Wednesday, August 17, 2016

Study OpenStack Octavia in Mitaka by using DevStack (2)

octavia2

Octavia 2

Using CMD Line To Create Octavia Loadbalancer in OpenStack Miataka

I stronly suggest to read this Document

http://egonzalez.org/load-balancer-as-a-service-lbaas/

First of all, we check the loadbalancer list.

stack@devoct:~/devstack$ neutron lbaas-loadbalancer-list
+--------------------------------------+-----------------+-------------+---------------------+----------+
| id                                   | name            | vip_address | provisioning_status | provider |
+--------------------------------------+-----------------+-------------+---------------------+----------+
| 0cc3a0dd-3849-4a95-9f9c-126bb8dc1437 | Load Balancer 1 | 10.0.0.10   | ACTIVE              | octavia  |
| 93a920f0-a934-4ef9-bcb7-32c9ed022966 | Load Balancer 2 | 10.0.0.17   | ACTIVE              | octavia  |
+--------------------------------------+-----------------+-------------+---------------------+----------+

Create Your Own Octavia Service

stack@devoct:~/devstack$ neutron lbaas-loadbalancer-create --name octlb1 privateA

Created a new loadbalancer:
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| admin_state_up      | True                                 |
| description         |                                      |
| id                  | add9a3a0-cec8-495d-8e65-f30c25acd323 |
| listeners           |                                      |
| name                | octlb1                               |
| operating_status    | OFFLINE                              |
| pools               |                                      |
| provider            | octavia                              |
| provisioning_status | PENDING_CREATE                       |
| tenant_id           | 2e72284266cc4259908fbb4d346aa804     |
| vip_address         | 10.0.0.19                            |
| vip_port_id         | 13029199-1637-4428-bdad-edd582ecf5dd |
| vip_subnet_id       | ac07fa63-3052-4a79-9449-d33b3260c8af |
+---------------------+--------------------------------------+
stack@devoct:~/devstack$ neutron lbaas-loadbalancer-list
+--------------------------------------+-----------------+-------------+---------------------+----------+
| id                                   | name            | vip_address | provisioning_status | provider |
+--------------------------------------+-----------------+-------------+---------------------+----------+
| 0cc3a0dd-3849-4a95-9f9c-126bb8dc1437 | Load Balancer 1 | 10.0.0.10   | ACTIVE              | octavia  |
| 93a920f0-a934-4ef9-bcb7-32c9ed022966 | Load Balancer 2 | 10.0.0.17   | ACTIVE              | octavia  |
| add9a3a0-cec8-495d-8e65-f30c25acd323 | octlb1          | 10.0.0.19   | PENDING_CREATE      | octavia  |
+--------------------------------------+-----------------+-------------+---------------------+----------+

Wait octlb1 until provisioning_staus to be ACTIVE. You can also check o-cw.log for debuging. You will see the following log that still connecting to Amphora VM, and it might takes 5 more mins.

2016-08-17 22:02:15.029 20588 INFO octavia.controller.queue.endpoint [-] Creating load balancer 'add9a3a0-cec8-495d-8e65-f30c25acd323'...
2016-08-17 22:02:15.330 20588 INFO octavia.controller.worker.tasks.database_tasks [-] Created Amphora in DB with id 4c033fee-64aa-405b-b75b-f0eedf849379
2016-08-17 22:02:15.539 20588 INFO octavia.certificates.generator.local [-] Signing a certificate request using OpenSSL locally.
2016-08-17 22:02:15.540 20588 INFO octavia.certificates.generator.local [-] Using CA Certificate from config.
2016-08-17 22:02:15.540 20588 INFO octavia.certificates.generator.local [-] Using CA Private Key from config.
2016-08-17 22:02:15.540 20588 INFO octavia.certificates.generator.local [-] Using CA Private Key Passphrase from config.
2016-08-17 22:02:23.599 20588 INFO octavia.controller.worker.tasks.database_tasks [-] Mark ALLOCATED in DB for amphora: 4c033fee-64aa-405b-b75b-f0eedf849379 with compute id fdbaf688-4cef-4e2c-9092-0d7e537e6e5f for load balancer: add9a3a0-cec8-495d-8e65-f30c25acd323
2016-08-17 22:02:23.655 20588 INFO octavia.network.drivers.neutron.allowed_address_pairs [-] Port 13029199-1637-4428-bdad-edd582ecf5dd already exists. Nothing to be done.
2016-08-17 22:02:30.930 20588 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.
2016-08-17 22:02:33.930 20588 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.
2016-08-17 22:02:36.930 20588 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.
2016-08-17 22:02:39.930 20588 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.

Finally, you will see the result that the load balancer is ACTIVE.

2016-08-17 22:08:41.320 20588 INFO octavia.controller.worker.tasks.database_tasks [-] Mark ACTIVE in DB for load balancer id: add9a3a0-cec8-495d-8e65-f30c25acd323

And with command line check status

stack@devoct:~/devstack$ neutron lbaas-loadbalancer-list
+--------------------------------------+-----------------+-------------+---------------------+----------+
| id                                   | name            | vip_address | provisioning_status | provider |
+--------------------------------------+-----------------+-------------+---------------------+----------+
| 0cc3a0dd-3849-4a95-9f9c-126bb8dc1437 | Load Balancer 1 | 10.0.0.10   | ACTIVE              | octavia  |
| 93a920f0-a934-4ef9-bcb7-32c9ed022966 | Load Balancer 2 | 10.0.0.17   | ACTIVE              | octavia  |
| add9a3a0-cec8-495d-8e65-f30c25acd323 | octlb1          | 10.0.0.19   | ACTIVE              | octavia  |
+--------------------------------------+-----------------+-------------+---------------------+----------+

Now we are going to set up LISTENER for backend server.

stack@devoct:~/devstack$ neutron lbaas-listener-create --loadbalancer octlb1 --protocol HTTP --protocol-port 80 --name listener1
Created a new listener:
+---------------------------+------------------------------------------------+
| Field                     | Value                                          |
+---------------------------+------------------------------------------------+
| admin_state_up            | True                                           |
| connection_limit          | -1                                             |
| default_pool_id           |                                                |
| default_tls_container_ref |                                                |
| description               |                                                |
| id                        | 281965c8-c633-4615-a25a-f87722f86aa3           |
| loadbalancers             | {"id": "add9a3a0-cec8-495d-8e65-f30c25acd323"} |
| name                      | listener1                                      |
| protocol                  | HTTP                                           |
| protocol_port             | 80                                             |
| sni_container_refs        |                                                |
| tenant_id                 | 2e72284266cc4259908fbb4d346aa804               |
+---------------------------+------------------------------------------------+

To see the detailed of Listener

stack@devoct:~/devstack$ neutron lbaas-listener-list
+--------------------------------------+--------------------------------------+------------+----------+---------------+----------------+
| id                                   | default_pool_id                      | name       | protocol | protocol_port | admin_state_up |
+--------------------------------------+--------------------------------------+------------+----------+---------------+----------------+
| 906bd763-d1eb-4d7f-967b-669cbdde9bab | 51ae89ca-5f0a-4344-b217-a0527cb11992 | Listener 1 | HTTP     |            80 | True           |
| b13e6283-3612-416f-bbaf-abadb0eccf89 | 75660078-a989-4fbe-8b7f-5576ea05e937 | Listener 1 | HTTP     |            80 | True           |
| 281965c8-c633-4615-a25a-f87722f86aa3 |                                      | listener1  | HTTP     |            80 | True           |
+--------------------------------------+--------------------------------------+------------+----------+---------------+----------------+

Now we can set pool and lb-algorithm to the listner we created.

stack@devoct:~/devstack$ neutron lbaas-pool-create --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --name pool1
Created a new pool:
+---------------------+------------------------------------------------+
| Field               | Value                                          |
+---------------------+------------------------------------------------+
| admin_state_up      | True                                           |
| description         |                                                |
| healthmonitor_id    |                                                |
| id                  | 68f3eda9-396b-4e06-9e88-03e74c38cc35           |
| lb_algorithm        | ROUND_ROBIN                                    |
| listeners           | {"id": "281965c8-c633-4615-a25a-f87722f86aa3"} |
| loadbalancers       | {"id": "add9a3a0-cec8-495d-8e65-f30c25acd323"} |
| members             |                                                |
| name                | pool1                                          |
| protocol            | HTTP                                           |
| session_persistence |                                                |
| tenant_id           | 2e72284266cc4259908fbb4d346aa804               |
+---------------------+------------------------------------------------+

Adding Member Server(Backend Server)

To see how to launch a member server from a Hacked cloud image.

http://gogosatellite.blogspot.tw/2016/08/study-openstack-octavia-in-mitaka-by.html

Assume we have launched a member server with private ip address 10.0.0.15.

stack@devoct:~/devstack$ neutron lbaas-member-create  --subnet privateA --address 10.0.0.15 --protocol-port 80 pool1
Created a new member:
+----------------+--------------------------------------+
| Field          | Value                                |
+----------------+--------------------------------------+
| address        | 10.0.0.15                            |
| admin_state_up | True                                 |
| id             | df142a6e-fa6a-4d44-a9b4-f59628dc4e96 |
| name           |                                      |
| protocol_port  | 80                                   |
| subnet_id      | ac07fa63-3052-4a79-9449-d33b3260c8af |
| tenant_id      | 2e72284266cc4259908fbb4d346aa804     |
| weight         | 1                                    |
+----------------+--------------------------------------+

Where --address is the backend server, member, private IP address.

Security Group

Security Group is quite important, you can see my previous blog.

http://gogosatellite.blogspot.tw/2016/08/study-openstack-octavia-in-mitaka-by.html

check security group of Amphora VM.

Here is my setting of the Amphora VM security group by using admin user. We did nothting about the security group.

stack@devoct:~/devstack$ nova secgroup-list-rules lb-add9a3a0-cec8-495d-8e65-f30c25acd323
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 80        | 80      | 0.0.0.0/0 |              |
| tcp         | 1025      | 1025    | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

check security group of backend server.

Here is my setting of Backend VM default security group by using Demo user. We enable most of port and protocols for connecting from Amphora.

stack@devoct:~/devstack$ nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 80        | 80      | 0.0.0.0/0 |              |
| tcp         | 1         | 65535   | 0.0.0.0/0 |              |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| udp         | 1         | 65535   | 0.0.0.0/0 |              |
| tcp         | 53        | 53      | 0.0.0.0/0 |              |
| tcp         | 443       | 443     | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

Adding floating IP

To create floating IP from floating network.

stack@devoct:~/devstack$ neutron floatingip-create 20daa65b-bcb1-44e0-9297-980050a988a0
Created a new floatingip:
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| description         |                                      |
| fixed_ip_address    |                                      |
| floating_ip_address | 192.168.140.9                        |
| floating_network_id | 20daa65b-bcb1-44e0-9297-980050a988a0 |
| id                  | d6277507-e1eb-4bad-a111-22f787617932 |
| port_id             |                                      |
| router_id           |                                      |
| status              | DOWN                                 |
| tenant_id           | 2e72284266cc4259908fbb4d346aa804     |
+---------------------+--------------------------------------+

Assiicate the id of floating ip to port id of VIP. The port id of VIP was created by command line neutron lbaas-loadbalancer-create --name octlb1 privateA.

stack@devoct:~/devstack$ neutron floatingip-associate d6277507-e1eb-4bad-a111-22f787617932 13029199-1637-4428-bdad-edd582ecf5dd
Associated floating IP d6277507-e1eb-4bad-a111-22f787617932

We can access the web service through the floating ip binded in Octavia load balancer.

Result

junmeinde-MacBook-Pro:~ junmein$ curl 192.168.140.9
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html>
<title>Directory listing for /</title>
<body>
<h2>Directory listing for /</h2>
<hr>
<ul>
<li><a href=".bash_history">.bash_history</a>
<li><a href=".bash_logout">.bash_logout</a>
<li><a href=".bashrc">.bashrc</a>
<li><a href=".cache/">.cache/</a>
<li><a href=".profile">.profile</a>
<li><a href=".ssh/">.ssh/</a>
<li><a href=".sudo_as_admin_successful">.sudo_as_admin_successful</a>
<li><a href=".viminfo">.viminfo</a>
</ul>
<hr>
</body>
</html>

We can connect to backend server via Octavia load balancer.

No comments:

Post a Comment