OpenStack Victoria : Create LoadBalancer Image2020/10/20 |
|
Install and Configure OpenStack Load Balancing as a Service (Octavia).
This example is based on the environment like follows.
Configured Networking is VXLAN like here on this environment.
------------+---------------------------+---------------------------+------------
| | |
eth0|10.0.0.30 eth0|10.0.0.50 eth0|10.0.0.51
+-----------+-----------+ +-----------+-----------+ +-----------+-----------+
| [ Control Node ] | | [ Network Node ] | | [ Compute Node ] |
| | | | | |
| MariaDB RabbitMQ | | L2 Agent | | Libvirt |
| Memcached httpd | | L3 Agent | | Nova Compute |
| Keystone Glance | | Metadata Agent | | L2 Agent |
| Nova API | | Octavia Services | | |
| Neutron Server | | | | |
| Metadata Agent | | | | |
+-----------------------+ +-----------------------+ +-----------------------+
|
| [1] | Create a LoadBalancer Image and add it to Glance. It's OK to work on any node. (example below is on Control Node) |
|
# create an instance image root@dlp ~(keystone)# snap install octavia-diskimage-retrofit --beta --devmode root@dlp ~(keystone)# cd /var/snap/octavia-diskimage-retrofit/common/tmp root@dlp tmp(keystone)# wget https://cloud-images.ubuntu.com/minimal/releases/focal/release/ubuntu-20.04-minimal-cloudimg-amd64.img root@dlp tmp(keystone)# octavia-diskimage-retrofit ubuntu-20.04-minimal-cloudimg-amd64.img ubuntu-amphora-haproxy-amd64.qcow2
# add to Glance root@dlp ~(keystone)# openstack image create "Amphora" --tag "Amphora" --file ubuntu-amphora-haproxy-amd64.qcow2 --disk-format qcow2 --container-format bare --private --project service
# add [flavor] for Amphora instance root@dlp ~(keystone)# openstack flavor create --id 100 --vcpus 1 --ram 1024 --disk 5 m1.octavia --private --project service
# add a security group for Amphora instance root@dlp ~(keystone)# openstack security group create lb-mgmt-sec-group --project service
# allow required ports for security group root@dlp ~(keystone)# openstack security group rule create --protocol icmp --ingress lb-mgmt-sec-group root@dlp ~(keystone)# openstack security group rule create --protocol tcp --dst-port 22:22 lb-mgmt-sec-group root@dlp ~(keystone)# openstack security group rule create --protocol tcp --dst-port 80:80 lb-mgmt-sec-group root@dlp ~(keystone)# openstack security group rule create --protocol tcp --dst-port 443:443 lb-mgmt-sec-group root@dlp ~(keystone)# openstack security group rule create --protocol tcp --dst-port 9443:9443 lb-mgmt-sec-group |
| [2] | Configure Octavia service to set instance ID or security group ID. |
|
root@network:~# openstack image list +--------------------------------------+------------+--------+ | ID | Name | Status | +--------------------------------------+------------+--------+ | 837593dc-0677-49ee-a1d6-6b20167e5af3 | Amphora | active | | 7ba71e53-e270-4d2a-bbe9-0d642a6c019c | Ubuntu2004 | active | +--------------------------------------+------------+--------+root@network:~# openstack flavor list --all +-----+------------+------+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +-----+------------+------+------+-----------+-------+-----------+ | 0 | m1.small | 2048 | 10 | 0 | 1 | True | | 100 | m1.octavia | 1024 | 5 | 0 | 1 | False | +-----+------------+------+------+-----------+-------+-----------+root@network:~# openstack network list +--------------------------------------+---------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+---------+--------------------------------------+ | 5d7b1b73-602d-40e2-a82f-352991de37e0 | public | 7aa5fca7-efe4-4a30-b1f0-0653cc743a1c | | 9f39959f-2f70-400c-aa80-5de54e92cf27 | private | e7e82cb2-29c0-4eea-a459-e212a2bc3650 | +--------------------------------------+---------+--------------------------------------+root@network:~# openstack security group list +--------------------------------------+-------------------+------------------------+----------------------------------+------+ | ID | Name | Description | Project | Tags | +--------------------------------------+-------------------+------------------------+----------------------------------+------+ | 7348dfc6-2af0-4f0d-88cf-4bd7d1f51cb6 | lb-mgmt-sec-group | lb-mgmt-sec-group | 37197271a1954ddb90207a95d5f46488 | [] | | bb635d1a-275d-4bb5-aa65-36df2d918a84 | default | Default security group | b573c9e160864f028fc2d681a929f5af | [] | | f18770a0-d4e8-4768-93df-0ea0251e8742 | secgroup01 | secgroup01 | 6c44eafd4f614985bf74b94f2aee82fb | [] | +--------------------------------------+-------------------+------------------------+----------------------------------+------+
root@network:~#
vi /etc/octavia/octavia.conf # add into [controller_worker] section
[controller_worker]
client_ca = /etc/octavia/certs/client_ca.cert.pem
amp_image_tag = Amphora
# specify [flavor] ID for Amphora instance
amp_flavor_id = 100
# specify security group ID Amphora instance
amp_secgroup_list = 7348dfc6-2af0-4f0d-88cf-4bd7d1f51cb6
# specify network ID to boot Amphora instance (example below specifies public network [public])
amp_boot_network_list = 5d7b1b73-602d-40e2-a82f-352991de37e0
network_driver = allowed_address_pairs_driver
compute_driver = compute_nova_driver
amphora_driver = amphora_haproxy_rest_driver
root@network:~# |
| Sponsored Link |