Skip to content

Instantly share code, notes, and snippets.

@mallow111

mallow111/gist:445e2651f13f198e4f8f Secret

Last active February 29, 2016 18:13
Show Gist options
  • Save mallow111/445e2651f13f198e4f8f to your computer and use it in GitHub Desktop.
Save mallow111/445e2651f13f198e4f8f to your computer and use it in GitHub Desktop.
Download ZIP
Test Scenario ----always go to the same backend node
Raw
gistfile1.txt
Test CASE---create a lb, and a listener(listener1) on port 80, create a pool (pool1) inside of listener1,create a members under pool1(10.0.0.3 on port 80 )create another pool(pool2_out_listener1---it is not assoicated with any listener ) ,inside this new pool create a member(10.0.0.4 on port 81),create 3 L7poliy(reject, direct_to_pool,direct_to_url) on listener1, on each L7policy create a rule (start_with,contains,REGEX).
1. create 2 nova instances 10.0.0.3 with webserver on port 80 and 10.0.0.4 with 2 webservers with port 80 and port 81
2. create a lb
3.create a listener----listener1 on lb1 at port 80
neutron lbaas-listener-create --loadbalancer lb1 --protocol HTTP --protocol-port 80 --name listener1
4.create a pool under listener1----pool1
neutron lbaas-pool-create --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --name pool1
4.1 #create another pool inside of lb1
$neutron lbaas-pool-create --lb-algorithm ROUND_ROBIN --protocol HTTP --name individual_pool2 --loadbalancer lb1
5. #create a pool under listener1----pool1
neutron lbaas-pool-create --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --name pool1
6. #create 1 member on pool1 and another member on individual_pool2
neutron lbaas-member-create --subnet private-subnet --address 10.0.0.3 --protocol-port 80 pool1
neutron lbaas-member-create --subnet private-subnet --address 10.0.0.4 --protocol-port 81 individual_pool2
neutron lbaas-member-create --subnet private-subnet --address 10.0.0.4 --protocol-port 80 pool2-out-listener1
neutron lbaas-member-create --subnet private-subnet --address 10.0.0.4 --protocol-port 81 pool2-out-listener1
7.#Create an l7policy and rule referencing the pool and listener1 ---REJECT
curl -X POST -H Content-type:application/json -d "{\"name\":\"test_policy3\", \"action\": \"REJECT\"}" http://localhost:9876/v1/loadbalancers/366cddbc-ca2e-4f2d-9a57-040bef54ef73/listeners/97ef8155-3e6c-4408-be61-2ae9626a8d15/l7policies
7.1 # Create L7rules on policy1 ---reject start with /api
curl -X POST -H Content-type:application/json -d '{"type":"PATH", "compare_type": "STARTS_WITH", "value": "/api"}' http://localhost:9876/v1/loadbalancers/366cddbc-ca2e-4f2d-9a57-040bef54ef73/listeners/$LISTENER/97ef8155-3e6c-4408-be61-2ae9626a8d15/l7policies/bb495d45-4bc9-42d8-b7a3-8d1414f62da9/l7rules
8.#Create another l7policy and rule referencing the pool and listener1 ---REDIRECT__TO_POOL to pool2
curl -X POST -H Content-type:application/json -d "{\"name\":\"policy2\", \"action\": \"REDIRECT_TO_POOL\", \"position\": 1, \"redirect_pool_id\": \"40164a26-c6d8-46f6-9dba-4065dfec8917\"}" http://localhost:9876/v1/loadbalancers/cb7156ce-5311-48f2-a474-4d7be4577c61/listeners/1ec08769-bb91-48b0-af86-c254ef65bf01/l7policies
8.1 # create a rule contains /cat
curl -X POST -H Content-type:application/json -d '{"type":"PATH", "compare_type": "CONTAINS", "value": "/cat"}' http://localhost:9876/v1/loadbalancers/cb7156ce-5311-48f2-a474-4d7be4577c61/listeners/1ec08769-bb91-48b0-af86-c254ef65bf01/l7policies/65365b44-14f8-4e30-9b5d-09ab1f2cc379/l7rules
9. Create another L7policy on listener1---redirct_to_url
curl -X POST -H Content-type:application/json -d "{\"name\":\"policy3\", \"action\": \"REDIRECT_TO_URL\", \"redirect_url\": \"http://www.google.com\"}" http://localhost:9876/v1/loadbalancers/cb7156ce-5311-48f2-a474-4d7be4577c61/listeners/1ec08769-bb91-48b0-af86-c254ef65bf01/l7policies
9.1 # create a rule on this policy
curl -X POST -H Content-type:application/json -d '{"type":"HEADER", "key": "X-My-Header", "compare_type": "REGEX", "value": ".*thisor that"}' http://localhost:9876/v1/loadbalancers/cb7156ce-5311-48f2-a474-4d7be4577c61/listeners/1ec08769-bb91-48b0-af86-c254ef65bf01/l7policies/4c68e20a-426c-46b5-823d-ffd67f1cfd9b/l7rules
=====================test result=================================================
test@test-virtual-machine:~$ curl http://10.0.0.5/some/path/with/cat ----REDICT_TO_POOL
Welcome to 10.0.0.4
test@test-virtual-machine:~$ curl 10.0.0.5/api -----REJECT
<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
Every 2.0s: cat haproxy.cfg Fri Feb 26 22:19:49 2016
# Configuration for lb1
global
daemon
user nobody
group nogroup
log /dev/log local0
log /dev/log local1 notice
stats socket /var/lib/octavia/1ec08769-bb91-48b0-af86-c254ef65bf01.sock mode 0666 level user
defaults
log global
retries 3
option redispatch
timeout connect 5000
timeout client 50000
timeout server 50000
frontend 1ec08769-bb91-48b0-af86-c254ef65bf01
option tcplog
bind 10.0.0.5:80
mode http
acl 63776b05-b1da-4e51-bf69-d85a590e310b path -m sub /cat
use_backend 40164a26-c6d8-46f6-9dba-4065dfec8917 if 63776b05-b1da-4e51-bf69-d85a590e310b
acl b386a57a-a6a7-4c19-839b-ada38efbe230 path -m beg /api
http-request deny if b386a57a-a6a7-4c19-839b-ada38efbe230
acl 8aa7fd0f-5b44-4eb8-897a-1a0a5728bbcb req.hdr(X-My-Header) -m reg .*thisor\ that
redirect location http://www.google.com if 8aa7fd0f-5b44-4eb8-897a-1a0a5728bbcb
default_backend 3e316d5b-87e8-4ffd-b0be-6905296e0734
backend 3e316d5b-87e8-4ffd-b0be-6905296e0734
mode http
balance roundrobin
option forwardfor
server a292ac9c-5b53-427a-a2ec-b011e419eeb9 10.0.0.3:80 weight 1
backend 40164a26-c6d8-46f6-9dba-4065dfec8917
mode http
balance roundrobin
option forwardfor
test@test-virtual-machine:~$ neutron lbaas-listener-list
+--------------------------------------+--------------------------------------+-----------+----------+---------------+----------------+
| id | default_pool_id | name | protocol | protocol_port | admin_state_up |
+--------------------------------------+--------------------------------------+-----------+----------+---------------+----------------+
| 609f2cf3-7c10-461d-a080-b912cf076c2a | a70d64ad-f13f-4b41-abb8-9e2f0ca3a4a2 | listener2 | HTTP | 81 | True |
| 1ec08769-bb91-48b0-af86-c254ef65bf01 | 3e316d5b-87e8-4ffd-b0be-6905296e0734 | listener1 | HTTP | 80 | True |
+--------------------------------------+--------------------------------------+-----------+----------+---------------+----------------+
test@test-virtual-machine:~$ neutron lbaas-pool-show pool1
+---------------------+------------------------------------------------+
| Field | Value |
+---------------------+------------------------------------------------+
| admin_state_up | True |
| description | |
| healthmonitor_id | |
| id | 3e316d5b-87e8-4ffd-b0be-6905296e0734 |
| lb_algorithm | ROUND_ROBIN |
| listeners | {"id": "1ec08769-bb91-48b0-af86-c254ef65bf01"} |
| loadbalancers | {"id": "cb7156ce-5311-48f2-a474-4d7be4577c61"} |
| members | a292ac9c-5b53-427a-a2ec-b011e419eeb9 |
| name | pool1 |
| protocol | HTTP |
| session_persistence | |
| tenant_id | 29df59ea8cbf492ea24034c0b7b8ea6f |
+---------------------+------------------------------------------------+
test@test-virtual-machine:~$ neutron lbaas-pool-show individual_pool2
+---------------------+------------------------------------------------+
| Field | Value |
+---------------------+------------------------------------------------+
| admin_state_up | True |
| description | |
| healthmonitor_id | |
| id | a70d64ad-f13f-4b41-abb8-9e2f0ca3a4a2 |
| lb_algorithm | ROUND_ROBIN |
| listeners | {"id": "609f2cf3-7c10-461d-a080-b912cf076c2a"} |
| loadbalancers | {"id": "cb7156ce-5311-48f2-a474-4d7be4577c61"} |
| members | 99d0dae2-bd4d-461c-951d-e34d7d5e4cc2 |
| | 77cc09d6-e106-4ccf-b2a6-9a09c52241c8 |
| name | individual_pool2 |
| protocol | HTTP |
| session_persistence | |
| tenant_id | 29df59ea8cbf492ea24034c0b7b8ea6f |
+---------------------+------------------------------------------------+
test@test-virtual-machine:~$ neutron lbaas-member-list pool1
+--------------------------------------+------+----------+---------------+--------+--------------------------------------+----------------+
| id | name | address | protocol_port | weight | subnet_id | admin_state_up |
+--------------------------------------+------+----------+---------------+--------+--------------------------------------+----------------+
| a292ac9c-5b53-427a-a2ec-b011e419eeb9 | | 10.0.0.3 | 80 | 1 | db9b0602-38d6-4411-9a22-522b94a0c3a5 | True |
+--------------------------------------+------+----------+---------------+--------+--------------------------------------+----------------+
test@test-virtual-machine:~$ neutron lbaas-member-list individual_pool2
+--------------------------------------+------+----------+---------------+--------+--------------------------------------+----------------+
| id | name | address | protocol_port | weight | subnet_id | admin_state_up |
+--------------------------------------+------+----------+---------------+--------+--------------------------------------+----------------+
| 99d0dae2-bd4d-461c-951d-e34d7d5e4cc2 | | 10.0.0.4 | 80 | 1 | db9b0602-38d6-4411-9a22-522b94a0c3a5 | True |
| 77cc09d6-e106-4ccf-b2a6-9a09c52241c8 | | 10.0.0.4 | 81 | 1 | db9b0602-38d6-4411-9a22-522b94a0c3a5 | True |
+--------------------------------------+------+----------+---------------+--------+--------------------------------------+----------------+
==================curl command line used for testing============================
test@test-virtual-machine:~$ curl 10.0.0.5 /cat
Welcome to 10.0.0.3
test@test-virtual-machine:~$ curl 10.0.0.5 .*thisor that
Welcome to 10.0.0.3
test@test-virtual-machine:~$ curl 10.0.0.5/api
test@test-virtual-machine:~$ curl 10.0.0.4:80
Welcome to 10.0.0.4
^C
test@test-virtual-machine:~$ curl 10.0.0.4:81
Welcome to 10.0.0.4
^C
=======================DB TABLE=============================================
select * from member;
+----------------------------------+--------------------------------------+--------------------------------------+--------------------------------------+------------+---------------+--------+------------------+---------+
| project_id | id | pool_id | subnet_id | ip_address | protocol_port | weight | operating_status | enabled |
+----------------------------------+--------------------------------------+--------------------------------------+--------------------------------------+------------+---------------+--------+------------------+---------+
| 29df59ea8cbf492ea24034c0b7b8ea6f | 77cc09d6-e106-4ccf-b2a6-9a09c52241c8 | a70d64ad-f13f-4b41-abb8-9e2f0ca3a4a2 | db9b0602-38d6-4411-9a22-522b94a0c3a5 | 10.0.0.4 | 81 | 1 | NO_MONITOR | 1 |
| 29df59ea8cbf492ea24034c0b7b8ea6f | 99d0dae2-bd4d-461c-951d-e34d7d5e4cc2 | a70d64ad-f13f-4b41-abb8-9e2f0ca3a4a2 | db9b0602-38d6-4411-9a22-522b94a0c3a5 | 10.0.0.4 | 80 | 1 | NO_MONITOR | 1 |
| 29df59ea8cbf492ea24034c0b7b8ea6f | a292ac9c-5b53-427a-a2ec-b011e419eeb9 | 3e316d5b-87e8-4ffd-b0be-6905296e0734 | db9b0602-38d6-4411-9a22-522b94a0c3a5 | 10.0.0.3 | 80 | 1 | NO_MONITOR | 1 |
+----------------------------------+--------------------------------------+--------------------------------------+--------------------------------------+------------+---------------+--------+------------------+---------+
mysql> select * from load_balancer;
+----------------------------------+--------------------------------------+------+-------------+---------------------+------------------+---------+----------+-----------------+
| project_id | id | name | description | provisioning_status | operating_status | enabled | topology | server_group_id |
+----------------------------------+--------------------------------------+------+-------------+---------------------+------------------+---------+----------+-----------------+
| 29df59ea8cbf492ea24034c0b7b8ea6f | cb7156ce-5311-48f2-a474-4d7be4577c61 | lb1 | | ACTIVE | ONLINE | 1 | SINGLE | NULL |
+----------------------------------+--------------------------------------+------+-------------+---------------------+------------------+---------+----------+-----------------+
1 row in set (0.00 sec)
mysql> select * from listener;
+----------------------------------+--------------------------------------+-----------+-------------+----------+---------------+------------------+--------------------------------------+--------------------+--------------------------------------+---------------------+------------------+---------+-----------+
| project_id | id | name | description | protocol | protocol_port | connection_limit | load_balancer_id | tls_certificate_id | default_pool_id | provisioning_status | operating_status | enabled | peer_port |
+----------------------------------+--------------------------------------+-----------+-------------+----------+---------------+------------------+--------------------------------------+--------------------+--------------------------------------+---------------------+------------------+---------+-----------+
| 29df59ea8cbf492ea24034c0b7b8ea6f | 1ec08769-bb91-48b0-af86-c254ef65bf01 | listener1 | | HTTP | 80 | -1 | cb7156ce-5311-48f2-a474-4d7be4577c61 | NULL | 3e316d5b-87e8-4ffd-b0be-6905296e0734 | ACTIVE | ONLINE | 1 | 1025 |
| 29df59ea8cbf492ea24034c0b7b8ea6f | 609f2cf3-7c10-461d-a080-b912cf076c2a | listener2 | | HTTP | 81 | -1 | cb7156ce-5311-48f2-a474-4d7be4577c61 | NULL | a70d64ad-f13f-4b41-abb8-9e2f0ca3a4a2 | ACTIVE | ONLINE | 1 | 1026 |
+----------------------------------+--------------------------------------+-----------+-------------+----------+---------------+------------------+--------------------------------------+--------------------+--------------------------------------+---------------------+------------------+---------+-----------+
mysql> select * from pool;
+----------------------------------+--------------------------------------+---------------------+-------------+----------+--------------+------------------+---------+--------------------------------------+
| project_id | id | name | description | protocol | lb_algorithm | operating_status | enabled | load_balancer_id |
+----------------------------------+--------------------------------------+---------------------+-------------+----------+--------------+------------------+---------+--------------------------------------+
| 29df59ea8cbf492ea24034c0b7b8ea6f | 3e316d5b-87e8-4ffd-b0be-6905296e0734 | pool1 | | HTTP | ROUND_ROBIN | ONLINE | 1 | cb7156ce-5311-48f2-a474-4d7be4577c61 |
| 29df59ea8cbf492ea24034c0b7b8ea6f | 40164a26-c6d8-46f6-9dba-4065dfec8917 | pool2-out-listener1 | | HTTP | ROUND_ROBIN | ONLINE | 1 | cb7156ce-5311-48f2-a474-4d7be4577c61 |
| 29df59ea8cbf492ea24034c0b7b8ea6f | a70d64ad-f13f-4b41-abb8-9e2f0ca3a4a2 | individual_pool2 | | HTTP | ROUND_ROBIN | ONLINE | 1 | cb7156ce-5311-48f2-a474-4d7be4577c61 |
+----------------------------------+--------------------------------------+---------------------+-------------+----------+--------------+------------------+---------+--------------------------------------+
3 rows in set (0.00 sec)
mysql> select * from l7policy;
+--------------------------------------+---------+-------------+--------------------------------------+------------------+--------------------------------------+-----------------------+----------+---------+
| id | name | description | listener_id | action | redirect_pool_id | redirect_url | position | enabled |
+--------------------------------------+---------+-------------+--------------------------------------+------------------+--------------------------------------+-----------------------+----------+---------+
| 25609c0a-ebdd-4501-a4cd-e65f39f85e2d | policy1 | NULL | 1ec08769-bb91-48b0-af86-c254ef65bf01 | REJECT | NULL | NULL | 2 | 1 |
| 4c68e20a-426c-46b5-823d-ffd67f1cfd9b | policy3 | NULL | 1ec08769-bb91-48b0-af86-c254ef65bf01 | REDIRECT_TO_URL | NULL | http://www.google.com | 3 | 1 |
| 65365b44-14f8-4e30-9b5d-09ab1f2cc379 | policy2 | NULL | 1ec08769-bb91-48b0-af86-c254ef65bf01 | REDIRECT_TO_POOL | 40164a26-c6d8-46f6-9dba-4065dfec8917 | NULL | 1 | 1 |
+--------------------------------------+---------+-------------+--------------------------------------+------------------+--------------------------------------+-----------------------+----------+---------+
3 rows in set (0.00 sec)
mysql> select * from l7rule;
+--------------------------------------+--------------------------------------+--------+--------------+-------------+---------------+--------+
| id | l7policy_id | type | compare_type | key | value | invert |
+--------------------------------------+--------------------------------------+--------+--------------+-------------+---------------+--------+
| 63776b05-b1da-4e51-bf69-d85a590e310b | 65365b44-14f8-4e30-9b5d-09ab1f2cc379 | PATH | CONTAINS | NULL | /cat | 0 |
| 8aa7fd0f-5b44-4eb8-897a-1a0a5728bbcb | 4c68e20a-426c-46b5-823d-ffd67f1cfd9b | HEADER | REGEX | X-My-Header | .*thisor that | 0 |
| b386a57a-a6a7-4c19-839b-ada38efbe230 | 25609c0a-ebdd-4501-a4cd-e65f39f85e2d | PATH | STARTS_WITH | NULL | /api | 0 |
+--------------------------------------+--------------------------------------+--------+--------------+-------------+---------------+--------+
3 rows in set (0.01 sec)
test@test-virtual-machine:~$ curl -v --header "X-My-Header: with thisor that" 10.0.0.5
* Rebuilt URL to: 10.0.0.5/
* Hostname was NOT found in DNS cache
* Trying 10.0.0.5...
* Connected to 10.0.0.5 (10.0.0.5) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 10.0.0.5
> Accept: */*
> X-My-Header: with thisor that
>
< HTTP/1.1 302 Found
< Cache-Control: no-cache
< Content-length: 0
< Location: http://www.google.com
< Connection: close
<
* Closing connection 0
test@test-virtual-machine:~$ curl -v --header "X-My-Header: with thisor that" http://10.0.0.5
* Rebuilt URL to: http://10.0.0.5/
* Hostname was NOT found in DNS cache
* Trying 10.0.0.5...
* Connected to 10.0.0.5 (10.0.0.5) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 10.0.0.5
> Accept: */*
> X-My-Header: with thisor that
>
< HTTP/1.1 302 Found
< Cache-Control: no-cache
< Content-length: 0
< Location: http://www.google.com
< Connection: close
<
* Closing connection 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment