CentOS 7
Sponsored Link

OpenStack Rocky : Neutron LBaaS V22018/10/24

 
Neutron LBaaS (Load-Balancer-as-a-Service) V2 による仮想ロードバランサーの構成です。
当例では、以下のような環境を例に Neutron LBaaS V2 を設定します。
Control ノードNetwork ノードCompute ノードの 各 Neutron サービスノードを構築済み 且つ VXLAN による仮想ネットワーク構築済みであることを前提とします。
------------+---------------------------+---------------------------+------------
            |                           |                           |
        eth0|10.0.0.30              eth0|10.0.0.50              eth0|10.0.0.51
+-----------+-----------+   +-----------+-----------+   +-----------+-----------+
|    [ Control Node ]   |   |    [ Network Node ]   |   |    [ Compute Node ]   |
|                       |   |                       |   |                       |
|  MariaDB    RabbitMQ  |   |      Open vSwitch     |   |        Libvirt        |
|  Memcached  httpd     |   |        L2 Agent       |   |     Nova Compute      |
|  Keystone   Glance    |   |        L3 Agent       |   |      Open vSwitch     |
|  Nova API             |   |     Metadata Agent    |   |        L2 Agent       |
|  Neutron Server       |   |      LBaaSV2 Agent    |   |      LBaaSV2 Agent    |
|  Metadata Agent       |   |                       |   |                       |
+-----------------------+   +-----------+-----------+   +-----------------------+
                                    eth1|(UP with no IP)

[1] Control ノードで以下のように設定変更します。
# Rocky, EPEL からインストール

[root@dlp ~(keystone)]#
yum --enablerepo=centos-openstack-rocky,epel -y install openstack-neutron-lbaas net-tools
[root@dlp ~(keystone)]#
vi /etc/neutron/neutron.conf
# service_plugins に追記

service_plugins = router
,lbaasv2
[root@dlp ~(keystone)]#
vi /etc/neutron/neutron_lbaas.conf
# 207行目:追記

[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default

[root@dlp ~(keystone)]#
vi /etc/neutron/lbaas_agent.ini
# [DEFAULT] セクション内に追記

[DEFAULT]
interface_driver = openvswitch
[root@dlp ~(keystone)]#
su -s /bin/bash neutron -c "neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"

[root@dlp ~(keystone)]#
systemctl restart neutron-server

[2] Network ノード および Compute ノードで以下のように同様の設定変更をします。
# Rocky, EPEL からインストール

[root@network ~]#
yum --enablerepo=centos-openstack-rocky,epel -y install openstack-neutron-lbaas haproxy net-tools
[root@network ~]#
vi /etc/neutron/neutron.conf
# service_plugins に追記

service_plugins = router
,lbaasv2
[root@network ~]#
vi /etc/neutron/neutron_lbaas.conf
# 207行目:追記

[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default

[root@network ~]#
vi /etc/neutron/lbaas_agent.ini
# [DEFAULT] セクション内に追記

[DEFAULT]
interface_driver = openvswitch
[root@network ~]#
systemctl start neutron-lbaasv2-agent

[root@network ~]#
systemctl enable neutron-lbaasv2-agent

[3] Control ノードで Neutron サービスを確認し、Loadbalancerv2 agent が UP していれば OK です。
[root@dlp ~(keystone)]#
openstack network agent list

+--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type           | Host              | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+
| 3aee1189-5705-48fe-b7e5-f4a61c755b10 | DHCP agent           | network.srv.world | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 43869987-1159-4f7f-97d4-67998a467ca6 | Open vSwitch agent   | network.srv.world | None              | :-)   | UP    | neutron-openvswitch-agent |
| 4db9d701-0e84-4159-bc71-12bace01f65e | Metadata agent       | network.srv.world | None              | :-)   | UP    | neutron-metadata-agent    |
| 4fbc154c-6891-46f2-8018-5ce2cc62125e | Loadbalancerv2 agent | node01.srv.world  | None              | :-)   | UP    | neutron-lbaasv2-agent     |
| 5175a41e-fd11-4a9c-abab-b6d49a517151 | Open vSwitch agent   | node01.srv.world  | None              | :-)   | UP    | neutron-openvswitch-agent |
| 5494eac3-6005-4c7b-bb95-0de13f6c9064 | L3 agent             | network.srv.world | nova              | :-)   | UP    | neutron-l3-agent          |
| c0d4e216-2989-4017-9ebf-c6ad013a681e | Loadbalancerv2 agent | network.srv.world | None              | :-)   | UP    | neutron-lbaasv2-agent     |
| f37cca94-400e-46e2-90d7-28afd46c3059 | Metadata agent       | dlp.srv.world     | None              | :-)   | UP    | neutron-metadata-agent    |
+--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+
[4] 任意の Openstack 利用可能ユーザーでログインし、仮想ロードバランサーを作成します。
作業場所はどこでもよいですが、当例では Control ノード上で作業します。
# 自身のネットワーク環境確認

[cent@dlp ~(keystone)]$
openstack network list

+--------------------------------------+---------+--------------------------------------+
| ID                                   | Name    | Subnets                              |
+--------------------------------------+---------+--------------------------------------+
| 6e5d586b-b305-4615-ab0c-dacd67cbb2dd | int_net | 559892d3-dcc7-4e9d-824c-099c600820c5 |
| befac86b-0fe3-4da3-9324-2a0593a72d93 | ext_net | d758038d-1298-477d-85a5-24903dfab31e |
+--------------------------------------+---------+--------------------------------------+
[cent@dlp ~(keystone)]$
openstack subnet list

+--------------------------------------+---------+--------------------------------------+------------------+
| ID                                   | Name    | Network                              | Subnet           |
+--------------------------------------+---------+--------------------------------------+------------------+
| 559892d3-dcc7-4e9d-824c-099c600820c5 | subnet1 | 6e5d586b-b305-4615-ab0c-dacd67cbb2dd | 192.168.100.0/24 |
+--------------------------------------+---------+--------------------------------------+------------------+

# subnet1 に 仮想 LB [lb01] 作成

[cent@dlp ~(keystone)]$
neutron lbaas-loadbalancer-create --name lb01 subnet1

+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| admin_state_up      | True                                 |
| description         |                                      |
| id                  | dbb860cf-0004-469f-877e-2721ff31cedf |
| listeners           |                                      |
| name                | lb01                                 |
| operating_status    | OFFLINE                              |
| pools               |                                      |
| provider            | haproxy                              |
| provisioning_status | PENDING_CREATE                       |
| tenant_id           | 3c9dc9d8d71149a7b835e1f5813d2eb8     |
| vip_address         | 192.168.100.9                        |
| vip_port_id         | 3562f827-5077-421e-a317-69ddded616ff |
| vip_subnet_id       | 559892d3-dcc7-4e9d-824c-099c600820c5 |
+---------------------+--------------------------------------+

# [lb01] 用のセキュリティグループを作成し、負荷分散したいサービスポートを許可 (下例は 80ポート)

[cent@dlp ~(keystone)]$
openstack security group create lbaasv2

[cent@dlp ~(keystone)]$
openstack security group rule create --protocol icmp --ingress lbaasv2

[cent@dlp ~(keystone)]$
openstack security group rule create --protocol tcp --dst-port 80:80 lbaasv2
# セキュリティグループ [lbaasv2] を 仮想 LB [lb01] の [vip_port_id] に適用

[cent@dlp ~(keystone)]$
openstack port set --security-group lbaasv2 3562f827-5077-421e-a317-69ddded616ff
# 負荷分散したいサービスポートのリスナーを作成 (下例は 80ポート)

[cent@dlp ~(keystone)]$
neutron lbaas-listener-create --name lb01-http --loadbalancer lb01 --protocol HTTP --protocol-port 80

+---------------------------+------------------------------------------------+
| Field                     | Value                                          |
+---------------------------+------------------------------------------------+
| admin_state_up            | True                                           |
| connection_limit          | -1                                             |
| default_pool_id           |                                                |
| default_tls_container_ref |                                                |
| description               |                                                |
| id                        | 7f9e4345-5b40-4b2f-869f-77ed890e79f0           |
| loadbalancers             | {"id": "dbb860cf-0004-469f-877e-2721ff31cedf"} |
| name                      | lb01-http                                      |
| protocol                  | HTTP                                           |
| protocol_port             | 80                                             |
| sni_container_refs        |                                                |
| tenant_id                 | 3c9dc9d8d71149a7b835e1f5813d2eb8               |
+---------------------------+------------------------------------------------+

# 作成したリスナーに 負荷分散アルゴリズム ROUND_ROBIN で プール [lb01-http-pool] 作成

[cent@dlp ~(keystone)]$
neutron lbaas-pool-create --name lb01-http-pool --lb-algorithm ROUND_ROBIN --listener lb01-http --protocol HTTP

+---------------------+------------------------------------------------+
| Field               | Value                                          |
+---------------------+------------------------------------------------+
| admin_state_up      | True                                           |
| description         |                                                |
| healthmonitor_id    |                                                |
| id                  | d9a0d57a-b073-42fb-90fd-73014b2d8773           |
| lb_algorithm        | ROUND_ROBIN                                    |
| listeners           | {"id": "7f9e4345-5b40-4b2f-869f-77ed890e79f0"} |
| loadbalancers       | {"id": "dbb860cf-0004-469f-877e-2721ff31cedf"} |
| members             |                                                |
| name                | lb01-http-pool                                 |
| protocol            | HTTP                                           |
| session_persistence |                                                |
| tenant_id           | 3c9dc9d8d71149a7b835e1f5813d2eb8               |
+---------------------+------------------------------------------------+
[5] 負荷分散したいインスタンスを、作成したリスナーのプールメンバーに割り当てることで負荷分散できるようになります。
# httpd が起動しているインスタンス

[cent@dlp ~(keystone)]$
openstack server list

+--------------------------------------+-------------+--------+------------------------+---------+----------+
| ID                                   | Name        | Status | Networks               | Image   | Flavor   |
+--------------------------------------+-------------+--------+------------------------+---------+----------+
| bf084a32-e911-431b-b118-180ca8c8e447 | WebServer01 | ACTIVE | int_net=192.168.100.5  | CentOS7 | m1.small |
| 3c377393-cb7e-49d3-ba18-015d0a0030b2 | WebServer02 | ACTIVE | int_net=192.168.100.16 | CentOS7 | m1.small |
+--------------------------------------+-------------+--------+------------------------+---------+----------+

# プールメンバーに適用

[cent@dlp ~(keystone)]$
neutron lbaas-member-create --name lb01-member-01 --subnet subnet1 --address 192.168.100.5 --protocol-port 80 lb01-http-pool

+----------------+--------------------------------------+
| Field          | Value                                |
+----------------+--------------------------------------+
| address        | 192.168.100.5                        |
| admin_state_up | True                                 |
| id             | 75352987-1976-432b-8c64-5ffd9dc8db1a |
| name           | lb01-member-01                       |
| protocol_port  | 80                                   |
| subnet_id      | 559892d3-dcc7-4e9d-824c-099c600820c5 |
| tenant_id      | 3c9dc9d8d71149a7b835e1f5813d2eb8     |
| weight         | 1                                    |
+----------------+--------------------------------------+
[cent@dlp ~(keystone)]$
neutron lbaas-member-create --name lb01-member-02 --subnet subnet1 --address 192.168.100.16 --protocol-port 80 lb01-http-pool

+----------------+--------------------------------------+
| Field          | Value                                |
+----------------+--------------------------------------+
| address        | 192.168.100.16                       |
| admin_state_up | True                                 |
| id             | dce7301f-8429-4a97-9898-0ee74d42c447 |
| name           | lb01-member-02                       |
| protocol_port  | 80                                   |
| subnet_id      | 559892d3-dcc7-4e9d-824c-099c600820c5 |
| tenant_id      | 3c9dc9d8d71149a7b835e1f5813d2eb8     |
| weight         | 1                                    |
+----------------+--------------------------------------+

[cent@dlp ~(keystone)]$
neutron lbaas-member-list lb01-http-pool

+--------------------------------------+----------------+----------------+---------------+--------+--------------------------------------+----------------+
| id                                   | name           | address        | protocol_port | weight | subnet_id                            | admin_state_up |
+--------------------------------------+----------------+----------------+---------------+--------+--------------------------------------+----------------+
| dce7301f-8429-4a97-9898-0ee74d42c447 | lb01-member-02 | 192.168.100.16 |            80 |      1 | 559892d3-dcc7-4e9d-824c-099c600820c5 | True           |
| 75352987-1976-432b-8c64-5ffd9dc8db1a | lb01-member-01 | 192.168.100.5  |            80 |      1 | 559892d3-dcc7-4e9d-824c-099c600820c5 | True           |
+--------------------------------------+----------------+----------------+---------------+--------+--------------------------------------+----------------+
[6] インスタンスのプライベートネットワークのネームスペースにアクセス可能なネットワークノード等から、仮想ロードバランサーの 仮想IP 宛てに、設定したプロトコルでアクセスして正常に負荷分散されるか確認します。
[root@network ~]#
ip netns

qrouter-d0e1e195-792c-47dd-addc-68e386ec73b5 (id: 1)
qdhcp-6e5d586b-b305-4615-ab0c-dacd67cbb2dd (id: 0)
# 設定通りラウンドロビンで負荷分散される

[root@network ~]#
ip netns exec qrouter-d0e1e195-792c-47dd-addc-68e386ec73b5 curl 192.168.100.9

Web_Server_01
[root@network ~]#
ip netns exec qrouter-d0e1e195-792c-47dd-addc-68e386ec73b5 curl 192.168.100.9

Web_Server_02
[root@network ~]#
ip netns exec qrouter-d0e1e195-792c-47dd-addc-68e386ec73b5 curl 192.168.100.9

Web_Server_01
[7] フローティング IP を 仮想ロードバランサーの 仮想IPポートに関連付けることで、パブリックネットワークからもアクセス可能です。
[cent@dlp ~(keystone)]$
openstack floating ip list

+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID                                   | Floating IP Address | Fixed IP Address | Port | Floating Network                     | Project                          |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| 8bcd1d6a-1c18-42fe-8525-03daa868dc44 | 10.0.0.207          | None             | None | befac86b-0fe3-4da3-9324-2a0593a72d93 | 3c9dc9d8d71149a7b835e1f5813d2eb8 |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
[cent@dlp ~(keystone)]$
neutron lbaas-loadbalancer-show lb01

+---------------------+------------------------------------------------+
| Field               | Value                                          |
+---------------------+------------------------------------------------+
| admin_state_up      | True                                           |
| description         |                                                |
| id                  | dbb860cf-0004-469f-877e-2721ff31cedf           |
| listeners           | {"id": "7f9e4345-5b40-4b2f-869f-77ed890e79f0"} |
| name                | lb01                                           |
| operating_status    | ONLINE                                         |
| pools               | {"id": "d9a0d57a-b073-42fb-90fd-73014b2d8773"} |
| provider            | haproxy                                        |
| provisioning_status | ACTIVE                                         |
| tenant_id           | 3c9dc9d8d71149a7b835e1f5813d2eb8               |
| vip_address         | 192.168.100.9                                  |
| vip_port_id         | 3562f827-5077-421e-a317-69ddded616ff           |
| vip_subnet_id       | 559892d3-dcc7-4e9d-824c-099c600820c5           |
+---------------------+------------------------------------------------+

[cent@dlp ~(keystone)]$
openstack floating ip set --port 3562f827-5077-421e-a317-69ddded616ff 10.0.0.207
[cent@dlp ~(keystone)]$
curl 10.0.0.207

Web_Server_01
[cent@dlp ~(keystone)]$
curl 10.0.0.207

Web_Server_02
関連コンテンツ