Create Subnet with 2 Web server VMs

Use the normal way of creating VM instances and add 2 VMs running a webserver into a single subnet

Install LBaaSv2 with the Haproxy driver

Install lbaasv2-agent

Install the lbaasv2-agent on all controllers

sudo apt-get install neutron-lbaasv2-agent

Install the lbaas_agent.ini file

Update the /etc/neutron/lbaas_agent.ini to say the following

[DEFAULT]
verbose = False
debug = False

periodic_interval = 10

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

[haproxy]
user_group = nogroup

send_gratuitous_arp = 3

In /etc/neutron/neutron.conf on all controllers apply the following diff:

--- /etc/neutron/neutron.conf.old       2016-12-19 23:20:35.987369011 +0000
+++ /etc/neutron/neutron.conf   2016-12-19 20:02:23.735785952 +0000
@@ -30,6 +30,7 @@

 # The service plugins Neutron will use (list value)
 #service_plugins =
+service_plugins =  neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.metering.metering_plugin.MeteringPlugin,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2

 # The base MAC address Neutron will use for VIFs. The first 3 octets will remain unchanged. If the 4th octet is not 00, it will also be
 # used. The others will be randomly generated. (string value)
@@ -1361,3 +1362,8 @@

 # Sets the list of available ciphers. value should be a string in the OpenSSL cipher list format. (string value)
 #ciphers = <None>
+
+[service_providers]
+service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default

Restart Neutron servers

sudo service neutron-server restart
sudo service neutron-lbaasv2-agent restart

Configure a LoadBalancer

Create the Loadbalancer

First determine the Subnet ID that contains the hosts you wish to load balance to.


root@node-2:~# openstack server list -f json
[
  {
    "Status": "ACTIVE",
    "Networks": "admin_internal_net=10.109.4.35, 10.109.3.170",
    "ID": "5afe10cb-d302-4c3d-923c-0ed01cf3f8f5",
    "Name": "lbtest"
  },
  {
    "Status": "ACTIVE",
    "Networks": "admin_internal_net=10.109.4.33, 10.109.3.168",
    "ID": "5773ebae-0882-460d-a464-1f97876a6db6",
    "Name": "ex-2ofp-5e5rdjgonxds-z3s44d7kaxjf-server-hak6j4smwxag"
  },
  {
    "Status": "ACTIVE",
    "Networks": "admin_internal_net=10.109.4.32, 10.109.3.167",
    "ID": "f5752b90-7f24-4127-8b45-90e694455f5a",
    "Name": "ex-2ofp-5z22nlq5cuyz-ju4nl35q5nvt-server-z4nje5cpxjsk"
  }
]root@node-2:~# openstack network list --json
usage: openstack network list [-h] [-f {csv,json,table,value,yaml}]
                              [-c COLUMN] [--max-width ] [--noindent]
                              [--quote {all,minimal,none,nonnumeric}]
                              [--external] [--long]
openstack network list: error: unrecognized arguments: --json
root@node-2:~# openstack network list -f json
[
  {
    "Subnets": "449a4a98-5bae-42ed-a4cd-a2a24bd27a6b",
    "ID": "9f178fd6-8914-426d-9f5e-d4ad9a073484",
    "Name": "admin_floating_net"
  },
  {
    "Subnets": "139cc698-f079-4c46-ac0f-6364ad3238d5",
    "ID": "2a165d79-9fdc-486b-8a7b-8db076ebee20",
    "Name": "admin_internal_net"
  }
]root@node-2:~#

oot@node-2:~# neutron lbaas-loadbalancer-create --name test-lb 139cc698-f079-4c46-ac0f-6364ad3238d5
Created a new loadbalancer:
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| admin_state_up      | True                                 |
| description         |                                      |
| id                  | 33fcb82e-ab1d-4c71-90b4-6ce04998b993 |
| listeners           |                                      |
| name                | test-lb                              |
| operating_status    | OFFLINE                              |
| pools               |                                      |
| provider            | haproxy                              |
| provisioning_status | PENDING_CREATE                       |
| tenant_id           | 9388b4bab91e4ac8a8cb96877df6af40     |
| vip_address         | 10.109.4.41                          |
| vip_port_id         | 458fac9d-755e-4c10-ba54-2186076059a4 |
| vip_subnet_id       | 139cc698-f079-4c46-ac0f-6364ad3238d5 |
+---------------------+--------------------------------------+

root@node-2:~# neutron lbaas-loadbalancer-show test-lb
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| admin_state_up      | True                                 |
| description         |                                      |
| id                  | 33fcb82e-ab1d-4c71-90b4-6ce04998b993 |
| listeners           |                                      |
| name                | test-lb                              |
| operating_status    | ONLINE                               |
| pools               |                                      |
| provider            | haproxy                              |
| provisioning_status | ACTIVE                               |
| tenant_id           | 9388b4bab91e4ac8a8cb96877df6af40     |
| vip_address         | 10.109.4.41                          |
| vip_port_id         | 458fac9d-755e-4c10-ba54-2186076059a4 |
| vip_subnet_id       | 139cc698-f079-4c46-ac0f-6364ad3238d5 |
+---------------------+--------------------------------------+


Notice that the Operational status is ONLINE but there are no listeners. Listeners are ports you want the load balancer to manage and balance traffic to. Example HTTP Port 80.

The Mitaka LBaaS doc says that you should be able to ping the vip_address. With OVS you cannot do that. It is because the lbaas network namespace is not created. This is what its like right now

root@node-2:~# ip netns ls qdhcp-2a165d79-9fdc-486b-8a7b-8db076ebee20 haproxy vrouter

To create a ip netns namespace add a listener to the loadbalancer object.

root@node-2:~# neutron lbaas-listener-create --name test-lb-http --loadbalancer test-lb --protocol HTTP --protocol-port 80
Created a new listener:
+---------------------------+------------------------------------------------+
| Field                     | Value                                          |
+---------------------------+------------------------------------------------+
| admin_state_up            | True                                           |
| connection_limit          | -1                                             |
| default_pool_id           |                                                |
| default_tls_container_ref |                                                |
| description               |                                                |
| id                        | 9ea6d06e-a214-4369-a37c-4e612883c76b           |
| loadbalancers             | {"id": "33fcb82e-ab1d-4c71-90b4-6ce04998b993"} |
| name                      | test-lb-http                                   |
| protocol                  | HTTP                                           |
| protocol_port             | 80                                             |
| sni_container_refs        |                                                |
| tenant_id                 | 9388b4bab91e4ac8a8cb96877df6af40               |
+---------------------------+------------------------------------------------+
root@node-2:~# neutron lbaas-loadbalancer-show test-lb
+---------------------+------------------------------------------------+
| Field               | Value                                          |
+---------------------+------------------------------------------------+
| admin_state_up      | True                                           |
| description         |                                                |
| id                  | 33fcb82e-ab1d-4c71-90b4-6ce04998b993           |
| listeners           | {"id": "9ea6d06e-a214-4369-a37c-4e612883c76b"} |
| name                | test-lb                                        |
| operating_status    | ONLINE                                         |
| pools               |                                                |
| provider            | haproxy                                        |
| provisioning_status | ACTIVE                                         |
| tenant_id           | 9388b4bab91e4ac8a8cb96877df6af40               |
| vip_address         | 10.109.4.41                                    |
| vip_port_id         | 458fac9d-755e-4c10-ba54-2186076059a4           |
| vip_subnet_id       | 139cc698-f079-4c46-ac0f-6364ad3238d5           |
+---------------------+------------------------------------------------+
root@node-2:~# ip netns list
qlbaas-33fcb82e-ab1d-4c71-90b4-6ce04998b993
qdhcp-2a165d79-9fdc-486b-8a7b-8db076ebee20
haproxy
vrouter

Notice above that the qlbaas-xxxx namespace has the same ID as the name of the ID of the loadbalancer. In this case it is 33fcb82e-ab1d-4c71-90b4-6ce04998b993.

Now it is possible to ping a test VM from the loadbalancer. This is different than what the Mitaka Docs say.

root@node-2:~# ip netns exec qlbaas-33fcb82e-ab1d-4c71-90b4-6ce04998b993 netshow l3
--------------------------------------------------------------------
To view the legend,  rerun "netshow" cmd with the  "--legend" option
--------------------------------------------------------------------
    Name            Speed      MTU  Mode          Summary
--  --------------  -------  -----  ------------  ------------------------
UP  lo              N/A      65536  Loopback      IP: 127.0.0.1/8, ::1/128
UP  tap458fac9d-75  N/A       1500  Interface/L3  IP: 10.109.4.41/24

root@node-2:~# openstack server list -f json
[
  {
    "Status": "ACTIVE",
    "Networks": "admin_internal_net=10.109.4.35, 10.109.3.170",
    "ID": "5afe10cb-d302-4c3d-923c-0ed01cf3f8f5",
    "Name": "lbtest"
  },
  {
    "Status": "ACTIVE",
    "Networks": "admin_internal_net=10.109.4.33, 10.109.3.168",
    "ID": "5773ebae-0882-460d-a464-1f97876a6db6",
    "Name": "ex-2ofp-5e5rdjgonxds-z3s44d7kaxjf-server-hak6j4smwxag"
  },
  {
    "Status": "ACTIVE",
    "Networks": "admin_internal_net=10.109.4.32, 10.109.3.167",
    "ID": "f5752b90-7f24-4127-8b45-90e694455f5a",
    "Name": "ex-2ofp-5z22nlq5cuyz-ju4nl35q5nvt-server-z4nje5cpxjsk"
  }
]root@node-2:~#

root@node-2:~# ip netns exec qlbaas-33fcb82e-ab1d-4c71-90b4-6ce04998b993 ping -c4 10.109.4.35
PING 10.109.4.35 (10.109.4.35) 56(84) bytes of data.
64 bytes from 10.109.4.35: icmp_seq=1 ttl=64 time=4.47 ms
64 bytes from 10.109.4.35: icmp_seq=2 ttl=64 time=1.17 ms
64 bytes from 10.109.4.35: icmp_seq=3 ttl=64 time=1.08 ms
64 bytes from 10.109.4.35: icmp_seq=4 ttl=64 time=0.911 ms

--- 10.109.4.35 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.911/1.910/4.477/1.484 ms