Installing OpenStack Octavia LBaaS with Juju Charms in Contrail Networking
Contrail Networking Release 2005 supports Octavia as LBaaS. The deployment supports RHOSP and Juju platforms.
With Octavia as LBaaS, Contrail Networking is only maintaining network connectivity and is not involved in any load balancing functions.
For each OpenStack load balancer creation, Octavia launches a VM known as amphora VM. The VM starts the HAPROXY when listener is created for the load balancer in OpenStack. Whenever the load balancer gets updated in OpenStack, amphora VM updates the running HAPROXY configuration. The amphora VM is deleted on deleting the load balancer.
Contrail Networking provides connectivity to amphora VM interfaces. Amphora VM has two interfaces; one for management and the other for data. The management interface is used by the Octavia services for the management communication. Since, Octavia services are running in the underlay network and amphora VM is running in the overlay network, SDN gateway is needed to reach the overlay network. The data interface is used for load balancing.
Follow the procedure to install OpenStack Octavia LBaaS in Canonical deployment:
If you want to run amphora instances on DPDK computes, you have to create your own flavor with the required options and set the ID to configuration of Octavia charm via custom-amp-flavor-id option before call configure-resources. OrSet the required options to created flavor with name charm-octavia by charm
openstack flavor set charm-octavia --property hw:mem_page_size=any
Here is an example for creating and testing load balancer:
Prerequisites:
You must have connectivity between Octavia controller and amphora instances,
You must have OpenStack services into LXD containers.
You must have separate interfaces for control plane and data plane.
Create private network.
openstack network create private openstack subnet create private --network private --subnet-range 10.10.10.0/24 --allocation-pool start=10.10.10.50,end=10.10.10.70 --gateway none
Create security group.
openstack security group create allow_all openstack security group rule create --ingress --protocol any --prefix '0.0.0.0/0' allow_all
Check available flavors and images. You can create them, if needed.
openstack flavor list openstack image list
Create two servers for load balancer.
openstack server create --flavor test_flavor --image cirros --security-group allow_all --network private cirros1 openstack server create --flavor test_flavor --image cirros --security-group allow_all --network private cirros2
Create additional server to test load balancer.
openstack server create --flavor test_flavor --image cirros --security-group allow_all --network private cirros-test
Check status and IP addresses.
openstack server list --long
Create simple HTTP server on every cirros. Login on both the cirros instances and run following commands:
MYIP=$(ifconfig eth0|grep 'inet addr'|awk -F: '{print $2}'| awk '{print $1}') while true; do echo -e "HTTP/1.0 200 OK\r\n\r\nWelcome to $MYIP" | sudo nc -l -p 80 ; done&Create load balancer
openstack loadbalancer create --name lb1 --vip-subnet-id private
Make sure provisioning_status is Active.
openstack loadbalancer show lb1
Setup load balancer
openstack loadbalancer listener create --protocol HTTP --protocol-port 80 --name listener1 lb1 openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE. openstack loadbalancer pool create --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --name pool1 openstack loadbalancer healthmonitor create --delay 5 --timeout 2 --max-retries 1 --type HTTP pool1 openstack loadbalancer member create --subnet-id private --address 10.10.10.50 --protocol-port 80 pool1 openstack loadbalancer member create --subnet-id private --address 10.10.10.51 --protocol-port 80 pool1
IP addresses 10.10.10.50 and 10.10.10.51 belong to VMs created with test http server in step 7.
Check the status of load balancer.
openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE. openstack loadbalancer pool list openstack loadbalancer pool show pool1 openstack loadbalancer member list pool1 openstack loadbalancer listener list
Login to load balancer client and verify if round robin works.
ubuntu@comp-1:~$ ssh cirros@169.x.0.9 The authenticity of host '169.x.0.9 (169.x.0.9)' can't be established. RSA key fingerprint is SHA256:jv0qgZkorxxxxxxxmykOSVQV3fFl0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '169.x.0.9' (RSA) to the list of known hosts. cirros@169.x.0.9's password: $ curl 10.10.10.50 Welcome to 10.10.10.52 $ curl 10.10.10.50 Welcome to 10.10.10.53 $ curl 10.10.10.50 Welcome to 10.10.10.52 $ curl 10.10.10.50 Welcome to 10.10.10.53 $ curl 10.10.10.50 Welcome to 10.10.10.52 $ curl 10.10.10.50 Welcome to 10.10.10.53
Sample octavia-bundle.yaml file
# Loadbalancer (LBAASv2) with Octavia - requires Rocky or later
---
applications:
barbican:
charm: cs:barbican
num_units: 1
options:
openstack-origin: cloud:bionic-train
to:
- lxd:4
barbican-vault:
charm: cs:barbican-vault-12
octavia:
series: bionic
charm: cs:~apavlov-e/octavia
num_units: 1
options:
openstack-origin: cloud:bionic-train
create-mgmt-network: false
to:
- lxd:4
octavia-dashboard:
charm: cs:octavia-dashboard
vault:
charm: cs:vault
num_units: 1
to:
- lxd:4
glance-simplestreams-sync:
charm: cs:glance-simplestreams-sync
num_units: 1
options:
source: ppa:simplestreams-dev/trunk
use_swift: false
to:
- lxd:4
octavia-diskimage-retrofit:
charm: cs:octavia-diskimage-retrofit
options:
amp-image-tag: 'octavia-amphora'
retrofit-uca-pocket: train
relations:
- - mysql:shared-db
- octavia:shared-db
- - mysql:shared-db
- barbican:shared-db
- - mysql:shared-db
- vault:shared-db
- - keystone:identity-service
- octavia:identity-service
- - keystone:identity-service
- barbican:identity-service
- - rabbitmq-server:amqp
- octavia:amqp
- - rabbitmq-server:amqp
- barbican:amqp
- - neutron-api:neutron-load-balancer
- octavia:neutron-api
- - openstack-dashboard:dashboard-plugin
- octavia-dashboard:dashboard
- - barbican-vault:secrets
- barbican:secrets
- - vault:secrets
- barbican-vault:secrets-storage
- - glance-simplestreams-sync:juju-info
- octavia-diskimage-retrofit:juju-info
- - keystone:identity-service
- glance-simplestreams-sync:identity-service
- - rabbitmq-server:amqp
- glance-simplestreams-sync:amqp
- - keystone:identity-credentials
- octavia-diskimage-retrofit:identity-credentials
- - contrail-openstack
- octavia
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.