address | 192.168.100.25 | | admin_state_up | True | | id | cf3e3f1c-95df-4c48-a83a-34a76d591f25 | | name | lb01-member-01 | | protocol_port | 80 | | subnet_id | 76c99f19-03aa-4272-826f-969a7204e30e | | tenant_id | 5f54b0ad76274f06b13f29458cc1c036 | | weight | 1 | +----------------+--------------------------------------+ubuntu@dlp ~(keystone)$ neutron lbaas-member-create --name lb01-member-02 --subnet subnet1 --address 192.168.100.8 --protocol-port 80 lb01-http-pool +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | address | 192.168.100.8 | | admin_state_up | True | | id | 8b03c5ad-07df-4456-aca9-7f04e0b6d49e | | name | lb01-member-02 | | protocol_port | 80 | | subnet_id | 76c99f19-03aa-4272-826f-969a7204e30e | | tenant_id | 5f54b0ad76274f06b13f29458cc1c036 | | weight | 1 | +----------------+--------------------------------------+ubuntu@dlp ~(keystone)$ neutron lbaas-member-list lb01-http-pool +--------------------------------------+----------------+----------------+---------------+--------+--------------------------------------+----------------+ | id | name | address | protocol_port | weight | subnet_id | admin_state_up | +--------------------------------------+----------------+----------------+---------------+--------+--------------------------------------+----------------+ | cf3e3f1c-95df-4c48-a83a-34a76d591f25 | lb01-member-01 | 192.168.100.25 | 80 | 1 | 76c99f19-03aa-4272-826f-969a7204e30e | True | | 8b03c5ad-07df-4456-aca9-7f04e0b6d49e | lb01-member-02 | 192.168.100.8 | 80 | 1 | 76c99f19-03aa-4272-826f-969a7204e30e | True | +--------------------------------------+----------------+----------------+---------------+--------+--------------------------------------+----------------+ |
[6] | Verify possible access or not. The example is on the Network Node that can access to Neutron private network namespace, and verify to access to the VIP of LB. |
root@network:~#
ip netns qrouter-8554cc7f-a92d-4b43-b961-f710c3485f50 (id: 1) qdhcp-12592b6b-2a62-491c-892c-1d2a99580be1 (id: 0) # load-balanced by ROUND_ROBIN root@network:~# ip netns exec qrouter-8554cc7f-a92d-4b43-b961-f710c3485f50 curl 192.168.100.7 Web_Server_01 root@network:~# ip netns exec qrouter-8554cc7f-a92d-4b43-b961-f710c3485f50 curl 192.168.100.7 Web_Server_02 root@network:~# ip netns exec qrouter-8554cc7f-a92d-4b43-b961-f710c3485f50 curl 192.168.100.7 Web_Server_01 |
[7] | To assosiate floating IP with VIP-Port of LB, it's possible to access from public network. |
ubuntu@dlp ~(keystone)$ openstack floating ip list +--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+ | ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project | +--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+ | 970b0e51-5f34-48db-bee3-324e810b8be9 | 10.0.0.207 | None | None | bb5d5b4a-a8fa-4060-ba35-994db4051d7a | 5f54b0ad76274f06b13f29458cc1c036 | +--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+ubuntu@dlp ~(keystone)$ neutron lbaas-loadbalancer-show lb01 +---------------------+------------------------------------------------+ | Field | Value | +---------------------+------------------------------------------------+ | admin_state_up | True | | description | | | id | 87c32d96-5950-467b-9091-1ddff8960ef0 | | listeners | {"id": "c1b21ee5-fb98-4cb5-97b7-729fb1701bf7"} | | name | lb01 | | operating_status | ONLINE | | pools | {"id": "d6c59b11-cc16-4c50-876d-b9e36f3f5758"} | | provider | haproxy | | provisioning_status | ACTIVE | | tenant_id | 5f54b0ad76274f06b13f29458cc1c036 | | vip_address | 192.168.100.7 | | vip_port_id | 7d2199c6-5e5c-45c1-b9b8-7b748adaaeac | | vip_subnet_id | 76c99f19-03aa-4272-826f-969a7204e30e | +---------------------+------------------------------------------------+
ubuntu@dlp ~(keystone)$
ubuntu@dlp ~(keystone)$ openstack floating ip set --port 7d2199c6-5e5c-45c1-b9b8-7b748adaaeac 10.0.0.207
curl 10.0.0.207 Web_Server_01 ubuntu@dlp ~(keystone)$ curl 10.0.0.207 Web_Server_02 |
Sponsored Link |
|