OpenStack Stein : Neutron LBaaS V22019/04/12 |
|
Neutron LBaaS (Load-Balancer-as-a-Service) V2 による仮想ロードバランサーの構成です。
当例では、以下のような環境を例に Neutron LBaaS V2 を設定します。
Control ノード、 Network ノード、 Compute ノードの 各 Neutron サービスノードを構築済み 且つ VXLAN による仮想ネットワーク構築済みであることを前提とします。
------------+---------------------------+---------------------------+------------
| | |
eth0|10.0.0.30 eth0|10.0.0.50 eth0|10.0.0.51
+-----------+-----------+ +-----------+-----------+ +-----------+-----------+
| [ Control Node ] | | [ Network Node ] | | [ Compute Node ] |
| | | | | |
| MariaDB RabbitMQ | | L2 Agent | | Libvirt |
| Memcached httpd | | L3 Agent | | Nova Compute |
| Keystone Glance | | Metadata Agent | | L2 Agent |
| Nova API | | LBaaSV2 Agent | | LBaaSV2 Agent |
| Neutron Server | | | | |
| Metadata Agent | | | | |
+-----------------------+ +-----------+-----------+ +-----------------------+
eth1|(UP with no IP)
|
| [1] | Control ノードで以下のように設定変更します。 |
|
root@dlp ~(keystone)#
apt -y install neutron-lbaasv2-agent
root@dlp ~(keystone)#
vi /etc/neutron/neutron.conf # service_plugins に追記 service_plugins = router ,lbaasv2
root@dlp ~(keystone)#
vi /etc/neutron/neutron_lbaas.conf # 207行目:追記
[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
root@dlp ~(keystone)#
vi /etc/neutron/lbaas_agent.ini # [DEFAULT] セクション内に追記 [DEFAULT]
interface_driver = linuxbridge
su -s /bin/bash neutron -c "neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head" root@dlp ~(keystone)# systemctl restart neutron-server |
| [2] | Network ノード および Compute ノードで以下のように同様の設定変更をします。 |
|
root@network:~#
apt -y install neutron-lbaasv2-agent haproxy
root@network:~#
vi /etc/neutron/neutron.conf # service_plugins に追記 service_plugins = router ,lbaasv2
root@network:~#
vi /etc/neutron/neutron_lbaas.conf # 207行目:追記
[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
root@network:~#
vi /etc/neutron/lbaas_agent.ini # [DEFAULT] セクション内に追記 [DEFAULT]
interface_driver = linuxbridge
systemctl restart neutron-lbaasv2-agent root@network:~# systemctl enable neutron-lbaasv2-agent |
| [3] | Control ノードで Neutron サービスを確認し、Loadbalancerv2 agent が UP していれば OK です。 |
|
root@dlp ~(keystone)# openstack network agent list +--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+ | 0904751e-e3f0-412f-8d4c-8aa901fb81b4 | Linux bridge agent | node01.srv.world | None | :-) | UP | neutron-linuxbridge-agent | | 5086bf0b-f03e-4b37-9102-4ad2f1253c25 | Loadbalancerv2 agent | node01.srv.world | None | :-) | UP | neutron-lbaasv2-agent | | 5bba28da-407f-49f4-9c68-9e2897f43dcb | Loadbalancerv2 agent | dlp.srv.world | None | :-) | UP | neutron-lbaasv2-agent | | 73c24b54-a68c-4592-b1c2-4befb9b11612 | L3 agent | network.srv.world | nova | :-) | UP | neutron-l3-agent | | a790f336-df80-445b-b449-47af9e272dbd | Loadbalancerv2 agent | network.srv.world | None | :-) | UP | neutron-lbaasv2-agent | | b54fd4ab-d61d-4509-8a55-9f0bce50c3eb | DHCP agent | network.srv.world | nova | :-) | UP | neutron-dhcp-agent | | be4a605d-8126-431a-a55d-bc82d11ba57b | Metadata agent | network.srv.world | None | :-) | UP | neutron-metadata-agent | | c1337f30-786c-4e73-9910-6f16630e811b | Metadata agent | dlp.srv.world | None | :-) | UP | neutron-metadata-agent | | d4ed35e2-43ae-4f68-bde5-f466898dbcda | Linux bridge agent | network.srv.world | None | :-) | UP | neutron-linuxbridge-agent | +--------------------------------------+----------------------+-------------------+-------------------+-------+-------+---------------------------+ |
| [4] | 任意の Openstack 利用可能ユーザーでログインし、仮想ロードバランサーを作成します。 作業場所はどこでもよいですが、当例では Control ノード上で作業します。 |
|
# 自身のネットワーク環境確認 ubuntu@dlp ~(keystone)$ openstack network list +--------------------------------------+---------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+---------+--------------------------------------+ | 4ac44922-6ee9-4f99-9901-06cd69bcb64b | ext_net | 19f83d21-e41f-4e96-8da1-84bfba298fc7 | | 596c0921-5acb-42e1-8b44-ff549c30cded | int_net | d09f2fd8-07d9-4365-9e5b-5aeb471a1b72 | +--------------------------------------+---------+--------------------------------------+ubuntu@dlp ~(keystone)$ openstack subnet list +--------------------------------------+---------+--------------------------------------+------------------+ | ID | Name | Network | Subnet | +--------------------------------------+---------+--------------------------------------+------------------+ | d09f2fd8-07d9-4365-9e5b-5aeb471a1b72 | subnet1 | 596c0921-5acb-42e1-8b44-ff549c30cded | 192.168.100.0/24 | +--------------------------------------+---------+--------------------------------------+------------------+ # subnet1 に 仮想 LB [lb01] 作成 ubuntu@dlp ~(keystone)$ neutron lbaas-loadbalancer-create --name lb01 subnet1 +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | admin_state_up | True | | description | | | id | 73e22025-12cb-41aa-bfd7-2f9a3f74fd5d | | listeners | | | name | lb01 | | operating_status | OFFLINE | | pools | | | provider | haproxy | | provisioning_status | PENDING_CREATE | | tenant_id | ff03eefa265b423aa3375acb46a8e4e0 | | vip_address | 192.168.100.79 | | vip_port_id | d5d89d1e-c47b-4e74-b5d8-9809f46050fb | | vip_subnet_id | d09f2fd8-07d9-4365-9e5b-5aeb471a1b72 | +---------------------+--------------------------------------+ # [lb01] 用のセキュリティグループを作成し、負荷分散したいサービスポートを許可 (下例は 80ポート) ubuntu@dlp ~(keystone)$ openstack security group create lbaasv2 ubuntu@dlp ~(keystone)$ openstack security group rule create --protocol icmp --ingress lbaasv2 ubuntu@dlp ~(keystone)$ openstack security group rule create --protocol tcp --dst-port 80:80 lbaasv2
# セキュリティグループ [lbaasv2] を 仮想 LB [lb01] の [vip_port_id] に適用 ubuntu@dlp ~(keystone)$ openstack port set --security-group lbaasv2 d5d89d1e-c47b-4e74-b5d8-9809f46050fb
# 負荷分散したいサービスポートのリスナーを作成 (下例は 80ポート) ubuntu@dlp ~(keystone)$ neutron lbaas-listener-create --name lb01-http --loadbalancer lb01 --protocol HTTP --protocol-port 80
+---------------------------+------------------------------------------------+
| Field | Value |
+---------------------------+------------------------------------------------+
| admin_state_up | True |
| connection_limit | -1 |
| default_pool_id | |
| default_tls_container_ref | |
| description | |
| id | a68885c0-44dc-4e17-a725-ae1464871c86 |
| loadbalancers | {"id": "73e22025-12cb-41aa-bfd7-2f9a3f74fd5d"} |
| name | lb01-http |
| protocol | HTTP |
| protocol_port | 80 |
| sni_container_refs | |
| tenant_id | ff03eefa265b423aa3375acb46a8e4e0 |
+---------------------------+------------------------------------------------+
# 作成したリスナーに 負荷分散アルゴリズム ROUND_ROBIN で プール [lb01-http-pool] 作成 ubuntu@dlp ~(keystone)$ neutron lbaas-pool-create --name lb01-http-pool --lb-algorithm ROUND_ROBIN --listener lb01-http --protocol HTTP
+---------------------+------------------------------------------------+
| Field | Value |
+---------------------+------------------------------------------------+
| admin_state_up | True |
| description | |
| healthmonitor_id | |
| id | 94ab097d-29bd-4e34-b659-bd7b1aa3b92d |
| lb_algorithm | ROUND_ROBIN |
| listeners | {"id": "a68885c0-44dc-4e17-a725-ae1464871c86"} |
| loadbalancers | {"id": "73e22025-12cb-41aa-bfd7-2f9a3f74fd5d"} |
| members | |
| name | lb01-http-pool |
| protocol | HTTP |
| session_persistence | |
| tenant_id | ff03eefa265b423aa3375acb46a8e4e0 |
+---------------------+------------------------------------------------+
|
| [5] | 負荷分散したいインスタンスを、作成したリスナーのプールメンバーに割り当てることで負荷分散できるようになります。 |
|
# httpd が起動しているインスタンス ubuntu@dlp ~(keystone)$ openstack server list +--------------------------------------+-------------+--------+-------------------------+------------+----------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+-------------+--------+-------------------------+------------+----------+ | aaa27b11-7866-4bbc-9ec6-f7e7616a1cd9 | WebServer02 | ACTIVE | int_net=192.168.100.230 | Ubuntu1804 | m1.small | | 475da96e-f681-4a1e-9cde-26b61a7fb7e5 | WebServer01 | ACTIVE | int_net=192.168.100.41 | Ubuntu1804 | m1.small | +--------------------------------------+-------------+--------+-------------------------+------------+----------+ # プールメンバーに適用 ubuntu@dlp ~(keystone)$ neutron lbaas-member-create --name lb01-member-01 --subnet subnet1 --address 192.168.100.41 --protocol-port 80 lb01-http-pool +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | address | 192.168.100.41 | | admin_state_up | True | | id | 31eb19db-dc6c-479f-8e02-d2063c2dfaf0 | | name | lb01-member-01 | | protocol_port | 80 | | subnet_id | d09f2fd8-07d9-4365-9e5b-5aeb471a1b72 | | tenant_id | ff03eefa265b423aa3375acb46a8e4e0 | | weight | 1 | +----------------+--------------------------------------+ubuntu@dlp ~(keystone)$ neutron lbaas-member-create --name lb01-member-02 --subnet subnet1 --address 192.168.100.230 --protocol-port 80 lb01-http-pool +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | address | 192.168.100.230 | | admin_state_up | True | | id | 7a9bc781-4c50-47d5-b240-472162b2ff4c | | name | lb01-member-02 | | protocol_port | 80 | | subnet_id | d09f2fd8-07d9-4365-9e5b-5aeb471a1b72 | | tenant_id | ff03eefa265b423aa3375acb46a8e4e0 | | weight | 1 | +----------------+--------------------------------------+ubuntu@dlp ~(keystone)$ neutron lbaas-member-list lb01-http-pool +--------------------------------------+----------------+-----------------+---------------+--------+--------------------------------------+----------------+ | id | name | address | protocol_port | weight | subnet_id | admin_state_up | +--------------------------------------+----------------+-----------------+---------------+--------+--------------------------------------+----------------+ | 7a9bc781-4c50-47d5-b240-472162b2ff4c | lb01-member-02 | 192.168.100.230 | 80 | 1 | d09f2fd8-07d9-4365-9e5b-5aeb471a1b72 | True | | 31eb19db-dc6c-479f-8e02-d2063c2dfaf0 | lb01-member-01 | 192.168.100.41 | 80 | 1 | d09f2fd8-07d9-4365-9e5b-5aeb471a1b72 | True | +--------------------------------------+----------------+-----------------+---------------+--------+--------------------------------------+----------------+ |
| [6] | インスタンスのプライベートネットワークのネームスペースにアクセス可能なネットワークノード等から、仮想ロードバランサーの 仮想IP 宛てに、設定したプロトコルでアクセスして正常に負荷分散されるか確認します。 |
|
root@network:~#
ip netns qrouter-c51bc54c-9c42-457b-ba3d-b42d715c9a33 (id: 1) qdhcp-596c0921-5acb-42e1-8b44-ff549c30cded (id: 0) # 設定通りラウンドロビンで負荷分散される root@network:~# ip netns exec qrouter-c51bc54c-9c42-457b-ba3d-b42d715c9a33 curl 192.168.100.79 Web_Server_01 root@network:~# ip netns exec qrouter-c51bc54c-9c42-457b-ba3d-b42d715c9a33 curl 192.168.100.79 Web_Server_02 root@network:~# ip netns exec qrouter-c51bc54c-9c42-457b-ba3d-b42d715c9a33 curl 192.168.100.79 Web_Server_01 |
| [7] | フローティング IP を 仮想ロードバランサーの 仮想IPポートに関連付けることで、パブリックネットワークからもアクセス可能です。 |
|
ubuntu@dlp ~(keystone)$ openstack floating ip list +--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+ | ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project | +--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+ | 602c7a0e-705b-4933-ae26-a06fb24f77b0 | 10.0.0.202 | None | None | 4ac44922-6ee9-4f99-9901-06cd69bcb64b | ff03eefa265b423aa3375acb46a8e4e0 | +--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+ubuntu@dlp ~(keystone)$ neutron lbaas-loadbalancer-show lb01
+---------------------+------------------------------------------------+
| Field | Value |
+---------------------+------------------------------------------------+
| admin_state_up | True |
| description | |
| id | 73e22025-12cb-41aa-bfd7-2f9a3f74fd5d |
| listeners | {"id": "a68885c0-44dc-4e17-a725-ae1464871c86"} |
| name | lb01 |
| operating_status | ONLINE |
| pools | {"id": "94ab097d-29bd-4e34-b659-bd7b1aa3b92d"} |
| provider | haproxy |
| provisioning_status | ACTIVE |
| tenant_id | ff03eefa265b423aa3375acb46a8e4e0 |
| vip_address | 192.168.100.79 |
| vip_port_id | d5d89d1e-c47b-4e74-b5d8-9809f46050fb |
| vip_subnet_id | d09f2fd8-07d9-4365-9e5b-5aeb471a1b72 |
+---------------------+------------------------------------------------+
ubuntu@dlp ~(keystone)$
ubuntu@dlp ~(keystone)$ openstack floating ip set --port d5d89d1e-c47b-4e74-b5d8-9809f46050fb 10.0.0.202
curl 10.0.0.202 Web_Server_01 ubuntu@dlp ~(keystone)$ curl 10.0.0.202 Web_Server_02 ubuntu@dlp ~(keystone)$ curl 10.0.0.202 Web_Server_01 |
| Sponsored Link |